Fidelix FX-20 Series Controllers Path Traversal Vulnerability

OVERVIEW Researcher Semen Rozhkov of Kaspersky Lab has identified a path traversal vulnerability in Fidelix’s FX-20 series controllers. Fidelix has produced a new software version to mitigate this vulnerability. This vulnerability could be exploited remotely. AFFECTED PRODUCTS Fidelix reports tha...

IBHsoftec S7-SoftPLC CPX43 Heap-based Buffer Overflow Vulnerability

OVERVIEW Ariele Caltabiano kimiya working with Trend Micro’s Zero Day Initiative has identified a buffer overflow vulnerability in IBHsoftec’s S7-SoftPLC. IBHsoftec has produced a new version to mitigate this vulnerability. This vulnerability could be exploited remotely. AFFECTED PRODUCTS IBHsoft...

Sinapsi eSolar Light Plaintext Passwords Vulnerability

OVERVIEW Independent researcher Maxim Rupp has identified plain text passwords in Sinapsi’s eSolar Light application. Sinapsi has produced a new version to mitigate this vulnerability. AFFECTED PRODUCTS The following Sinapsi eSolar Light versions are affected: Sinapsi eSolar Light firmware versio...

Hospira LifeCare PCA Infusion System Vulnerabilities

OVERVIEW This updated advisory is a follow-up to the updated advisory titled ICSA-15-125-01A Hospira LifeCare PCA Infusion System Vulnerabilities that was published May 13, 2015, on the NCCIC/ICS-CERT web site. --------- Begin Update B Part 1 of 9 -------- Independent researcher Billy Rios has...

Elipse SCADA DNP3 Denial of Service

OVERVIEW This advisory was originally posted to the US-CERT secure Portal library on October 30, 2014, and is being released to the NCCIC/ICS-CERT web site Independent researchers Adam Crain and Chris Sistrunk have identified a DNP3 denial‑of‑service vulnerability in the Elipse SCADA application...

OSIsoft PI Interface for DNP3 Improper Input Validation

OVERVIEW Adam Crain of Automatak and Chris Sistrunk, Sr. Consultant for Mandiant, have identified an improper input validation vulnerability in the OSIsoft PI Interface for DNP3 product. OSIsoft has produced an update that mitigates this vulnerability. OSIsoft and Automatak have tested the new...

xArrow Multiple Vulnerabilities

Overview This advisory is a follow-up to ICS-ALERT-12-065-01 xArrow Vulnerabilities that was published March 05, 2012. Independent security researcher Luigi Auriemma identified and released four security vulnerabilities, along with proof-of-concept code, in the xArrow software application without...

Schneider Electric Vijeo Historian Web Server Multiple Vulnerabilities

Overview ICS-CERT originally released Advisory ICSA-11-307-01P on the US-CERT secure Portal on November 03, 2011. This web page release was delayed to allow users time to download and install the update. Researcher Kuang-Chun Hung of Security Research and Service Institute--Information and...

CISA Red Team’s Operations Against a Federal Civilian Executive Branch Organization Highlights the Necessity of Defense-in-Depth

EXECUTIVE SUMMARY In early 2023, the Cybersecurity and Infrastructure Security Agency CISA conducted a SILENTSHIELD red team assessment against a Federal Civilian Executive Branch FCEB organization. During SILENTSHIELD assessments, the red team first performs a no-notice, long-term simulation of...

Siemens RUGGEDCOM

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

Siemens SCALANCE XB-200 / XC-200 / XP-200 / XF-200BA / XR-300WG Family

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

Siemens SIMATIC WinCC, OpenPCS

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

Known Indicators of Compromise Associated with Androxgh0st Malware

Actions to take today to mitigate malicious cyber activity: 1. Prioritize patching known exploited vulnerabilities in internet-facing systems. 2. Review and ensure only necessary servers and services are exposed to the internet. 3. Review platforms or services that have credentials listed in .env...

Dingtian DT-R002

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.9 ATTENTION : Exploitable remotely/public exploits are available Vendor : Dingtian Equipment : DT-R002 Vulnerability : Authentication Bypass by Capture-Replay 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to...

Mitsubishi Electric MELSEC iQ-R Series/iQ-F Series (Update C)

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION : Exploitable remotely/low attack complexity Vendor : Mitsubishi Electric Equipment : MELSEC iQ-R Series/iQ-F Series EtherNet/IP Modules and EtherNet/IP Configuration Tool Vulnerabilities: Weak Password Requirements, Use of Hard-coded Credentials, Missin...

Siemens Solid Edge

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

ARC Informatique PcVue

1. EXECUTIVE SUMMARY CVSS v3 5.5 ATTENTION: Low attack complexity Vendor: ARC Informatique Equipment: PcVue Vulnerability: Cleartext Storage of Sensitive Information 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to access the OAuth web service database...

CODESYS Gateway Server (Update A)

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: CODESYS GmbH Equipment: CODESYS Gateway Server Vulnerability: Heap Based Buffer Overflow 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-15-258-02 3S...

Yokogawa Wide Area Communication Router

1. EXECUTIVE SUMMARY CVSS v3 5.9 ATTENTION: Exploitable remotely Vendor: Yokogawa Equipment: Wide Area Communication Router WAC Router Vulnerability: Use of Insufficiently Random Values 2. RISK EVALUATION Successful exploitation of this vulnerability could cause the functions provided by the WAC...

Threat Actors Chaining Unpatched VMware Vulnerabilities for Full System Control

Summary Update June 2, 2022: This Cybersecurity Advisory CSA has been updated with additional indicators of compromise IOCs and detection signatures, as well as tactics, techniques, and procedures TTPs from trusted third parties. Update End The Cybersecurity and Infrastructure Security Agency CIS...

TraderTraitor: North Korean State-Sponsored APT Targets Blockchain Companies

Summary Actions to take today to mitigate cyber threats to cryptocurrency: • Patch all systems. • Prioritize patching known exploited vulnerabilities. • Train users to recognize and report phishing attempts. • Use multifactor authentication. The Federal Bureau of Investigation FBI, the...

Interlogix Hills ComNav

1. EXECUTIVE SUMMARY CVSS v3 6.2 ATTENTION: Low attack complexity Vendor: Interlogix is a part of Carrier Global Corporation Equipment: Hills ComNav Vulnerabilities: Improper Restriction of Excessive Authentication Attempts, Inadequate Encryption Strength 2. RISK EVALUATION Successful...

Delta Electronics DOPSoft (Update A)

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Delta Electronics Equipment: DOPSoft Vulnerability: Stack-based Buffer Overflow 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-21-238-04 Delta Electronics DOPSoft that was...

Siemens Web Server of SCALANCE X200 (Update A)

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Web Server of SCALANCE X200 Vulnerabilities : Heap-based Buffer Overflow, Stack-based Buffer Overflow 2. UPDATE INFORMATION This updated advisory is a follow-up to the original...

ICSMA-20-261-01_Philips Clinical Collaboration Platform

1. EXECUTIVE SUMMARY CVSS v3 6.8 ATTENTION: Low skill level to exploit Vendor: Philips Equipment: Clinical Collaboration Platform Vulnerabilities: Cross-site Request Forgery, Improper Neutralization of Script in Attributes in a Web Page, Protection Mechanism Failure, Algorithm Downgrade,...

Grundfos CIM 500

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Grundfos Pumps Corporation Equipment: CIM 500 Vulnerabilities: Missing Authentication for Critical Function, Unprotected Storage of Credentials 2. RISK EVALUATION Successful exploitation of these...

Delta Industrial Automation DOPSoft (Update A)

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: Delta Electronics Equipment: Delta Industrial Automation DOPSoft Vulnerabilities: Out-of-bounds Read, Heap-based Buffer Overflow 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory...

OSIsoft PI Vision

1. EXECUTIVE SUMMARY CVSS v3 7.1 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: OSIsoft LLC Equipment: PI Vision Vulnerabilities: Improper Access Control, Cross-site Request Forgery CSRF, Cross-site Scripting, Inclusion of Sensitive Information in Log Files 2. RISK EVALUATION...

Siemens TIM 1531 IRC

CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit. Vendor: Siemens Equipment: TIM 1531 IRC Vulnerability: Missing Authentication for Critical Function AFFECTED PRODUCTS Siemens reports that the vulnerability affects the following TIM 1531 IRC communications modules: TIM 1531...

Siemens Industrial products using the Discovery Service of the OPC UA protocol stack by the OPC foundation

CVSS v3 8.2 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Siemens Equipment: Industrial products using the Discovery Service of the OPC UA protocol stack by the OPC foundation Vulnerability: Improper Restriction of XML External Entity Reference UPDATE INFORMATION This update...

Siemens Ruggedcom ROS, SCALANCE (Update A)

CVSS v3 8.8 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Siemens Equipment: Ruggedcom ROS, SCALANCE Vulnerability: Improper Access Control UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-17-271-01 Siemens Ruggedcom ROS and SCALAN...

PHOENIX CONTACT mGuard

CVSS v3 8.6 ATTENTION: Remotely exploitable/low skill level to exploit Vendor: PHOENIX CONTACT Equipment: mGuard Vulnerabilities: Resource Exhaustion, Improper Authentication AFFECTED PRODUCTS The following versions of mGuard, a network device, are affected: mGuard firmware versions 8.3.0 to 8.4....

Siemens RUGGEDCOM NMS

CVSS v3 8.8 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Siemens Equipment: RUGGEDCOM NMS Vulnerabilities: Cross-Site Request Forgery, Cross-Site Scripting. AFFECTED PRODUCTS Siemens reports that the vulnerability affects the following RUGGEDCOM monitoring products: RUGGEDC...

Schneider Electric homeLYnk Controller (Update A)

CVSS V3 8.8 ATTENTION: Remotely exploitable/low skill level to exploit Vendor: Schneider Electric Equipment: homeLYnk Controller, LSS100100 Vulnerability: Cross-site Scripting, Command Injection UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-17-019-01...

OSIsoft PI Coresight and PI Web API

CVSS V3 6.1 Vendor: OSIsoft Equipment: PI Coresight, PI Web API Vulnerability: Information Exposure Through Server Log Files AFFECTED PRODUCTS OSIsoft reports that the vulnerability affects the following versions: PI Coresight 2016 R2 and earlier versions, and PI Web API 2016 R2 when deployed usi...

Moxa EDR-G903 Secure Router Vulnerabilities (Update A)

OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-16-042-01 Moxa EDR‑G903 Secure Router Vulnerabilities that was published May 17, 2016, on the NCCIC/ICS-CERT web site. Independent researcher Maxim Rupp has identified vulnerabilities in Moxa’s EDR‑G903 secure...

3S CODESYS Gateway Null Pointer Exception Vulnerability

OVERVIEW Ashish Kamble of Qualys, Inc has identified a null pointer exception vulnerability in 3S-Smart Software Solutions GmbH’s CODESYS Gateway Server. 3S-Smart Software Solutions GmbH has produced a new version to mitigate this vulnerability. Ashish Kamble has tested the new version to validat...

Siemens WinCC TIA Portal Vulnerabilities

Overview This advisory provides mitigation details for a vulnerability that impacts the Siemens WinCC TIA Totally Integrated Automation Portal HMI. Researchers Billy Rios and Terry McCorkle of Cylance; Gleb Gritsai, Sergey Bobrov, Roman Ilin, Artem Chaykin, Timur Yunusov, and Ilya Karpov from...

WellinTech KingView KingMess Buffer Overflow

Overview This updated advisory is a follow-up to the original advisory titled ICSA-13-043-02—WellinTech KingView KingMess Buffer Overflow that was published February 12, 2013, on the ICS-CERT Web page. This updated advisory provides mitigation details for a vulnerability that impacts the WellinTe...

WellinTech Vulnerabilities

OVERVIEW This advisory was originally posted to the US-CERT secure Portal library on December 10, 2013, and is now being released to the NCCIC/ICS-CERT Web site. NCCIC/ICS-CERT received reports from the Zero Day Initiative ZDI regarding a remote code execution vulnerability and an information...

Siemens Scalance W-7xx Product Family Multiple Vulnerabilities

OVERVIEW Siemens has identified multiple vulnerabilities in the Siemens Scalance W-7xx product family and reported them to ICS-CERT. A software update has been produced by Siemens that mitigates these vulnerabilities. Siemens has tested the software update to validate that it resolves the...

GE Intelligent Platforms Proficy Real-Time Information Portal Vulnerabilities

OVERVIEW This advisory is a follow-up to the previously updated portal advisory titled ICSA-12-234-01AP—GE Intelligent Platforms Proficy Real-Time Information Portal Multiple Vulnerabilities, which was published September 17, 2012, in the US-CERT secure Portal library. This advisory provides...

GE Intelligent Platforms Proficy Historian Data Archiver Buffer Overflow Vulnerability

Overview ICS-CERT originally released Advisory ICSA-11-243-03P on the US-CERT secure Portal on August 31, 2011. This web page release was delayed to allow users time to download and install the update. ICS-CERT received a report from GE Intelligent Platforms and the Zero Day Initiative concerning...

SystemK NVR 504/508/516

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION : Exploitable remotely/low attack complexity/public exploits are available Vendor : SystemK Equipment : NVR 504/508/516 Vulnerability : Command Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker...

PTC KEPServerEx

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION : Exploitable remotely/low attack complexity Vendor : PTC Equipment : KEPServerEX, ThingWorx, OPC-Aggregator Vulnerabilities : Heap-based Buffer Overflow, Improper Validation of Certificate with Host Mismatch 2. RISK EVALUATION Successful...

Fuji Electric Tellus Lite V-Simulator

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION : Low attack complexity Vendor : Fuji Electric Equipment : Tellus Lite V-Simulator Vulnerabilities : Stack-based Buffer Overflow, Out-of-bounds Write, Improper Access Control 2. RISK EVALUATION Successful exploitation of these vulnerabilities...

Johnson Controls Quantum HD Unity

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION : Exploitable Remotely/Low attack complexity Vendor : Johnson Controls Inc. Equipment : Quantum HD Unity Vulnerability : Active Debug Code 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthorized user to...

Siemens SIMATIC IPCs

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

Siemens CPCI85 Firmware of SICAM A8000 Devices

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please seeSiemens' ProductCERT Security Advisories CERT Services | Services |...

mySCADA myPRO

1. EXECUTIVE SUMMARY CVSS v3 9.9 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: mySCADA Technologies Equipment: mySCADA myPRO Vulnerabilities: OS Command Injection 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an...