AutomationDirect C-MORE EA9 HMI

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION : Exploitable remotely/low attack complexity Vendor : AutomationDirect Equipment : C-MORE EA9 HMI Vulnerabilities : Path Traversal, Stack-Based Buffer Overflow, Plaintext Storage of a Password 2. RISK EVALUATION Successful exploitation of these...

EFACEC UC 500E

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.3 ATTENTION : Exploitable remotely/low attack complexity Vendor : EFACEC Equipment : UC 500 Vulnerabilities : Cleartext Transmission of Sensitive Information, Open Redirect, Exposure of Sensitive Information to an Unauthorized Actor, Improper Access Contro...

Siemens User Management Component (UMC)

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

Siemens SIPROTEC 4 7SJ66

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

Qognify NiceVision

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION : Exploitable remotely/low attack complexity Vendor : Qognify Equipment : NiceVision Vulnerability : Use of Hard-coded Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to retrieve sensitive...

ABB Ability Symphony Plus

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Low attack complexity Vendor: ABB Equipment: Ability Symphony Plus Vulnerability: Improper Authentication 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthorized client to connect to the S+ Operations servers human...

Siemens Web Server Login Page of Industrial Controllers

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

Open Design Alliance Drawings SDK

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Open Design Alliance Equipment: Drawings SDK Vulnerability: Out-of-Bounds Read 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a user to open a malicious DWG file that could lead to the...

Siemens SICAM GridEdge

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SICAM GridEdge Essential ARM Vulnerabilities: Missing Authentication for Critical Function, Resource Leak 2. RISK EVALUATION Successful exploitation of these vulnerabilities could...

mySCADA myPRO

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: mySCADA Equipment: myPRO Vulnerability: Command Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow arbitrary operating system commands injection. 3. TECHNICAL...

FATEK Automation WinProladder

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: FATEK Automation Equipment: WinProladder Vulnerabilities : Out-of-bounds Write, Out-of-bounds Read, Unexpected Sign Extension, Stack-based Buffer Overflow, Improper Restriction of Operations within the...

Tactics, Techniques, and Procedures of Indicted APT40 Actors Associated with China’s MSS Hainan State Security Department

Summary This Joint Cybersecurity Advisory was written by the Federal Bureau of Investigation FBI and the Cybersecurity and Infrastructure Security Agency CISA to provide information on a Chinese Advanced Persistent Threat APT group known in open-source reporting as APT40. This advisory provides...

Advantech WebAccess/SCADA (Update A)

1. EXECUTIVE SUMMARY CVSS v3 7.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Advantech Equipment: WebAccess/SCADA Vulnerabilities: Open Redirect, Relative Path Traversal 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-21-168-03...

Delta Industrial Automation COMMGR

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Delta Industrial Automation Equipment: COMMGR Vulnerability: Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could allow for remote code execution or cause...

Hitachi ABB Power Grids eSOMS

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Low skill level to exploit Vendor: Hitachi ABB Power Grids Equipment: eSOMS Vulnerability: Exposure of Sensitive Information to an Unauthorized Actor 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to gain access...

Siemens SCALANCE and SIMATIC libcurl

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SCALANCE and SIMATIC Vulnerability: Out-of-bounds Read 2. RISK EVALUATION Successful exploitation of this third-party vulnerability could allow an attacker to cause a...

Siemens SCALANCE W 1750D

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SCALANCE W 1750D Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to achieve remote code...

Delta Industrial Automation CNCSoft ScreenEditor

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: Delta Electronics Equipment: Industrial Automation CNCSoft ScreenEditor Vulnerabilities: Stack-based Buffer Overflow, Out-of-bounds Read, Access of Uninitialized Pointer 2. RISK EVALUATION Successful exploitation of...

Rockwell Automation FactoryTalk Services Platform XXE

1. EXECUTIVE SUMMARY CVSS v3 8.4 ATTENTION: Low skill level to exploit Vendor: Rockwell Automation Equipment: FactoryTalk Services Platform Vulnerability: Improper Restriction of XML External Entity Reference 2. RISK EVALUATION Successful exploitation of this vulnerability could lead to a...

Siemens SCALANCE Products (Update A)

1. EXECUTIVE SUMMARY CVSS v3 6.6 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SCALANCE Products Vulnerabilities: Improper Adherence to Coding Standards 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled...

Schneider Electric Zelio Soft 2

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Schneider Electric Equipment: Zelio Soft 2 Vulnerability: Use After Free 2. RISK EVALUATION Successful exploitation of this vulnerability could allow remote code execution through the opening of a...

Advantech WebAccess/SCADA

1. EXECUTIVE SUMMARY CVSS v3 7.3 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Advantech Equipment: WebAccess/SCADA Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could cause a stack buffer overflow condition. 3...

Delta Electronics Delta Industrial Automation TPEditor (Update A)

1. EXECUTIVE SUMMARY CVSS v3 7.3 ATTENTION : Exploitable remotely/low skill level to exploit Vendor : Delta Electronics Equipment : Delta Industrial Automation TPEditor Vulnerability : Heap-based Buffer Overflow 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory...

Siemens SIMATIC Industrial PCs (Update A)

CVSS v3 5.9 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: SIMATIC Industrial PCs Vulnerability: Cryptographic Issues UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-18-058-01 Siemens SIMATIC Industrial PCs that was published February 27,...

PHOENIX CONTACT mGuard

CVSS v3 7.8 ATTENTION: Low skill level to exploit. Vendor: PHOENIX CONTACT Equipment: mGuard Vulnerability: Improper Validation of Integrity Check Value AFFECTED PRODUCTS The following versions of mGuard, a network device, are affected: mGuard firmware versions 7.2 to 8.6.0 IMPACT Successful...

PHOENIX CONTACT FL COMSERVER, FL COM SERVER, and PSI-MODEM/ETH

CVSS v3 8.2 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: PHOENIX CONTACT Equipment: FL COMSERVER, FL COM SERVER, and PSI-MODEM/ETH Vulnerability: Cross-site Scripting AFFECTED PRODUCTS The following models running firmware versions prior to 1.99, 2.20, or 2.40 of FL...

AutomationDirect CLICK, C-More, C-More Micro, Do-more Designer, GS Drives, SL-Soft SOLO, DirectSOFT (Update B)

1. EXECUTIVE SUMMARY CVSS v3 6.7 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: AutomationDirect --------- Begin Update B Part 1 of 3 -------- Equipment: CLICK, C-More, C-More Micro, Do-more Designer, GS Drives, SL-Soft SOLO, DirectSOFT --------- End Update B Part 1 of 3...

PHOENIX CONTACT, Innominate Security Technologies mGuard Firmware

CVSS v3 7.5 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: PHOENIX CONTACT, Innominate Security Technologies Equipment: mGuard firmware Vulnerability: Null Pointer Dereference AFFECTED PRODUCTS The following versions of mGuard firmware versions 8.0.0 to 8.5.1, running on thes...

Mirion Technologies Telemetry Enabled Devices

CVSS v3 5.0 Vendor: Mirion Technologies Equipment: Telemetry Enabled Devices Vulnerabilities: Use of Hard-Coded Cryptographic Key, Inadequate Encryption Strength AFFECTED PRODUCTS The following telemetry enabled devices are affected: DMC 3000 Transmitter Module, iPam Transmitter f/DMC 2000, RDS-3...

Cambium Networks ePMP

CVSS v3 7.6 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Cambium Networks Equipment: ePMP Vulnerabilities: Improper Access Control, Improper Privilege Management AFFECTED PRODUCTS Cambium reports that the vulnerabilities affect the following ePMP Network Access Control...

OSIsoft PI Server 2017

CVSS v3 8.9 ATTENTION: Remotely exploitable. Vendor: OSIsoft Equipment: PI Server 2017 Vulnerabilities: Improper Authentication AFFECTED PRODUCTS OSIsoft reports that the vulnerabilities affect the following PI Server products: PI Data Archive versions prior to 2017. IMPACT Successful exploitatio...

Trihedral Engineering Limited VTScada

CVSS v3 7.5 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Trihedral Engineering Limited Equipment: VTScada Vulnerability: Resource Consumption, Cross-Site Scripting, Information Exposure AFFECTED PRODUCTS The following versions of VTScada, an HMI SCADA software, are affected...

Siemens devices using the PROFINET Discovery and Configuration Protocol (Update A)

CVSS v3 6.5 ATTENTION: Exploitable from an adjacent network/low skill level to exploit. Vendor: Siemens Equipment: Devices using the PROFINET Discovery and Configuration Protocol DCP Vulnerability: Denial of Service UPDATE INFORMATION This updated advisory is a follow-up to the original advisory...

Schneider Electric Interactive Graphical SCADA System Software

CVSS v3 6.8 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Schneider Electric Equipment: Interactive Graphical SCADA System IGSS Software Vulnerability: DLL Hijacking AFFECTED PRODUCTS Schneider Electric reports that the vulnerability affects the following IGSS HMI desktop...

Rockwell Automation Connected Components Workbench

CVSS v3 7.0 Vendor: Rockwell Automation Equipment: Connected Components Workbench Vulnerability: DLL Hijack REPOSTED INFORMATION This advisory was originally posted to the NCCIC Portal on February 16, 2017, and is being released to the ICS-CERT web site. AFFECTED PRODUCTS The following Connected...

Schneider Electric homeLYnk Controller

CVSS V3 6.3 ATTENTION: Remotely exploitable/low skill level to exploit Vendor: Schneider Electric Equipment: homeLYnk Controller, LSS100100 Vulnerability: Cross-site Scripting AFFECTED PRODUCTS Schneider Electric reports that the vulnerability affects the following products: homeLYnk Controller,...

Tollgrade SmartGrid Sensor Management System Software Vulnerabilities

OVERVIEW Independent researcher Maxim Rupp has identified vulnerabilities in Tollgrade Communications, Inc.’s SmartGrid LightHouse Sensor Management System SMS Software EMS. Tollgrade Communications, Inc. has produced an update to mitigate these vulnerabilities. Maxim Rupp has tested the update t...

Visonic PowerLink2 Vulnerabilities

OVERVIEW Independent researcher Aditya K. Sood has identified cross-site scripting and source code disclosure vulnerabilities in Visonic’s PowerLink2 module. Visonic has produced an updated version to mitigate these vulnerabilities. These vulnerabilities could be exploited remotely. AFFECTED...

Sauter NovaWeb Web HMI Authentication Bypass Vulnerability

OVERVIEW Independent researcher Maxim Rupp has identified an authentication bypass vulnerability in Sauter’s NovaWeb web HMI application. Sauter has not produced a mitigation for this vulnerability. This product was discontinued in 2013 and is no longer supported. This vulnerability could be...

Motorola MOSCAD SCADA IP Gateway Vulnerabilities

OVERVIEW Independent researcher Aditya K. Sood has identified Remote File Inclusion RFI and Cross-Site Request Forgery CSRF vulnerabilities in Motorola Solutions’ MOSCAD IP Gateway. Motorola Solutions has confirmed this product was cancelled at the end of 2012 and no longer offer software updates...

Schneider Electric Modicon M340 Buffer Overflow Vulnerability

OVERVIEW David Atch of CyberX has identified a buffer overflow vulnerability in Schneider Electric’s Modicon M340 PLC product line. Schneider Electric has produced a new firmware patch to mitigate this vulnerability. This vulnerability could be exploited remotely. AFFECTED PRODUCTS Schneider...

Siemens Sm@rtClient Password Storage Vulnerability

OVERVIEW Siemens has identified a password storage vulnerability in its Sm@rtClient Android application. This vulnerability was reported directly to Siemens by Karsten Sohr from Universität Bremen and Stephan Huber from Fraunhofer SIT. Siemens has produced a new version to mitigate this...

Hospira Symbiq Infusion System Vulnerability

OVERVIEW This advisory was originally posted to the US-CERT secure Portal library on June 23, 2015, and is being released to the NCCIC/ICS-CERT web site. Independent researcher Billy Rios identified a vulnerability in Hospira’s Symbiq Infusion System, which can be exploited to remotely control th...

GE Proficy HMI/SCADA CIMPLICITY CimView Memory Access Violation

OVERVIEW This advisory was originally posted to the NCCIC/US-CERT secure Portal library on October 16, 2014, and is being released to the NCCIC/ICS-CERT web site. Independent researcher Said Arfi has identified a memory access violation vulnerability in GE’s CIMPLICITY CimView application. GE has...

IOServer Resource Exhaustion Vulnerability

OVERVIEW Chris Sistrunk of Mandiant and Adam Crain of Automatak have identified an out of bound read vulnerability in the IOServer application. IOServer has produced a new version that mitigates this vulnerability. Adam Crain has tested the new version to validate that it resolves the...

Siemens SIMATIC S7-1500 CPU Denial of Service

OVERVIEW Arnaud Ebalard from Agence Nationale de la Sécurité des Systèmes d’Information ANSSI has reported a denial-of-service DoS vulnerability in Siemens SIMATIC S7-1500 CPU. Siemens produced a new firmware version that mitigates this vulnerability and then reported it to NCCIC/ICS-CERT. This...

Ecava Integraxor SCADA Server Vulnerabilities

OVERVIEW This advisory was originally posted to the US-CERT secure Portal library on August 12, 2014, and is being released to the NCCIC/ICS-CERT web site. Independent researcher Andrea Micalizzi identified an Improper Privilege Management vulnerability within Ecava’s IntegraXor SCADA Server and...

COPA-DATA Improper Input Validation

OVERVIEW Automation software company Ing. Punzenberger COPA-DATA GmbH reported an improper input validation vulnerability affecting the DNP3 driver in the zenon SCADA software. The vulnerability was found based on the DNP3 research conducted by Adam Crain of Automatak and Chris Sistrunk of...

Siemens SIMATIC S7-1200 CPU Web Vulnerabilities

OVERVIEW Siemens ProductCERT and Ralf Spenneberg, Hendrik Schwartke, and Maik Brüggemann from OpenSource Training have reported two vulnerabilities in the Siemens SIMATIC S7-1200 CPU family. Siemens has produced a new product release that mitigates these vulnerabilities. AFFECTED PRODUCTS The...

Emerson DeltaV Uncontroller Resource Consumption Vulnerability

Overview This advisory was originally posted to the US-CERT secure portal library on February 22, 2013, and is now being released to the ICS-CERT Web page. This advisory provides mitigation details for a vulnerability that impacts the Emerson DeltaV MD and SD controllers. Independent researcher...