Mitsubishi Electric MELSOFT GT OPC UA

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: MELSOFT GT OPC UA Client Vulnerabilities: Out-of-bounds Read, Integer Overflow or Wraparound 2. RISK EVALUATION Successful exploitation of these vulnerabilities could...

Aethon TUG Home Base Server

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Aethon owned by ST Engineering Equipment: TUG Home Base Server Vulnerabilities: Missing Authorization, Channel Accessible by Non-endpoint, Cross-site Scripting 2. RISK EVALUATION Successful exploitation...

Advantech ADAM-3600

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Advantech Equipment: ADAM-3600 Vulnerability: Use of Hard-coded Cryptographic Key 2. RISK EVALUATION Successful exploitation of this vulnerability could allow unauthorized access to intercept traffic...

Fernhill SCADA

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Fernhill Software, Ltd. Equipment: Fernhill SCADA Server Vulnerability: Uncontrolled Resource Consumption 2. RISK EVALUATION Successful exploitation of this vulnerability could cause a denial-of-service...

Siemens SIMATIC ITC

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIMATIC ITC Products Vulnerabilities: Using Components with Known Vulnerabilities 2. RISK EVALUATION Successful exploitation of these LibVNC vulnerabilities could allow remote code...

Advantech WebAccess

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Advantech Equipment: WebAccess Vulnerabilities: Heap-based Buffer Overflow, Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to...

Siemens Teamcenter Active Workspace

1. EXECUTIVE SUMMARY CVSS v3 4.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Teamcenter Active Workspace Vulnerability: Path Traversal 2. RISK EVALUATION Successful exploitation of this vulnerability could lead to access control violations. 3. TECHNICAL...

Siemens SINEMA Server

1. EXECUTIVE SUMMARY CVSS v3 4.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SINEMA Server Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to obtain encoded...

Siemens TIM 1531 IRC

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: TIM 1531 IRC Vulnerability: Uncontrolled Resource Consumption 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote attacker to cause a...

Thales Sentinel LDK Run-Time Environment

1. EXECUTIVE SUMMARY CVSS v3 9.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Thales Equipment: Thales Sentinel LDK Run-Time Environment RTE Vulnerability: Incomplete Cleanup 2. RISK EVALUATION Products that have uninstalled software using the Sentinel LDK Run-Time Environment,...

Rockwell Automation Micro800 and MicroLogix 1400

1. EXECUTIVE SUMMARY CVSS v3 6.1 ATTENTION: Exploitable remotely Vendor: Rockwell Automation Equipment: Micro800, MicroLogix 1400 Vulnerability: Channel Accessible by Non-endpoint 2. RISK EVALUATION Successful exploitation of this vulnerability may result in denial-of-service conditions, which...

OPC Foundation UA Products Built with .NET Framework

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: OPC Foundation Equipment: OPC UA Servers Vulnerability: Uncontrolled Recursion 2. RISK EVALUATION Successful exploitation of this vulnerability could trigger a stack overflow. 3. TECHNICAL DETAILS 3.1...

Siemens SICAM A8000 RTUs

1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SICAM A8000 Remote Terminal Unit Series Vulnerability: Protection Mechanism Failure 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to...

Johnson Controls Sensormatic Electronics American Dynamics victor Web Client

1. EXECUTIVE SUMMARY CVSS v3 7.1 ATTENTION: Exploitable remotely Vendor: Sensormatic Electronics, LLC; a subsidiary of Johnson Controls Equipment: American Dynamics victor Web Client, Software House C•CURE Web Client Vulnerability: Improper Authorization 2. RISK EVALUATION Successful exploitation...

SHUN HU Technology JUUKO Industrial Radio Remote Control

1. EXECUTIVE SUMMARY CVSS v3 8.3 ATTENTION: Exploitable from an adjacent network/low skill level to exploit Vendor: SHUN HU Technology Co., Ltd Equipment: JUUKO Industrial Radio Remote Control Vulnerabilities: Authentication Bypass by Capture-replay, Command Injection 2. RISK EVALUATION...

Siemens SIPORT MP

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIPORT MP Vulnerability : Use of client-side authentication 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an authenticated attacker to impersonate...

Siemens Desigo Insight

1. EXECUTIVE SUMMARY CVSS v3 5.4 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: Desigo Insight Vulnerabilities: SQL Injection, Improper Restriction of Rendered UI Layers or Frames, Exposure of Sensitive Information to an Unauthorized Actor 2. RISK EVALUATION...

Tridium Niagara

1. EXECUTIVE SUMMARY CVSS v3 4,3 ATTENTION: Exploitable from adjacent network/low skill level to exploit Vendor: Tridium Equipment: Niagara Vulnerability: Synchronous Access of Remote Resource without Timeout 2. RISK EVALUATION Successful exploitation of this vulnerability could result in a...

Siemens Opcenter Execution Core (Update B)

1. EXECUTIVE SUMMARY CVSS v3 8.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: Opcenter Execution Core --------- Begin Update B Part 1 of 5 --------- Vulnerabilities: Cross-site Scripting, SQL Injection, Improper Access Control, Insufficiently Protected...

LCDS LAquis SCADA

1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Low skill level to exploit Vendor: LCDS - Leão Consultoria e Desenvolvimento de Sistemas Ltda ME Equipment: LAquis SCADA Vulnerabilities: Exposure of Sensitive Information to an Unauthorized Actor, Improper Input Validation 2. RISK EVALUATION Successful...

Insulet Omnipod

1. EXECUTIVE SUMMARY CVSS v3 7.3 ATTENTION: Low skill level to exploit/public exploits are known for this vulnerability Vendor: Insulet Equipment: Omnipod Insulin Management System Vulnerability: Improper Access Control 2. RISK EVALUATION Successful exploitation of this vulnerability may allow an...

ICSA-20-070-04_Johnson Controls Kantech EntraPass

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Kantech, a subsidiary of Johnson Controls Equipment: EntraPass Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow malicious code...

WAGO I/O-CHECK

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: WAGO Equipment: I/O-CHECK Series PFC100 and Series PFC200 Vulnerabilities: Information Exposure Through Sent Data, Buffer Access with Incorrect Length Value, Missing Authentication for Critical...

GE CARESCAPE, ApexPro, and Clinical Information Center systems

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: GE Equipment: CARESCAPE Telemetry Server, ApexPro Telemetry Server, CARESCAPE Central Station CSCS and Clinical Information Center CIC systems, CARESCAPE B450, B650, B850 Monitors Vulnerabilities:...

SICK MSC800

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: SICK Equipment: MSC800 Vulnerability: Use of Hard-coded Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a low-skilled remote attacker to reconfigure...

INVT Electric VT-Designer

1. EXECUTIVE SUMMARY CVSS v3 6.3 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: INVT Electric Equipment: VT-Designer Vulnerabilities: Deserialization of Untrusted Data, Heap-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of these vulnerabilities could cause...

Medtronic MiniMed MMT-500/MMT-503 Remote Controllers (Update A)

1. EXECUTIVE SUMMARY CVSS v3 5.3 Vendor: Medtronic --------- Begin Update A Part 1 of 3 -------- Equipment: Medtronic MiniMed MMT-500 and MMT-503 Remote Controllers --------- End Update A Part 1 of 3 -------- Vulnerabilities: Cleartext Transmission of Sensitive Information, Authentication Bypass...

Rockwell Automation Allen-Bradley CompactLogix and Compact GuardLogix (Update A)

1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Rockwell Automation Equipment: Allen-Bradley CompactLogix and Compact GuardLogix Vulnerability: Improper Input Validation 2 UPDATE INFORMATION This updated advisory is a follow-up to the original...

Schneider Electric InduSoft Web Studio and InTouch Machine Edition

CVSS v3 9.8 ATTENTION: Remotely exploitable/low skill level to exploit. Public exploits are available. Vendor: Schneider Electric Equipment: InduSoft Web Studio, InTouch Machine Edition Vulnerability: Stack-based Buffer Overflow AFFECTED PRODUCTS The following versions of InduSoft Web Studio and...

Advantech WebAccess

CVSS v3 7.3 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Advantech Equipment: WebAccess Vulnerabilities: Stack-based Buffer Overflow, Untrusted Pointer Dereference AFFECTED PRODUCTS The following versions of WebAccess, an HMI platform, are affected: WebAccess versions prior...

Siemens SIPROTEC 4 and SIPROTEC Compact

CVSS v3 8.6 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Siemens Equipment: SIPROTEC 4 and SIPROTEC Compact Vulnerabilities: Improper Input Validation, Missing Authorization, Improper Authentication AFFECTED PRODUCTS Siemens reports that the vulnerabilities affect the...

Siemens devices using the PROFINET Discovery and Configuration Protocol (Update F)

CVSS v3 6.5 ATTENTION: Exploitable from an adjacent network/low skill level to exploit. Vendor: Siemens Equipment: Devices using the PROFINET Discovery and Configuration Protocol DCP Vulnerability: Denial of Service UPDATE INFORMATION This updated advisory is a follow-up to the updated advisory...

Emerson DeltaV Easy Security Management Application Vulnerability

OVERVIEW Emerson has released a publication to inform its users of a vulnerability that affects DeltaV Easy Security Management. Emerson is terminating support for the DeltaV Easy Security Management application and highly recommends all users uninstall it from all DeltaV and non-DeltaV...

Schneider Electric Unity PRO Control Flow Management Vulnerability

OVERVIEW Avihay Kain and Mille Gandelsman of Indegy have identified a vulnerability in Schneider Electric Unity PRO Software product. Schneider Electric has released a security notification with instructions to mitigate this vulnerability. This vulnerability could be exploited remotely. AFFECTED...

Ecava IntegraXor Vulnerabilities

OVERVIEW Independent security researcher Marcus Richerson and Steven Seeley of Source Incite, working with Trend Micro’s Zero Day Initiative, independently identified vulnerabilities in Ecava’s IntegraXor application. Ecava has produced a new version to mitigate these vulnerabilities. Marcus...

Siemens SIMATIC WinCC TIA Portal Vulnerabilities

OVERVIEW Gleb Gritsai, Roman Ilin, Aleksandr Tlyapov, and Sergey Gordeychik from Positive Technologies have identified authentication vulnerabilities in the Siemens SIMATIC WinCC TIA Portal application. Siemens has produced a service pack that mitigates these vulnerabilities. These vulnerabilitie...

Schneider Electric ETG3000 FactoryCast HMI Gateway Vulnerabilities

OVERVIEW Narendra Shinde of Qualys Security has identified multiple vulnerabilities in Schneider Electric’s ETG3000 FactoryCast HMI Gateway. Schneider Electric has produced a firmware update that mitigates part of these vulnerabilities. These vulnerabilities could be exploited remotely. AFFECTED...

Schneider Electric ProClima ActiveX Control Vulnerabilities

OVERVIEW Ariele Caltabiano, working with HP’s Zero Day Initiative, has identified 11 remote code execution vulnerabilities in Schneider Electric’s ProClima F1 Bookview ActiveX control application. Schneider Electric has produced an update to mitigate these vulnerabilities. These vulnerabilities...

Baxter SIGMA Spectrum Infusion System Vulnerabilities

OVERVIEW This advisory was originally posted to the US-CERT secure Portal library on June 30, 2015, and is being released to the NCCIC/ICS-CERT web site. Researcher Jared Bird with Allina IS Security identified four vulnerabilities in Baxter’s SIGMA Spectrum Infusion System. Baxter has released a...

Siemens ROS Improper Input Validation (Update A)

OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-14-087-01 Siemens ROS Improper Input Validation that was published March 28, 2014, on the NCCIC/ICS-CERT web site. Researcher Aivar Liimets from Martem Telecontrol Systems reported an improper input validation...

Siemens Ruggedcom WIN Products BEAST Attack Vulnerability

OVERVIEW Siemens has identified a BEAST Browser Exploit Against SSL/TLS attack vulnerability in Siemens Ruggedcom WIN products. This vulnerability was originally reported directly to Siemens ProductCERT by Dan Frein and Paul Cotter of West Monroe Partners. Siemens has produced a firmware update...

Schneider Electric MiCOM S1 Studio Improper Authorization Vulnerability

Overview This advisory provides mitigation details for a vulnerability affecting the Schneider Electric MiCOM S1 Studio Software. Independent researcher Michael Toecker of Digital Bond has identified an improper authorization vulnerability in the MiCOM S1 Studio Software using the Microsoft Attac...

GE Intelligent Platforms Proficy Plant Applications Memory Corruption Vulnerabilities

Overview ICS-CERT received a report from GE Intelligent Platforms and the Zero Day Initiative ZDI concerning multiple memory corruption vulnerabilities in the GE Intelligent Platforms Proficy Plant Applications. These vulnerabilities were reported to ZDI by independent security researcher Luigi...

Tridium Niagara Vulnerabilities

OVERVIEW --------- Begin Update A Part 1 of 2 -------- This updated advisory is a follow-up to the original advisory titled ICSA-12-228-01 Tridium Niagara Multiple Vulnerabilities that was published August 15, 2012, on the ICS-CERT Web page. It is also a follow-up to ICS-ALERT-12-195-01 Tridium...

WellinTech KingView Multiple Vulnerabilities

Overview Independent researchers Carlos Mario Penagos Hollman and Dillon Beresford identified multiple vulnerabilities in WellinTech’s KingView and a single vulnerability in WellinTech’s KingHistorian application. These vulnerabilities are exploitable remotely. WellinTech has created a patch and...

TELSAT marKoni FM Transmitter

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION : Exploitable remotely/low attack complexity/public exploits are available Vendor : marKoni Equipment : Markoni-D Compact FM Transmitters, Markoni-DH Exciter+Amplifiers FM Transmitters Vulnerabilities : Command Injection, Use of Hard-coded...

Unitronics Vision Legacy series (Update A)

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION : Exploitable remotely/low attack complexity Vendor : Unitronics Equipment : Vision Legacy series Vulnerability : Storing Passwords in a Recoverable Format 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker...

ICSNPP - Ethercat Zeek Plugin

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION : Exploitable remotely/low attack complexity Vendor : CISA Equipment : Industrial Control Systems Network Protocol Parsers ICSNPP - Ethercat Plugin for Zeek Vulnerabilities : Out-of-bounds Write, Out-of-bounds Read 2. RISK EVALUATION Successful...

Siemens SCALANCE W1750D

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

Open Design Alliance Drawing SDK

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION : Low attack complexity Vendor : Open Design Alliance ODA Equipment : Drawing SDK Vulnerabilities : Use after Free, Heap-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could allow remote attackers to...