4224 matches found
Sensys Networks Traffic Sensor Vulnerabilities (Update A)
OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-14-247-01A Sensys Networks traffic sensor vulnerabilities that was published September 04, 2014, on the NCCIC/ICS-CERT web site. Researcher Cesar Cerrudo of IOActive has identified vulnerabilities in the Sensys...
Emerson DeltaV Vulnerabilities
OVERVIEW This advisory was originally posted to the US-CERT secure Portal library on May 13, 2014, and is being released to the NCCIC/ICS-CERT web site. Emerson has identified two authorization vulnerabilities in the Emerson DeltaV application. These vulnerabilities were reported directly to...
Invensys Wonderware Win-XML Exporter Improper Input Validation Vulnerability
Overview This advisory was originally posted to the US-CERT secure Portal library on March 08, 2013, and is now being released to the ICS-CERT Web page. This advisory provides mitigation details for a vulnerability that impacts the Invensys Wonderware Win-XML Exporter. Researchers Timur Yunusov,...
Philips Xper Buffer Overflow Vulnerability
OVERVIEW Independent researcher Billy Rios has identified a heap-based buffer overflow in the Philips Xper application. Philips has produced an update that mitigates this vulnerability. Philips has tested the update and verified that it resolves the vulnerability. This vulnerability could be...
Schneider Electric Trio J-Series Radio Encryption
OVERVIEW Schneider Electric has self-reported a hard-coded encryption key vulnerability in Schneider Electric’s J-Series Radios. Schneider Electric has produced a patch that mitigates this vulnerability and has published a customer security notification.Schneider Electric Cybersecurity...
Triangle Research Nano 10 PLC Denial of Service
OVERVIEW Researcher Jon Christmas of Solera Networks has identified an improper input validation vulnerability in Triangle Research International, Inc.’s Tri Inc. Nano‑10 programmable logic controller PLC. Tri Inc. has produced a firmware upgrade and tested it to validate that the upgrade resolve...
Wonderware Information Server Vulnerabilities
Overview This advisory was originally posted to the US-CERT secure Portal library on April 23, 2013, and is now being released to the ICS-CERT Web page. This advisory provides mitigation details for multiple vulnerabilities that impact the Invensys Wonderware Information Server WIS software...
C3-ilex EOScada Multiple Vulnerabilities
Overview This Advisory is a follow-up release to the original Advisory which was posted to the US-CERT secure Portal library October 08, 2012. Dale Peterson of Digital Bond has identified multiple vulnerabilities in the C3-ilex’s EOScada application that can result in data leakage and a...
goTenna Pro X and Pro X2 (Update A)
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION : Low attack complexity Vendor : goTenna Equipment : Pro series Vulnerabilities : Weak Password Requirements, Insecure Storage of Sensitive Information, Missing Support for Integrity Check, Cleartext Transmission of Sensitive Information,...
Siemens SINEC Traffic Analyzer
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
Uniview NVR301-04S2-P4 (Update A)
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.1 ATTENTION : Exploitable remotely/low attack complexity/public exploits available Vendor : Uniview Equipment : NVR301-04S2-P4 Vulnerability : Cross-site Scripting 2. RISK EVALUATION An attacker could send a user a URL that if clicked on could execute...
Mitsubishi Electric MELSEC-Q/L Series (Update B)
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION : Exploitable remotely/low attack complexity Vendor : Mitsubishi Electric Equipment : MELSEC-Q/L Series Vulnerabilities : Incorrect Pointer Scaling, Integer Overflow or Wraparound 2. RISK EVALUATION Successful exploitation of these...
Mitsubishi Electric Multiple Factory Automation Products (Update A)
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION : Exploitable remotely/low attack complexity Vendor : Mitsubishi Electric Corporation Equipment : MELSEC iQ-F Series Vulnerability : Insufficient Resource Pool 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a...
Siemens SIMATIC PCS neo
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
Mitsubishi Electric FA products (Update A)
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION : Exploitable remotely/low attack complexity Vendor : Mitsubishi Electric Corporation Equipment : MELSEC Series Vulnerability : Insufficient Verification of Data Authenticity 2. RISK EVALUATION Successful exploitation of this vulnerability may...
Datalogics Library Third-Party
1. EXECUTIVE SUMMARY CVSS v3 5.5 ATTENTION: Low attack complexity Vendor: Datalogics Equipment: Library APDFL v18.0.4PlusP1e Vulnerability: Stack-based buffer overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to crash the device. 3. TECHNICAL...
Advantech WebAccess/SCADA
1. EXECUTIVE SUMMARY CVSS v3 7.3 ATTENTION: Low attack complexity Vendor: Advantech Equipment: WebAccess/SCADA Vulnerabilities: Insufficient Type Distinction 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker full control over the supervisory control and data...
Siemens SINEC NMS Third-Party
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please seeSiemens' ProductCERT Security Advisories CERT Services | Services |...
Omron NJ/NX-series Machine Automation Controllers
1. EXECUTIVE SUMMARY CVSS v3 9.4 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: Omron Equipment: NJ/NX-series Controllers and Software Vulnerabilities: Hard-coded Credentials, Authentication Bypass by Capture-replay 2. RISK EVALUATION Successful...
Siemens Desigo CC and Cerberus DMS
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Desigo CC and Cerberus DMS Vulnerability: Use of Client-Side Authentication 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to impersonate...
Hitachi Energy RTU500 series
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: RTU500 series Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could cause an internal buffer overflow, which can...
Honeywell Experion LX
1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Honeywell Equipment: Experion LX Vulnerability: Missing Authentication for Critical Function CISA is aware of a public report known as “OT:ICEFALL” that details vulnerabilities found in multiple...
Sequi PortBloque S
1. EXECUTIVE SUMMARY CVSS v3 9.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Sequi Equipment: Sequi PortBloque S Vulnerabilities : Improper Authentication, Improper Authorization 2. RISK EVALUATION Successful exploitation of these vulnerabilities could result in unauthorized...
Siemens CPC80 Firmware of SICAM A8000
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: CPC80 Firmware of SICAM A8000 Vulnerability: Missing Release of Resource after Effective Lifetime 2. RISK EVALUATION Successful exploitation of this vulnerability could crash the...
Inkscape in Industrial Products
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Inkscape Equipment: Inkscape, an open-source graphics editor Vulnerabilities: Out-of-bounds Read, Access of Uninitialized Pointer, Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of these vulnerabilities...
Siemens SIMATIC CP 44x-1 RNA
1. EXECUTIVE SUMMARY CVSS v3 7.4 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIMATIC CP 442-1 RNA, 443-1 RNA Vulnerability: Uncontrolled Resource Consumption 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a...
Siemens Industrial Products
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please seeSiemens' ProductCERT Security Advisories CERT Services | Services |...
Schneider Electric SCADAPack Workbench
1. EXECUTIVE SUMMARY CVSS v3 5.5 ATTENTION: Low attack complexity Vendor: Schneider Electric Equipment: SCADAPack Workbench Vulnerability: Improper Restriction of XML External Entity Reference 2. RISK EVALUATION Successful exploitation of this vulnerability could result from exfiltration of data...
Philips e-Alert
1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable from an adjacent network/low attack complexity Vendor: Philips Equipment: e-Alert Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability may allow an unauthorized actor to...
ABB OPC Server for AC 800M
1. EXECUTIVE SUMMARY CVSS v3 8.4 ATTENTION: Exploitable remotely/low attack complexity Vendor: ABB Equipment: OPC Server for AC 800M Vulnerability: Execution with Unnecessary Privileges 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a low privileged authenticated...
Ransomware Awareness for Holidays and Weekends
Summary Immediate Actions You Can Take Now to Protect Against Ransomware • Make an offline backup of your data. • Do not click on suspicious links. • If you use RDP, secure and monitor it. • Update your OS and software. • Use strong passwords. • Usemulti-factor authentication. The Federal Bureau ...
Mitsubishi Electric MELSEC-F Series
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: MELSEC-F Series Vulnerability: Improper Initialization 2. RISK EVALUATION Successful exploitation of this vulnerability may cause a denial-of-service condition in the...
WECON LeviStudioU
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: WECON Technology Co., Ltd WECON Equipment: LeviStudioU Vulnerability: Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability may allow arbitrary code execution. 3. TECHNICAL DETAILS...
Hitachi Energy XMC20 and FOX61x
1. EXECUTIVE SUMMARY CVSS v3 9.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: XMC20 and FOX61x Vulnerabilities: Weak Password Requirements, Missing Handler 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to...
Xylem Aanderaa GeoView
1. EXECUTIVE SUMMARY CVSS v3 8.2 ATTENTION: Exploitable remotely/low attack complexity Vendor: Xylem, Inc. Equipment: Aanderaa GeoView Vulnerability: SQL Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to manipulate the database server. 3...
Mitsubishi Electric MELSEC iQ-R Series C Controller Module (Update B)
1. EXECUTIVE SUMMARY CVSS v3 6.8 ATTENTION: Exploitable remotely Vendor: Mitsubishi Electric Equipment: MELSEC iQ-R Series C Controller Module R12CCPU-V Vulnerability: Uncontrolled Resource Consumption 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled...
Siemens SIMATIC RFID
1. EXECUTIVE SUMMARY CVSS v3 7.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIMATIC RFID terminals Vulnerability: Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to remotely execute code. 3...
BadAlloc Vulnerability Affecting BlackBerry QNX RTOS
Summary On August 17, 2021, BlackBerry publicly disclosed that its QNX Real Time Operating System RTOS is affected by a BadAlloc vulnerability—CVE-2021-22156. BadAlloc is a collection of vulnerabilities affecting multiple RTOSs and supporting libraries.1 A remote attacker could exploit...
Sophisticated Spearphishing Campaign Targets Government Organizations, IGOs, and NGOs
Summary This Joint Cybersecurity Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge ATT &CK® framework, Version 9. See the ATT&CK for Enterprise for all referenced threat actor tactics and techniques. The Cybersecurity and Infrastructure Security Agency CISA and the...
Delta Electronics CNCSoft-B
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Delta Electronics Equipment: CNCSoft-B Vulnerabilities: Out-of-bounds Read, Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of these vulnerabilities could lead to arbitrary code execution. 3. TECHNICAL...
AppleJeus: Analysis of North Korea’s Cryptocurrency Malware
Summary This Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge ATT &CK® framework. See the ATT&CK for Enterprise for all referenced threat actor tactics and techniques. This joint advisory is the result of analytic efforts among the Federal Bureau of Investigation FBI,...
Advantech WebAccess/SCADA
1. EXECUTIVE SUMMARY CVSS v3 5.4 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Advantech Equipment: WebAccess/SCADA Vulnerability: Cross-site Scripting 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthorized user to steal a user’s...
Delta Electronics DOPSoft
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: Delta Electronics Equipment: DOPSoft Vulnerabilities: Out-of-bounds Write, Untrusted Pointer Dereference 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow arbitrary code execution. 3...
Advantech iView
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Advantech Equipment: iView Vulnerability: Path Traversal 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to read/modify information, execute arbitrary code,...
Siemens SIMATIC S7-200 SMART CPU Family
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIMATIC S7-200 SMART CPU family Vulnerability: Uncontrolled Resource Consumption 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause...
Mitsubishi Electric MELSEC
1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Mitsubishi Electric Equipment: MELSEC Vulnerability: Uncontrolled Resource Consumption 2. RISK EVALUATION Successful exploitation of this vulnerability may render the device unresponsive. 3...
Horner Automation Cscape
1. EXECUTIVE SUMMARY CVSS v3 6.6 ATTENTION: Low skill level to exploit Vendor: Horner Automation Equipment: Cscape Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could crash the device being accessed, allow the attacker to read...
Geutebrück GmbH E2 Series IP Cameras
1. EXECUTIVE SUMMARY CVSS v3 7.2 ATTENTION : Exploitable remotely/low skill level to exploit Vendor : Geutebrück GmbH Equipment : E2 Camera Series Vulnerability : OS Command Injection 2. RISK EVALUATION Successful exploitation of this vulnerability may allow a remote attacker to inject OS...
Siemens SIMATIC WinCC, PCS7, and TIA Portal Vulnerabilities (Update A)
OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-14-329-02 Siemens SIMATIC WinCC, PCS7, and TIA Portal Vulnerabilities that was published November 25, 2014, on the NCCIC/ICS-CERT web site. Siemens has identified two vulnerabilities within products utilizing the...
Universal Robots Robot Controllers
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Universal Robots Equipment: Robot Controllers Vulnerabilities: Use of Hard-coded Credentials, Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of these...