Siemens SIMATIC Sm@rtClient Android App

CVSS v3 7.4 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Siemens Equipment: SIMATIC Sm@rtClient Android App Vulnerabilities: Man-in-the-Middle, Authentication Bypass Using an Alternate Path or Channel AFFECTED PRODUCTS Siemens reports that the vulnerabilities affect the...

Siemens devices using the PROFINET Discovery and Configuration Protocol (Update J)

CVSS v3 6.5 ATTENTION: Exploitable from an adjacent network/low skill level to exploit. Vendor: Siemens Equipment: Devices using the PROFINET Discovery and Configuration Protocol DCP Vulnerability: Improper Input Validation UPDATE INFORMATION This updated advisory is a follow-up to the updated...

Siemens devices using the PROFINET Discovery and Configuration Protocol (Update C)

CVSS v3 6.5 ATTENTION: Exploitable from an adjacent network/low skill level to exploit. Vendor: Siemens Equipment: Devices using the PROFINET Discovery and Configuration Protocol DCP Vulnerability: Denial of Service UPDATE INFORMATION This updated advisory is a follow-up to the updated advisory...

Belden Hirschmann GECKO (Update A)

CVSS v3 7.1 ATTENTION: Remotely Exploitable/low skill level to exploit. Vendor: Belden Equipment: Hirschmann GECKO --------- Begin Update A Part 1 of 5 -------- Vulnerabilities: Path Traversal, Server-Side Request Forgery, Cross-Site Request Forgery, Information Exposure --------- End Update A...

Siemens SIMATIC STEP 7 (TIA Portal) Information Disclosure Vulnerabilities

OVERVIEW Siemens has released a new version of SIMATIC STEP 7 TIA Portal to mitigate information disclosure vulnerabilities. These vulnerabilities were reported directly to Siemens by Dmitry Sklyarov and Gleb Gritsai from Positive Technologies. Siemens has produced a new version to mitigate these...

Navis WebAccess SQL Injection Vulnerability

OVERVIEW This advisory is a follow-up to the original alert, titled ICS-ALERT-16-230-01 Navis WebAccess SQL Injection Vulnerability,ICS-ALERT-16-230-01, Navis WebAccess SQL Injection Vulnerability, https://ics-cert.us-cert.gov/alerts/ICS-ALERT-16-230-01, web site last accessed August 18, 2016...

WECON LeviStudio Buffer Overflow Vulnerabilities

OVERVIEW Independent security researchers Rocco Calvi and Brian Gorenc, working with Trend Micro’s Zero Day Initiative, have identified buffer overflow vulnerabilities in WECON’s LeviStudio software. WECON has not released a product fix to addresses the buffer overflow vulnerabilities in the...

Beckwith Electric TCP Initial Sequence Vulnerability

OVERVIEW Raheem Beyah, David Formby, and San Shin Jung of Georgia Tech, via a research project partially sponsored by the Georgia Tech National Electric Energy Testing Research and Applications Center, have identified a TCP initial sequence numbers vulnerability in two of Beckwith Electric’s...

Yokogawa Centum Buffer Overflow Vulnerability

OVERVIEW Researcher group Rapid7 has identified a buffer overflow vulnerability in Yokogawa CENTUM products. Yokogawa has produced a patch that mitigates this vulnerability. This vulnerability could be exploited remotely. AFFECTED PRODUCTS Yokogawa reports that the vulnerability affects the...

Triangle MicroWorks Improper Input Validation

OVERVIEW Adam Crain of Automatak and independent researcher Chris Sistrunk have identified an improper input validation vulnerability in multiple Triangle MicroWorks’ products and third‑party components. Triangle MicroWorks has produced an update that mitigates this vulnerability. Adam Crain has...

Siemens S7-1200 Web Application Cross Site Scripting

Overview This advisory provides mitigation details provided by Siemens for a vulnerability that impacts the Siemens S7-1200 Web Application Module. Siemens has reportedSSA-279823, http://www.siemens.com/corporate-technology/en/research-areas/siemens-cert-security-advisories.htm, Web site last...

Sungrow iSolarCloud Android App, WiNet Firmware

RISK EVALUATION Successful exploitation of these vulnerabilities could result in attackers being able to access and could modify sensitive information. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:...

Vonets WiFi Bridges

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 10.0 ATTENTION : Exploitable remotely/low attack complexity Vendor : Vonets Equipment : VAR1200-H, VAR1200-L, VAR600-H, VAP11AC, VAP11G-500S, VBG1200, VAP11S-5G, VAP11S, VAR11N-300, VAP11G-300, VAP11N-300, VAP11G, VAP11G-500, VBG1200, VAP11AC, VGA-1000...

Siemens SIMATIC CN 4100

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

Commend WS203VICM

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.4 ATTENTION : Exploitable remotely/low attack complexity Vendor : Commend Equipment : WS203VICM Vulnerabilities : Argument Injection, Improper Access Control, Weak Encoding for Password 2. RISK EVALUATION Successful exploitation of these vulnerabilities...

APsystems Energy Communication Unit (ECU-C) Power Control Software

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION : Exploitable via adjacent network / low attack complexity Vendor : APsystems Equipment : Energy communication Unit ECU-C Power Control Software Vulnerability : Improper Access Control 2. RISK EVALUATION Successful exploitation of this...

Siemens SICAM Q100 Devices

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

Mitsubishi Electric MELSEC iQ-F/iQ-R Series CPU Module (Update A)

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION : Exploitable remotely/low attack complexity Equipment : MELSEC iQ-F/iQ-R Series Vulnerability : Improper Restriction of Excessive Authentication Attempts 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote...

Rockwell Automation Arena

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION : Low attack complexity Vendor : Rockwell Automation Equipment : Arena Vulnerabilities : Out-of-Bounds Read, Access of Uninitialized Pointer 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute...

Siemens SIMATIC CP products

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

Rockwell Automation Connected Components Workbench

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.6 ATTENTION : Exploitable remotely/low attack complexity/public exploits are available/known public exploitation Vendor : Rockwell Automation Equipment : Connected Components Workbench Vulnerabilities : Use After Free, Out-of-bounds Write 2. RISK...

Omron Engineering Software

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.5 ATTENTION : Low attack complexity Vendor : Omron Equipment : Sysmac Studio Vulnerability : Improper Authorization 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code. 3. TECHNICAL DETAILS...

​Siemens JT Open, JT Utilities, and Parasolid

​​As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services ...

Johnson Controls OpenBlue Enterprise Manager Data Collector

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Johnson Controls Inc. Equipment: OpenBlue Enterprise Manager Data Collector Vulnerabilities: Improper Authentication, Exposure of Sensitive Information to an Unauthorized Actor 2. RISK EVALUATION...

Hitachi Energy Gateway Station

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: Gateway Station GWS Vulnerabilities: NULL Pointer Dereference, Infinite Loop 2. RISK EVALUATION Successful exploitation of these vulnerabilities could cause affected modules to...

Medtronic Micro Clinician and InterStim Apps

1. EXECUTIVE SUMMARY CVSS v3 6.4 ATTENTION: Low attack complexity Vendor: Medtronic Equipment: Micros Clinician A51200 app and InterStim X Clinician A51300 app Vulnerabilities: Unverified Password Change 2. RISK EVALUATION Successful exploitation of this vulnerability could cause the clinician...

Siemens Simcenter Femap before V2023.1

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please seeSiemens' ProductCERT Security Advisories CERT Services | Services |...

Siemens SINUMERIK ONE and SINUMERIK MC

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please seeSiemens' ProductCERT Security Advisories CERT Services | Services |...

Altair HyperView Player

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Altair Equipment: HyperView Player Vulnerabilities: Improper Restriction of Operations within the Bounds of a Memory Buffer, Use of Uninitialized Resource, Improper Validation of Array Index 2. RISK EVALUATION Successful...

Baxter Sigma Spectrum Infusion Pump (Update A)

1. EXECUTIVE SUMMARY --------- Begin Update A part 1 of 3 --------- CVSS v3 7.5 --------- End Update A part 1 of 3 --------- ATTENTION: Exploitable remotely Vendor: Baxter Equipment: Sigma and Baxter Spectrum Infusion Pumps Vulnerabilities: Missing Encryption of Sensitive Data, Use of Externally...

LS ELECTRIC PLC and XG5000 (Update A)

1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable remotely/low attack complexity Vendor : LS ELECTRIC, LS Industrial Systems LSIS Co. Ltd Equipment: LS ELEC PLC and XG5000 Vulnerability: Inadequate Encryption Strength 2. UPDATE This updated advisory is a follow-up to the original advisory...

Siemens SICAM GridEdge

1. EXECUTIVE SUMMARY CVSS v3 6.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SICAM GridEdge Vulnerability: Exposure of Resource to Wrong Sphere 2. RISK EVALUATION The SICAM GridEdge software contains an improper access control vulnerability, which could allow...

Siemens Mendix Applications

1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Mendix Applications Vulnerability: Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a malicious user to leak sensitive information if the...

Siemens Mendix SAML Module

1. EXECUTIVE SUMMARY CVSS v3 8.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Mendix SAML Module Vulnerabilities: Improper Restriction of XML External Entity Reference, Cross-site Scripting 2. RISK EVALUATION Successful exploitation of these vulnerabilities may...

Johnson Controls Metasys

1. EXECUTIVE SUMMARY CVSS v3 8.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Johnson Controls, Inc. Equipment: Metasys ADS/ADX/OAS Servers Vulnerability: Unverified Password Change 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an authenticated user...

Fuji Electric Alpha5

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Fuji Electric Equipment: Alpha5 Vulnerabilities: Access of Uninitialized Pointer, Out-of-bound Read, Stack-based Buffer Overflow, Heap-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of these...

Schneider Electric SESU

1. EXECUTIVE SUMMARY CVSS v3 3.8 ATTENTION: Low attack complexity Vendor: Schneider Electric Equipment: Schneider Electric Software Update SESU Vulnerability: Insufficient Entropy 2. RISK EVALUATION Successful exploitation of this vulnerability could cause unintended connection from an internal...

Philips MRI 1.5T and 3T (Update A)

1. EXECUTIVE SUMMARY CVSS v3 6.2 ATTENTION: Low attack complexity Vendor: Philips Equipment: MRI 1.5T and 3T Vulnerabilities: Improper Access Control, Incorrect Ownership Assignment, Exposure of Sensitive Information to an Unauthorized Actor 2. RISK EVALUATION Successful exploitation of these...

Siemens NX OBJ Translator

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: low attack complexity Vendor: Siemens Equipment: NX Vulnerabilities: Use After Free, Access of Uninitialized Pointer 2. RISK EVALUATION Successful exploitation of these vulnerabilities could lead to an access violation and arbitrary code execution on...

Trane HVAC Systems Controls

1. EXECUTIVE SUMMARY CVSS v3 6.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Trane Equipment: Building Automation Controllers Tracer SC Vulnerability: Cross-site Scripting 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to redirect a user...

Siemens SINEC NMS

1. EXECUTIVE SUMMARY CVSS v3 7.2 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SINEC NMS Vulnerability: OS Command Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an authenticated remote attacker with system privileges to...

Open Design Alliance Drawings SDK

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Open Design Alliance Equipment: Drawings SDK Vulnerabilities: Out-of-bounds Read, Out-of-bounds Write, Improper check for Unusual or Exceptional Conditions, Use After Free 2. RISK EVALUATION Successful exploitation of these...

ABB CP651 HMI

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable from adjacent network/low skill level to exploit Vendor: ABB Equipment: CP651 HMI Vulnerability: Use of Hard-coded Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to prevent legitimate...

GE Proficy GDS

1. EXECUTIVE SUMMARY CVSS v3 8.2 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: General Electric GE Equipment: Proficy GDS Vulnerability: XXE 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to initiate an OPC UA session and retrieve an...

Siemens SIPROTEC 4 and SIPROTEC Compact (Update A)

CVSS v3 8.6 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Siemens Equipment: SIPROTEC 4 and SIPROTEC Compact Vulnerabilities: Improper Input Validation, Missing Authorization, Improper Authentication UPDATE INFORMATION This updated advisory is a follow-up to the original...

Siemens devices using the PROFINET Discovery and Configuration Protocol (Update D)

CVSS v3 6.5 ATTENTION: Exploitable from an adjacent network/low skill level to exploit. Vendor: Siemens Equipment: Devices using the PROFINET Discovery and Configuration Protocol DCP Vulnerability: Denial of Service UPDATE INFORMATION This updated advisory is a follow-up to the updated advisory...

Siemens SINUMERIK Integrate and SINUMERIK Operate

CVSS v3 7.4 ATTENTION: Remotely exploitable. Vendor: Siemens Equipment: SINUMERIK Integrate, SINUMERIK Operate Vulnerability: Man-in-the-Middle AFFECTED PRODUCTS Siemens reports that the vulnerability affects the following SINUMERIK Integrate and Operate product suite versions: SINUMERIK Integrat...

BINOM3 Electric Power Quality Meter (Update A)

CVSS v3 10 ATTENTION: Remotely exploitable/low skill level to exploit Vendor: BINOM3 Equipment: Electric Power Quality Meter Vulnerabilities: Cross-site scripting, access control issues, cross-site request forgery CSRF, sensitive information stored in clear-text, and weak credentials management...

OmniMetrix OmniView Vulnerabilities

OVERVIEW Bill Voltmer of Elation Technologies LLC has identified vulnerabilities in OmniMetrix’s OmniView web application. OmniMetrix has produced a new software version for its web interface that mitigates these vulnerabilities. These vulnerabilities could be exploited remotely. AFFECTED PRODUCT...

Moxa DACenter Vulnerabilities

OVERVIEW Independent researcher Zhou Yu has identified denial-of-service and unquoted service path privilege escalation vulnerabilities in Moxa’s DACenter application. Moxa has produced a patch to mitigate these vulnerabilities. Zhou Yu has tested the patch to validate that it resolves the...