Lucene search
+L
IcsMost viewed

4255 matches found

ics
ics
added 2017/08/22 12:0 a.m.45 views

SpiderControl SCADA Web Server

CVSS v3 5.3 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: SpiderControl Equipment: SCADA Web Server Vulnerability: Directory Traversal AFFECTED PRODUCTS The following versions of SpiderControl SCADA Web Server, a software management platform, are affected: SCADA Web Server...

7.5CVSS7.8AI score0.03842EPSS
Exploits0References3
ics
ics
added 2017/08/10 12:0 a.m.45 views

Solar Controls Heating Control Downloader (HCDownloader)

CVSS v3 7.8 ATTENTION: Low skill level to exploit. Vendor: Solar Controls Equipment: Heating Control Downloader HCDownloader Vulnerability: Uncontrolled Search Path Element AFFECTED PRODUCTS The following versions of Solar Controls’ Heating Control Downloader HCDownloader are affected:...

9.3CVSS8AI score0.01761EPSS
Exploits0References3
ics
ics
added 2017/05/09 12:0 a.m.45 views

Siemens devices using the PROFINET Discovery and Configuration Protocol (Update D)

CVSS v3 6.5 ATTENTION: Exploitable from an adjacent network/low skill level to exploit. Vendor: Siemens Equipment: Devices using the PROFINET Discovery and Configuration Protocol DCP Vulnerability: Denial of Service UPDATE INFORMATION This updated advisory is a follow-up to the updated advisory...

6.5CVSS0.4AI score0.00469EPSS
Exploits0References37
ics
ics
added 2017/05/08 12:0 a.m.45 views

ICSA-17-129-01 Siemens devices using the PROFINET Discovery and Configuration Protocol (Update K)

1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable from an adjacent network/low skill level to exploit Vendor: Siemens Equipment: Devices using the PROFINET Discovery and Configuration Protocol DCP Vulnerability: Improper Input Validation 2. UPDATE INFORMATION This updated advisory is a...

6.5CVSS6.5AI score0.00469EPSS
Exploits0References9
ics
ics
added 2016/12/12 7:0 a.m.45 views

Schneider Electric Telvent RTU Improper Ethernet Frame Padding Vulnerability

OVERVIEW David Formby and Raheem Beyah of Georgia Tech have identified a vulnerability caused by an Institute of Electrical and Electronics Engineers IEEE conformance issue involving improper frame padding in Schneider Electric’s Telvent SAGE 2300 and 2400 remote terminal units RTUs. Schneider...

5.3CVSS5.6AI score0.01176EPSS
Exploits0References10
ics
ics
added 2016/09/16 6:0 a.m.45 views

Moxa DACenter Vulnerabilities

OVERVIEW Independent researcher Zhou Yu has identified denial-of-service and unquoted service path privilege escalation vulnerabilities in Moxa’s DACenter application. Moxa has produced a patch to mitigate these vulnerabilities. Zhou Yu has tested the patch to validate that it resolves the...

7.1CVSS7.8AI score0.00937EPSS
Exploits0References10
ics
ics
added 2016/07/17 6:0 a.m.45 views

Kabona AB WDC Vulnerabilities (Update A)

OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-17-287-07 Kabona AB WDC Vulnerabilities that was published October 13, 2016, on the NCCIC/ICS-CERT web site. Martin Jartelius and John Stock of Outpost 24 have identified vulnerabilities in Kabona AB’s...

8.2CVSS9.5AI score0.0107EPSS
Exploits0References10
ics
ics
added 2016/07/17 6:0 a.m.45 views

Siemens SIMATIC STEP 7 (TIA Portal) Information Disclosure Vulnerabilities

OVERVIEW Siemens has released a new version of SIMATIC STEP 7 TIA Portal to mitigate information disclosure vulnerabilities. These vulnerabilities were reported directly to Siemens by Dmitry Sklyarov and Gleb Gritsai from Positive Technologies. Siemens has produced a new version to mitigate these...

4.7AI score
Exploits0References10
ics
ics
added 2015/12/27 7:0 a.m.45 views

Schneider Electric InduSoft Web Studio and InTouch Machine Edition 2014 Vulnerabilities

OVERVIEW Gleb Gritsai, Ilya Karpov, and Kirill Nesterov of Positive Technologies Security Lab and independent researcher Alisa Esage Shevchenko have identified vulnerabilities in the Schneider Electric InduSoft Web Studio and InTouch Machine Edition 2014. Schneider Electric has released new patch...

5CVSS6.8AI score0.02383EPSS
Exploits0References10
ics
ics
added 2015/10/30 6:0 a.m.45 views

Schneider Electric Multiple Products Buffer Overflow Vulnerability

OVERVIEW NCCIC/ICS-CERT received a report from Ariele Caltabiano kimiya with HP’s Zero Day Initiative ZDI concerning a buffer overflow vulnerability in Schneider Electric’s SoMove Lite software package. While addressing this vulnerability, Schneider Electric identified multiple vulnerable Schneid...

7.5CVSS7.6AI score0.05567EPSS
Exploits0References10
ics
ics
added 2015/03/07 7:0 a.m.45 views

XZERES 442SR Wind Turbine CSRF Vulnerability

OVERVIEW Independent researcher Maxim Rupp has identified a cross-site request forgery CSRF vulnerability in XZERES’s 442SR turbine generator operating system OS. XZERES has produced a patch to mitigate this vulnerability. This vulnerability could be exploited remotely. AFFECTED PRODUCTS The...

6.8CVSS7.2AI score0.00636EPSS
Exploits0References10
ics
ics
added 2015/03/05 7:0 a.m.45 views

Beckwith Electric TCP Initial Sequence Vulnerability

OVERVIEW Raheem Beyah, David Formby, and San Shin Jung of Georgia Tech, via a research project partially sponsored by the Georgia Tech National Electric Energy Testing Research and Applications Center, have identified a TCP initial sequence numbers vulnerability in two of Beckwith Electric’s...

6.4CVSS6.6AI score0.01558EPSS
Exploits0References10
ics
ics
added 2014/07/24 6:0 a.m.45 views

Rockwell Automation Connected Components Workbench ActiveX Component Vulnerabilities

OVERVIEW This advisory was originally posted to the US-CERT secure Portal library on November 6, 2014, and is being released to the NCCIC/ICS-CERT web site. Independent researcher Andrea Micalizzi working through ZDI has identified two custom ActiveX Component vulnerabilities in Rockwell...

7.5CVSS7AI score0.11EPSS
Exploits0References10
ics
ics
added 2014/03/01 7:0 a.m.45 views

Triangle MicroWorks Uncontrolled Resource Consumption

OVERVIEW Adam Crain of Automatak and Chris Sistrunk of Mandiant have identified an uncontrolled resource consumption vulnerability in Triangle MicroWorks products and third-party components. Triangle MicroWorks has produced an update that mitigates this vulnerability. This vulnerability could be...

5CVSS6.3AI score0.01791EPSS
Exploits0References10
ics
ics
added 2013/09/15 6:0 a.m.45 views

Siemens COMOS Privilege Escalation

OVERVIEW Siemens notified NCCIC/ICS-CERT of a privilege escalation vulnerability in the Siemens COMOS database application. An update has been produced by Siemens and is available to resolve the vulnerability. The client application used for accessing the database system might allow authenticated...

6.9CVSS6.3AI score0.00309EPSS
Exploits0References10
ics
ics
added 2013/05/31 6:0 a.m.45 views

Triangle MicroWorks Improper Input Validation

OVERVIEW Adam Crain of Automatak and independent researcher Chris Sistrunk have identified an improper input validation vulnerability in multiple Triangle MicroWorks’ products and third‑party components. Triangle MicroWorks has produced an update that mitigates this vulnerability. Adam Crain has...

6.2AI score
Exploits0References10
ics
ics
added 2013/05/17 6:0 a.m.45 views

Kepware Technologies Improper Input Validation Vulnerability

OVERVIEW Adam Crain of Automatak and independent researcher Chris Sistrunk have identified a improper input validation vulnerability in the Kepware Technologies’ DNP Master Driver for the KEPServerEX Communications Platform. Kepware Technologies has produced a new version that mitigates this...

7.8CVSS6.2AI score0.01818EPSS
Exploits0References10
ics
ics
added 2025/08/07 6:0 a.m.44 views

Dreame Technology iOS and Android Mobile Applications (Update A)

RISK EVALUATION Successful exploitation of this vulnerability could result in unauthorized information disclosure. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network exposure for all control...

8.5CVSS5.8AI score0.00117EPSS
Exploits0References11
ics
ics
added 2025/04/10 6:0 a.m.44 views

Rockwell Automation Arena

RISK EVALUATION Successful exploitation of these vulnerabilities could disclose information to an attacker or allow execution of arbitrary code on the system. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities...

8.5CVSS7.6AI score0.00292EPSS
Exploits0References10
ics
ics
added 2024/08/13 12:0 a.m.44 views

Siemens Teamcenter Visualization and JT2Go

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

8.7CVSS8.1AI score0.0117EPSS
Exploits0References10
ics
ics
added 2024/08/13 12:0 a.m.44 views

Siemens SCALANCE M-800, RUGGEDCOM RM1224

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

8.8CVSS8.4AI score0.01001EPSS
Exploits0References10
ics
ics
added 2024/08/01 6:0 a.m.44 views

Vonets WiFi Bridges

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 10.0 ATTENTION : Exploitable remotely/low attack complexity Vendor : Vonets Equipment : VAR1200-H, VAR1200-L, VAR600-H, VAP11AC, VAP11G-500S, VBG1200, VAP11S-5G, VAP11S, VAR11N-300, VAP11G-300, VAP11N-300, VAP11G, VAP11G-500, VBG1200, VAP11AC, VGA-1000...

10CVSS10AI score0.01705EPSS
Exploits0References10
ics
ics
added 2024/03/12 12:0 a.m.44 views

Siemens SINEMA Remote Connect Client

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

7.6CVSS7.2AI score0.00431EPSS
Exploits0References12
ics
ics
added 2024/02/29 7:0 a.m.44 views

MicroDicom DICOM Viewer

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION : Low attack complexity Vendor : MicroDicom Equipment : DICOM Viewer Vulnerabilities : Heap-based Buffer Overflow, Out-of-Bounds Write 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to cause memory...

7.8CVSS8.5AI score0.00264EPSS
Exploits0References8
ics
ics
added 2024/01/23 7:0 a.m.44 views

APsystems Energy Communication Unit (ECU-C) Power Control Software

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION : Exploitable via adjacent network / low attack complexity Vendor : APsystems Equipment : Energy communication Unit ECU-C Power Control Software Vulnerability : Improper Access Control 2. RISK EVALUATION Successful exploitation of this...

8.8CVSS9AI score0.00642EPSS
Exploits1References8
ics
ics
added 2024/01/23 7:0 a.m.44 views

Voltronic Power ViewPower Pro

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Voltronic Power Equipment: ViewPower Pro Vulnerabilities: Deserialization of Untrusted Data, Missing Authentication for Critical Function, Exposed Dangerous Method or Function, OS Command...

9.8CVSS9.9AI score0.45744EPSS
Exploits0References8
ics
ics
added 2024/01/23 7:0 a.m.44 views

Orthanc Osimis DICOM Web Viewer

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.1 ATTENTION : Exploitable remotely/low attack complexity Vendor : Orthanc Equipment : Osimis Web Viewer Vulnerability : Cross-site Scripting 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute arbitrary...

7.1CVSS6.7AI score0.00308EPSS
Exploits0References10
ics
ics
added 2023/12/12 12:0 a.m.44 views

Siemens SIMATIC and SIPLUS Products

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

7.5CVSS8.2AI score0.00722EPSS
Exploits0References12
ics
ics
added 2023/11/14 7:0 a.m.44 views

Rockwell Automation SIS Workstation and ISaGRAF Workbench

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION : Low attack complexity Vendor : Rockwell Automation Equipment : SIS Workstation and ISaGRAF Workbench Vulnerability : Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow unprivileged local...

9.3CVSS7.7AI score0.01525EPSS
Exploits1References10
ics
ics
added 2023/08/08 12:0 a.m.44 views

​Siemens JT Open, JT Utilities, and Parasolid

​​As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services ...

7.8CVSS8.1AI score0.00202EPSS
Exploits0References12
ics
ics
added 2023/07/11 12:0 a.m.44 views

Sensormatic Electronics iSTAR

1. EXECUTIVE SUMMARY ​CVSS v3 7.5 ​ATTENTION: Exploitable via adjacent network/Low attack complexity ​Vendor: Sensormatic Electronics, LLC, a subsidiary of Johnson Controls Inc. ​Equipment: iSTAR ​Vulnerability: Improper Authentication 2. RISK EVALUATION ​Successful exploitation of this...

9.8CVSS9AI score0.00562EPSS
Exploits0References8
ics
ics
added 2023/06/13 12:0 a.m.44 views

Siemens Teamcenter Visualization and JT2Go

​​As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services ...

7.8CVSS6.8AI score0.00217EPSS
Exploits0References12
ics
ics
added 2023/05/22 2:17 p.m.44 views

Johnson Controls OpenBlue Enterprise Manager Data Collector

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Johnson Controls Inc. Equipment: OpenBlue Enterprise Manager Data Collector Vulnerabilities: Improper Authentication, Exposure of Sensitive Information to an Unauthorized Actor 2. RISK EVALUATION...

10CVSS6.8AI score0.01095EPSS
Exploits0References5
ics
ics
added 2023/05/09 12:0 a.m.44 views

Siemens SCALANCE W1750D

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please seeSiemens' ProductCERT Security Advisories CERT Services | Services |...

7.5CVSS7.1AI score0.00897EPSS
Exploits1References12
ics
ics
added 2023/02/14 12:0 a.m.44 views

Siemens Simcenter Femap before V2023.1

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please seeSiemens' ProductCERT Security Advisories CERT Services | Services |...

7.8CVSS8.2AI score0.00228EPSS
Exploits0References11
ics
ics
added 2023/01/26 12:0 p.m.44 views

Protecting Against Malicious Use of Remote Monitoring and Management Software

Summary The Cybersecurity and Infrastructure Security Agency CISA, National Security Agency NSA, and Multi-State Information Sharing and Analysis Center MS-ISAC hereafter referred to as the “authoring organizations” are releasing this joint Cybersecurity Advisory CSA to warn network defenders abo...

9.4AI score
Exploits0References43
ics
ics
added 2022/11/08 12:0 a.m.44 views

Siemens SINUMERIK ONE and SINUMERIK MC

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please seeSiemens' ProductCERT Security Advisories CERT Services | Services |...

9.3CVSS8.9AI score0.00217EPSS
Exploits0References11
ics
ics
added 2022/10/18 12:0 a.m.44 views

Advantech R-SeeNet

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Advantech Equipment: R-SeeNet Vulnerabilities: Path Traversal, Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of these vulnerabilities could result in an unauthorized attacker...

9.8CVSS9AI score0.1398EPSS
Exploits0References5
ics
ics
added 2022/10/11 12:0 a.m.44 views

Altair HyperView Player

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Altair Equipment: HyperView Player Vulnerabilities: Improper Restriction of Operations within the Bounds of a Memory Buffer, Use of Uninitialized Resource, Improper Validation of Array Index 2. RISK EVALUATION Successful...

7.8CVSS8.4AI score0.00304EPSS
Exploits0References5
ics
ics
added 2022/09/13 12:0 a.m.44 views

Hitachi Energy TXpert Hub CoreTec 4 Sudo Vulnerability

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Hitachi Energy Equipment: TXpert Hub CoreTec 4 Vulnerability: Off-by-one Error 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to take control of the system node and its information...

7.8CVSS9AI score0.99295EPSS
Exploits81References5
ics
ics
added 2022/07/12 12:0 a.m.44 views

Siemens Datalogics File Parsing Vulnerability

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Siemens Equipment: Teamcenter Visualization and JT2Go Vulnerability: Heap-based buffer Overflow 2. UPDATE This updated advisory is a follow-up to the original advisory titled ICSA-22-195-07 Siemens Datalogics file Parsing...

7.8CVSS8.2AI score0.00421EPSS
Exploits0References11
ics
ics
added 2022/07/12 12:0 a.m.44 views

Siemens SICAM GridEdge

1. EXECUTIVE SUMMARY CVSS v3 6.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SICAM GridEdge Vulnerability: Exposure of Resource to Wrong Sphere 2. RISK EVALUATION The SICAM GridEdge software contains an improper access control vulnerability, which could allow...

6.3CVSS5.7AI score0.00404EPSS
Exploits0References10
ics
ics
added 2022/03/31 12:0 a.m.44 views

Fuji Electric Alpha5

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Fuji Electric Equipment: Alpha5 Vulnerabilities: Access of Uninitialized Pointer, Out-of-bound Read, Stack-based Buffer Overflow, Heap-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of these...

7.8CVSS6.9AI score0.01105EPSS
Exploits0References5
ics
ics
added 2021/12/16 12:0 a.m.44 views

Siemens Questa and ModelSim

1. EXECUTIVE SUMMARY CVSS v3 9.0 ATTENTION: Low attack complexity Vendor: Siemens Equipment: Questa Simulation and ModelSim Simulation Vulnerability: Insufficiently Protected Credentials 2. UPDATE OR REPOSTED INFORMATION This updated advisory is a follow-up to the original advisory titled...

6.5CVSS6.7AI score0.00563EPSS
Exploits0References5
ics
ics
added 2021/12/02 12:0 a.m.44 views

Hitachi Energy PCM600 Update Manager

1. EXECUTIVE SUMMARY CVSS v3 6.7 Vendor: Hitachi Energy Equipment: PCM600 Update Manager Vulnerability: Improper Certificate Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to bypass the certificate validation and install an untrusted software...

6.7CVSS6.5AI score0.00124EPSS
Exploits0References5
ics
ics
added 2021/11/24 7:0 a.m.44 views

Philips MRI 1.5T and 3T (Update A)

1. EXECUTIVE SUMMARY CVSS v3 6.2 ATTENTION: Low attack complexity Vendor: Philips Equipment: MRI 1.5T and 3T Vulnerabilities: Improper Access Control, Incorrect Ownership Assignment, Exposure of Sensitive Information to an Unauthorized Actor 2. RISK EVALUATION Successful exploitation of these...

5.9CVSS6AI score0.00629EPSS
Exploits0References11
ics
ics
added 2021/11/09 12:0 a.m.44 views

Siemens NX OBJ Translator

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: low attack complexity Vendor: Siemens Equipment: NX Vulnerabilities: Use After Free, Access of Uninitialized Pointer 2. RISK EVALUATION Successful exploitation of these vulnerabilities could lead to an access violation and arbitrary code execution on...

7.8CVSS7.1AI score0.01517EPSS
Exploits0References11
ics
ics
added 2021/08/10 12:0 a.m.44 views

Siemens SINEC NMS

1. EXECUTIVE SUMMARY CVSS v3 7.2 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SINEC NMS Vulnerability: OS Command Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an authenticated remote attacker with system privileges to...

9CVSS7.8AI score0.02672EPSS
Exploits0References11
ics
ics
added 2021/04/20 12:0 a.m.44 views

Delta Electronics CNCSoft ScreenEditor

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Delta Industrial Automation Equipment: CNCSoft ScreenEditor Vulnerability: Out-of-bounds Read 2. RISK EVALUATION Successful exploitation of this vulnerability may allow arbitrary code execution. 3. TECHNICAL DETAILS 3.1...

9.8CVSS9.7AI score0.01752EPSS
Exploits0References5
ics
ics
added 2019/12/17 12:0 a.m.44 views

GE S2020/S2020G Fast Switch 61850

1. EXECUTIVE SUMMARY CVSS v3 4.6 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: GE Equipment: GE S2020/S2020G Fast Switch 61850 Vulnerability: Cross-site Scripting 2. RISK EVALUATION Successful exploitation of this vulnerability may allow an attacker to inject arbitrary code...

5.4CVSS6.5AI score0.01553EPSS
Exploits0References5
Total number of security vulnerabilities4255