Franklin Fueling System EVO 550/5000

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION : Exploitable remotely/low attack complexity Vendor : Franklin Fueling System Equipment : EVO 550, EVO 5000 Vulnerability : Path Traversal 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to read...

Rockwell Automation ControlLogix and GuardLogix

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION : Exploitable remotely/low attack complexity Vendor : Rockwell Automation Equipment : ControlLogix, GuardLogix Vulnerability : Improper Restriction of Operations within the Bounds of a Memory Buffer 2. RISK EVALUATION Successful exploitation of...

Unitronics Vision and Samba Series (Update A)

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION : Exploitable remotely/low attack complexity/public exploits are available/known public exploitation Vendor : Unitronics Equipment : Vision Series, Samba Series Vulnerability : Initialization of a Resource with an Insecure Default 2. RISK...

BD FACSChorus

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.4 ATTENTION : Low attack complexity Vendor : Becton, Dickinson and Company BD Equipment : FACSChorus Vulnerabilities : Missing Protection Mechanism for Alternate Hardware Interface, Missing Authentication for Critical Function, Improper Authentication, Use...

TEL-STER TelWin SCADA WebInterface

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: TEL-STER Sp. z o. o. Equipment: TelWin SCADA WebInterface Vulnerability: Path Traversal 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated attacker to read...

Enphase Installer Toolkit Android App

1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Enphase Equipment: Enphase Installer Toolkit Vulnerability: Use of Hard-coded Credentials 2. UPDATE OR REPOSTED INFORMATION This updated advisory is a follow-up to the original advisory titled...

Siemens SIMATIC STEP 7 and Derived Products

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

Delta Electronics CNCSoft-B DOPSoft

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION : Low attack complexity Vendor : Delta Electronics Equipment : CNCSoft-B DOPSoft Vulnerabilities: Stack-based Buffer Overflow, Heap-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to...

SAUTER EY-modulo 5 Building Automation Stations

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: SAUTER Equipment: EY-modulo 5 Building Automation Stations Vulnerabilities: Cross-site Scripting, Cleartext Transmission of Sensitive Information, and Unrestricted Upload of File with Dangerous Type 2...

Step Tools Third-Party

1. EXECUTIVE SUMMARY CVSS v3 2.2 ATTENTION: Low attack complexity Vendor: Step Tools, Inc Equipment: STEPTools ifcmesh library Vulnerability: Null Pointer Dereference 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to deny application usage when reading a...

Baicells Nova

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Baicells Equipment: Nova 436Q, Nova 430E, Nova 430I, and Neutrino 430 Vulnerability: Command injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow commands performed...

Siemens SCALANCE X200 IRT

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please seeSiemens' ProductCERT Security Advisories CERT Services | Services |...

Protecting Against Malicious Use of Remote Monitoring and Management Software

Summary The Cybersecurity and Infrastructure Security Agency CISA, National Security Agency NSA, and Multi-State Information Sharing and Analysis Center MS-ISAC hereafter referred to as the “authoring organizations” are releasing this joint Cybersecurity Advisory CSA to warn network defenders abo...

Hitachi Energy Lumada Asset Performance Management

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: Lumada Asset Performance Management APM Vulnerabilities: Classic Buffer Overflow, Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of these vulnerabilities could...

ARC Informatique PcVue

1. EXECUTIVE SUMMARY CVSS v3 5.5 ATTENTION: Low attack complexity Vendor: ARC Informatique Equipment: PcVue Vulnerabilities: Cleartext Storage of Sensitive Information, Insertion of Sensitive Information into Log File 2. UPDATE OR REPOSTED INFORMATION This updated advisory is a follow-up to the...

Siemens SICAM Q100

1. EXECUTIVE SUMMARY CVSS v3 9.9 ATTENTION: Exploitable remotely / low attack complexity Vendor: Siemens Equipment: SICAM Q100 Vulnerabilities: Session Fixation, Improper Input Validation 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to take over the...

Johnson Controls Metasys ADX Server

1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Johnson Controls Inc. Equipment: Metasys ADX Extended Application and Data Server Server running MVE Metasys for Validated Environments Vulnerability: Improper Authentication 2. RISK EVALUATION...

Siemens RUGGEDCOM ROX

1. EXECUTIVE SUMMARY CVSS v3 7.2 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: RUGGEDCOM ROX Vulnerability: Command Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker with administrative privileges to gain root...

Exemys RME1

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Exemys Equipment: RME1 Vulnerability: Improper Authentication 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker with network access to bypass authentication and...

Yokogawa CAMS for HIS

1. EXECUTIVE SUMMARY CVSS v3 6.4 ATTENTION: High attack complexity Vendor: Yokogawa Equipment: Consolidation Alarm Management Software for Human Interface Station CAMS for HIS Vulnerability: Violation of Secure Design Principles 2. RISK EVALUATION If a computer using CAMS for HIS software is...

Siemens SINEMA Remote Connect Server

1. EXECUTIVE SUMMARY CVSS v3 4.2 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: SINEMA Remote Connect Server Vulnerabilities: Improperly Implemented Security Check for Standard 2. RISK EVALUATION The affected application is missing general HTTP security headers in the web servers...

Johnson Controls Metasys SCT Pro

1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Johnson Controls, Inc. Equipment: Metasys Vulnerability: Server-side Request Forgery 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to...

Sensormatic Electronics victor

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Sensormatic Electronics, LLC, a subsidiary of Johnson Controls, Inc. Equipment: victor Vulnerability: Use of Hard-coded Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an...

Trane Symbio (Update B)

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Low attack complexity Vendor: Trane Equipment: Symbio 700 and Symbio 800 controllers Vulnerability: Code Injection 2. UPDATE INFORMATION The updated advisory is a follow-up to the original advisory titled ICSA-21-266-01 Trane Symbio that was published...

Siemens APOGEE and TALON

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: APOGEE and TALON Vulnerability: Classic Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the...

Hitachi ABB Power Grids Retail Operations and CSB Products

1. EXECUTIVE SUMMARY CVSS v3 7.7 ATTENTION: Exploitable remotely Vendor: Hitachi ABB Power Grids Equipment: Retail Operations and Counterparty Settlement Billing CSB Vulnerability: Insufficiently Protected Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an...

Delta Electronics CNCSoft ScreenEditor

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Delta Industrial Automation Equipment: CNCSoft ScreenEditor Vulnerability: Out-of-bounds Read 2. RISK EVALUATION Successful exploitation of this vulnerability may allow arbitrary code execution. 3. TECHNICAL DETAILS 3.1...

GE S2020/S2020G Fast Switch 61850

1. EXECUTIVE SUMMARY CVSS v3 4.6 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: GE Equipment: GE S2020/S2020G Fast Switch 61850 Vulnerability: Cross-site Scripting 2. RISK EVALUATION Successful exploitation of this vulnerability may allow an attacker to inject arbitrary code...

Omron CX-One

1. EXECUTIVE SUMMARY CVSS v3 6.6 ATTENTION: Low skill level to exploit Vendor: Omron Equipment: CX-One Vulnerabilities: Stack-based Buffer Overflow, Use After Free 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute code under the privileges of...

Delta Electronics CNCSoft and ScreenEditor

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Delta Electronics Equipment: CNCSoft and ScreenEditor Vulnerabilities: Stack-based Buffer Overflow, Out-of-Bounds Read 2. RISK EVALUATION Successful exploitation of these vulnerabilities could...

Medtronic MyCareLink Patient Monitor

1. EXECUTIVE SUMMARY CVSS v3 6.4 Vendor: Medtronic Equipment: MyCareLink Patient Monitor Vulnerabilities: Use of Hard-coded Password, Exposed Dangerous Method or Function 2. RISK EVALUATION If exploited, these vulnerabilities may allow privileged access to the monitor’s operating system. However,...

Siemens SIMATIC WinCC OA Operator IOS App (Update A)

1. EXECUTIVE SUMMARY CVSS v3 4.0 Vendor : Siemens Equipment : SIMATIC WinCC OA iOS App Vulnerability : File and Directory Information Exposure. 2 UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-18-109-01 Siemens SIMATIC WinCC OA Operator iOS App that...

Vyaire Medical CareFusion Upgrade Utility Vulnerability

OVERVIEW Independent researcher Mark Cross @xerubus has identified an uncontrolled search path element vulnerability in Vyaire Medical’s CareFusion Upgrade Utility application. Vyaire Medical has produced an update that mitigates this vulnerability. AFFECTED PRODUCTS The following versions of...

Siemens Industrial Products (Update D)

CVSS v3 7.5 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Siemens Equipment: Industrial products Vulnerability: Improper Input Validation UPDATE INFORMATION This updated advisory is a follow-up to the updated advisory titled ICSA-17-339-01C Siemens Industrial Products that w...

AutomationDirect CLICK, C-More, C-More Micro, Do-more Designer, GS Drives, SL-Soft SOLO (Update A)

CVSS v3 6.7 Vendor: AutomationDirect --------- Begin Update A Part 1 of 3 -------- Equipment: CLICK, C-More, C-More Micro, Do-more Designer, GS Drives, SL-Soft SOLO --------- End Update A Part 1 of 3 ---------- Vulnerability: Uncontrolled Search Path Element UPDATE INFORMATION This updated...

ICSA-17-306-01 Siemens SIMATIC PCS 7 (Update A)

1. EXECUTIVE SUMMARY CVSS v3 4.9 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIMATIC PCS 7 Vulnerabilities: Improper Input Validation 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-17-306-01 Siemens SIMATIC...

Siemens industrial products using the Discovery Service of the OPC UA protocol stack by the OPC foundation (Update B)

CVSS v3 8.2 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Siemens Equipment: Industrial products using the Discovery Service of the OPC UA protocol stack by the OPC foundation Vulnerability: Improper Restriction of XML External Entity Reference UPDATE INFORMATION This update...

Siemens OPC UA Protocol Stack Discovery Service (Update E)

CVSS v3 8.2 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Siemens Equipment: Industrial products using the Discovery Service of the OPC UA protocol stack by the OPC foundation Vulnerability: Improper Restriction of XML External Entity Reference AFFECTED PRODUCTS Siemens...

AzeoTech DAQFactory

CVSS v3 7.1 ATTENTION: Local access and user-level privileges are required to exploit these vulnerabilities Vendor: AzeoTech Equipment: DAQFactory Vulnerabilities: Incorrect Default Permissions, Uncontrolled Search Path Element AFFECTED PRODUCTS AzeoTech reports that the vulnerabilities affect th...

Fuji Electric V-Server

CVSS v3 7.3 ATTENTION: Remotely exploitable Vendor: Fuji Electric Equipment: V-Server Vulnerability: Improper Restriction of Operations within the Bounds of a Memory Buffer AFFECTED PRODUCTS The following versions of V-Server, a data collection and management service, are affected: V-Server Versi...

Siemens devices using the PROFINET Discovery and Configuration Protocol (Update E)

CVSS v3 6.5 ATTENTION: Exploitable from an adjacent network/low skill level to exploit. Vendor: Siemens Equipment: Devices using the PROFINET Discovery and Configuration Protocol DCP Vulnerability: Denial of Service UPDATE INFORMATION This updated advisory is a follow-up to the updated advisory...

Schneider Electric Magelis HMI Resource Consumption Vulnerabilities (Update B)

OVERVIEW This updated advisory is a follow-up to the updated advisory titled ICSA-16-308-02A Schneider Electric Magelis HMI Resource Consumption Vulnerabilities that was published November 22, 2016, on the NCCIC/ICS-CERT web site. ICS-CERT is aware of a public report of resource consumption...

Schneider Electric SoMachine HVAC Unsafe ActiveX Control Vulnerability

OVERVIEW Andrea Micalizzi discovered an unsafe ActiveX control vulnerability in Schneider Electric’s SoMachine software. He reported this vulnerability to ZDI who then reported it to NCCIC/ICS‑CERT. Schneider Electric has produced a patch to mitigate this vulnerability. This vulnerability could b...

Meteocontrol WEB'log Vulnerabilities (Update A)

OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-16-133-01 Meteocontrol WEB'log Vulnerabilities that was published May 12, 2016, on the NCCIC/ICS‑CERT web site. Independent researcher Karn Ganeshen has identified one authentication and two information exposure...

MICROSYS PROMOTIC Stack Buffer Overflow

OVERVIEW An anonymous researcher working with HP’s Zero Day Initiative has identified a stack-based buffer overflow vulnerability in the MICROSYS, spol. s r.o. PROMOTIC application. MICROSYS, spol. s r.o. has produced a new version that mitigates this vulnerability. This vulnerability could be...

GE MDS PulseNET Vulnerabilities

OVERVIEW NCCIC/ICS-CERT received a report from HP’s Zero Day Initiative ZDI concerning two vulnerabilities in GE’s MDS PulseNET and MDS PulseNET Enterprise Network Management Software. These vulnerabilities were reported to ZDI by security researcher Andrea Micalizzi. GE has produced a new versio...

Ecava IntegraXor Buffer Overflow Vulnerability

OVERVIEW This advisory is a follow-up to the alert titled ICS-ALERT-14-015-01 Ecava IntegraXor Buffer Overflow Vulnerability that was published January 15, 2014, on the NCCIC/ICS-CERT Web site. Independent researcher Luigi Auriemma identified a buffer overflow vulnerability in the Ecava IntegraXo...

Yokogawa CENTUM and Exaopc Vulnerability (Update A)

OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-14-260-01 Yokogawa CENTUM and Exaopc Vulnerability that was published September 17, 2014, on the NCCIC/ICS-CERT web site. Tod Beardsley of Rapid7 Inc. and Jim Denaro of CipherLaw have identified an authentication...

WellinTech KingSCADA Stack-Based Buffer Overflow

OVERVIEW An anonymous researcher working with HP’s Zero Day Initiative has identified a stack-based buffer overflow in the WellinTech KingSCADA Stack. WellinTech has produced a patch that mitigates this vulnerability. This vulnerability could be exploited remotely. AFFECTED PRODUCTS The following...

Siemens SIMATIC RF Manager ActiveX Buffer Overflow

Overview This advisory provides mitigation details for a vulnerability that impacts the Siemens SIMATIC RF Manager. Siemens has identified a buffer overflow vulnerability in the ActiveX component of the SIMATIC RF Manager. Siemens has produced a patch that mitigates this vulnerability. Successful...