Lucene search
K
IcsMost viewed

4255 matches found

ICS
ICS
added 2018/05/17 6:0 a.m.28 views

Philips EncoreAnywhere

1. EXECUTIVE SUMMARY CVSS v3 5.9 ATTENTION : Exploitable remotely/public exploits are available Vendor : Philips Equipment : EncoreAnywhere product used in the Asia-Pacific APAC Region Vulnerability : Information Exposure 2. RISK EVALUATION Successful exploitation of this vulnerability can result...

7.5CVSS7.1AI score0.00539EPSS
Exploits0References8
ICS
ICS
added 2017/07/13 12:0 a.m.28 views

GE Communicator

CVSS v3 7.6 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: GE Equipment: Communicator Vulnerability: Heap-Based Buffer Overflow AFFECTED PRODUCTS The following versions of Communicator, an application for programming and monitoring supported metering devices, are affected:...

7.6CVSS1AI score0.0099EPSS
Exploits0References27
ICS
ICS
added 2016/05/06 6:0 a.m.28 views

Moxa SoftCMS SQL Injection Vulnerability

OVERVIEW Zhou Yu of Acorn Network Security has identified a SQL injection vulnerability in Moxa's SoftCMS. ZDI reported this vulnerability to ICS-CERT. Moxa has produced an update to mitigate this vulnerability. This vulnerability could be exploited remotely. AFFECTED PRODUCTS Moxa reports that t...

9.8CVSS10AI score0.03037EPSS
Exploits0References10
ICS
ICS
added 2015/03/14 6:0 a.m.28 views

RLE Nova-Wind Turbine HMI Unsecure Credentials Vulnerability (Update A)

OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-15-162-01 RLE Nova‑Wind Turbine HMI Unsecure Credentials Vulnerability that was published June 11, 2015, on the NCCIC/ICS-CERT web site. Independent researcher Maxim Rupp has identified an unsecure credential...

5CVSS6.8AI score0.01344EPSS
Exploits0References10
ICS
ICS
added 2015/02/05 7:0 a.m.28 views

Hospira LifeCare PCA Infusion System Vulnerabilities

OVERVIEW Independent researcher Billy Rios has identified an improper authorization vulnerability and an insufficient verification of data authenticity vulnerability in Hospira’s LifeCare PCA Infusion System, which NCCIC/ICS-CERT has been coordinating with Hospira since May 2014. This advisory is...

10CVSS7.9AI score0.05162EPSS
Exploits0References10
ICS
ICS
added 2014/11/12 12:0 p.m.28 views

Bash Command Injection Vulnerability (Supplement)

OVERVIEW This advisory supplement is to accompany the NCCIC/ICS-CERT advisory titled ICSA-14-269-01 Bash Command Injection Vulnerability and all following updates that were originally published September 26, 2014, on the ICS-CERT web site and posted to the US-CERT secure Portal library. Please...

7.4AI score
Exploits0References22
ICS
ICS
added 2014/01/16 7:0 a.m.28 views

Progea Movicon SCADA Information Disclosure Vulnerability

OVERVIEW Celil Ünüver of SignalSEC Ltd. has identified an information disclosure vulnerability in the Progea Movicon application. Progea has produced a new version that mitigates this vulnerability. The researcher has tested the new version to validate that it resolves the vulnerability. This...

5CVSS6.4AI score0.01319EPSS
Exploits0References10
ICS
ICS
added 2013/12/20 7:0 a.m.28 views

Schneider Electric PLCs Vulnerabilities

OVERVIEW --------- Begin Update B Part 1 of 2 -------- This updated advisory is a follow-up to the previous advisory update titled ICSA-13-077-01A Schneider Electric PLCs Vulnerabilities Update A that was published March 20, 2013, on the ICS-CERT Web page. It is also a follow-up to the updated...

7.4AI score
Exploits0References10
ICS
ICS
added 2013/09/14 6:0 a.m.28 views

Cooper Power Systems Improper Input Validation Vulnerability

OVERVIEW Adam Crain of Automatak and independent researcher Chris Sistrunk have identified an improper input validation vulnerability in the Cooper Power Systems SMP Gateway DNP3 protocol components. Cooper Power Systems has produced a new firmware version that mitigates this vulnerability. Coope...

6.2AI score
Exploits0References10
ICS
ICS
added 2013/05/01 12:0 p.m.28 views

Invensys Wonderware HMI Reports XSS and Write Access Violation Vulnerabilities

Overview Independent security researchers Billy Rios and Terry McCorkle have identified cross-site scripting XSS and write access violation vulnerabilities in the Invensys Wonderware HMI reports product. ICS-CERT has coordinated these two vulnerabilities with Invensys, which has produced a new...

7.5AI score
Exploits0References18
ICS
ICS
added 2011/07/24 6:0 a.m.28 views

Progea Movicon Power HMI Vulnerabilities

Overview This advisory is a follow-up to the Alert titled “ICS-ALERT-11-256-01 – Progea Movicon PowerHMI Vulnerabilities” that was published September 13, 2011, on the ICS-CERT web page. Two buffer overflow and one memory corruption vulnerability were disclosed affecting the Progea Movicon’s...

10CVSS8.6AI score0.17028EPSS
Exploits3References10
ICS
ICS
added 2010/09/05 6:0 a.m.28 views

Advantech Studio Test Web Server Buffer Overflow

Overview The ICS-CERT has received a report from independent security researcher Jeremy Brown that reveals a stack-based buffer overflow vulnerability in the test web server bundled with Advantech Studio Version 6.1. This web server is intended to be used for testing purposes and should not be us...

10CVSS8.1AI score0.08598EPSS
Exploits0References10
ICS
ICS
added 2025/04/30 12:0 a.m.27 views

ABB Automation Builder (Update A)

RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to overrule the Automation Builder's user management. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as: Minimize...

8.5CVSS5.8AI score0.00128EPSS
Exploits0References10
ICS
ICS
added 2025/02/25 1:30 p.m.27 views

Hitachi Energy PCU400

SUMMARY Hitachi Energy is aware of the multiple vulnerabilities related to various versions of OpenSSL library components used in PCU400 versions listed in this document below for IEC62351-3 secure for IEC104/DNP3 or PCULogger tool. These vulnerabilities if exploited, can cause confidentiality...

8.2AI score
Exploits0References9
ICS
ICS
added 2025/02/11 12:0 a.m.27 views

Siemens RUGGEDCOM APE1808

SUMMARY Fortinet has published information on vulnerabilities in FortiOS. This advisory lists the related Siemens Industrial products. Siemens is preparing fix versions and recommends to consult and implement the workarounds provided in Fortinet's upstream security notifications. 2. GENERAL...

7.3AI score
Exploits0References10
ICS
ICS
added 2025/01/30 7:0 a.m.27 views

Contec Health CMS8000 Patient Monitor (Update A)

RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to remotely send specially formatted UDP requests or connect to an unknown external network that would allow them to write arbitrary data, resulting in remote code execution. The device may also leak patient...

9.8CVSS7.8AI score0.01276EPSS
Exploits1References10
ICS
ICS
added 2024/09/24 6:0 a.m.27 views

Franklin Fueling Systems TS-550 EVO

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION : Exploitable remotely/low attack complexity Vendor : Franklin Fueling Systems Equipment : TS-550 EVO Automatic Tank Gauge Vulnerability : Absolute Path Traversal 2. RISK EVALUATION Successful exploitation of this vulnerability allow an...

8.7CVSS8.1AI score0.00581EPSS
Exploits0References10
ICS
ICS
added 2024/09/24 6:0 a.m.27 views

OPW Fuel Management Systems SiteSentinel

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION : Exploitable remotely/low attack complexity Vendor : OPW Fuel Managements Systems Equipment : SiteSentinel Vulnerability : Missing Authentication For Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability could...

9.8CVSS10AI score0.00716EPSS
Exploits0References10
ICS
ICS
added 2024/08/29 6:0 a.m.27 views

Rockwell Automation ThinManager ThinServer

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION : Exploitable remotely/Low attack complexity Vendor : Rockwell Automation Equipment : ThinManager ThinServer Vulnerabilities : Improper Privilege Management, Incorrect Permission Assignment for Critical Resource, Improper Input Validation 2...

9.8CVSS8.3AI score0.01477EPSS
Exploits0References10
ICS
ICS
added 2024/06/27 6:0 a.m.27 views

Johnson Controls Illustra Essentials Gen 4 (Update A)

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.8 ATTENTION : Exploitable remotely/low attack complexity Vendor : Johnson Controls, Inc. Equipment : Illustra Essentials Gen 4 Vulnerability : Storing Passwords in a Recoverable Format 2. RISK EVALUATION Successful exploitation of this vulnerability may...

6.8CVSS6.8AI score0.00384EPSS
Exploits0References10
ICS
ICS
added 2024/06/27 6:0 a.m.27 views

Johnson Controls Illustra Essentials Gen 4 (Update A)

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.8 ATTENTION : Exploitable remotely/low attack complexity Vendor : Johnson Controls, Inc. Equipment : Illustra Essentials Gen 4 Vulnerability : Insertion of Sensitive Information into Log File 2. RISK EVALUATION Successful exploitation of this vulnerability...

6.8CVSS7AI score0.00372EPSS
Exploits0References10
ICS
ICS
added 2024/04/16 6:0 a.m.27 views

RoboDK RoboDK

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 3.3 ATTENTION: Low attack complexity Vendor: RoboDK Equipment: RoboDK Vulnerability: Heap-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could result in an attacker crashing the program through heap-based buffer...

3.3CVSS4.7AI score0.00201EPSS
Exploits0References8
ICS
ICS
added 2024/03/05 7:0 a.m.27 views

Santesoft Sante FFT Imaging

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION : Low attack complexity Vendor : Santesoft Equipment : Sante FFT Imaging Vulnerability : Out-of-Bounds Write 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a local attacker to execute arbitrary code once a user...

7.8CVSS7.8AI score0.00341EPSS
Exploits0References8
ICS
ICS
added 2023/12/07 7:0 a.m.27 views

Johnson Controls Metasys and Facility Explorer (Update A)

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION : Exploitable remotely/low attack complexity Vendor : Johnson Controls Equipment : Metasys and Facility Explorer Vulnerability : Uncontrolled Resource Consumption 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an...

7.5CVSS7.9AI score0.00827EPSS
Exploits0References8
ICS
ICS
added 2023/10/26 6:0 a.m.27 views

Rockwell Automation FactoryTalk View Site Edition

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION : Exploitable remotely/low attack complexity Vendor : Rockwell Automation Equipment : FactoryTalk View Site Edition Vulnerability : Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could cause the...

7.5CVSS7.7AI score0.00898EPSS
Exploits0References8
ICS
ICS
added 2023/09/05 6:0 a.m.27 views

Fujitsu Limited Real-time Video Transmission Gear "IP series"

1. EXECUTIVE SUMMARY CVSS v3 5.9 ATTENTION: Exploitable remotely Vendor: Fujitsu Limited Equipment: Real-time Video Transmission Gear "IP series" Vulnerability: Use Of Hard-Coded Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could result in an attacker logging into...

7.5CVSS7.7AI score0.0299EPSS
Exploits0References9
ICS
ICS
added 2023/08/24 6:0 a.m.27 views

CODESYS Development System

1. EXECUTIVE SUMMARY CVSS v3 3.3 ATTENTION: low attack complexity Vendor: CODESYS, GmbH Equipment: CODESYS Development System Vulnerability: Improper Restriction of Excessive Authentication Attempts. 2. RISK EVALUATION Successful exploitation of this vulnerability could provide a local attacker...

3.3CVSS4AI score0.0014EPSS
Exploits0References10
ICS
ICS
added 2023/07/25 12:0 a.m.27 views

AXIS A1001

1. EXECUTIVE SUMMARY CVSS v3 7.1 ATTENTION : Exploitable from adjacent network Vendor : Axis Communications Equipment : AXIS A1001 Vulnerability : Heap-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code. 3...

8.8CVSS8.5AI score0.00305EPSS
Exploits0References8
ICS
ICS
added 2023/06/23 6:0 a.m.27 views

SpiderControl SCADAWebServer

1. EXECUTIVE SUMMARY CVSS v3 4.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: SpiderControl Equipment: SCADAWebServer Vulnerability: Path Traversal 2. RISK EVALUATION Successful exploitation of this vulnerability could result in a denial-of-service condition 3. TECHNICAL DETAILS...

6.5CVSS6.7AI score0.01049EPSS
Exploits0References10
ICS
ICS
added 2022/10/13 12:0 a.m.27 views

Siemens Industrial Edge Management

1. EXECUTIVE SUMMARY CVSS v3 7.4 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: Industrial Edge Management Vulnerability: Improper Certificate Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to inject malicious maintenance requests...

7.4CVSS7.5AI score0.00335EPSS
Exploits0References5
ICS
ICS
added 2022/10/11 12:0 a.m.27 views

Siemens Solid Edge

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Siemens Equipment: Solid Edge Vulnerability: Heap-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code in the current process. 3...

7.8CVSS8AI score0.00223EPSS
Exploits0References11
ICS
ICS
added 2022/07/07 12:0 p.m.27 views

North Korean State-Sponsored Cyber Actors Use Maui Ransomware to Target the Healthcare and Public Health Sector

Summary The Federal Bureau of Investigation FBI, Cybersecurity and Infrastructure Security Agency CISA, and the Department of the Treasury Treasury are releasing this joint Cybersecurity Advisory CSA to provide information on Maui ransomware, which has been used by North Korean state-sponsored...

9.6AI score
Exploits0References45
ICS
ICS
added 2022/05/10 12:0 p.m.27 views

Strengthening Cybersecurity of SATCOM Network Providers and Customers

Summary Updated May 10, 2022: The U.S. government attributes this threat activity to Russian state-sponsored malicious cyber actors. Additional information may be found in a statement from the State Department . For more information on Russian malicious cyber activity, refer to...

10AI score
Exploits0References30
ICS
ICS
added 2022/02/08 12:0 a.m.27 views

Siemens Spectrum Power 4

1. EXECUTIVE SUMMARY CVSS v3 5.4 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SINEMA Spectrum Power 4 Vulnerability: Cross-site scripting 2. RISK EVALUATION Successful exploitation of this vulnerability could compromise the confidentiality and integrity of the...

6.1CVSS6.5AI score0.00562EPSS
Exploits0References11
ICS
ICS
added 2021/07/21 12:0 p.m.27 views

Chinese Gas Pipeline Intrusion Campaign, 2011 to 2013

Summary This Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge ATT &CK® framework, Version 9. See the ATT&CK for Enterprise for all referenced threat actor tactics and techniques. Note: CISA released technical information, including indicators of compromise IOCs,...

9.5AI score
Exploits0References38
ICS
ICS
added 2021/06/08 12:0 a.m.27 views

Siemens Mendix SAML Module

1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Mendix SAML Module Vulnerability: Insufficient Verification of Data Authenticity 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to escalate...

8.8CVSS8.8AI score0.00604EPSS
Exploits0References11
ICS
ICS
added 2021/01/05 12:0 a.m.27 views

Panasonic FPWIN Pro

1. EXECUTIVE SUMMARY CVSS v3 7.3 ATTENTION: Low skill level to exploit Vendor: Panasonic Equipment: FPWIN Pro Vulnerability: Out-of-bounds Read 2. RISK EVALUATION Successful exploitation of this vulnerability could result in an out-of-bounds read, which may allow remote code execution. 3...

7.8CVSS8.1AI score0.01191EPSS
Exploits0References5
ICS
ICS
added 2019/03/26 12:0 a.m.27 views

ENTTEC Lighting Controllers

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: ENTTEC Equipment: Datagate MK2, Storm 24, Pixelator Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability could reboot this...

7.8CVSS7.9AI score0.01516EPSS
Exploits0References5
ICS
ICS
added 2019/01/24 12:0 a.m.27 views

Advantech WebAccess/SCADA

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Advantech Equipment: WebAccess/SCADA Vulnerabilities: Improper Authentication, Authentication Bypass, SQL Injection 2. RISK EVALUATION Successful exploitation of these vulnerabilities may allow an...

9.8CVSS10AI score0.02808EPSS
Exploits0References5
ICS
ICS
added 2017/02/14 12:0 a.m.27 views

Siemens SIMATIC Authentication Bypass (Update B)

CVSS v3 9.0 ATTENTION: Remotely exploitable/low skill level to exploit Vendor: Siemens Equipment: SIMATIC Vulnerability: Authentication Bypass UPDATE INFORMATION This updated advisory is a follow-up to the updated advisory titled ICSA-17-045-03A Siemens SIMATIC Authentication Bypass that was...

9CVSS0.3AI score0.01987EPSS
Exploits0References27
ICS
ICS
added 2016/11/12 7:0 a.m.27 views

Siemens SIMATIC S7-1500 CPU Vulnerabilities

OVERVIEW Siemens has identified two vulnerabilities in the Siemens SIMATIC S7-1500 CPU family. Siemens has produced a firmware update to mitigate these vulnerabilities. These vulnerabilities could be exploited remotely. AFFECTED PRODUCTS The following Siemens SIMATIC S7-1500 CPU versions are...

6.7AI score
Exploits0References10
ICS
ICS
added 2016/08/14 6:0 a.m.27 views

CA Unified Infrastructure Management Directory Traversal Vulnerability (Update B)

OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-16-315-01A CA Unified Infrastructure Management Directory Traversal Vulnerability that was published November 15, 2016, on the NCCIC/ICS-CERT web site. Independent researcher Andrea Micalizzi, working with Zero Day...

8.6CVSS8.8AI score0.02306EPSS
Exploits0References10
ICS
ICS
added 2016/07/03 6:0 a.m.27 views

American Auto-Matrix Front-End Solutions Vulnerabilities

OVERVIEW Independent researcher Maxim Rupp has identified a local file inclusion and a plain text storage of password vulnerabilities in American Auto-Matrix’s Building Automation Front-End Solutions application. The Aspect-Matrix hardware platform was made end of life in 2015 and will no longer...

8.6CVSS8.7AI score0.01491EPSS
Exploits0References10
ICS
ICS
added 2016/06/24 6:0 a.m.27 views

Moxa Active OPC Server Unquoted Service Path Escalation Vulnerability

OVERVIEW Independent researcher Zhou Yu has identified an unquoted service path escalation vulnerability in Moxa’s Active OPC Server application. Moxa has produced a new version to mitigate this vulnerability. Zhou Yu has tested the new version to validate that it resolves the vulnerability...

8.8CVSS9.2AI score0.0038EPSS
Exploits0References10
ICS
ICS
added 2016/05/06 6:0 a.m.27 views

Siemens SINEMA Server Privilege Escalation Vulnerability (Update A)

OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-16-215-02 Siemens SINEMA Server Privilege Escalation Vulnerability that was published August 2, 2016, on the NCCIC/ICS-CERT web site. --------- Begin Update A Part 1 of 2 -------- Security researcher rgod working...

7.8CVSS8.1AI score0.00475EPSS
Exploits0References10
ICS
ICS
added 2015/11/27 7:0 a.m.27 views

Schneider Electric Invensys Positioner Buffer Overflow Vulnerability

OVERVIEW Ivan Sanchez from Nullcode Team has identified a buffer overflow security vulnerability in the DTM Device Type Manager software for Schneider Electric’s Invensys SRD Control Valve Positioner product line. Schneider Electric has produced a new version that mitigates this vulnerability...

6.9CVSS7.6AI score0.00345EPSS
Exploits0References10
ICS
ICS
added 2015/09/24 12:0 p.m.27 views

Supplement to ICSA-15-237-02 EasyIO-30P-SF Hard-Coded Credential Vulnerability

OVERVIEW This advisory supplement was originally posted to the US-CERT secure Portal library on August 25, 2015, and is being released to the NCCIC/ICS-CERT web site. This advisory supplement is to accompany the ICS-CERT advisory titled ICSA‑15‑237‑02 EasyIO-30PF-SF Hard-Coded Credential...

6.9AI score
Exploits0References22
ICS
ICS
added 2013/07/27 6:0 a.m.27 views

Catapult Software DNP3 Driver Improper Input Validation

OVERVIEW This advisory was originally posted to the US-CERT secure Portal library on October 24, 2013, and is now being released to the NCCIC/ICS-CERT Web site. Adam Crain of Automatak and independent researcher Chris Sistrunk have identified an improper input validation in Catapult Software’s DN...

6.1AI score
Exploits0References10
ICS
ICS
added 2012/07/01 6:0 a.m.27 views

Optimalog Optima PLC Multiple Vulnerabilities

Overview Independent researcher Luigi Auriemma identified a NULL Pointer Dereference and an Infinite Loop and released proof-of-concept exploit code for Optimalog’s Optima PLC application without coordination with ICS-CERT, the vendor, or any other coordinating entity known to ICS-CERT. Optimalog...

7.8CVSS6.9AI score0.06907EPSS
Exploits0References10
ICS
ICS
added 2026/05/19 6:0 a.m.26 views

ScadaBR

ADVISORY SUMMARY Successful exploitation of these vulnerabilities could allow an attacker to perform unauthenticated remote code execution. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Minimize network...

6.3AI score
Exploits0References13
Total number of security vulnerabilities4255