Lucene search
K
IcsMost viewed

4251 matches found

ICS
ICS
added 2024/08/01 6:0 a.m.19 views

Johnson Controls exacqVision Server web service

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.6 ATTENTION : Exploitable remotely Vendor : Johnson Controls Inc. Equipment : exacqVision Web Service Vulnerability : Permissive Cross-domain Policy with Untrusted Domains 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an...

8.1CVSS7.5AI score0.00431EPSS
Exploits0References10
ICS
ICS
added 2024/06/11 12:0 a.m.19 views

Siemens PowerSys

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

9.3CVSS9.4AI score0.00155EPSS
Exploits0References12
ICS
ICS
added 2020/10/24 12:0 p.m.19 views

Ransomware Impacting Pipeline Operations

Summary Note: This Activity Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge ATT&CK™ framework. See the MITRE ATT&CK for Enterprise and ATT&CK for Industrial Control Systems ICS frameworks for all referenced threat actor techniques and mitigations. The Cybersecurity and...

9.4AI score
Exploits0References50
ICS
ICS
added 2020/06/30 12:0 p.m.19 views

EINSTEIN Data Trends – 30-day Lookback

Summary Cybersecurity and Infrastructure Security Agency CISA analysts have compiled the top detection signatures that have been the most active over the month of May in our national Intrusion Detection System IDS, known as EINSTEIN. This information is meant to give the reader a closer look into...

9.6AI score
Exploits0References37
ICS
ICS
added 2018/08/23 12:0 p.m.19 views

ClearScada Vulnerabilities (Update A)

Overview Researchers at Digital Bond have identified multiple vulnerabilities in the Control Microsystems ClearSCADA application. The following vulnerabilities have been identified: Heap Overflow Vulnerability Cross-site Scripting Vulnerabilities Insecure Web Authentication. Affected Products The...

9.2AI score
Exploits0References19
ICS
ICS
added 2018/08/23 12:0 p.m.19 views

Federal Aviation Administration GPS Testing

Overview The US Federal Aviation Administration FAA has issued two flight advisories identifying planned Global Positioning System GPS temporary outages and the affected areas, due Department of Defense testing. During testing, the GPS signal may be unreliable or unavailable. ICS-CERT is issuing...

7AI score
Exploits0References17
ICS
ICS
added 2015/09/10 6:0 a.m.19 views

XZERES 442SR Wind Turbine Cross-site Scripting Vulnerability

OVERVIEW This updated advisory is a follow-up to the updated advisory titled ICSA-15-342-01B XZERES 442SR Wind Turbine Cross-site Scripting Vulnerability that was published March 21, 2016, on the NCCIC/ICS-CERT web site. --------- Begin Update C Part 1 of 2 -------- Independent researchers Karn...

6.1CVSS6.8AI score0.00906EPSS
Exploits0References10
ICS
ICS
added 2010/08/21 6:0 a.m.19 views

Automated Solutions OPC Vulnerability

Overview The ICS-CERT has received a report from independent security researcher Jeremy Brown that reveals a heap corruption vulnerability in the Automated Solutions Modbus/TCP Master OPC server. Automated Solutions has confirmed that their most recent patch mitigates the vulnerability for Versio...

7.6CVSS8.8AI score0.16195EPSS
Exploits1References10
ICS
ICS
added 2026/06/11 6:0 a.m.18 views

Brickcom Cameras

ADVISORY SUMMARY Successful exploitation of these vulnerabilities could allow a remote unauthenticated attacker to gain unauthorized access to live video feeds, retrieve sensitive visual information from affected premises, and obtain administrative control of the device. 2. RECOMMENDED PRACTICES...

5.5AI score
Exploits0References13
ICS
ICS
added 2026/05/26 6:0 a.m.18 views

Eppendorf BioFlo 320

ADVISORY SUMMARY Successful exploitation of this vulnerability could allow an attacker to gain full access to functionality and data with the bioreactor. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Minimize...

9.8CVSS5.8AI score0.00498EPSS
Exploits0References13
ICS
ICS
added 2026/05/19 1:33 p.m.18 views

Tyler Technologies Tyler Identity Default Administrative Credentials

RISK EVALUATION Tyler Identity provider TID-L uses a documented, default administrative IDP credential. Users are not required to change the credentials before deployment. 2. RECOMMENDED PRACTICES Change default passwords. TID-L has not been distributed since December 2020, and has not been...

9.8CVSS5.8AI score0.00477EPSS
Exploits0References1
ICS
ICS
added 2026/05/19 6:0 a.m.18 views

Kieback & Peter DDC Building Controllers

ADVISORY SUMMARY Successful exploitation of this vulnerability could allow an attacker to take control of the victim's browser. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Minimize network exposure for all...

5.3CVSS5.6AI score0.00271EPSS
Exploits0References13
ICS
ICS
added 2026/03/10 12:0 a.m.18 views

Siemens SIMATIC

SUMMARY SIMATIC S7-1500 devices contain a vulnerability that could allow an attacker to inject code by tricking a legitimate user into importing a specially crafted trace file in the web interface. Siemens has released new versions for several affected products and recommends to update to the...

9.6CVSS6.2AI score0.00458EPSS
Exploits0References10
ICS
ICS
added 2025/07/25 5:0 a.m.18 views

LG Innotek Camera Model LNV5110R

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to gain administrative access to the device. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network exposure...

8.3CVSS8.2AI score0.00629EPSS
Exploits0References10
ICS
ICS
added 2025/05/20 6:0 a.m.18 views

ABUP IoT Cloud Platform

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to access device profiles for which they are not authorized. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize...

6.8CVSS7.4AI score0.00291EPSS
Exploits0References10
ICS
ICS
added 2025/05/13 12:0 a.m.18 views

Siemens INTRALOG WMS

SUMMARY INTRALOG WMS before V5 is affected by multiple vulnerabilities in the Microsoft .NET implementation as described below. Siemens has released a new version for INTRALOG WMS and recommends to update to the latest version. Please approach your INTRALOG WMS contact to resolve the reported...

8.5AI score
Exploits0References10
ICS
ICS
added 2025/04/25 3:0 a.m.18 views

Mitsubishi Electric Multiple FA Products (Update C)

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service condition on the affected products. 2. RECOMMENDED PRACTICES CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures...

7.5CVSS5.3AI score0.01089EPSS
Exploits0References9
ICS
ICS
added 2025/04/24 6:0 a.m.18 views

Planet Technology Network Products

RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to read or manipulate device data, gain administrative privileges, or alter database entries. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of...

8.8AI score
Exploits0References10
ICS
ICS
added 2025/03/11 12:0 a.m.18 views

Siemens SiPass integrated AC5102/ACC-G2 and ACC-AP

SUMMARY SiPass integrated ACC Advanced Central Controller devices contain multiple vulnerabilities that could allow attackers to execute commands on the devices with root privileges and access sensitive data. Siemens has released new versions for the affected products and recommends to update to...

7.5AI score
Exploits0References10
ICS
ICS
added 2025/02/20 7:0 a.m.18 views

Medixant RadiAnt DICOM Viewer

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to perform a machine-in-the-middle attack MITM, resulting in malicious updates being delivered to the user. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of...

5.7CVSS5.8AI score0.00133EPSS
Exploits0References10
ICS
ICS
added 2025/02/13 7:0 a.m.18 views

Qardio Heart Health IOS and Android Application and QardioARM A100

RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to obtain sensitive information, cause a denial-of-service condition, and obtain firmware files. 2. RECOMMENDED PRACTICES CISA reminds organizations to perform proper impact analysis and risk assessment...

6.6CVSS6.9AI score0.00233EPSS
Exploits0References10
ICS
ICS
added 2025/01/23 6:30 a.m.18 views

ABB FLXEON Controllers

SUMMARY An update is available that resolves a privately reported vulnerability in the product versions listed as affected in this advisory. FLXEON devices are not intended to be internet-facing. A product advisory issued in June 2023 informed customers of this parameter. An attacker can...

9.5AI score
Exploits0References10
ICS
ICS
added 2024/11/22 12:0 a.m.18 views

Siemens RUGGEDCOM APE1808

SUMMARY Palo Alto Networks has published 1 information on vulnerabilities in PAN-OS. This advisory lists the related Siemens Industrial products affected by these vulnerabilities. Siemens is preparing fix versions and recommends countermeasures for products where fixes are not, or not yet...

7.2CVSS8.6AI score0.94766EPSS
Exploits14References10
ICS
ICS
added 2024/11/12 12:0 a.m.18 views

Schneider Electric EcoStruxure IT Gateway

GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. https://www.se.com/us/en/download/document/7EN52-0390/ Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install...

10CVSS6.7AI score0.00624EPSS
Exploits0References11
ICS
ICS
added 2024/10/29 6:0 a.m.18 views

Solar-Log Base 15

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.1 ATTENTION : Exploitable remotely/low attack complexity/public exploits are available Vendor : Solar-Log Equipment : Base 15 Vulnerability : Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' 2. RISK EVALUATION Successful...

5.4CVSS6.7AI score0.00446EPSS
Exploits4References10
ICS
ICS
added 2024/10/08 12:0 a.m.18 views

Schneider Electric Data Center Expert

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.6 ATTENTION : Exploitable remotely/low attack complexity Vendor : Schneider Electric Equipment : Data Center Expert Vulnerability : Improper Verification of Cryptographic Signature, Missing Authentication for Critical Function 2. RISK EVALUATION Successful...

7.2CVSS7.9AI score0.0054EPSS
Exploits0References11
ICS
ICS
added 2024/09/19 6:0 a.m.18 views

Kastle Systems Access Control System

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.2 ATTENTION : Exploitable remotely/low attack complexity Vendor : Kastle Systems Equipment : Access Control System Vulnerabilities : Use of Hard-coded Credentials, Cleartext Storage of Sensitive Information 2. RISK EVALUATION Successful exploitation of...

9.2CVSS7.9AI score0.0037EPSS
Exploits0References10
ICS
ICS
added 2024/09/17 6:0 a.m.18 views

Yokogawa Dual-redundant Platform for Computer (PC2CKM)

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION : Exploitable remotely/low attack complexity Vendor : Yokogawa Equipment : Dual-redundant Platform for Computer PC2CKM Vulnerability : Unchecked Return Value 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an...

7.5CVSS7.7AI score0.00425EPSS
Exploits0References10
ICS
ICS
added 2024/07/09 6:0 a.m.18 views

Johnson Controls Illustra Pro Gen 4

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.0 ATTENTION : Exploitable remotely Vendor : Johnson Controls, Inc. Equipment : Illustra Pro Gen 4 Vulnerability : Dependency on Vulnerable Third-Party Component 2. RISK EVALUATION Successful exploitation of this vulnerability could impact confidentiality...

7CVSS6.4AI score0.00405EPSS
Exploits0References10
ICS
ICS
added 2024/07/03 12:30 a.m.18 views

ABB ASPECT System

SUMMARY ABB became aware of vulnerabilities in the product versions listed as affected in the advisory. ASPECT devices are not intended to be internet-facing. A product advisory issued in June 2023 informed cus-tomers of this parameter. An attacker can successfully exploit these vulnerabilities...

7.9AI score
Exploits0References10
ICS
ICS
added 2024/02/27 12:0 p.m.18 views

#StopRansomware: ALPHV Blackcat

Actions to take today to mitigate against the threat of ransomware: 1. Routinely take inventory of assets and data to identify authorized and unauthorized devices and software. 2. Prioritize remediation of known exploited vulnerabilities. 3. Enable and enforce multifactor authentication with stro...

7.5AI score
Exploits0References55
ICS
ICS
added 2023/11/14 12:0 a.m.18 views

Siemens OPC UA Modeling Editor (SiOME)

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

7.5CVSS7.8AI score0.00652EPSS
Exploits0References12
ICS
ICS
added 2023/08/08 6:0 a.m.18 views

Schneider Electric IGSS

1. EXECUTIVE SUMMARY ​CVSS v3 7.8 ​ATTENTION: low attack complexity ​Vendor: Schneider Electric ​Equipment: IGSS Interactive Graphical SCADA System ​Vulnerability: Deserialization of Untrusted Data 2. RISK EVALUATION ​Successful exploitation of this vulnerability may allow arbitrary code...

7.8CVSS8.2AI score0.31861EPSS
Exploits0References10
ICS
ICS
added 2022/12/01 12:0 a.m.18 views

BD BodyGuard Pumps

1. EXECUTIVE SUMMARY CVSS v3 5.3 Vendor: Becton, Dickinson and Company BD Equipment: BodyGuard Pumps Vulnerability: Missing Protection Mechanism for Alternate Hardware Interface 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to change configuration...

5.3CVSS5.4AI score0.00218EPSS
Exploits0References4
ICS
ICS
added 2019/05/14 4:48 p.m.18 views

Schneider Electric Modicon Controllers (Update A)

GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. https://www.se.com/us/en/download/document/7EN52-0390/ Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install...

6.5AI score
Exploits0References11
ICS
ICS
added 2018/09/05 12:0 p.m.18 views

Cisco ASA and FWSM Security Advisories

Overview On October 9, 2013, Cisco released two security advisorieshttp://www.us-cert.gov/ncas/current-activity/2013/10/10/Cisco-Releases-Security-Advisories concerning multiple vulnerabilities within software for the following components: Cisco Adaptive Security Appliance ASA...

8.1AI score
Exploits0References17
ICS
ICS
added 2018/08/23 12:0 p.m.18 views

7-Technologies IGSS Remote Memory Corruption

Overview ICS-CERT has become aware of a memory corruption vulnerability that has been coordinated with 7-Technologies 7T by the VUPEN Vulnerability Research Team. 7T has created a patch that fully resolves this vulnerability. VUPEN has confirmed that the patch resolves the vulnerability. 7T has...

8.4AI score
Exploits0References21
ICS
ICS
added 2013/10/28 12:0 p.m.18 views

InduSoft ISSymbol ActiveX Control Buffer Overflow (Update A)

Overview Security researcher Dmitriy Pletnevo of Secunia ResearchSecunia Research, http://secunia.com/secuniaresearch/2011-36/, website last accessed June 16, 2011. has released details of multiple overflow vulnerabilities affecting the InduSoft ISSymbol ActiveX control. The researcher identified...

8.8AI score
Exploits0References18
ICS
ICS
added 2026/07/07 6:0 a.m.17 views

Digi International PortServer TS, Digi One SP IA

ADVISORY SUMMARY Successful exploitation of these vulnerabilities could allow an attacker to bypass authentication and gain access to restricted resources, obtain credentials, and inject malicious scripts. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the...

5.7AI score
Exploits0References11
ICS
ICS
added 2026/06/23 6:0 a.m.17 views

Hubbell Aclara Metrum Cellular Web Interface

ADVISORY SUMMARY Successful exploitation of this vulnerability could allow attackers to manipulate critical device settings and repeatedly disrupt operations, potentially causing a loss of communications to the device. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to...

8.7CVSS5.9AI score0.00726EPSS
Exploits0References11
ICS
ICS
added 2026/05/12 6:0 a.m.17 views

Fuji Electric Tellus

ADVISORY SUMMARY Successful exploitation of this vulnerability could allow an attacker to elevate privileges from user to system, which may then enable the attacker to cause a temporary denial of service, open files, or delete files. 2. RECOMMENDED PRACTICES CISA recommends users take defensive...

7.8CVSS5.7AI score0.00146EPSS
Exploits0References12
ICS
ICS
added 2026/02/26 8:0 a.m.17 views

CODESYS in Festo Automation Suite

SUMMARY Starting with Festo Automation Suite FAS version 2.8.0.138, the suite is delivered only with a connector to Codesys, rather than including Codesys directly. Prior to this version, Codesys was bundled within the FAS installation. From version 2.8.0.138 onwards, customers are required to...

5.3CVSS7.8AI score0.00369EPSS
Exploits0References13
ICS
ICS
added 2025/10/21 6:0 a.m.17 views

CloudEdge Online Cameras and App

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to gain access to live video feed and camera control. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network...

8.7CVSS7AI score0.00296EPSS
Exploits0References13
ICS
ICS
added 2025/10/16 6:0 a.m.17 views

Rockwell Automation FactoryTalk ViewPoint

RISK EVALUATION Successful exploitation of this vulnerability could allow unauthenticated attackers to achieve XML external entity injection, resulting in a temporary denial-of-service condition. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of...

8.7CVSS6.8AI score0.00425EPSS
Exploits0References11
ICS
ICS
added 2025/09/18 6:0 a.m.17 views

Schneider Electric Saitel DR & Saitel DP Remote Terminal Unit

RISK EVALUATION Successful exploitation of these vulnerabilities could enable an attacker to execute arbitrary shell commands on the affected devices. 2. RECOMMENDED PRACTICES CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures...

5.8CVSS8.2AI score0.00537EPSS
Exploits0References10
ICS
ICS
added 2025/07/03 6:0 a.m.17 views

Mitsubishi Electric MELSOFT Update Manager (Update B)

RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code, disclose information, alter information, or cause a denial-of-service DoS condition. 2. RECOMMENDED PRACTICES CISA reminds organizations to perform proper impact analysis and risk...

7.8CVSS7.9AI score0.21985EPSS
Exploits1References9
ICS
ICS
added 2025/06/12 6:0 a.m.17 views

AVEVA PI Web API

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to disable content security policy protections. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network...

6.5CVSS6.6AI score0.00205EPSS
Exploits0References10
ICS
ICS
added 2025/06/10 12:0 a.m.17 views

Siemens SIMATIC S7-1500 CPU family

SUMMARY Multiple vulnerabilities have been identified in the additional GNU/Linux subsystem of the firmware version V3.1.5 for the SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP incl. SIPLUS variant. Siemens is preparing fix versions and recommends countermeasures for products where fixes are not, or not...

9.3CVSS7.7AI score0.44963EPSS
Exploits7References10
ICS
ICS
added 2025/05/29 6:0 a.m.17 views

Consilium Safety CS5000 Fire Panel (Update A)

RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to gain high-level access to and remotely operate the device, potentially putting it into a non-functional state. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk...

9.9AI score
Exploits0References11
ICS
ICS
added 2025/02/11 12:0 a.m.17 views

Siemens Opcenter Intelligence

SUMMARY The Tableau Server component in Opcenter Intelligence contains multiple vulnerabilities as described below. Siemens has released a new version for Opcenter Intelligence and recommends to update to the latest version and to install the latest available version of Tableau Server as...

10CVSS10AI score0.99654EPSS
Exploits31References10
Total number of security vulnerabilities4251