4251 matches found
ICAM365 CCTV Camera Multiple Models
RISK EVALUATION Successful exploitation of these vulnerabilities could result in unauthorized exposure of camera video streams and camera configuration data. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such...
Rockwell Automation FactoryTalk View Machine Edition and PanelView Plus 7
RISK EVALUATION Successful exploitation of these vulnerabilities could allow an unauthenticated attacker to access to the device's file system. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as: Minimize...
ABB EIBPORT
SUMMARY ABB is aware of vulnerabilities in the product versions listed as affected in the advisory. A firmware update is available that resolves these privately reported vulnerabilities in the product versions listed as affected in the advisory. An attacker who successfully exploited these...
ABB Terra AC Wallbox
SUMMARY ABB is aware of vulnerabilities in the product versions listed as affected in the advisory. An attacker who successfully exploited this vulnerability could cause the pollution of heap memory which potentially takes remote control of the product and performs a write operation to the flash...
Craft CMS stores user-provided content session files
RISK EVALUATION Craft CMS stores user-provided content in session files. A remote, unauthenticated attacker can introduce arbitrary content, including PHP code, into session files with known names and locations. If an attacker can access these files, possibly through another vulnerability such...
Siemens OZW Web Servers
SUMMARY OZW672 and OZW772 Web Server versions contain vulnerabilities that could allow an attacker to execute arbitrary code on the device with root privileges in versions before V8.0 or to authenticate as Administrator user in versions before V6.0. Siemens has released new versions for the...
ABB ACS880 Drives Containing CODESYS RTS
SUMMARY Multiple vulnerabilities regarding the CODESYS Runtime System from CODESYS Group have been publicly reported. CODESYS Runtime System is utilized in the firmware of ABB ACS880 drives to provide IEC 61131-3 programming capabilities. These vulnerabilities could lead to out-of-bound memory...
ABB Low Voltage DC Drives and Power Controllers CODESYS RTS
SUMMARY CODESYS group published several vulnerabilities regarding the CODESYS Runtime System, which is included in the firmware of ABB LV DC drives and power controllers. It is used to implement a selection of features and to provide IEC 611131-3 programming capabilities. These vulnerabilities...
Schneider Electric Uni-Telway Driver (Update D)
GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. https://www.se.com/us/en/download/document/7EN52-0390/ Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install...
Rockwell Automation GuardLogix 5380 and 5580 (Update A)
RISK EVALUATION Successful exploitation of this vulnerability could allow a remote, non-privileged user to send malicious requests resulting in a major nonrecoverable fault causing a denial-of-service condition. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize...
Rockwell Automation Arena (Update C)
RISK EVALUATION Successful exploitation of these vulnerabilities could result in execution of arbitrary code. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as: Minimize network exposure for all control...
Open Automation Software
RISK EVALUATION Successful exploitation of this vulnerability could result in an attacker executing code with escalated privileges. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. CISA reminds organizations to...
Rockwell Automation DataMosaix Private Cloud
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION : Exploitable remotely/low attack complexity Vendor : Rockwell Automation Equipment : DataMosaix Private Cloud Vulnerabilities : Exposure of Sensitive Information to an Unauthorized Actor, Missing Authorization, Incorrect Authorization 2. RISK...
Siemens RUGGEDCOM APE1808
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
goTenna Pro ATAK Plugin (Update A)
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.1 ATTENTION : Low attack complexity Vendor : goTenna Equipment : Pro ATAK Plugin Vulnerabilities : Weak Password Requirements, Insecure Storage of Sensitive Information, Missing Support for Integrity Check, Cleartext Transmission of Sensitive Information,...
Rockwell Automation OptixPanel
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.7 ATTENTION : Exploitable remotely Vendor : Rockwell Automation Equipment : OptixPanel Vulnerability : Improper Privilege Management 2. RISK EVALUATION Successful exploitation of this vulnerability may allow users to exfiltrate credentials and escalate...
Rockwell Automation SequenceManager
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION : Exploitable remotely/low attack complexity Vendor : Rockwell Automation Equipment : SequenceManager Vulnerabilities : Unquoted Search Path or Element 2. RISK EVALUATION Successful exploitation of these vulnerabilities could cause a...
Rockwell Automation GuardLogix/ControlLogix 5580 Controller
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION : Exploitable remotely/low attack complexity Vendor : Rockwell Automation Equipment : ControlLogix 5580, GuardLogix 5580 Vulnerability : Improper Check for Unusual or Exceptional Conditions 2. RISK EVALUATION Successful exploitation of this...
Siemens LOGO! V8.3 BM Devices
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
National Instruments IO Trace
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION : Low attack complexity Vendor : National Instruments Equipment : IO Trace Vulnerability : Stack-Based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a local attacker to execute arbitrary code. 3...
Johnson Controls Inc. Software House C●CURE 9000
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.3 ATTENTION : Exploitable remotely/Low attack complexity Vendor : Johnson Controls, Inc. Equipment : Software House C●CURE 9000 Vulnerability : Use of Weak Credentials 2. RISK EVALUATION Successful exploitations of this vulnerability could allow an...
CISA Releases One Industrial Control Systems Advisory
CISA released one Industrial Control Systems ICS advisory on May 25, 2023. This advisory provides timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-145-01 Moxa MXsecurity Series CISA encourages users and administrators to review the newly...
Hitachi Energy Gateway Station
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: Gateway Station GWS Vulnerabilities: Improper Input Validation, Classic Buffer Overflow 2. RISK EVALUATION Successful exploitation of these vulnerabilities could cause part of...
Gardyn IoT Hub
ADVISORY SUMMARY Successful exploitation of these vulnerabilities could allow unauthenticated users to access and control IoT Hub managed devices. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Minimize...
AVer PTC cameras
ADVISORY SUMMARY Successful exploitation of this vulnerability could allow arbitrary code execution. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Minimize network exposure for all control system devices and/or...
Siemens SIMATIC
SUMMARY SIMATIC CN 4100 contains multiple vulnerabilities which could potentially lead to a compromise in availability, integrity and confidentiality. Siemens has released a new version for SIMATIC CN 4100 and recommends to update to the latest version. 2. GENERAL RECOMMENDATIONS As a general...
Siemens Siemens ROS#
SUMMARY ROS contains a ROS service fileserver, that before version 2.2.2 contains a path traversal vulnerability which could allow an attacker to access, i.e. read and write, arbitrary files, which are accessible with the user rights of the user that runs the service, on the system that hosts...
Siemens Opcenter RDnL
SUMMARY Opcenter RDnL is affected by missing authentication in critical function in ‘ActiveMQ Artemis’. An unauthenticated attacker within the adjacent network could use the Core protocol to force a target broker to establish an outbound Core federation connection to an attacker-controlled rogue...
Siemens Ruggedcom Rox
SUMMARY Ruggedcom Rox contains an improper access control vulnerability that could allow an authenticated remote attacker to read arbitrary files with root privileges from the underlying operating system's filesystem. Siemens has released new versions for the affected products and recommends to...
Siemens Ruggedcom Rox
SUMMARY Ruggedcom Rox contains an input validation vulnerability in the feature key installation process that could allow an authenticated remote attacker to execute arbitrary commands with root privileges on the underlying operating system. Siemens has released new versions for the affected...
Siemens Solid Edge
SUMMARY Solid Edge SE2026 before Update 5 is affected by two file parsing vulnerabilities that could be triggered when the application reads specially crafted files in PAR format. This could allow an attacker to crash the application or execute arbitrary code. Siemens has released a new version...
MAXHUB Pivot client application
ADVISORY SUMMARY Successful exploitation of this vulnerability may enable an attacker to access tenant email addresses and associated information in cleartext or cause a denial-of-service condition. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of...
Mitsubishi Electric GENESIS64 and ICONICS Suite products
RISK EVALUATION Successful exploitation of these vulnerabilities could allow a local attacker to disclose SQL Server credentials used by the affected products and use them to disclose, tamper with, or destroy data, or to cause a denial-of-service DoS condition on the system. 2. RECOMMENDED...
Grassroots DICOM (GDCM)
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to send a specially crafted file, and when parsed, could result in a denial-of-service condition. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of...
Mitsubishi Electric MELSEC iQ-F Series EtherNet/IP module and Ethernet module
RISK EVALUATION Successful exploitation of these vulnerabilities could allow a remote attacker to cause a denial-of-service condition by continuously sending UDP packets to the affected products. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of...
ABB Automation Builder Gateway for Windows
SUMMARY ABB became aware of severe vulnerability in the products versions listed as affected in the advisory. The Windows gateway is accessible remotely by default. Unauthenticated attackers can therefore search for PLCs, but the user management of the PLCs prevents the actual access to the PLCs...
Welker OdorEyes EcoSystem Pulse Bypass System with XL4 Controller
RISK EVALUATION Successful exploitation of this vulnerability could result in an over- or under-odorization event. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network exposure for all control...
Siemens COMOS
SUMMARY COMOS is affected by multiple vulnerabilities that could allow an attacker to execute arbitrary code or cause denial of service condition, data infiltration or perform access control violations. Siemens has released new versions for several affected products and recommends to update to...
International Standards Organization ISO 15118-2 (Update A)
RISK EVALUATION Successful exploitation of this vulnerability could result in man-in-the-middle attacks. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network exposure for all control system...
Delta Electronics ASDA-Soft
RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to write data outside of the allocated memory buffer. 2. RECOMMENDED PRACTICES CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. CISA...
Rockwell Automation Compact GuardLogix 5370
RISK EVALUATION Successful exploitation of this vulnerability could result in a denial-of-service. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network exposure for all control system devices...
Advantech iView
RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to disclose sensitive information, achieve remote code execution, or cause service disruptions. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of...
Rockwell Automation FactoryTalk Historian ThingWorx
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to launch XXE-based attacks on applications that accept malicious log4net configuration files. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this...
Lantronix Device Installer
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to gain access to the host machine running the Device Installer software. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability such...
Siemens RUGGEDCOM APE1808 Devices
SUMMARY Fortinet has published information on vulnerabilities in FortiOS. This advisory lists the related Siemens Industrial products. Siemens is preparing fix versions and recommends to consult and implement the workarounds provided in Fortinet's upstream security notifications. 2. GENERAL...
Hitachi Energy Asset Suite
SUMMARY Hitachi Energy is aware multiple vulnerabilities that affects the Asset Suite product versions listed below. If these vulnerabilities are successfully exploited by an attacker, it could have an impact on the confidentiality, integrity, or availability of the product. Please refer to the...
ABB CoreSense HM and CoreSense M10
SUMMARY An update is available that resolves vulnerability in the product versions listed as affected in this advisory. A path traversal vulnerability in these products can allow unauthenticated users to gain access to restricted directories. Exploiting this vulnerability can lead to complete...
Lantronix XPort (Update A)
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker unauthorized access to the configuration interface and cause disruption to monitoring and operations. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation...
Mitsubishi Electric Europe B.V. smartRTU
RISK EVALUATION Successful exploitation of these vulnerabilities could allow a remote unauthenticated attacker to disclose, tamper with, destroy or delete information in the product, or cause a denial-of service condition on the product. 2. RECOMMENDED PRACTICES CISA recommends users take...
Siemens Insights Hub Private Cloud
SUMMARY Insights Hub Private Cloud is affected by multiple vulnerabilities in Ingress NGINX Controller for Kubernetes. These vulnerabilities could lead to arbitrary code execution in the context of the ingress-nginx controller, or disclosure of Secrets accessible to the controller, or denial of...