Lucene search
K
IcsMost viewed

4251 matches found

ICS
ICS
added 2025/03/18 6:0 a.m.14 views

Schneider Electric EcoStruxure Power Automation System User Interface (EPAS-UI)

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to bypass device authentication, potentially gain access to sensitive information, or execute arbitrary code. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of...

7CVSS7.7AI score0.00258EPSS
Exploits0References10
ICS
ICS
added 2025/03/11 12:0 a.m.14 views

Siemens SIMATIC IPC Family, ITP1000, and Field PGs

SUMMARY Multiple vulnerabilities has been identified in Siemens SIMATIC IPCs, SIMATIC Tablet PCs, and SIMATIC Field PGs that can allow an authenticated attacker to alter the secure boot and password configurations. Siemens has released new versions of BIOS for several affected products and...

6.5AI score
Exploits0References10
ICS
ICS
added 2024/12/10 7:0 a.m.14 views

Horner Automation Cscape

RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to disclose information and execute arbitrary code. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as: Minimize...

8.5CVSS7.8AI score0.00189EPSS
Exploits0References10
ICS
ICS
added 2024/12/10 12:0 a.m.14 views

Siemens Teamcenter Visualization 

SUMMARY Siemens Teamcenter Visualization contains multiple file parsing vulnerabilities that could be triggered when the application reads files in WRL format. If a user is tricked to open a malicious file with any of the affected products, this could lead the application to crash or potentially...

8.3AI score
Exploits0References10
ICS
ICS
added 2024/11/19 12:0 a.m.14 views

Mitsubishi Electric MELSEC iQ-F Series (Update A)

RISK EVALUATION Successful exploitation of this vulnerability could allow a remote attacker to cause a denial-of-service condition in Ethernet communication on the module. A system reset of the module is required for recovery. 2. RECOMMENDED PRACTICES CISA recommends users take defensive...

7.5CVSS5.8AI score0.00656EPSS
Exploits0References10
ICS
ICS
added 2024/11/12 5:0 a.m.14 views

Schneider Electric Modicon M340, MC80, and Momentum Unity M1E (Update B)

GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. https://www.se.com/us/en/download/document/7EN52-0390/ Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install...

6.5AI score
Exploits0References11
ICS
ICS
added 2024/11/12 12:0 a.m.14 views

Siemens TeleControl Server

SUMMARY TeleControl Server Basic V3.1 contains a deserialization vulnerability that could allow an unauthenticated attacker to execute arbitrary code on the device. Siemens has released new versions for the affected products and recommends to update to the latest versions. 2. GENERAL...

10CVSS7.9AI score0.01002EPSS
Exploits0References10
ICS
ICS
added 2024/10/29 12:0 a.m.14 views

Hitachi Energy MSM (Update A)

RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to impact the confidentiality, integrity or availability of the MSM. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. CISA...

7AI score
Exploits0References9
ICS
ICS
added 2024/10/24 6:0 a.m.14 views

iniNet Solutions SpiderControl SCADA PC HMI Editor

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.6 ATTENTION : Exploitable remotely/low attack complexity Vendor : iniNet Solutions Equipment : SpiderControl SCADA PC HMI Editor Vulnerability : Path Traversal 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to gain...

8.6CVSS7.6AI score0.00475EPSS
Exploits0References10
ICS
ICS
added 2024/10/08 12:0 a.m.14 views

Siemens JT2Go

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

7.8CVSS7.7AI score0.00191EPSS
Exploits0References10
ICS
ICS
added 2024/09/19 6:0 a.m.14 views

MegaSys Computer Technologies Telenium Online Web Application (Update A)

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION : Exploitable remotely/low attack complexity Vendor : MegaSys Computer Technologies Equipment : Telenium Online Web Application Vulnerability : Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could...

9.8CVSS7.6AI score0.00895EPSS
Exploits0References10
ICS
ICS
added 2024/08/13 6:0 a.m.14 views

AVEVA SuiteLink Server

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION : Exploitable remotely/low attack complexity Vendor : AVEVA Equipment : SuiteLink Server Vulnerability : Allocation of Resources Without Limits or Throttling 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an...

8.7CVSS6.7AI score0.00498EPSS
Exploits0References10
ICS
ICS
added 2024/02/13 12:41 p.m.14 views

Schneider Electric EcoStruxure Control Expert, EcoStruxure Process Expert, and Modicon M340, M580 and M580 Safety PLCs

GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. https://www.se.com/us/en/download/document/7EN52-0390/ Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install...

7.2AI score
Exploits0References11
ICS
ICS
added 2016/05/27 6:0 a.m.14 views

Moxa OnCell Vulnerabilities (Update A)

OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-16-236-01 Moxa OnCell Vulnerabilities that was published August 23, 2016, on the NCCIC/ICS-CERT web site. Independent researcher Maxim Rupp has identified several vulnerabilities in Moxa’s OnCell products. Moxa has...

7.5AI score
Exploits0References10
ICS
ICS
added 2013/04/26 12:0 p.m.14 views

Osama Bin Laden-Themed Phishing

Summary The intent of this advisory is to provide general guidance to public and private sector organizations and individuals on potential targeted phishing attacks often referred to as “spear phishing” with respect to the Osama Bin Laden related media reporting, and to offer some suggested metho...

6.9AI score
Exploits0References18
ICS
ICS
added 2013/04/26 12:0 p.m.14 views

Targeted Phishing Attacks

Summary This advisory is intended to provide general guidance to public and private sector organizations on events potentially triggering targeted phishing attacks often referred to as spear phishing and to offer some suggested methods that may minimize the likelihood of a successful attack. This...

7AI score
Exploits0References18
ICS
ICS
added 2026/06/30 6:0 a.m.13 views

StoneFly Storage Concentrator

ADVISORY SUMMARY Successful exploitation of these vulnerabilities could allow attackers to gain broad unauthorized access, execute arbitrary commands with root privileges, steal sensitive data, and perform actions on behalf of legitimate users across interconnected systems. 2. RECOMMENDED...

6.3AI score
Exploits0References13
ICS
ICS
added 2026/06/25 6:0 a.m.13 views

pydicom pynetdicom Library

ADVISORY SUMMARY Successful exploitation of this vulnerability could allow an unauthenticated attacker to write to arbitrary file paths. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Minimize network exposure...

9.1CVSS6AI score0.00434EPSS
Exploits0References11
ICS
ICS
added 2026/06/18 6:0 a.m.13 views

AzeoTech DAQFactory (Update A)

ADVISORY SUMMARY Successful exploitation of this vulnerability could allow an attacker to upload malicious .ctl files that may lead to arbitrary code execution. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities...

8.4CVSS6.2AI score0.00148EPSS
Exploits0References11
ICS
ICS
added 2026/06/18 12:0 a.m.13 views

Mitsubishi Electric MELSEC iQ-F Series

ADVISORY SUMMARY Successful exploitation of this vulnerability could allow a remote attacker to cause a denial-of-service DoS condition in the affected product by rapidly establishing a large number of TCP connections to it, resulting in an inconsistency in the product's internal connection...

8.7CVSS5.8AI score0.00379EPSS
Exploits0References9
ICS
ICS
added 2026/06/04 2:10 p.m.13 views

SQLite sqldiff remote code execution via argument injection

RISK EVALUATION An attacker could use the '-L' option to load an arbitrary DLL with a crafted command line argument string that results in command line file arguments being misinterpreted as command line options. 2. RECOMMENDED PRACTICES Fixed on 2025-12-26. 3. DESCRIPTION SQLite 'sqldiff.exe'...

9.8CVSS5.6AI score0.00384EPSS
Exploits0References1
ICS
ICS
added 2026/05/12 12:0 a.m.13 views

Siemens Ruggedcom Rox

SUMMARY Ruggedcom Rox before v2.17.1 contain multiple third-party vulnerabilities. Siemens has released new versions for the affected products and recommends to update to the latest versions. 2. GENERAL RECOMMENDATIONS As a general security measure, Siemens strongly recommends to protect network...

5.5CVSS7.7AI score0.00439EPSS
Exploits0References10
ICS
ICS
added 2026/05/12 12:0 a.m.13 views

Siemens Simcenter Femap

SUMMARY Simcenter Femap is affected by heap based buffer overflow vulnerability in Datakit library that could be triggered when the application reads files in IPT format. If a user is tricked to open a malicious file with the affected application, an attacker could leverage the vulnerability to...

7.9AI score
Exploits0References10
ICS
ICS
added 2026/05/12 12:0 a.m.13 views

Siemens Ruggedcom Rox

SUMMARY Ruggedcom Rox contains an input validation vulnerability in the Scheduler functionality that could allow an authenticated remote attacker to execute arbitrary commands with root privileges on the underlying operating system. Siemens has released new versions for the affected products and...

9.1CVSS7.5AI score0.00543EPSS
Exploits0References10
ICS
ICS
added 2026/05/12 12:0 a.m.13 views

Siemens Industrial Devices

SUMMARY Multiple industrial devices contain a vulnerability that could allow an attacker to cause a denial of service condition. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and...

8.7CVSS7.3AI score0.00324EPSS
Exploits0References10
ICS
ICS
added 2026/04/23 6:0 a.m.13 views

Milesight Cameras

RISK EVALUATION Successful exploitation of these vulnerabilities could crash the device being accessed or allow remote code execution. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Minimize network exposure...

6AI score
Exploits0References13
ICS
ICS
added 2026/04/21 6:0 a.m.13 views

SenseLive X3050

RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to take complete control of the device. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Minimize network exposure for all...

5.7AI score
Exploits0References13
ICS
ICS
added 2026/04/14 12:0 a.m.13 views

Siemens SINEC NMS

SUMMARY SINEC NMS before V4.0 SP3 contains an Authorization Bypass vulnerability that could allow an attacker to bypass authorization checks, leading to the ability to reset the password of any arbitrary user account. Siemens has released a new version for SINEC NMS and recommends to update to...

8.8CVSS5.9AI score0.00453EPSS
Exploits0References10
ICS
ICS
added 2026/03/12 6:0 a.m.13 views

Inductive Automation Ignition Software

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute malicious code with OS application service account permissions that the authenticated, privileged application user did not intend on running. 2. RECOMMENDED PRACTICES CISA recommends users take...

6.8CVSS5.9AI score0.00345EPSS
Exploits0References13
ICS
ICS
added 2026/03/03 12:0 a.m.13 views

Mitsubishi Electric MELSEC iQ-F Series EtherNet/IP module and Ethernet Module (Update A)

RISK EVALUATION Successful exploitation of these vulnerabilities could allow a remote attacker to cause a denial-of-service condition by continuously sending UDP packets to the affected products. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of...

5.5AI score
Exploits0References9
ICS
ICS
added 2026/02/26 7:0 a.m.13 views

Copeland XWEB and XWEB Pro

RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to bypass authentication, cause a denial-of-service condition, cause memory corruption, and execute arbitrary code. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk...

7.1AI score
Exploits0References13
ICS
ICS
added 2025/12/09 12:0 a.m.13 views

Hitachi Energy Asset Suite

SUMMARY Hitachi Energy is aware of a Jasper Report vulnerability that affects the Asset Suite product versions mentioned in this document below. This vulnerability can be exploited to carry out remote code execution RCE attack on the product. Please refer to the Recommended Immediate Actions for...

9.8CVSS8.5AI score0.00876EPSS
Exploits0References9
ICS
ICS
added 2025/08/14 6:0 a.m.13 views

Rockwell Automation Micro800

RISK EVALUATION Successful exploitation of these vulnerabilities could result in remote code execution or may lead to privilege escalation. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as: Minimize...

8.5AI score
Exploits0References10
ICS
ICS
added 2025/08/12 12:0 a.m.13 views

Siemens Opcenter Quality

SUMMARY The Opcenter Quality is affected by multiple vulnerabilities in the SmartClient modules Opcenter QL Home SC, SOA Audit and SOA Cockpit. Siemens has released new versions for the affected products and recommends to update to the latest versions. 2. GENERAL RECOMMENDATIONS As a general...

7.7AI score
Exploits0References10
ICS
ICS
added 2025/07/24 6:0 a.m.13 views

Mitsubishi Electric CNC Series (Update B)

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute malicious code by getting setup-launcher to load a malicious DLL. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability,...

7.8CVSS7.3AI score0.00503EPSS
Exploits0References9
ICS
ICS
added 2025/06/10 12:0 a.m.13 views

Siemens Energy Services

SUMMARY Siemens Energy Services previously known as Managed Applications and Services, sell solutions using Elspec G5 Digital Fault Recorder which contains default credentials with admin privileges. A client configuration with remote access could allow an attacker to gain remote control of the...

9.9CVSS9.9AI score0.00326EPSS
Exploits0References10
ICS
ICS
added 2025/05/20 6:0 a.m.13 views

National Instruments Circuit Design Suite

RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to disclose information or execute arbitrary code. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this these vulnerabilities, such as: Minimize...

8.5CVSS8.3AI score0.00167EPSS
Exploits0References10
ICS
ICS
added 2025/05/13 4:0 a.m.13 views

Schneider Electric EcoStruxure Power Build Rapsody

GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. https://www.se.com/us/en/download/document/7EN52-0390/ Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install...

4.6CVSS7.5AI score0.00162EPSS
Exploits0References11
ICS
ICS
added 2025/05/13 12:0 a.m.13 views

Siemens Polarion

SUMMARY Polarion before V2410 contains multiple vulnerabilities that could allow attackers to extract data, conduct cross-site scripting attacks or find out valid usernames. Siemens strongly recommends to update Polarion to V2410 or later versions, not only to fix the documented vulnerabilities,...

7.5AI score
Exploits0References10
ICS
ICS
added 2025/05/06 6:0 a.m.13 views

Milesight UG65-868M-EA

RISK EVALUATION Successful exploitation of this vulnerability could allow any user with admin privileges to inject arbitrary shell commands. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Ensure that...

6.8CVSS7AI score0.00292EPSS
Exploits0References10
ICS
ICS
added 2025/04/30 12:0 a.m.13 views

Commvault Web Server unspecified vulnerability

RISK EVALUATION According to Commvault: "The Web Server is a component in CommCell environments that provides a RESTful interface to the software where users can perform various tasks using available APIs". A remote, authenticated attacker can exploit an unspecified vulnerability to compromise a...

8.8CVSS6.6AI score0.01932EPSS
Exploits0References1
ICS
ICS
added 2025/04/29 6:0 a.m.13 views

Delta Electronics ISPSoft

RISK EVALUATION Successful exploitation of these vulnerabilities could result in an attacker executing arbitrary code. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as: Minimize network exposure for all...

8.2AI score
Exploits0References10
ICS
ICS
added 2025/04/17 6:0 a.m.13 views

Yokogawa Recorder Products

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to manipulate information on the affected products. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network...

9.8CVSS6.8AI score0.00714EPSS
Exploits0References10
ICS
ICS
added 2025/04/16 12:0 a.m.13 views

Siemens TeleControl Server Basic SQL

SUMMARY TeleControl Server Basic before V3.1.2.2 contains multiple SQL Injection vulnerabilities that could allow an attacker to read and write to the application's DB, cause denial of service and execute code in an OS shell with limited "NT AUTHORITY\NetworkService" permissions. Siemens has...

8.8AI score
Exploits0References10
ICS
ICS
added 2025/04/15 1:49 p.m.13 views

SicommNet multiple vulnerabilities

RISK EVALUATION SicommNET BASEC is an online eProcurement solution used by governments and other entities. Multiple vulnerabilities have been found in BASEC. These vulnerabilities allow a remote, unauthenticated attacker to gain administrative privileges, read user passwords, and obtain...

9.3CVSS7.4AI score0.00546EPSS
Exploits0References1
ICS
ICS
added 2025/03/20 6:0 a.m.13 views

Santesoft Sante DICOM Viewer Pro

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause memory corruption that would result in execution of arbitrary code. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability,...

8.4CVSS7.6AI score0.00175EPSS
Exploits0References10
ICS
ICS
added 2025/03/13 6:0 a.m.13 views

Philips Intellispace Cardiovascular (ISCV)

RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to replay the session of the logged in ISCV user and gain access to patient records. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these...

8.1AI score
Exploits0References10
ICS
ICS
added 2025/03/11 12:0 a.m.13 views

Siemens OPC UA

SUMMARY The products listed below contain two authentication bypass vulnerabilities that could allow an attacker to gain access to the data managed by the server. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing...

6.9AI score
Exploits0References10
ICS
ICS
added 2025/03/04 7:0 a.m.13 views

Keysight Ixia Vision Product Family (Update A)

RISK EVALUATION Successful exploitation of these vulnerabilities could crash the device being accessed; a buffer overflow condition may allow remote code execution. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this these...

10AI score
Exploits0References13
ICS
ICS
added 2025/02/13 7:0 a.m.13 views

Outback Power Mojave Inverter

RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to access sensitive data or inject commands. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as: Disable un-used...

8.7CVSS7.2AI score0.00446EPSS
Exploits0References10
Total number of security vulnerabilities4251