4251 matches found
Schneider Electric EcoStruxure Power Automation System User Interface (EPAS-UI)
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to bypass device authentication, potentially gain access to sensitive information, or execute arbitrary code. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of...
Siemens SIMATIC IPC Family, ITP1000, and Field PGs
SUMMARY Multiple vulnerabilities has been identified in Siemens SIMATIC IPCs, SIMATIC Tablet PCs, and SIMATIC Field PGs that can allow an authenticated attacker to alter the secure boot and password configurations. Siemens has released new versions of BIOS for several affected products and...
Horner Automation Cscape
RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to disclose information and execute arbitrary code. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as: Minimize...
Siemens Teamcenter Visualization
SUMMARY Siemens Teamcenter Visualization contains multiple file parsing vulnerabilities that could be triggered when the application reads files in WRL format. If a user is tricked to open a malicious file with any of the affected products, this could lead the application to crash or potentially...
Mitsubishi Electric MELSEC iQ-F Series (Update A)
RISK EVALUATION Successful exploitation of this vulnerability could allow a remote attacker to cause a denial-of-service condition in Ethernet communication on the module. A system reset of the module is required for recovery. 2. RECOMMENDED PRACTICES CISA recommends users take defensive...
Schneider Electric Modicon M340, MC80, and Momentum Unity M1E (Update B)
GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. https://www.se.com/us/en/download/document/7EN52-0390/ Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install...
Siemens TeleControl Server
SUMMARY TeleControl Server Basic V3.1 contains a deserialization vulnerability that could allow an unauthenticated attacker to execute arbitrary code on the device. Siemens has released new versions for the affected products and recommends to update to the latest versions. 2. GENERAL...
Hitachi Energy MSM (Update A)
RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to impact the confidentiality, integrity or availability of the MSM. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. CISA...
iniNet Solutions SpiderControl SCADA PC HMI Editor
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.6 ATTENTION : Exploitable remotely/low attack complexity Vendor : iniNet Solutions Equipment : SpiderControl SCADA PC HMI Editor Vulnerability : Path Traversal 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to gain...
Siemens JT2Go
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
MegaSys Computer Technologies Telenium Online Web Application (Update A)
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION : Exploitable remotely/low attack complexity Vendor : MegaSys Computer Technologies Equipment : Telenium Online Web Application Vulnerability : Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could...
AVEVA SuiteLink Server
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION : Exploitable remotely/low attack complexity Vendor : AVEVA Equipment : SuiteLink Server Vulnerability : Allocation of Resources Without Limits or Throttling 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an...
Schneider Electric EcoStruxure Control Expert, EcoStruxure Process Expert, and Modicon M340, M580 and M580 Safety PLCs
GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. https://www.se.com/us/en/download/document/7EN52-0390/ Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install...
Moxa OnCell Vulnerabilities (Update A)
OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-16-236-01 Moxa OnCell Vulnerabilities that was published August 23, 2016, on the NCCIC/ICS-CERT web site. Independent researcher Maxim Rupp has identified several vulnerabilities in Moxa’s OnCell products. Moxa has...
Osama Bin Laden-Themed Phishing
Summary The intent of this advisory is to provide general guidance to public and private sector organizations and individuals on potential targeted phishing attacks often referred to as “spear phishing” with respect to the Osama Bin Laden related media reporting, and to offer some suggested metho...
Targeted Phishing Attacks
Summary This advisory is intended to provide general guidance to public and private sector organizations on events potentially triggering targeted phishing attacks often referred to as spear phishing and to offer some suggested methods that may minimize the likelihood of a successful attack. This...
StoneFly Storage Concentrator
ADVISORY SUMMARY Successful exploitation of these vulnerabilities could allow attackers to gain broad unauthorized access, execute arbitrary commands with root privileges, steal sensitive data, and perform actions on behalf of legitimate users across interconnected systems. 2. RECOMMENDED...
pydicom pynetdicom Library
ADVISORY SUMMARY Successful exploitation of this vulnerability could allow an unauthenticated attacker to write to arbitrary file paths. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Minimize network exposure...
AzeoTech DAQFactory (Update A)
ADVISORY SUMMARY Successful exploitation of this vulnerability could allow an attacker to upload malicious .ctl files that may lead to arbitrary code execution. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities...
Mitsubishi Electric MELSEC iQ-F Series
ADVISORY SUMMARY Successful exploitation of this vulnerability could allow a remote attacker to cause a denial-of-service DoS condition in the affected product by rapidly establishing a large number of TCP connections to it, resulting in an inconsistency in the product's internal connection...
SQLite sqldiff remote code execution via argument injection
RISK EVALUATION An attacker could use the '-L' option to load an arbitrary DLL with a crafted command line argument string that results in command line file arguments being misinterpreted as command line options. 2. RECOMMENDED PRACTICES Fixed on 2025-12-26. 3. DESCRIPTION SQLite 'sqldiff.exe'...
Siemens Ruggedcom Rox
SUMMARY Ruggedcom Rox before v2.17.1 contain multiple third-party vulnerabilities. Siemens has released new versions for the affected products and recommends to update to the latest versions. 2. GENERAL RECOMMENDATIONS As a general security measure, Siemens strongly recommends to protect network...
Siemens Simcenter Femap
SUMMARY Simcenter Femap is affected by heap based buffer overflow vulnerability in Datakit library that could be triggered when the application reads files in IPT format. If a user is tricked to open a malicious file with the affected application, an attacker could leverage the vulnerability to...
Siemens Ruggedcom Rox
SUMMARY Ruggedcom Rox contains an input validation vulnerability in the Scheduler functionality that could allow an authenticated remote attacker to execute arbitrary commands with root privileges on the underlying operating system. Siemens has released new versions for the affected products and...
Siemens Industrial Devices
SUMMARY Multiple industrial devices contain a vulnerability that could allow an attacker to cause a denial of service condition. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and...
Milesight Cameras
RISK EVALUATION Successful exploitation of these vulnerabilities could crash the device being accessed or allow remote code execution. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Minimize network exposure...
SenseLive X3050
RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to take complete control of the device. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Minimize network exposure for all...
Siemens SINEC NMS
SUMMARY SINEC NMS before V4.0 SP3 contains an Authorization Bypass vulnerability that could allow an attacker to bypass authorization checks, leading to the ability to reset the password of any arbitrary user account. Siemens has released a new version for SINEC NMS and recommends to update to...
Inductive Automation Ignition Software
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute malicious code with OS application service account permissions that the authenticated, privileged application user did not intend on running. 2. RECOMMENDED PRACTICES CISA recommends users take...
Mitsubishi Electric MELSEC iQ-F Series EtherNet/IP module and Ethernet Module (Update A)
RISK EVALUATION Successful exploitation of these vulnerabilities could allow a remote attacker to cause a denial-of-service condition by continuously sending UDP packets to the affected products. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of...
Copeland XWEB and XWEB Pro
RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to bypass authentication, cause a denial-of-service condition, cause memory corruption, and execute arbitrary code. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk...
Hitachi Energy Asset Suite
SUMMARY Hitachi Energy is aware of a Jasper Report vulnerability that affects the Asset Suite product versions mentioned in this document below. This vulnerability can be exploited to carry out remote code execution RCE attack on the product. Please refer to the Recommended Immediate Actions for...
Rockwell Automation Micro800
RISK EVALUATION Successful exploitation of these vulnerabilities could result in remote code execution or may lead to privilege escalation. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as: Minimize...
Siemens Opcenter Quality
SUMMARY The Opcenter Quality is affected by multiple vulnerabilities in the SmartClient modules Opcenter QL Home SC, SOA Audit and SOA Cockpit. Siemens has released new versions for the affected products and recommends to update to the latest versions. 2. GENERAL RECOMMENDATIONS As a general...
Mitsubishi Electric CNC Series (Update B)
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute malicious code by getting setup-launcher to load a malicious DLL. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability,...
Siemens Energy Services
SUMMARY Siemens Energy Services previously known as Managed Applications and Services, sell solutions using Elspec G5 Digital Fault Recorder which contains default credentials with admin privileges. A client configuration with remote access could allow an attacker to gain remote control of the...
National Instruments Circuit Design Suite
RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to disclose information or execute arbitrary code. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this these vulnerabilities, such as: Minimize...
Schneider Electric EcoStruxure Power Build Rapsody
GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. https://www.se.com/us/en/download/document/7EN52-0390/ Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install...
Siemens Polarion
SUMMARY Polarion before V2410 contains multiple vulnerabilities that could allow attackers to extract data, conduct cross-site scripting attacks or find out valid usernames. Siemens strongly recommends to update Polarion to V2410 or later versions, not only to fix the documented vulnerabilities,...
Milesight UG65-868M-EA
RISK EVALUATION Successful exploitation of this vulnerability could allow any user with admin privileges to inject arbitrary shell commands. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Ensure that...
Commvault Web Server unspecified vulnerability
RISK EVALUATION According to Commvault: "The Web Server is a component in CommCell environments that provides a RESTful interface to the software where users can perform various tasks using available APIs". A remote, authenticated attacker can exploit an unspecified vulnerability to compromise a...
Delta Electronics ISPSoft
RISK EVALUATION Successful exploitation of these vulnerabilities could result in an attacker executing arbitrary code. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as: Minimize network exposure for all...
Yokogawa Recorder Products
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to manipulate information on the affected products. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network...
Siemens TeleControl Server Basic SQL
SUMMARY TeleControl Server Basic before V3.1.2.2 contains multiple SQL Injection vulnerabilities that could allow an attacker to read and write to the application's DB, cause denial of service and execute code in an OS shell with limited "NT AUTHORITY\NetworkService" permissions. Siemens has...
SicommNet multiple vulnerabilities
RISK EVALUATION SicommNET BASEC is an online eProcurement solution used by governments and other entities. Multiple vulnerabilities have been found in BASEC. These vulnerabilities allow a remote, unauthenticated attacker to gain administrative privileges, read user passwords, and obtain...
Santesoft Sante DICOM Viewer Pro
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause memory corruption that would result in execution of arbitrary code. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability,...
Philips Intellispace Cardiovascular (ISCV)
RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to replay the session of the logged in ISCV user and gain access to patient records. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these...
Siemens OPC UA
SUMMARY The products listed below contain two authentication bypass vulnerabilities that could allow an attacker to gain access to the data managed by the server. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing...
Keysight Ixia Vision Product Family (Update A)
RISK EVALUATION Successful exploitation of these vulnerabilities could crash the device being accessed; a buffer overflow condition may allow remote code execution. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this these...
Outback Power Mojave Inverter
RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to access sensitive data or inject commands. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as: Disable un-used...