Lucene search
K
IcsMost viewed

4251 matches found

ICS
ICS
added 2025/02/06 7:0 a.m.13 views

Orthanc Server

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to disclose sensitive information, modify records, or cause a denial-of-service condition. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this...

9.8CVSS7AI score0.02388EPSS
Exploits0References10
ICS
ICS
added 2025/01/30 7:0 a.m.13 views

Rockwell Automation FactoryTalk AssetCentre

RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to extract passwords, access, credentials, or impersonate other users. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities,...

7AI score
Exploits0References10
ICS
ICS
added 2025/01/28 7:0 a.m.13 views

Rockwell Automation FactoryTalk View Site Edition

RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to gain unauthenticated access to system configuration files and execute DLLs with elevated privileges. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of...

7CVSS7.8AI score0.0016EPSS
Exploits0References10
ICS
ICS
added 2024/12/16 12:0 a.m.13 views

Siemens User Management Component

SUMMARY Siemens User Management Component UMC is affected by a heap-based buffer overflow vulnerability which could allow an unauthenticated remote attacker arbitrary code execution. Siemens has released new versions for several affected products and recommends to update to the latest versions...

9.8CVSS8.4AI score0.01521EPSS
Exploits0References10
ICS
ICS
added 2024/12/10 12:0 a.m.13 views

Siemens Teamcenter Visualization 

SUMMARY Siemens Teamcenter Visualization contains multiple file parsing vulnerabilities that could be triggered when the application reads files in WRL format. If a user is tricked to open a malicious file with any of the affected products, this could lead the application to crash or potentially...

8.3AI score
Exploits0References10
ICS
ICS
added 2024/11/12 12:0 a.m.13 views

Siemens Spectrum Power 7

SUMMARY Spectrum Power 7 before V24Q3 contains several root-owned SUID binaries that could allow an authenticated local attacker to escalate privileges. Siemens has released a new version for Spectrum Power 7 and recommends to update to the latest version. 2. GENERAL RECOMMENDATIONS Operators of...

8.5CVSS7AI score0.00141EPSS
Exploits0References10
ICS
ICS
added 2024/10/10 6:0 a.m.13 views

Rockwell Automation Verve Asset Manager

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION : Exploitable remotely/low attack complexity Vendor : Rockwell Automation Equipment : Verve Asset Manager Vulnerability : Placement of User into Incorrect Group 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an...

8.4CVSS6.9AI score0.00392EPSS
Exploits0References10
ICS
ICS
added 2024/09/12 6:0 a.m.13 views

Rockwell Automation 5015-U8IHFT

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: 5015-U8IHFT Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could result in a denial-of-service...

8.7CVSS7.7AI score0.00517EPSS
Exploits0References10
ICS
ICS
added 2024/09/10 12:0 a.m.13 views

Siemens Tecnomatix Plant Simulation

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

7.8CVSS7.4AI score0.00165EPSS
Exploits0References10
ICS
ICS
added 2024/09/10 12:0 a.m.13 views

Siemens Industrial Edge Management

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

10CVSS7AI score0.00764EPSS
Exploits0References10
ICS
ICS
added 2024/09/10 12:0 a.m.13 views

Siemens Mendix Runtime

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

6.9CVSS7.3AI score0.0044EPSS
Exploits0References10
ICS
ICS
added 2024/08/13 6:0 a.m.13 views

Rockwell Automation Pavilion8

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.3 ATTENTION : Exploitable remotely/low attack complexity Vendor : Rockwell Automation Equipment : Pavilion8 Vulnerability : Missing Encryption of Sensitive Data 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to...

7.5CVSS6.3AI score0.00186EPSS
Exploits0References10
ICS
ICS
added 2024/07/02 6:0 a.m.13 views

mySCADA myPRO

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION : Exploitable remotely/low attack complexity Vendor : mySCADA Equipment : myPRO Vulnerability : Use of Hard-coded Password 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to remotely execute code on the...

9.8CVSS10AI score0.00995EPSS
Exploits0References10
ICS
ICS
added 2024/06/11 12:30 p.m.13 views

Hitachi Energy UNEM/ECST

SUMMARY Hitachi Energy is aware of a vulnerability that affects the UNEM/ECST versions listed below. If exploited an attacker could potentially intercept or falsify data exchanges between the client and the server. Please refer to the “Recommended Immediate Actions” for information about the...

6.8CVSS7.1AI score0.00219EPSS
Exploits0References9
ICS
ICS
added 2013/05/08 12:0 p.m.13 views

Vendor Admin Accounts Warning

Overview An asset owner recently notified the ICS-CERT that a vendor support contractor had added an administrative-level account during installation of new control systems software. The support contractor intended the account to be the default used to train their people for all future work on...

7.3AI score
Exploits0References18
ICS
ICS
added 2026/05/26 12:30 a.m.12 views

B&R PPT30 Operating System

SUMMARY B&R is aware of a vulnerability in the product versions listed as affected in the advisory. An attacker who successfully exploits this vulnerability could make the OPC-UA server of the product inaccessible. 2. FREQUENTLY ASKED QUESTIONS What causes the vulnerability? - The vulnerability...

8.7CVSS5.7AI score0.00322EPSS
Exploits0References11
ICS
ICS
added 2026/05/12 12:0 a.m.12 views

Siemens KACO Blueplanet Inverters

SUMMARY KACO blueplanet Inverters contain multiple vulnerabilities that could allow an attacker to derive the credentials from the devices serial number and misuse them to gain unauthorized access. KACO new energy GmbH has released new versions for several affected products and recommends to...

5.6AI score
Exploits0References10
ICS
ICS
added 2026/05/05 6:0 a.m.12 views

Johnson Controls CEM AC2000

ADVISORY SUMMARY Successful exploitation of this vulnerability could allow a standard user to escalate privileges on the host machine. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Minimize network exposure for...

8.4CVSS5.8AI score0.00108EPSS
Exploits0References13
ICS
ICS
added 2026/04/14 12:0 a.m.12 views

Siemens SINEC NMS

SUMMARY Siemens SINEC NMS when used with User Management Component UMC contains an authentication bypass vulnerability due to insufficient validation of user identity. This could allow an unauthenticated remote attacker to bypass authentication and gain unauthorized access to the application...

7.3CVSS5.8AI score0.00251EPSS
Exploits0References10
ICS
ICS
added 2026/04/14 12:0 a.m.12 views

Siemens Industrial Edge Management

SUMMARY Industrial Edge Management contains an authorization bypass vulnerability that could be exploited by an unauthenticated remote attacker to circumvent authentication and to access connected Industrial Edge Devices through the remote connection feature. Siemens has released new versions...

7.1CVSS5.8AI score0.00209EPSS
Exploits0References10
ICS
ICS
added 2026/01/27 7:0 a.m.12 views

Johnson Controls Metasys Products

RISK EVALUATION Successful exploitation of this vulnerability could result in remote SQL execution, leading to alteration or loss of data. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network...

9.5CVSS5.8AI score0.0144EPSS
Exploits0References11
ICS
ICS
added 2026/01/07 12:30 a.m.12 views

ABB WebPro SNMP Card PowerValue Multiple Vulnerabilities

SUMMARY ABB became aware of multiple internally discovered vulnerabilities in the WebPro SNMP card PowerValue for the product versions listed as affected in the advisory. Depending upon the vulnerability, an attacker with access to local network who successfully exploited this vulnerability...

5.9AI score
Exploits0References10
ICS
ICS
added 2025/11/27 12:30 a.m.12 views

ABB Ability Camera Connect

SUMMARY ABB is aware of public reports of vulnerabilities in a 3rd party component VLC media player Version 2.2.4 which was delivered together with the installation package of Camera Connect Version 1.5.0.14 and below. An update is available that resolves a privately reported outdated 3rd party...

6.8AI score
Exploits0References10
ICS
ICS
added 2025/11/13 7:0 a.m.12 views

Mitsubishi Electric MELSEC iQ-F Series

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service condition on the product. 2. RECOMMENDED PRACTICES CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. CISA also...

5.3CVSS6.5AI score0.00412EPSS
Exploits0References10
ICS
ICS
added 2025/11/04 7:0 a.m.12 views

Survision License Plate Recognition Camera

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to fully access the system without requiring authentication. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize...

9.3CVSS6.9AI score0.0044EPSS
Exploits0References13
ICS
ICS
added 2025/10/21 6:0 a.m.12 views

Rockwell Automation 1783-NATR

RISK EVALUATION Successful exploitation of these vulnerabilities could result in a denial-of-service, data modification, or in an attacker obtaining sensitive information. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these...

9.9CVSS6.1AI score0.0052EPSS
Exploits0References11
ICS
ICS
added 2025/10/14 12:0 a.m.12 views

Siemens TeleControl Server Basic

SUMMARY TeleControl Server Basic V3.1 contains an information disclosure vulnerability that could allow an unauthenticated remote attacker to obtain password hashes of users and to login to and perform authenticated operations of the database service. Siemens has released a new version for...

9.8CVSS6.6AI score0.00519EPSS
Exploits0References10
ICS
ICS
added 2025/08/12 12:0 a.m.12 views

Siemens SINEC OS

SUMMARY SINEC OS before V3.1 contains third-party components with multiple vulnerabilities. Siemens has released new versions for the affected products and recommends to update to the latest versions. 2. GENERAL RECOMMENDATIONS As a general security measure, Siemens strongly recommends to...

5.3CVSS9.1AI score0.02577EPSS
Exploits0References10
ICS
ICS
added 2025/07/08 6:0 a.m.12 views

Emerson ValveLink Products

RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker with access to the system to read sensitive information stored in cleartext, tamper with parameters, and run un-authorized code. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to...

9.4CVSS6.6AI score0.00372EPSS
Exploits0References10
ICS
ICS
added 2025/06/17 6:0 a.m.12 views

Dover Fueling Solutions ProGauge MagLink LX consoles

RISK EVALUATION Successful exploitation of this vulnerability could result in an attacker gaining control of the monitoring device, manipulating fueling operations, deleting system configurations, or deploying malware. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to...

9.8CVSS7.5AI score0.00727EPSS
Exploits0References10
ICS
ICS
added 2025/06/10 12:0 a.m.12 views

Siemens RUGGEDCOM APE1808

SUMMARY Palo Alto Networks has published 1 information on cross-site scripting vulnerability in PAN-OS. This advisory lists the related Siemens Industrial products affected by this vulnerability. Siemens is preparing fix versions and recommends countermeasures for products where fixes are not,...

5.6AI score
Exploits0References10
ICS
ICS
added 2025/05/29 6:0 a.m.12 views

Instantel Micromate (Update A)

RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated attacker to access the device's configuration port and execute commands. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability,...

9.8CVSS10AI score0.00808EPSS
Exploits1References10
ICS
ICS
added 2025/05/20 6:0 a.m.12 views

AutomationDirect MB-Gateway

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to make configuration changes, disrupt operations, or achieve arbitrary code execution. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this...

10CVSS8.1AI score0.01007EPSS
Exploits0References10
ICS
ICS
added 2025/05/13 4:0 a.m.12 views

Schneider Electric Galaxy VS, Galaxy VL, Galaxy VXL (Update A)

GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. https://www.se.com/us/en/download/document/7EN52-0390/ Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install...

10CVSS9AI score0.97859EPSS
Exploits36References12
ICS
ICS
added 2025/05/13 4:0 a.m.12 views

Schneider Electric PrismaSeT Active - Wireless Panel Server

GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install physical controls so no unauthorized personnel can access...

9.8CVSS7.8AI score0.00333EPSS
Exploits0References11
ICS
ICS
added 2025/05/13 12:0 a.m.12 views

Siemens Teamcenter Visualization

SUMMARY Siemens Teamcenter Visualization contains a out-of-bound read vulnerability that could be triggered when the application reads files in WRL format. If a user is tricked to open a malicious file with any of the affected products, this could lead the application to crash or potentially...

7.8CVSS7.4AI score0.00152EPSS
Exploits0References10
ICS
ICS
added 2025/05/06 6:0 a.m.12 views

BrightSign Players (Update A)

RISK EVALUATION Successful exploitation of this vulnerability could allow for privilege escalation on the device, easily guessed passwords, or for arbitrary code to be executed on the underlying operating system. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize...

6.2AI score
Exploits0References11
ICS
ICS
added 2025/04/24 6:0 a.m.12 views

ALBEDO Telecom Net.Time - PTP/NTP clock

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to transmit passwords over unencrypted connections, resulting in the product becoming vulnerable to interception. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of...

8.5CVSS7.2AI score0.00268EPSS
Exploits0References10
ICS
ICS
added 2025/04/10 8:30 a.m.12 views

ABB MV Drives

SUMMARY Multiple vulnerabilities regarding the CODESYS Runtime System from CODESYS Group have been publicly reported. CODESYS Runtime System v.3.5.15.0 is utilized in the firmware of ABB MV ACS6080 and ACS5000 drives to provide IEC 61131 programming capabilities. These vulnerabilities could lead...

7.7AI score
Exploits0References16
ICS
ICS
added 2025/04/08 12:0 a.m.12 views

Siemens SIMOCODE, SIMATIC, SIPLUS, SIDOOR, SIWAREX

SUMMARY A vulnerability exists in affected products that could allow remote attackers to affect the availability of the devices under certain conditions. The integrated ICMP services in the underlying TCP/IP stack is vulnerable to a denial of service attack through specially crafted ICMP...

6.9CVSS6.8AI score0.00599EPSS
Exploits0References10
ICS
ICS
added 2025/03/24 12:30 a.m.12 views

B&R APROL

SUMMARY Updates are available that resolve privately reported vulnerabilities in the product versions listed as affected in this advisory. An attacker who successfully exploits these vulnerabilities could elevate privileges or gather sensitive information. 2. MITIGATING FACTORS Mitigating...

7.7AI score
Exploits0References10
ICS
ICS
added 2025/03/11 4:0 a.m.12 views

Schneider Electric EcoStruxure Panel Server

GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. https://www.se.com/us/en/download/document/7EN52-0390/ Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install...

6CVSS6.9AI score0.00156EPSS
Exploits0References11
ICS
ICS
added 2025/03/11 12:0 a.m.12 views

Siemens OPC UA

SUMMARY The products listed below contain two authentication bypass vulnerabilities that could allow an attacker to gain access to the data managed by the server. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing...

6.9AI score
Exploits0References10
ICS
ICS
added 2025/02/17 12:0 a.m.12 views

Siemens SiPass Integrated

SUMMARY SiPass integrated is affected by a directory traversal vulnerability in the third-party component DotNetZip. The vulnerability could allow an attacker to execute arbitrary code on the application server, if a specially crafted backup set is used for a restore. Siemens has released a new...

9.8CVSS7.8AI score0.02061EPSS
Exploits0References10
ICS
ICS
added 2025/02/13 7:0 a.m.12 views

mySCADA myPRO Manager

RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary OS commands, upload files, and obtain sensitive information without providing associated credentials. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize...

9.8CVSS8.4AI score0.01626EPSS
Exploits0References10
ICS
ICS
added 2025/02/11 6:0 a.m.12 views

Schneider Electric ASCO 5310/5350 Remote Annunciator

GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. https://www.se.com/us/en/download/document/7EN52-0390/ Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install...

7.4AI score
Exploits0References11
ICS
ICS
added 2025/02/06 7:0 a.m.12 views

Trimble Cityworks (Update A)

RISK EVALUATION Successful exploitation of this vulnerability could allow an authenticated user to perform a remote code execution. 2. RECOMMENDED PRACTICES CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. CISA also provides...

8.8CVSS7.7AI score0.28261EPSS
Exploits0References10
ICS
ICS
added 2025/02/05 12:30 a.m.12 views

ABB ASPECT-Enterprise NEXUS and MATRIX Series

SUMMARY ABB became aware of vulnerabilities in the product versions listed as affected in the advisory. ASPECT devices are not intended to be internet-facing. A product advisory issued in June 2023 informed customers of this already. An attacker who successfully exploits these vulnerabilities...

9.8CVSS9.4AI score0.00595EPSS
Exploits1References10
ICS
ICS
added 2024/12/19 7:0 a.m.12 views

Schneider Electric Modicon Controllers (Update A)

GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. https://www.se.com/us/en/download/document/7EN52-0390/ Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install...

6.1CVSS6AI score0.00259EPSS
Exploits0References13
ICS
ICS
added 2024/12/10 7:0 a.m.12 views

MOBATIME Network Master Clock - DTS 4801

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to take control of the operating system for this product. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize...

9.8CVSS7.3AI score0.00432EPSS
Exploits0References10
Total number of security vulnerabilities4251