4251 matches found
Orthanc Server
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to disclose sensitive information, modify records, or cause a denial-of-service condition. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this...
Rockwell Automation FactoryTalk AssetCentre
RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to extract passwords, access, credentials, or impersonate other users. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities,...
Rockwell Automation FactoryTalk View Site Edition
RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to gain unauthenticated access to system configuration files and execute DLLs with elevated privileges. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of...
Siemens User Management Component
SUMMARY Siemens User Management Component UMC is affected by a heap-based buffer overflow vulnerability which could allow an unauthenticated remote attacker arbitrary code execution. Siemens has released new versions for several affected products and recommends to update to the latest versions...
Siemens Teamcenter Visualization
SUMMARY Siemens Teamcenter Visualization contains multiple file parsing vulnerabilities that could be triggered when the application reads files in WRL format. If a user is tricked to open a malicious file with any of the affected products, this could lead the application to crash or potentially...
Siemens Spectrum Power 7
SUMMARY Spectrum Power 7 before V24Q3 contains several root-owned SUID binaries that could allow an authenticated local attacker to escalate privileges. Siemens has released a new version for Spectrum Power 7 and recommends to update to the latest version. 2. GENERAL RECOMMENDATIONS Operators of...
Rockwell Automation Verve Asset Manager
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION : Exploitable remotely/low attack complexity Vendor : Rockwell Automation Equipment : Verve Asset Manager Vulnerability : Placement of User into Incorrect Group 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an...
Rockwell Automation 5015-U8IHFT
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: 5015-U8IHFT Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could result in a denial-of-service...
Siemens Tecnomatix Plant Simulation
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
Siemens Industrial Edge Management
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
Siemens Mendix Runtime
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
Rockwell Automation Pavilion8
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.3 ATTENTION : Exploitable remotely/low attack complexity Vendor : Rockwell Automation Equipment : Pavilion8 Vulnerability : Missing Encryption of Sensitive Data 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to...
mySCADA myPRO
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION : Exploitable remotely/low attack complexity Vendor : mySCADA Equipment : myPRO Vulnerability : Use of Hard-coded Password 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to remotely execute code on the...
Hitachi Energy UNEM/ECST
SUMMARY Hitachi Energy is aware of a vulnerability that affects the UNEM/ECST versions listed below. If exploited an attacker could potentially intercept or falsify data exchanges between the client and the server. Please refer to the “Recommended Immediate Actions” for information about the...
Vendor Admin Accounts Warning
Overview An asset owner recently notified the ICS-CERT that a vendor support contractor had added an administrative-level account during installation of new control systems software. The support contractor intended the account to be the default used to train their people for all future work on...
B&R PPT30 Operating System
SUMMARY B&R is aware of a vulnerability in the product versions listed as affected in the advisory. An attacker who successfully exploits this vulnerability could make the OPC-UA server of the product inaccessible. 2. FREQUENTLY ASKED QUESTIONS What causes the vulnerability? - The vulnerability...
Siemens KACO Blueplanet Inverters
SUMMARY KACO blueplanet Inverters contain multiple vulnerabilities that could allow an attacker to derive the credentials from the devices serial number and misuse them to gain unauthorized access. KACO new energy GmbH has released new versions for several affected products and recommends to...
Johnson Controls CEM AC2000
ADVISORY SUMMARY Successful exploitation of this vulnerability could allow a standard user to escalate privileges on the host machine. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Minimize network exposure for...
Siemens SINEC NMS
SUMMARY Siemens SINEC NMS when used with User Management Component UMC contains an authentication bypass vulnerability due to insufficient validation of user identity. This could allow an unauthenticated remote attacker to bypass authentication and gain unauthorized access to the application...
Siemens Industrial Edge Management
SUMMARY Industrial Edge Management contains an authorization bypass vulnerability that could be exploited by an unauthenticated remote attacker to circumvent authentication and to access connected Industrial Edge Devices through the remote connection feature. Siemens has released new versions...
Johnson Controls Metasys Products
RISK EVALUATION Successful exploitation of this vulnerability could result in remote SQL execution, leading to alteration or loss of data. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network...
ABB WebPro SNMP Card PowerValue Multiple Vulnerabilities
SUMMARY ABB became aware of multiple internally discovered vulnerabilities in the WebPro SNMP card PowerValue for the product versions listed as affected in the advisory. Depending upon the vulnerability, an attacker with access to local network who successfully exploited this vulnerability...
ABB Ability Camera Connect
SUMMARY ABB is aware of public reports of vulnerabilities in a 3rd party component VLC media player Version 2.2.4 which was delivered together with the installation package of Camera Connect Version 1.5.0.14 and below. An update is available that resolves a privately reported outdated 3rd party...
Mitsubishi Electric MELSEC iQ-F Series
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service condition on the product. 2. RECOMMENDED PRACTICES CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. CISA also...
Survision License Plate Recognition Camera
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to fully access the system without requiring authentication. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize...
Rockwell Automation 1783-NATR
RISK EVALUATION Successful exploitation of these vulnerabilities could result in a denial-of-service, data modification, or in an attacker obtaining sensitive information. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these...
Siemens TeleControl Server Basic
SUMMARY TeleControl Server Basic V3.1 contains an information disclosure vulnerability that could allow an unauthenticated remote attacker to obtain password hashes of users and to login to and perform authenticated operations of the database service. Siemens has released a new version for...
Siemens SINEC OS
SUMMARY SINEC OS before V3.1 contains third-party components with multiple vulnerabilities. Siemens has released new versions for the affected products and recommends to update to the latest versions. 2. GENERAL RECOMMENDATIONS As a general security measure, Siemens strongly recommends to...
Emerson ValveLink Products
RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker with access to the system to read sensitive information stored in cleartext, tamper with parameters, and run un-authorized code. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to...
Dover Fueling Solutions ProGauge MagLink LX consoles
RISK EVALUATION Successful exploitation of this vulnerability could result in an attacker gaining control of the monitoring device, manipulating fueling operations, deleting system configurations, or deploying malware. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to...
Siemens RUGGEDCOM APE1808
SUMMARY Palo Alto Networks has published 1 information on cross-site scripting vulnerability in PAN-OS. This advisory lists the related Siemens Industrial products affected by this vulnerability. Siemens is preparing fix versions and recommends countermeasures for products where fixes are not,...
Instantel Micromate (Update A)
RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated attacker to access the device's configuration port and execute commands. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability,...
AutomationDirect MB-Gateway
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to make configuration changes, disrupt operations, or achieve arbitrary code execution. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this...
Schneider Electric Galaxy VS, Galaxy VL, Galaxy VXL (Update A)
GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. https://www.se.com/us/en/download/document/7EN52-0390/ Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install...
Schneider Electric PrismaSeT Active - Wireless Panel Server
GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install physical controls so no unauthorized personnel can access...
Siemens Teamcenter Visualization
SUMMARY Siemens Teamcenter Visualization contains a out-of-bound read vulnerability that could be triggered when the application reads files in WRL format. If a user is tricked to open a malicious file with any of the affected products, this could lead the application to crash or potentially...
BrightSign Players (Update A)
RISK EVALUATION Successful exploitation of this vulnerability could allow for privilege escalation on the device, easily guessed passwords, or for arbitrary code to be executed on the underlying operating system. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize...
ALBEDO Telecom Net.Time - PTP/NTP clock
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to transmit passwords over unencrypted connections, resulting in the product becoming vulnerable to interception. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of...
ABB MV Drives
SUMMARY Multiple vulnerabilities regarding the CODESYS Runtime System from CODESYS Group have been publicly reported. CODESYS Runtime System v.3.5.15.0 is utilized in the firmware of ABB MV ACS6080 and ACS5000 drives to provide IEC 61131 programming capabilities. These vulnerabilities could lead...
Siemens SIMOCODE, SIMATIC, SIPLUS, SIDOOR, SIWAREX
SUMMARY A vulnerability exists in affected products that could allow remote attackers to affect the availability of the devices under certain conditions. The integrated ICMP services in the underlying TCP/IP stack is vulnerable to a denial of service attack through specially crafted ICMP...
B&R APROL
SUMMARY Updates are available that resolve privately reported vulnerabilities in the product versions listed as affected in this advisory. An attacker who successfully exploits these vulnerabilities could elevate privileges or gather sensitive information. 2. MITIGATING FACTORS Mitigating...
Schneider Electric EcoStruxure Panel Server
GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. https://www.se.com/us/en/download/document/7EN52-0390/ Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install...
Siemens OPC UA
SUMMARY The products listed below contain two authentication bypass vulnerabilities that could allow an attacker to gain access to the data managed by the server. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing...
Siemens SiPass Integrated
SUMMARY SiPass integrated is affected by a directory traversal vulnerability in the third-party component DotNetZip. The vulnerability could allow an attacker to execute arbitrary code on the application server, if a specially crafted backup set is used for a restore. Siemens has released a new...
mySCADA myPRO Manager
RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary OS commands, upload files, and obtain sensitive information without providing associated credentials. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize...
Schneider Electric ASCO 5310/5350 Remote Annunciator
GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. https://www.se.com/us/en/download/document/7EN52-0390/ Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install...
Trimble Cityworks (Update A)
RISK EVALUATION Successful exploitation of this vulnerability could allow an authenticated user to perform a remote code execution. 2. RECOMMENDED PRACTICES CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. CISA also provides...
ABB ASPECT-Enterprise NEXUS and MATRIX Series
SUMMARY ABB became aware of vulnerabilities in the product versions listed as affected in the advisory. ASPECT devices are not intended to be internet-facing. A product advisory issued in June 2023 informed customers of this already. An attacker who successfully exploits these vulnerabilities...
Schneider Electric Modicon Controllers (Update A)
GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. https://www.se.com/us/en/download/document/7EN52-0390/ Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install...
MOBATIME Network Master Clock - DTS 4801
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to take control of the operating system for this product. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize...