4251 matches found
MOBATIME Network Master Clock - DTS 4801
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to take control of the operating system for this product. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize...
Schneider Electric PowerChute Serial Shutdown
GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. https://www.se.com/us/en/download/document/7EN52-0390/ Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install...
Fuji Electric Monitouch V-SFT (Update A)
RISK EVALUATION Successful exploitation of these vulnerabilities could crash the device being accessed. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. CISA reminds organizations to perform proper impact...
Siemens Mendix Runtime
SUMMARY The basic authentication mechanism of Mendix Runtime contains a race condition vulnerability which could allow unauthenticated remote attackers to circumvent default account lockout measures. Siemens has released new versions for several affected products and recommends to update to the...
HMS Networks EWON FLEXY 202
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.1 ATTENTION : Exploitable remotely/low attack complexity Vendor : HMS Networks Equipment : EWON FLEXY 202 Vulnerability : Insufficiently Protected Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to sniff...
AutomationDirect DirectLogic H2-DM1E
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION : Exploitable from an adjacent network/low attack complexity Vendor : AutomationDirect Equipment : DirectLogic H2-DM1E Vulnerabilities : Session Fixation, Authentication Bypass by Capture-replay 2. RISK EVALUATION Successful exploitation of...
Siemens SIMATIC, SIPLUS, and TIM
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
Siemens SINUMERIK Systems
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
Siemens SINUMERIK ONE, SINUMERIK 840D and SINUMERIK 828D
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
Network Time Protocol Vulnerabilities (Supplement)
OVERVIEW This advisory supplement is to accompany the NCCIC/ICS-CERT advisory titled ICSA-14-353-01 Network Time Protocol Vulnerabilities that was published December 19, 2014, on the ICS‑CERT web site. Please refer to the original advisory for all the details of the vulnerabilities. The purpose o...
Mariposa Botnet
Overview ICS-CERT has received reports and investigated infections of the MariposaDefence Intelligence, http://defintel.com/docs/MariposaAnalysis.pdf, website last accessed March 15, 2010. botnet, which have affected the business networks of multiple control system owners in recent months. ICS-CE...
Siemens Mendix Studio Pro
SUMMARY Mendix Studio Pro versions before V11.12 are affected by a file parsing vulnerability that could be triggered when the application reads specially crafted malicious project during the build pipeline. This could allow an attacker to execute arbitrary code in the context of that user...
Mitsubishi Electric Co.'s MELSEC iQ-F Series FX5-ENET/IP Ethernet Module
ADVISORY SUMMARY Successful exploitation of this vulnerability could allow a remote attacker to cause a denial-of-service DoS condition in the affected product by continuously sending a large number of communication packets to the Ethernet port of the product in a short period of time,...
Impact of Linux Kernel vulnerabilities on B&R products
SUMMARY B&R is aware of publicly reported vulnerabilities affecting the Linux kernel versions shipped with the products listed as affected in the advisory. Successful local exploitation of these vulnerabilities could allow an attacker to escalate privileges on the affected system. Public...
Siemens RUGGEDCOM APE1808 Devices
SUMMARY A buffer overflow vulnerability in the User-ID™ Authentication Portal aka Captive Portal service of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to execute arbitrary code with root privileges on the PA-Series and VM-Series firewalls by sending specially crafted...
CISA manage.get.gov incorrect portfolio administrator privileges
RISK EVALUATION manage.get.gov is the .gov TLD registrar maintained by CISA. manage.get.gov allows an organization administrator to assign domain manager privileges for domains not already in another organization. 2. RECOMMENDED PRACTICES Fixed in 1.176.0 on or around 2026-04-30. 3. DESCRIPTION...
Hangzhou Xiongmai Technology Co., Ltd XM530 IP Camera
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to bypass authentication and have remote access to sensitive information on the device. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this...
Zero Motorcycles Firmware (Update A)
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to pair via Bluetooth with a motorcycle, gaining unauthorized access to all Bluetooth functions, including changing the firmware. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to...
Horner Automation Cscape and XL4, XL7 PLC
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to gain unauthorized access to systems and services. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Minimize network exposure...
Siemens SCALANCE
SUMMARY SCALANCE W-700 IEEE 802.11n family before V6.6.0 are affected by multiple vulnerabilities. Siemens has released a new version for SCALANCE W-700 IEEE 802.11n family and recommends to update to the latest version. 2. GENERAL RECOMMENDATIONS As a general security measure, Siemens strongly...
Siemens RUGGEDCOM CROSSBOW Secure Access Manager Primary
SUMMARY RUGGEDCOM CROSSBOW Secure Access Manager Primary SAM-P contains a vulnerability that could allow an attacker to escalate their own privileges. Siemens has released a new version for RUGGEDCOM CROSSBOW Secure Access Manager Primary SAM-P and recommends to update to the latest version. 2...
Zscaler Client Connector hard-coded proxy configuration domain
RISK EVALUATION ZScaler Client Connector 4.7 and 4.8 on Microsoft Windows hard codes a domain used to retrieve proxy configuration information. An attacker with control of this domain could provide arbitrary proxy configurations and intercept, redirect or disrupt traffic. 2. RECOMMENDED...
OC Messaging and Custom Messaging Gateway
RISK EVALUATION Successful exploitation of this vulnerability could allow an authenticated low-privileged user to gain access to SMS messages outside of their authorized tenant scope via a crafted company or tenant identifier parameter. 2. RECOMMENDED PRACTICES CISA recommends users take...
OPEXUS eComplaint and eCase multiple vulnerabilities
RISK EVALUATION OPEXUS eComplaint and eCase contain multiple vulnerabilities. In the worst case, an unauthenticated attacker could take over any account with a known username. 2. RECOMMENDED PRACTICES Update to OPEXUS eCase and eComplaint 10.1.0.0. 3. DESCRIPTION OPEXUS eComplaint and eCASE...
CTEK Chargeportal
RISK EVALUATION Successful exploitation of these vulnerabilities could enable attackers to gain unauthorized administrative control over vulnerable charging stations or disrupt charging services through denial-of-service attacks. 2. RECOMMENDED PRACTICES CISA recommends users take defensive...
Portwell Engineering Toolkits
RISK EVALUATION Successful exploitation of this vulnerability could allow a local attacker to escalate privileges or cause a denial-of-service condition. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:...
SWTCH EV swtchenergy.com (Update A)
RISK EVALUATION Successful exploitation of these vulnerabilities could allow attackers to impersonate charging stations, hijack sessions, suppress or misroute legitimate traffic to cause large-scale denial of service, and manipulate data sent to the backend. 2. RECOMMENDED PRACTICES CISA...
ABB AC500 V3 Multiple Vulnerabilities
SUMMARY ABB became aware of severe vulnerability in the products versions listed as affected in the advisory. An update is available that resolves these vulnerabilities. An attacker who successfully exploited these vulnerabilities could bypass the user management and read visualization files...
Hitachi Energy RTU500 Product
SUMMARY Hitachi Energy is aware of vulnerabilities that affect RTU500 product versions listed in this document. Successful exploitation of these vulnerabilities can result in the exposure of low-value user management information and device outage. Please refer to the Recommended Immediate...
Jinan USR IOT Technology Limited (PUSR) USR-W610
RISK EVALUATION Successful exploitation of these vulnerabilities could result in authentication being disabled, a denial-of-service condition, or an attacker stealing valid user credentials, including administrator credentials. 2. RECOMMENDED PRACTICES CISA recommends users take defensive...
ABB B&R Automation Studio
SUMMARY ABB became aware of vulnerability in the product versions listed as affected in the advisory. An update is available that replaces an outdated third-party component. Although no successful exploitation was observed during testing of the affected B&R products, the identified...
Rockwell Automation ControlLogix
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service condition. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network exposure for...
ABB B&R PCs
SUMMARY ABB became aware of vulnerability in the product versions listed as affected in the advisory. An update is now available that addresses and remediates the vulnerability. A network attacker could exploit the vulnerabilities to execute remote code, initiate DoS attacks, conduct DNS cache...
EVMAPA
RISK EVALUATION Successful exploitation of these vulnerabilities could lead to degraded service, a denial-of-service, or unauthorized remote command execution, which could lead to spoofing or a manipulation of charging station statuses. 2. RECOMMENDED PRACTICES CISA recommends users take...
Rockwell Automation CompactLogix 5370
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service condition. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network exposure for...
Siemens Industrial Edge Devices
SUMMARY Siemens Industrial Edge Devices contain an authorization bypass vulnerability that could facilitate an unauthenticated remote attacker to circumvent authentication and impersonate a legitimate user. Siemens has released new versions for several affected products and recommends to update...
Rockwell Automation Micro820, Micro850, Micro870
RISK EVALUATION Successful exploitation of these vulnerabilities could result in a denial-of-service condition. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as: Minimize network exposure for all control...
Advantech iView
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to disclose sensitive information, modify, or delete data. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize...
METZ CONNECT EWIO2
SUMMARY A critical authentication bypass in EWIO-2 allows unauthenticated attackers with network access to gain administrative control over the device. Once compromised, an attacker can change configurations, manipulate data, disrupt services, and potentially render the device non-functional. 2...
AVEVA Edge
RISK EVALUATION Successful exploitation of this vulnerability could allow a local attacker to reverse engineer passwords through brute force. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize...
Raisecomm RAX701-GC Series
RISK EVALUATION Successful exploitation of this vulnerability could allow a remote attacker to bypass authentication and gain unauthenticated root shell access to the affected devices. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of...
ABB Terra AC
SUMMARY ABB is aware of vulnerabilities in the product versions listed as affected in the advisory. An attacker who successfully exploited this vulnerability could cause the pollution of heap memory which potentially takes remote control of the product and performs a write operation to the flash...
CISA Thorium multiple vulnerabilities
RISK EVALUATION CISA Thorium is a framework used for malware analysis. Multiple vulnerabilities were reported in Thorium. Impacts include denial of service, authenticated arbitrary file read, and failure to expire previously issued user tokens. 2. RECOMMENDED PRACTICES These issues were...
Multiple Open-Source Software Vulnerabilities in Hitachi Energy Asset Suite Product
SUMMARY Hitachi Energy is aware of multiple reported vulnerabilities that affect the Asset Suite product versions mentioned in this document below. If exploited these vulnerabilities can potentially impact on confidentiality, integrity and availability of the product. Please refer to the...
Rockwell Automation ControlLogix Ethernet Modules
RISK EVALUATION Successful exploitation of this vulnerability could allow remote attackers to perform memory dumps, modify memory, and control execution flow. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such...
AVEVA PI Integrator
RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to disclose sensitive information, or upload and execute files. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:...
Santesoft Sante PACS Server
RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to create arbitrary files, cause a denial-of-service condition, obtain sensitive information, and steal a user's cookie information. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to...
Lantronix Provisioning Manager
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker perform a cross-site scripting attack, which could result in remote code execution. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this...
ABB Busch-Welcome 2 Wire Door Opener Actuator
SUMMARY ABB is aware of vulnerabilities in the product versions listed as affected in the advisory. An attacker who successfully exploited this vulnerability could gain physical, unauthorized access to a Building where the product is installed 2. MITIGATING FACTORS ABB recommends double check...
PTZOptics and Other Pan-Tilt-Zoom Cameras
RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to leak sensitive data, execute arbitrary commands, and access the admin web interface using hard-coded credentials. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the...