NAVTOR NavBox

ADVISORY SUMMARY Successful exploitation of this vulnerability could allow a local attacker to gain unauthorized access to SOAP methods, resulting in a disruption of operations. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this...

Universal Robots Polyscope 5

ADVISORY SUMMARY Successful exploitation of these vulnerabilities could allow an attacker to bypass authentication and execute code. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Minimize network exposure for...

Siemens Industrial Devices

SUMMARY Multiple industrial devices contain a vulnerability that could allow an attacker to cause a denial of service condition. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and...

CISA manage.get.gov incorrect portfolio administrator privileges

RISK EVALUATION manage.get.gov is the .gov TLD registrar maintained by CISA. manage.get.gov allows an organization administrator to assign domain manager privileges for domains not already in another organization. 2. RECOMMENDED PRACTICES Fixed in 1.176.0 on or around 2026-04-30. 3. DESCRIPTION...

Hangzhou Xiongmai Technology Co., Ltd XM530 IP Camera

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to bypass authentication and have remote access to sensitive information on the device. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this...

Zero Motorcycles Firmware

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to pair via Bluetooth with a motorcycle, gaining unauthorized access to all Bluetooth functions, including changing the firmware. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to...

OC Messaging and Custom Messaging Gateway

RISK EVALUATION Successful exploitation of this vulnerability could allow an authenticated low-privileged user to gain access to SMS messages outside of their authorized tenant scope via a crafted company or tenant identifier parameter. 2. RECOMMENDED PRACTICES CISA recommends users take...

Grassroots DICOM (GDCM)

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to send a specially crafted file, and when parsed, could result in a denial-of-service condition. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of...

Inductive Automation Ignition Software

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute malicious code with OS application service account permissions that the authenticated, privileged application user did not intend on running. 2. RECOMMENDED PRACTICES CISA recommends users take...

Hitachi Energy RTU500 Product

SUMMARY Hitachi Energy is aware of vulnerabilities that affect RTU500 product versions listed in this document. Successful exploitation of these vulnerabilities can result in the exposure of low-value user management information and device outage. Please refer to the Recommended Immediate...

Jinan USR IOT Technology Limited (PUSR) USR-W610

RISK EVALUATION Successful exploitation of these vulnerabilities could result in authentication being disabled, a denial-of-service condition, or an attacker stealing valid user credentials, including administrator credentials. 2. RECOMMENDED PRACTICES CISA recommends users take defensive...

Johnson Controls Metasys Products

RISK EVALUATION Successful exploitation of this vulnerability could result in remote SQL execution, leading to alteration or loss of data. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network...

Siemens Industrial Edge Devices

SUMMARY Siemens Industrial Edge Devices contain an authorization bypass vulnerability that could facilitate an unauthenticated remote attacker to circumvent authentication and impersonate a legitimate user. Siemens has released new versions for several affected products and recommends to update...

Rockwell Automation Micro820, Micro850, Micro870

RISK EVALUATION Successful exploitation of these vulnerabilities could result in a denial-of-service condition. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as: Minimize network exposure for all control...

Johnson Controls PowerG, IQPanel and IQHub (Update A)

RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to read or write encrypted traffic or perform a replay attack. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:...

METZ CONNECT EWIO2

SUMMARY A critical authentication bypass in EWIO-2 allows unauthenticated attackers with network access to gain administrative control over the device. Once compromised, an attacker can change configurations, manipulate data, disrupt services, and potentially render the device non-functional. 2...

General Industrial Controls Lynx+ Gateway

RISK EVALUATION Successful exploitation of these vulnerabilities could result in obtaining sensitive device information, unauthorized access, or create a denial-of-service condition. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of...

Mitsubishi Electric MELSEC iQ-F Series

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service condition on the product. 2. RECOMMENDED PRACTICES CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. CISA also...

Survision License Plate Recognition Camera

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to fully access the system without requiring authentication. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize...

Rockwell Automation 1783-NATR

RISK EVALUATION Successful exploitation of these vulnerabilities could result in a denial-of-service, data modification, or in an attacker obtaining sensitive information. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these...

Rockwell Automation Lifecycle Services with Cisco

RISK EVALUATION Successful exploitation of this vulnerability could result in arbitrary code execution. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network exposure for all control system...

Medical Informatics Engineering Enterprise Health multiple vulnerabilities

RISK EVALUATION Medical Informatics Engineering Enterprise Health is an OEHR Occupational Electronic Health Record platform. Enterprise Health contains multiple vulnerabilities that could allow an attacker to inject executable content, obtain session tokens, and upload arbitrary files. 2...

Multiple Open-Source Software Vulnerabilities in Hitachi Energy Asset Suite Product

SUMMARY Hitachi Energy is aware of multiple reported vulnerabilities that affect the Asset Suite product versions mentioned in this document below. If exploited these vulnerabilities can potentially impact on confidentiality, integrity and availability of the product. Please refer to the...

Siemens Desigo CC Product Family and SENTRON Powermanager

SUMMARY Versions V5.0 through V8 of the Desigo CC product family Desigo CC, Desigo CC Compact, Desigo CC Connect, Cerberus DMS, as well as the Desigo CC-based SENTRON Powermanager, are affected by a vulnerability in the underlying third-party component WIBU Systems CodeMeter Runtime. Successful...

Schneider Electric EcoStruxure Power Monitoring Expert

RISK EVALUATION Successful exploitation of these vulnerabilities could allow a remote attacker to read arbitrary files from the target machine, or to access internal services directly. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of...

Yealink IP Phones and RPS (Redirect and Provisioning Service)

RISK EVALUATION Successful exploitation of these vulnerabilities could result in an information disclosure. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network exposure for all control system...

Mitsubishi Electric Iconics Digital Solutions Multiple Products (Update B)

RISK EVALUATION Successful exploitation of this vulnerability could result in information tampering. 2. RECOMMENDED PRACTICES CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. CISA also provides a section for control systems...

ABB AC500 V2

SUMMARY ABB became aware of vulnerabilities in AC500 V2 listed as affected in the advisory. An attacker who successfully exploited this vulnerability could access fragments of Modbus telegrams that have been sent earlier by that PLC 2. MITIGATING FACTORS Mitigating factors describe conditions...

Schneider Electric EcoStruxure Power Operation (Update A)

RISK EVALUATION Successful exploitation of these vulnerabilities could result in the loss of system functionality or unauthorized access to system functions. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. CISA...

Lantronix Provisioning Manager

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker perform a cross-site scripting attack, which could result in remote code execution. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this...

Mitsubishi Electric MELSOFT Update Manager (Update B)

RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code, disclose information, alter information, or cause a denial-of-service DoS condition. 2. RECOMMENDED PRACTICES CISA reminds organizations to perform proper impact analysis and risk...

SinoTrack GPS Receiver

RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to access device profiles for which they are not authorized through the common web management interface. Access to the device profile may allow an attacker to perform some remote functions on connected...

IBM Security Guardium stored cross-site scripting

RISK EVALUATION IBM Security Guardium 11.5 is vulnerable to stored cross-site scripting XSS. An attacker with administrative privileges could store arbitrary content or script in the administrative web interface that would be rendered or executed by users visiting modified parts of the web...

Siemens Siveillance Video

SUMMARY The installer of Siveillance Video V2024 R1 resets the system configuration password when updating from older versions of Siveillance Video. This could inadvertently remove the password protection from system configuration files, also affecting backup data sets that were created after...

Schneider Electric Modicon Controllers (Update B)

GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. https://www.se.com/us/en/download/document/7EN52-0390/ Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install...

Schneider Electric PrismaSeT Active - Wireless Panel Server

GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install physical controls so no unauthorized personnel can access...

Siemens Mendix OIDC SSO

SUMMARY The Mendix OIDC SSO module grants read and write access to all tokens exclusively to the Administrator role and could result in privilege misuse by an adversary modifying the module during Mendix development. Siemens has released a new version for Mendix OIDC SSO and recommends to update...

Siemens BACnet ATEC Devices

SUMMARY BACnet ATEC devices are affected by a denial of service vulnerability that could be triggered by an attacker residing in the same BACnet network by sending a specially crafted MSTP message. A power cycle is required to restore the device's normal operation. Siemens recommends...

Optigo Networks ONS NC600

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to establish an authenticated connection with the hard-coded credentials and perform OS command executions. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of...

Rockwell Automation ThinManager

RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to escalate privileges and cause a denial-of-service condition. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:...

Vestel AC Charger

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker access to sensitive information, such as credentials which could subsequently enable them to cause a denial of service or partial loss of integrity of the charger. 2. RECOMMENDED PRACTICES CISA reminds...

Johnson Controls Software House iSTAR Configuration Utility (ICU) Tool

RISK EVALUATION Successful exploitation of this vulnerability may allow an attacker to execute arbitrary code. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network exposure for all control...

National Instruments LabVIEW

RISK EVALUATION Successful exploitation of these vulnerabilities lead to the execution of arbitrary code on affected installations of LabVIEW, which could result in invalid memory writes. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation...

Siemens SIMATIC IPC Family, ITP1000, and Field PGs

SUMMARY Multiple vulnerabilities has been identified in Siemens SIMATIC IPCs, SIMATIC Tablet PCs, and SIMATIC Field PGs that can allow an authenticated attacker to alter the secure boot and password configurations. Siemens has released new versions of BIOS for several affected products and...

GMOD Apollo

RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to escalate privileges, bypass authentication, upload malicious files, or disclose sensitive information. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of...

Elseta Vinci Protocol Analyzer

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to escalate privileges and perform code execution on the affected system. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such...

Dingtian DT-R0 Series

RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated attacker to modify the device settings and gain administrator access. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability,...

Outback Power Mojave Inverter

RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to access sensitive data or inject commands. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as: Disable un-used...

Schneider Electric ASCO 5310/5350 Remote Annunciator

GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. https://www.se.com/us/en/download/document/7EN52-0390/ Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install...

Siemens SIMATIC PCS neo, TIA Administrator, and TIA Portal

SUMMARY Affected products do not correctly invalidate user sessions upon user logout. This could allow a remote unauthenticated attacker, who has obtained the session token by other means, to re-use a legitimate user's session even after logout. Siemens has released new versions for several...