4207 matches found
Inductive Automation Ignition
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to be granted direct SYSTEM-level code execution on the host operating system running the Ignition Gateway service on Windows systems. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to...
Axis Communications Camera Station Pro, Camera Station, and Device Manager (Update B)
RISK EVALUATION Successful exploitation of these vulnerabilities could result in an attacker executing arbitrary code, executing a man-in-middle style attack, or bypass authentication. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of...
BullWall Ransomware Containment and Server Intrusion Protection multiple vulnerabilities
RISK EVALUATION BullWall Ransomware Containment and Server Intrusion Protection are products used for ransomware containment. Multiple vulnerabilities were reported that when used individually or in conjunction could allow a remote attacker with valid credentials to log in to a system with...
Güralp Systems Fortimus Series, Minimus Series, and Certimus Series
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service condition. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network exposure for...
Mitsubishi Electric GT Designer3
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker obtain plaintext credentials from the project file for GT Designer3, which could result in illegally operating GOT2000 and GOT1000 series devices. 2. RECOMMENDED PRACTICES CISA recommends users take defensive...
Varex Imaging Panoramic Dental Imaging Software
RISK EVALUATION Successful exploitation of this vulnerability could allow a standard user to obtain NT Authority/SYSTEM privileges. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network...
Schneider Electric EcoStruxure Foxboro DCS Advisor
GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install physical controls so no unauthorized personnel can access...
Multiple India-based CCTV Cameras (Update A)**
RISK EVALUATION Successful exploitation of this vulnerability could result in information disclosure including capture of camera account credentials. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:...
Siemens Gridscale X Prepay
SUMMARY Gridscale X Prepay contains multiple vulnerabilities that could allow an attacker to enumerate valid user names and to bypass locked-out user sessions. Siemens has released a new version for Gridscale X Prepay and recommends to update to the latest version. 2. GENERAL RECOMMENDATIONS...
Siemens Advanced Licensing (SALT) Toolkit
SUMMARY Multiple Siemens products are affected by improper certificate validation in Siemens Advanced Licensing SALT Toolkit. This could allow an unauthenticated remote attacker to perform man in the middle attacks. Siemens has released new versions for several affected products and recommends...
Siemens IAM Client
SUMMARY Multiple Siemens products are affected by improper certificate validation in IAM Client. This could allow an unauthenticated remote attacker to perform man in the middle attacks. Siemens is preparing fix versions and recommends countermeasures for products where fixes are not, or not yet...
Advantech iView
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to disclose sensitive information, modify, or delete data. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize...
Mitsubishi Electric GX Works2
RISK EVALUATION Successful exploitation of this vulnerability could open project files protected by user authentication using disclosed credential information, and obtain or modify project information. 2. RECOMMENDED PRACTICES CISA reminds organizations to perform proper impact analysis and risk...
SolisCloud Monitoring Platform
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to access sensitive information by manipulating API requests. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize...
Mirion Medical EC2 Software NMIS BioDose
RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to modify program executables, gain access to sensitive information, gain unauthorized access to the application, and execute arbitrary code. 2. RECOMMENDED PRACTICES CISA recommends users take defensive...
Rockwell Automation Arena Simulation
RISK EVALUATION Successful exploitation of this vulnerability could allow local attackers to execute arbitrary code on affected installations of Arena. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:...
Opto 22 groov View
RISK EVALUATION Successful exploitation of this vulnerability could result in credential exposure, key exposure, and privilege escalation. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network...
Automated Logic WebCTRL Premium Server
RISK EVALUATION Successful exploitation of these vulnerabilities could allow a remote attacker to deceive a legitimate user into running malicious scripts or redirecting them to malicious websites. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of...
Emerson Appleton UPSMON-PRO
RISK EVALUATION Successful exploitation of this vulnerability could allow remote attackers to execute arbitrary code on affected installations of Appleton UPSMON-PRO. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this...
AVEVA Edge
RISK EVALUATION Successful exploitation of this vulnerability could allow a local attacker to reverse engineer passwords through brute force. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize...
Siemens Spectrum Power 4
RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to remotely execute code as application administrator or locally execute code as operating system administrator. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of...
Schneider Electric PowerChute Serial Shutdown
GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install physical controls so no unauthorized personnel can access...
Fuji Electric Monitouch V-SFT-6 (Update A)
RISK EVALUATION Successful exploitation of these vulnerabilities could crash the accessed device; a buffer overflow condition may allow remote code execution. 2. RECOMMENDED PRACTICES CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive...
Restaurant Brands International assistant platform multiple vulnerabilities
RISK EVALUATION Restaurant Brands International assistant platform is used to manage restaurants owned by RBI. Multiple vulnerabilities were found in the assistant platform. The most severe vulnerabilities chained together could allow a remote, unauthenticated attacker to create an account and...
Rockwell Automation FactoryTalk Linx
RISK EVALUATION Successful exploitation of these vulnerabilities may allow full access to all files, processes, and system resources. 2. RECOMMENDED PRACTICES CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. CISA also...
Siemens SINEC NMS
SUMMARY SINEC NMS is affected by SQL injection vulnerability that could allow an authenticated low privileged attacker to exploit by inserting malicious data and achieve privilege escalation. Siemens has released a new version for SINEC NMS and recommends to update to the latest version. 2...
Siemens Solid Edge
SUMMARY Solid Edge is affected by multiple file parsing vulnerabilities that could be triggered when the application reads specially crafted PRT files format. This could allow an attacker to crash the application or execute arbitrary code. Siemens has released new versions for the affected...
LG Innotek Camera Multiple Models
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to gain administrative access to the device. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network exposure...
Dingtian DT-R002
RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to retrieve credentials without authentication. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as: Minimize network...
Mitsubishi Electric MELSEC-Q Series CPU Module
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a denial of service DoS. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network exposure for all...
Delta Electronics DIALink
RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to bypass authentication. 2. RECOMMENDED PRACTICES CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. CISA also provides a section for...
Rockwell Automation FactoryTalk Activation Manager
RISK EVALUATION Successful exploitation of this vulnerability could result in in data exposure, session hijacking, or full communication compromise. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:...
Rockwell Automation FactoryTalk Optix
RISK EVALUATION Successful exploitation of this vulnerability could result in an attacker achieving remote code execution. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network exposure for all...
Rockwell Automation CompactLogix® 5480
RISK EVALUATION Successful exploitation of this vulnerability could result in arbitrary code execution. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network exposure for all control system...
Siemens User Management Component (UMC)
SUMMARY Siemens' User Management Component UMC is affected by multiple vulnerabilities that could allow an unauthenticated remote attacker to execute arbitrary code or to cause a denial of service condition. Siemens has released a new version for User Management Component UMC and recommends to...
Siemens Industrial Edge Management
SUMMARY Industrial Edge Management is affected by a vulnerability that could allow a remote attacker to cause a denial of service condition. Siemens recommends specific countermeasures for products where fixes are not, or not yet available. 2. GENERAL RECOMMENDATIONS As a general security...
INVT VT-Designer and HMITool
RISK EVALUATION Successful exploitation of these vulnerabilities could allow attackers to execute arbitrary code in the context of the current process. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:...
Rockwell Automation ArmorBlock 5000 I/O - Webserver
RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to predict session numbers or perform privileged actions. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:...
ABB Ability Zenon Remote Transport Vulnerability (Update A)
SUMMARY ABB is aware of vulnerabilities in the product versions listed as affected in the advisory. The vulnerability enables unauthorized access to the Reboot OS function within the Remote Transport Service, allowing an attacker to trigger a system reboot without the required authentication...
Siemens Web Installer
SUMMARY The installers used to install several Siemens products are affected by a DLL hijacking vulnerability. This could allow an attacker to execute arbitrary code when a legitimate user installs an application that uses the affected installer component. This vulnerability poses a risk only...
Siemens SIMATIC S7-PLCSIM
SUMMARY Affected products do not properly sanitize user-controllable input when parsing project files. This could allow an attacker to cause a type confusion and execute arbitrary code within the affected application. Siemens has released new versions for several affected products and recommends...
Siemens SICAM Q100/Q200
SUMMARY SICAM Q100 and Q200 devices are affected by two information disclosure vulnerabilities that could allow an authenticated local attacker to extract the SMTP account password and use the configured SMTP service for arbitrary purposes. Siemens has released new versions for the affected...
Siemens WIBU CodeMeter Runtime
SUMMARY WIBU Systems published information about a privilege escalation vulnerability under a certain circumstances and associated fix releases of CodeMeter Runtime, a product provided by WIBU Systems and used in several Siemens industrial products. Siemens has released new versions for affected...
Delta Electronics DIAView
RISK EVALUATION Successful exploitation of this vulnerability may allow a remote attacker to read or write files on the affected device. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. CISA reminds organizations...
Samsung HVAC DMS
RISK EVALUATION Successful exploitation of these vulnerabilities can lead to unauthenticated remote code execution. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as: Minimize network exposure for all...
Leviton AcquiSuite and Energy Monitoring Hub
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to craft a malicious payload in URL parameters that would get executed in a client browser when accessed by a user, steal session tokens and control the service. 2. RECOMMENDED PRACTICES CISA recommends users...
Delta Electronics DTM Soft
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to encrypt files referencing the application in order to extract information. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability,...
Schneider Electric EcoStruxure
GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. https://www.se.com/us/en/download/document/7EN52-0390/ Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install...
Siemens SIMATIC CN 4100
SUMMARY A vulnerability in SIMATIC CN 4100 could allow an attacker to cause a denial of service condition. Siemens has released a new version for SIMATIC CN 4100 and recommends to update to the latest version. 2. GENERAL RECOMMENDATIONS As a general security measure, Siemens strongly recommends...
Siemens SINEC NMS
SUMMARY Siemens SINEC NMS before V4.0 is affected by multiple vulnerabilities which could allow an attacker to elevate privilege and exceute arbitrary code. Siemens has released a new version for SINEC NMS and recommends to update to the latest version. Siemens is preparing further fix versions...