4251 matches found
Schneider Electric EcoStruxure Power Automation System
GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. https://www.se.com/us/en/download/document/7EN52-0390/ Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install...
Rockwell Automation FactoryTalk
RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute code on the device with elevated privileges. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as: Minimize...
Schneider Electric EcoStruxure Power Build Rapsody
GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. https://www.se.com/us/en/download/document/7EN52-0390/ Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install...
Siemens SIPROTEC 5 Products
SUMMARY Affected SIPROTEC 5 devices do not properly limit the access of the web server to the filesystem. This could allow an authenticated remote attacker to read arbitrary files or the entire filesystem of the device. Siemens has released new versions for several affected products and...
Schneider Electric Harmony HMI and Pro-Face HMI Products
GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. https://www.se.com/us/en/download/document/7EN52-0390/ Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install...
Versa Networks Versa Director insecure default PostgreSQL configuration
RISK EVALUATION Versa Networks Versa Director, by default, configures PostgreSQL to listen on all network interfaces using database credentials shared by multiple installations. From Advising Vulnerability In Versa Director: "This combination allows an unauthenticated attacker to access and...
Rockwell Automation Arena Input Analyzer
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to disclose information and execute arbitrary code on the program. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:...
2N Access Commander (Update A)
RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to escalate their privileges, execute arbitrary code, or gain root access to the system. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these...
Siemens SCALANCE M-800 Family
SUMMARY SCALANCE M-800 family before V8.2 is affected by multiple vulnerabilities. Siemens has released new versions for the affected products and recommends to update to the latest versions. 2. GENERAL RECOMMENDATIONS As a general security measure, Siemens strongly recommends to protect network...
Beckhoff Automation TwinCAT Package Manager
RISK EVALUATION Successful exploitation this vulnerability could allow a local attacker with administrative access rights to execute arbitrary OS commands on the affected system. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this...
Schneider Electric EcoStruxure Power Monitoring Expert (PME) (Update B)
GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. https://www.se.com/us/en/download/document/7EN52-0390/ Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install...
Schneider Electric System Monitor Application in Harmony and Pro-face PS5000 Legacy Industrial PCs
GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. https://www.se.com/us/en/download/document/7EN52-0390/ Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install...
TopQuadrant TopBraid EDG Insecure External Password Storage and XXE Vulnerabilities
RISK EVALUATION TopQuadrant TopBraid EDG stores credentials for external services insecurely and processes untrusted XML entities. An authenticated attacker could obtain credentials for remote services, read local files, or access URLs. 2. RECOMMENDED PRACTICES Upgrade to TopQuadrant TopBraid...
Hitachi Energy FOX61x, FOXCST, and FOXMAN-UN Products
SUMMARY Hitachi Energy is aware of a vulnerability that affects the FOXMAN-UN/FOXCST versions listed below. If exploited an attacker could potentially intercept or falsify data exchanges between the client and the server. Please refer to the “Recommended Immediate Actions” for information about...
Siemens SIMATIC S7-1200 CPU V1/V2 Devices
SUMMARY SIMATIC S7-1200 CPU V1/V2 controllers contain two vulnerabilities that could allow an unauthenticated remote attacker - to trigger functions by record and playback of legitimate network communication, or - to place the controller in stop/defect state by causing a communications error...
XZ Utils vulnerability impacting B&R Products
SUMMARY An update is available that resolves vulnerability in the product versions listed as affected in the advisory. An attacker who successfully exploited this vulnerability could cause the product to stop or corrupt memory data. 2. FREQUENTLY ASKED QUESTIONS Could the vulnerability be...
Siemens SIPROTEC 5 Using DIGSI5 Protocol
SUMMARY SIPROTEC 5 is vulnerable to arbitrary file uploads by authenticated users using the DIGSI 5 protocol. This could allow an attacker to upload malicious configuration files, potentially causing a permanent denial of service condition. As a mitigation measure, users of the CP050 and CP150...
Yadea T5 Electric Bicycle
RISK EVALUATION Successful exploitation of this vulnerability could result in an attacker being able to unlock and start the bicycle, leading to vehicle theft. 2. RECOMMENDED PRACTICES CISA provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics...
Silex Technology SD-330AC and AMC Manager
RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code, cause a denial-of-service, or configuration information may be altered without authentication. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize...
AVEVA Pipeline Simulation
RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated attacker to modify simulation parameters, training configuration and training records. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this...
Anviz Multiple Products
ADVISORY SUMMARY Successful exploitation of these vulnerabilities could allow attackers to conduct reconnaissance, capture or decrypt sensitive data, alter device configurations, gain unauthorized administrative or root‑level access, execute arbitrary code, compromise credentials or...
ABB Ability Symphony Plus Engineering
SUMMARY ABB became aware of vulnerability in the products versions listed as affected in the advisory. The ABB S+ Engineering product versions are affected by vulnerabilities in PostgreSQL version 13.11 and earlier versions. If an attacker gains access to a site’s S+ Client Server network, they...
Contemporary Controls BASC 20T
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to enumerate the functionality of each component associated with the PLC, reconfigure, rename, delete, perform file transfers, and make remote procedure calls. 2. RECOMMENDED PRACTICES CISA recommends users...
PX4 Autopilot
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker with access to the MAVLink interface to execute arbitrary shell commands without cryptographic authentication. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of...
Nanoleaf Lines unauthenticated firmware file store
RISK EVALUATION Nanoleaf Lines 12.3.2 does not authenticate firmware file uploads. A remote, unauthenticated attacker can upload firmware files on the device and consume storage resources. 2. RECOMMENDED PRACTICES Update to 12.3.6. 3. DESCRIPTION Nanoleaf Lines 12.3.2 does not authenticate...
WAGO GmbH & Co. KG Industrial Managed Switches
SUMMARY A vulnerability has been found affecting the Managed Switches of WAGO. An unauthenticated attacker can fully compromise the device via an undocumented function. 2. IMPACT This could lead to a full System compromise of the affected devices. 3. REMEDIATION Please update your devices to the...
Automated Logic WebCTRL Premium Server
RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to read, intercept, or modify communications. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as: Minimize network...
Multiple IP-KVM Vulnerabilities
RISK EVALUATION Multiple KVM products GL-iNet GL-RM1, Angeet ES3 KVM, Sipeed NanoKVM, and JetKVM are affected by multiple vulnerabilities. The most severe of these vulnerabilities could allow a remote, unauthenticated attacker to take complete control of a vulnerable product. 2. RECOMMENDED...
Schneider Electric Modicon Controllers M241, M251, M258, and LMC058
GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install physical controls so no unauthorized personnel can access...
Schneider Electric EcoStruxure Foxboro DCS
GENERAL SECURITY RECOMMENDATIONS Schneider Electric strongly recommends the following industry cybersecurity best practices. https://www.se.com/us/en/download/document/7EN52-0390/ Locate control and safety system networks and remote devices behind firewalls and isolate them from the business...
ePower epower.ie
RISK EVALUATION Successful exploitation of these vulnerabilities could enable attackers to gain unauthorized administrative control over vulnerable charging stations or disrupt charging services through denial-of-service attacks. 2. RECOMMENDED PRACTICES CISA recommends users take defensive...
Mobility46 mobility46.se
RISK EVALUATION Successful exploitation of these vulnerabilities could enable attackers to gain unauthorized administrative control over vulnerable charging stations or disrupt charging services through denial-of-service attacks. 2. RECOMMENDED PRACTICES CISA recommends users take defensive...
EnOcean SmartServer IoT
RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to remotely execute arbitrary code and bypass ASLR. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as: Minimize...
Delta Electronics ASDA-Soft
RISK EVALUATION Successful exploitation of this vulnerability may allow an attacker to write arbitrary data beyond the bounds of a stack-allocated buffer, leading to the corruption of a structured exception handler SEH. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to...
GE Vernova Enervista UR Setup
RISK EVALUATION Successful exploitation of these vulnerabilities may allow code execution with elevated privileges. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as: Minimize network exposure for all...
AVEVA PI to CONNECT Agent
RISK EVALUATION Successful exploitation of this vulnerability could result in an unauthorized access to the proxy server. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network exposure for all...
ZOLL ePCR IOS Mobile Application
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to gain unauthorized access to protected health information PHI or device telemetry. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this...
Siemens Polarion
SUMMARY Polarion before V2506 contains a vulnerability that could allow authenticated remote attackers to conduct cross-site scripting attacks. Siemens has released new versions for the affected products and recommends to update to the latest versions. 2. GENERAL RECOMMENDATIONS As a general...
o6 Automation GmbH Open62541
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service condition and memory corruption. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize...
Mitsubishi Electric MELSEC iQ-R Series
RISK EVALUATION Successful exploitation of this vulnerability may allow an attacker to read device data or part of a control program from the affected product, write device data in the affected product, or cause a denial-of-service condition on the affected product. 2. RECOMMENDED PRACTICES CISA...
Mitsubishi Electric FREQSHIP-mini for Windows
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to gain unauthorized access to, modify, delete, or destroy information stored on the system where the affected product is installed, or cause a denial-of-service condition on the affected system. 2. RECOMMENDED...
iba Systems ibaPDA
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to perform unauthorized actions on the file system. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network...
Weintek cMT X Series HMI EasyWeb Service
RISK EVALUATION Successful exploitation of these vulnerabilities could allow a low-level user to alter privileges and gain full control to the device. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:...
Hubitat Elevation Hubs
RISK EVALUATION Successful exploitation of this vulnerability could allow an authenticated attacker to escalate their privileges and control devices outside of their authorized scope. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of...
Rockwell Automation Verve Asset Manager
RISK EVALUATION Successful exploitation of these vulnerabilities may allow an attacker to access sensitive information stored in variables within the ADI server. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities,...
ABB B&R Automation Studio
SUMMARY ABB became aware of vulnerability in the product versions listed as affected in the advisory. An update is available that resolves a vulnerability. Successful exploitation of this vulnerability may enable an attacker to masquerade as a trusted party when B&R Automation Studio establishes...
Rockwell Automation FactoryTalk DataMosaix Private Cloud
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to perform unauthorized sensitive database operations. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize...
Inductive Automation Ignition
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to be granted direct SYSTEM-level code execution on the host operating system running the Ignition Gateway service on Windows systems. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to...
BullWall Ransomware Containment and Server Intrusion Protection multiple vulnerabilities
RISK EVALUATION BullWall Ransomware Containment and Server Intrusion Protection are products used for ransomware containment. Multiple vulnerabilities were reported that when used individually or in conjunction could allow a remote attacker with valid credentials to log in to a system with...
Mitsubishi Electric GT Designer3
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker obtain plaintext credentials from the project file for GT Designer3, which could result in illegally operating GOT2000 and GOT1000 series devices. 2. RECOMMENDED PRACTICES CISA recommends users take defensive...