4207 matches found
Schneider Electric EcoStruxure
GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. https://www.se.com/us/en/download/document/7EN52-0390/ Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install...
Siemens SIMATIC CN 4100
SUMMARY A vulnerability in SIMATIC CN 4100 could allow an attacker to cause a denial of service condition. Siemens has released a new version for SIMATIC CN 4100 and recommends to update to the latest version. 2. GENERAL RECOMMENDATIONS As a general security measure, Siemens strongly recommends...
Siemens SINEC NMS
SUMMARY Siemens SINEC NMS before V4.0 is affected by multiple vulnerabilities which could allow an attacker to elevate privilege and exceute arbitrary code. Siemens has released a new version for SINEC NMS and recommends to update to the latest version. Siemens is preparing further fix versions...
Hitachi Energy MicroSCADA X SYS600
RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to tamper with the system file, overwrite files, create a denial-of-service condition, or leak file content. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of...
ABB RMC-100 (Update A)
RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to gain unauthenticated access to the MQTT configuration data, cause a denial-of-service condition on the MQTT configuration web server REST interface, or decrypt encrypted MQTT broker credentials. 2...
Versa Networks Versa Director multiple vulnerabilities
RISK EVALUATION Versa Networks Versa Director contains a variety of vulnerabilities. In the most severe cases, a remote, unauthenticated attacker could execute arbitrary code with administrative privileges. 2. RECOMMENDED PRACTICES Upgrade to fixed versions of Versa Director. See...
Mitsubishi Electric Air Conditioning Systems (Update B)
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to control the air conditioning system. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. CISA reminds organizations to perform...
Hitachi Energy Relion 670/650 and SAM600-IO Series (Update A)
SUMMARY Hitachi Energy is aware of a vulnerability that affects the Relion 670/650 and SAM600-IO series IED device versions that are listed in this document. An authenticated attacker successfully exploiting this vulnerability via FTP access can cause the device to reboot due to improper disk...
Hitachi Energy MSM
SUMMARY Hitachi Energy is aware of the vulnerability CVE-2020-11022 that affects MSM versions as listed below. If an attacker successfully exploits this vulnerability, it could impact the confidentiality, integrity or availability of MSM. Please consult the Recommended Immediate Actions Section...
Delta Electronics CNCSoft
RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute code within the context of the current process. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. CISA reminds...
Schneider Electric EcoStruxure Power Build Rapsody
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network exposure for all control...
Siemens SiPass Integrated
SUMMARY SiPass integrated versions before V2.95.3.18 contain an out of bounds read vulnerability that could allow an unauthenticated remote attacker to create a denial of service condition. Siemens has released a new version for SiPass integrated and recommends to update to the latest version...
Siemens Desigo
SUMMARY Desigo CC deployments that use Installed Client are impacted by an information disclosure vulnerability which could result in information leak from the Desigo CC server. The other Desigo CC client options, Windows App Client and Flex Client, are not affected by this vulnerability...
Siemens Industrial Edge Device Kit
SUMMARY Industrial Edge Device Kit contains a weak authentication vulnerability that could facilitate an unauthenticated remote attacker to circumvent authentication and impersonate a legitimate user. Industrial Edge Device Builders integrate Industrial Edge Device Kit into their offerings...
SMA Sunny Portal
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to upload and remotely execute code. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network exposure for all...
Siemens Simcenter Femap
SUMMARY Siemens Simcenter Femap is affected by memory corruption vulnerability that could be triggered when the application reads files in .NEU format. If a user is tricked to open a malicious file with the affected application, an attacker could leverage the vulnerability to leak information or...
Siemens SCALANCE M-800 and SC-600 Families
SUMMARY SCALANCE M-800 and SC-600 families are affected by improper input validation in the OpenVPN authentication. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends specific...
Siemens SINEMA Remote Connect Server
SUMMARY SINEMA Remote Connect Server before V3.2 SP3 is affected by multiple vulnerabilities. Siemens has released a new version for SINEMA Remote Connect Server and recommends to update to the latest version. 2. GENERAL RECOMMENDATIONS As a general security measure, Siemens strongly recommends...
Schneider Electric Enerlin’X IFE and eIFE
GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. https://www.se.com/us/en/download/document/7EN52-0390/ Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install...
Siemens SIPROTEC 5
SUMMARY Affected SIPROTEC 5 devices contain a development shell which is accessible via a physical interface which is not properly restricted. This could allow an unauthenticated attacker with physical access to an affected device to execute arbitrary commands on the device. Siemens has released...
Siemens SIMATIC
SUMMARY The webserver of several SIMATIC products is affected by a user enumeration vulnerability that could allow an unauthenticated remote attacker to identify valid usernames. Siemens has released new versions for several affected products and recommends to update to the latest versions...
Siemens OpenV2G
SUMMARY The open source software OpenV2G contains a buffer overflow vulnerability that could allow an attacker to trigger a memory corruption. Siemens has released an update for the OpenV2G and recommends to update to the latest version. 2. GENERAL RECOMMENDATIONS As a general security measure,...
Elber Communications Equipment
RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker unauthorized administrative access to the affected device. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this these vulnerabilities, such as:...
Rockwell Automation KEPServer
RISK EVALUATION Successful exploitation of this vulnerability could cause the device to crash. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network exposure for all control system devices...
Fedora Repository fedoraIntCallUser default credentials and insecure archive extraction
RISK EVALUATION Fedora Repository 3.8 includes default user credentials and allows path traversal when extracting uploaded archive files. An attacker can exploit these vulnerabilities to read sensitive data and execute arbitrary commands with the privileges of the Java web application server...
Fuji Electric Alpha5 SMART
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network exposure for all control...
Schneider Electric EcoStruxure Power Monitoring Expert (PME) (Update A)
RISK EVALUATION Successful exploitation of this vulnerability could cause a denial-of-service of the product when an unauthenticated user sends a crafted HTTPS packet to the webserver. 2. RECOMMENDED PRACTICES CISA reminds organizations to perform proper impact analysis and risk assessment prior...
Schneider Electric Modicon M340 and BMXNOE0100/0110, BMXNOR0200H (Update B)
RISK EVALUATION Successful exploitation of this vulnerability could cause information disclosure of a restricted web page, modification of a web page and a denial of service when specific web pages are modified and restricted functions are invoked. 2. RECOMMENDED PRACTICES CISA reminds...
Schneider Electric EcoStruxure Power Build Rapsody
GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. https://www.se.com/us/en/download/document/7EN52-0390/ Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install...
Schneider Electric RemoteConnect and SCADAPack x70 Utilities (Update A)
RISK EVALUATION Successful exploitation of this vulnerability could lead to loss of confidentiality, integrity and potential remote code execution on workstation when a non-admin authenticated user opens a malicious project file. 2. RECOMMENDED PRACTICES CISA recommends users take defensive...
Nedap Librix Ecoreader
RISK EVALUATION Successful exploitation of this vulnerability could result in remote code execution. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network exposure for all control system...
Delta Electronics DTM Soft
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network exposure for all control...
BD Diagnostic Solutions Products (Update A)
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to use default credentials to access, modify, or delete sensitive data, which could impact the availability of the system or cause a system shutdown. 2. RECOMMENDED PRACTICES CISA recommends users take...
Hitachi Energy TropOS Devices Series 1400/2400/6400
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service condition. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network exposure for...
Siemens Parasolid
SUMMARY Parasolid is affected by out of bounds write vulnerability that could be triggered when the application reads files in PAR format. If a user is tricked to open a malicious file with the affected applications, an attacker could perform remote code execution in the context of the current...
Siemens Siemens Engineering Platforms
SUMMARY Affected products do not properly sanitize user-controllable input when parsing files. This could allow an attacker to cause a type confusion and execute arbitrary code within the affected application. Siemens is preparing fix versions and recommends countermeasures for products where...
mySCADA myPRO Manager
RISK EVALUATION Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands or disclose sensitive information. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such...
Subnet Solutions PowerSYSTEM Center
RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to cause an integer overflow on the affected device. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as: Minimize...
Beckhoff Automation TwinCAT Package Manager
RISK EVALUATION Successful exploitation this vulnerability could allow a local attacker with administrative access rights to execute arbitrary OS commands on the affected system. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this...
Schneider Electric EVlink Home Smart and Schneider Charge
GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. https://www.se.com/us/en/download/document/7EN52-0390/ Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install...
Schneider Electric System Monitor Application in Harmony and Pro-face PS5000 Legacy Industrial PCs
GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. https://www.se.com/us/en/download/document/7EN52-0390/ Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install...
TopQuadrant TopBraid EDG Insecure External Password Storage and XXE Vulnerabilities
RISK EVALUATION TopQuadrant TopBraid EDG stores credentials for external services insecurely and processes untrusted XML entities. An authenticated attacker could obtain credentials for remote services, read local files, or access URLs. 2. RECOMMENDED PRACTICES Upgrade to TopQuadrant TopBraid...
Siemens Automation License Manager
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
Schneider Electric Vijeo Designer and EcoStruxureâ„¢ Machine Expert (Update A)
GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. https://www.se.com/us/en/download/document/7EN52-0390/ Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install...
Schneider Electric Modicon M340, BMXNOE0100, and BMXNOE0110 (Update A)
GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. https://www.se.com/us/en/download/document/7EN52-0390/ Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install...
Siemens SIMATIC S7-1200 CPU V1/V2 Devices
SUMMARY SIMATIC S7-1200 CPU V1/V2 controllers contain two vulnerabilities that could allow an unauthenticated remote attacker - to trigger functions by record and playback of legitimate network communication, or - to place the controller in stop/defect state by causing a communications error...
Webmin multiple vulnerabilities
RISK EVALUATION Webmin contains multiple vulnerabilities. In the worst case, a remote, unauthenticated attacker could impersonate and authenticate as any user. 2. RECOMMENDED PRACTICES Update to most recent available version of Webmin. 3. DESCRIPTION The Webmin HTTP server miniserv.pl allows...
U.S. GAO EPDS and CBCA EDS multiple vulnerabilities
RISK EVALUATION The U.S. Government Accountability Office GAO Electronic Protest Docketing System EPDS and Civilian Board of Contract Appeals CBCA Electronic Docketing System EDS contained multiple vulnerabilities. In the worst case, a remote, unauthenticated attacker could change all users'...
AVer PTC cameras
ADVISORY SUMMARY Successful exploitation of this vulnerability could allow arbitrary code execution. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Minimize network exposure for all control system devices and/or...
Mitsubishi Electric MELSEC iQ-F Series
ADVISORY SUMMARY Successful exploitation of this vulnerability could allow a remote attacker to cause a denial-of-service DoS condition in the affected product by rapidly establishing a large number of TCP connections to it, resulting in an inconsistency in the product's internal connection...