Moxa MB3xxx Series Protocol Gateways

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Moxa Equipment: MB3170 series, MB3180 series, MB3270 series, MB3280 series, MB3480 series, and MB3660 series Vulnerabilities: Stack-based Buffer Overflow, Integer Overflow to Buffer Overflow,...

Mitsubishi Electric Multiple Factory Automation Products (Update B)

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: GOT2000 compatible HMI software, CC-Link IE TSN Industrial Managed Switch, MELSEC iQ-R Series OPC UA Server Module Vulnerabilities: Infinite Loop, OS Command Injection 2...

Delta Controls enteliBUS Controllers

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Delta Controls Equipment: enteliBUS Controllers Vulnerability: Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker on the same network to gain...

GE Multilin SR, UR, and URplus Protective Relays (Update A)

CVSS v3 8.1 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: GE Equipment: Multilin SR, UR, and URplus Protective Relays Vulnerabilities: Weak Cryptography for Passwords UPDATED INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-17-117-01 GE...

Siemens RUGGEDCOM APE1808 with Fortigate NGFW Devices

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

InHand Networks IR615 Router (Update A)

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: InHand Networks Equipment: IR615 Router Vulnerabilities: Improper Restriction of Rendered UI Layers or Frames, Improper Authorization, Cross-site Request Forgery, Inadequate Encryption Strength, Imprope...

Honeywell Experion PKS and ACE Controllers

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Honeywell Equipment: Experion Process Knowledge System PKS C200, C200E, C300 and ACE Controllers Vulnerabilities: Unrestricted Upload of File with Dangerous Type, Relative Path Traversal, Improper...

Russian State-Sponsored Advanced Persistent Threat Actor Compromises U.S. Government Targets

Summary This joint cybersecurity advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge ATT &CK® framework. See the ATT&CK for Enterprise framework for all referenced threat actor tactics and techniques This joint cybersecurity advisory—written by the Federal Bureau of...

B. Braun SpaceCom, Battery Pack SP with Wi-Fi, and Data module compactplus

1. EXECUTIVE SUMMARY CVSS v3 7.6 ATTENTION: Exploitable remotely/low and high skill level to exploit Vendor: B. Braun Melsungen AG Equipment: SpaceCom, Battery Pack SP with Wi-Fi, and Data module compactplus Vulnerabilities : Cross-site Scripting, Open Redirect, XPath Injection, Session Fixation,...

ICSA-19-260-02 Siemens SINEMA Remote Connect Server

1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: SINEMA Remote Connect Server Vulnerabilities: Improper Restriction of Excessive Authentication Attempts, Information Exposure, Cross-Site Request Forgery, Use of Password Hash with Insufficient...

Siemens SIMATIC HMI Basic, SINUMERIK, and Ruggedcom APE GHOST Vulnerability

OVERVIEW The “GHOST"Further information about the GHOST vulnerability: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0235, web site last accessed March 05, 2015. vulnerability in the glibc library affects the Siemens SINUMERIK and SIMATIC HMI Basic applications. Siemens has produced an...

VISAM VBASE Editor

1. EXECUTIVE SUMMARY CVSS v3 7.4 ATTENTION: Exploitable remotely/low attack complexity Vendor: VISAM Equipment: VBASE Vulnerabilities: Improper Access Control, Cross-site Scripting, Improper Restriction of XML External Entity Reference, Using Components with Known Vulnerabilities 2. RISK...

Yokogawa HART Device DTM Vulnerability

OVERVIEW Alexander Bolshev of Digital Security has identified an improper input vulnerability in the CodeWrights GmbH HART Device Type Manager DTM library utilized in Yokogawa’s HART Device DTM. CodeWrights GmbH has addressed the vulnerability with a new library, which both companies have begun t...

People’s Republic of China (PRC) Ministry of State Security APT40 Tradecraft in Action

Overview Background This advisory, authored by the Australian Signals Directorate’s Australian Cyber Security Centre ASD’s ACSC, the United States Cybersecurity and Infrastructure Security Agency CISA, the United States National Security Agency NSA, the United States Federal Bureau of Investigati...

Siemens RUGGEDCOM APE1808 Products

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

Understanding Ransomware Threat Actors: LockBit

SUMMARY In 2022, LockBit was the most deployed ransomware variant across the world and continues to be prolific in 2023. Since January 2020, affiliates using LockBit have attacked organizations of varying sizes across an array of critical infrastructure sectors, including financial services, food...

Siemens SNMP Implementation of WinCC Runtime

1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SNMP Implementation of WinCC Runtime Vulnerability: Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of this vulnerability could crash the SNMP service and require a...

Siemens Solid Edge File Parsing

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: Siemens Equipment: Solid Edge Vulnerabilities: Out-of-bounds Write, Improper Restriction of XML External Entity Reference, Out-of-bounds Read 2. RISK EVALUATION Successful exploitation of these vulnerabilities could...

Siemens Industrial Products (Update F)

1. EXECUTIVE SUMMARY CVSS v3 5.5 ATTENTION: Low attack complexity Vendor: Siemens Equipment: Siemens Industrial Products containing certain processors Vulnerability: Exposure of Sensitive Information to an Unauthorized Actor 2. UPDATE INFORMATION This updated advisory is a follow-up to the...

PHOENIX CONTACT Automation Worx Software Suite

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: Phoenix Contact Equipment: Automation Worx Software Suite Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could compromise the availability, integrity, or...

Rockwell Automation RSLinx Classic

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Rockwell Automation Equipment: RSLinx Classic Vulnerability: Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote attacker to execute...

Kabona AB WDC Vulnerabilities (Update A)

OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-17-287-07 Kabona AB WDC Vulnerabilities that was published October 13, 2016, on the NCCIC/ICS-CERT web site. Martin Jartelius and John Stock of Outpost 24 have identified vulnerabilities in Kabona AB’s...

Johnson Controls Metasys Vulnerabilities

OVERVIEW This advisory was originally posted to the US-CERT secure Portal library on December 16, 2014, and is being released to the NCCIC/ICS-CERT web site. Independent security researcher Billy Rios has identified two vulnerabilities in Johnson Controls Metasys building management system. Johns...

Siemens CP 1604 and CP 1616 Improper Access Control

Overview This advisory provides mitigation details for a vulnerability that impacts the Siemens CP 1604 and CP 1616 communication modules. Siemens has identified a vulnerability in the debugging interface of the CP 1604 and CP 1616 communications modules. Independent researchers Christopher...

SAUTER Controls Nova 200 - 220 Series (PLC 6)

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: SAUTER Controls Equipment: Nova 200–220 Series PLC 6 Vulnerabilities: Missing Authentication for Critical Function, Cleartext Transmission of Sensitive Information 2. RISK EVALUATION Successful...

#StopRansomware: Vice Society

Note: This joint Cybersecurity Advisory CSA is part of an ongoing StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These StopRansomware advisories include recently and historically observed tactics, techniques,...

ABB Drive Composer, Automation Builder, Mint Workbench

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: ABB Equipment: Drive Composer, Automation Builder, Mint Workbench Vulnerability: Improper Privilege Management 2. RISK EVALUATION Successful exploitation of this vulnerability could allow remote code execution. 3...

ICSA-20-070-01_Siemens and PKE SiNVR/SiVMS Video Server (Update B)

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendors: Siemens and PKE Equipment: SiNVR/SiVMS Video Server Vulnerabilities: Cleartext Storage in a File or on Disk, Path Traversal, Improper Input Validation, Weak Cryptography for Passwords 2. UPDATE...

PLC Cycle Time Influences (Update A)

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit/public exploits are available Vendors: ABB, Phoenix Contact, Schneider Electric, Siemens, WAGO Equipment: Programmable Logic Controllers Vulnerability: Uncontrolled Resource Consumption 2. UPDATE...

Siemens SCALANCE X Switches, RUGGEDCOM WiMAX, RFID 181-EIP, and SIMATIC RF182C (Update D)

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable from the same local network segment OSI Layer 2 Vendor: Siemens Equipment: SCALANCE X switches, RUGGEDCOM Win, RFID 181-EIP, and SIMATIC RF182C Vulnerability: Heap-based Buffer Overflow 2. UPDATE INFORMATION This updated advisory is a...

People’s Republic of China State-Sponsored Cyber Actors Exploit Network Providers and Devices

Summary Best Practices • Apply patches as soon as possible • Disable unnecessary ports and protocols • Replace end-of-life infrastructure • Implement a centralized patch management system This joint Cybersecurity Advisory describes the ways in which People’s Republic of China PRC state-sponsored...

Johnson Controls Sensormatic Tyco AI

1. EXECUTIVE SUMMARY CVSS v3 7.0 Vendor: Sensormatic Electronics, LLC, a subsidiary of Johnson Controls Equipment: Tyco AI Vulnerability: Off-by-one Error 2. RISK EVALUATION Under specific circumstances, a local attacker could use this vulnerability to obtain super-user access to the underlying...

Siemens SIMATIC S7-1500

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Siemens Equipment: SIMATIC S7-1500 CPU 1518F-4 Vulnerabilities: Improper Initialization, Improper Restriction of Operations within the Bounds of a Memory Buffer 2. RISK EVALUATION Successful exploitation of these Intel...

Real Time Automation EtherNet/IP

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Real Time Automation RTA Equipment: 499ES EtherNet/IP ENIP Adaptor Source Code Vulnerability: Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could...

VISAM Automation Base (VBASE) (Update B)

1. EXECUTIVE SUMMARY CVSS v3 9.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: VISAM Equipment: VBASE Vulnerabilities: Relative Path Traversal, Incorrect Default Permissions, Inadequate Encryption Strength, Insecure Storage of Sensitive Information, Stack-based Buffer Overflow...

ABB PB610 Panel Builder 600

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Low skill level to exploit Vendor: ABB Equipment: PB610 Panel Builder 600 Vulnerabilities: Use of Hard-coded Credentials, Improper Authentication, Relative Path Traversal, Improper Input Validation, Stack-based Buffer Overflow 2. RISK EVALUATION An...

AVEVA InTouch Access Anywhere

1. EXECUTIVE SUMMARY CVSS v3 6.1 ATTENTION: Exploitable remotely/Low skill level to exploit Vendor: AVEVA Software, LLC AVEVA Equipment: InTouch Access Anywhere Vulnerability: Cross-site Scripting 2. RISK EVALUATION Successful exploitation of this vulnerability may allow attackers to obtain...

Siemens SIMATIC HMI Basic, SINUMERIK, and Ruggedcom APE GHOST Vulnerability (Update A)

OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-15-064-01 Siemens SIMATIC HMI Basic, SINUMERIK, and Ruggedcom APE GHOST Vulnerability that was published March 5, 2015, on the NCCIC/ICS-CERT web site. The “GHOST”Further information about the GHOST vulnerability:...

Phoenix Contact Software ProConOs and MultiProg Authentication Vulnerability

OVERVIEW Reid Wightman of Digital Bond has identified an authentication vulnerability in Phoenix Contact Software’s ProConOs and MultiProg applications. KW-Software originally wrote these applications without authentication intentionally. This vulnerability could be exploited remotely. AFFECTED...

Rockwell RSLogix 5000 Password Vulnerability

OVERVIEW This advisory was originally posted to the US-CERT secure Portal library on January 21, 2014, and is now being released to the NCCIC/ICS-CERT Web site. Independent researcher Stephen Dunlap has identified a password vulnerability in the Rockwell Automation RSLogix 5000 software. Rockwell...

Digi International OpenSSL Vulnerability

OVERVIEW Digi International has identified five products that are vulnerable to the OpenSSL Heartbleed bug. Digi International has produced downloadable firmware upgrade versions that mitigate this vulnerability. This vulnerability could be exploited remotely. Exploits that target this...

Siemens LOGO!8 Devices

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: LOGO!8 devices Vulnerabilities: Improper Restriction of Operations within the Bounds of a Memory Buffer, Session Fixation 2. RISK EVALUATION Successful exploitation of these...

Socomec MOD3GP-SY-120K

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION : Exploitable remotely/low attack complexity Vendor : Socomec Equipment : MOD3GP-SY-120K Vulnerabilities : Cross-Site Scripting XSS, Cross-Site Request Forgery CSRF, Insecure Storage of Sensitive Information, Reliance on Cookies without Validation and...

Siemens WinCC OA

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIMATIC WinCC OA Vulnerability: Use of Client-side Authentication CISA is aware of a public report, known as “OT:ICEFALL” that details vulnerabilities found in multiple operational...

FANUC ROBOGUIDE Simulation Platform

1. EXECUTIVE SUMMARY CVSS v3 6.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: FANUC Corporation / FANUC America Corporation Equipment: ROBOGUIDE Vulnerabilities: Incorrect Permission Assignment for Critical Resource, Improper Access Control, Path Traversal, Improper Restriction o...

ABB Multiple System 800xA Products

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: ABB Equipment: System 800xA Vulnerabilities: Incorrect Default Permissions 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to make the system node inaccessible or tamper with...

Mitsubishi Electric FR Configurator2

1. EXECUTIVE SUMMARY CVSS v3 7.1 ATTENTION: Low skill level to exploit Vendor: Mitsubishi Electric Equipment: Mitsubishi Electric FR Configurator2 Vulnerabilities: Improper Restriction of XML External Entity Reference, Uncontrolled Resource Consumption 2. RISK EVALUATION Successful exploitation...

Siemens SIMATIC WinCC Vulnerabilities

Overview This advisory is a follow-up to a previous advisory titled “ICSA-11-356-01 – Siemens HMI Authentication Vulnerabilities” that was published December 22, 2011, and an alert titled "ICS-ALERT-11-332-02A – Siemens SIMATIC WinCC Flexible Vulnerabilities" that was published December 2, 2011...

Multiple Data Distribution Service (DDS) Implementations (Update A)

1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION: Exploitable remotely/low attack complexity Vendors: Eclipse, eProsima, GurumNetworks, Object Computing, Inc. OCI, Real-Time Innovations RTI, TwinOaks Computing Equipment: CycloneDDS, FastDDS, GurumDDS, OpenDDS, Connext DDS Professional, Connext DDS...

ICSA-20-072-01_ABB eSOMS

1. EXECUTIVE SUMMARY CVSS v3 7.6 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: ABB Equipment: eSOMS Vulnerabilities: Use of Web Browser Cache Containing Sensitive Information, Improper Restriction of Rendered UI Layers or Frames, Improper Neutralization of HTTP Headers for...