IBM Maximo Application Suite Sensitive Tokens without 'Secure' Attribute

RISK EVALUATION IBM Maximo Application Suite 9.1, 9.0, 8.11, and 8.10 does not set the secure attribute on authorization tokens or session cookies. An unauthenticated attacker can steal cookies by directing users to a malicious http:// link and snooping user traffic. 2. RECOMMENDED PRACTICES...

Bentley Systems iTwin Platform exposed access token

RISK EVALUATION Bentley Systems iTwin Platform exposed a Cesium ion access token in the source of some web pages. An unauthenticated attacker could use this token to enumerate or delete certain assets. 2. RECOMMENDED PRACTICES As of 2026-03-27, the token is no longer present in the web pages and...

Anritsu Remote Spectrum Monitor

RISK EVALUATION Successful exploitation of this vulnerability could allow attackers with network access to alter operational settings, obtain sensitive signal data, or disrupt device availability. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of...

PTC Windchill Product Lifecycle Management

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to achieve remote code execution. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Minimize network exposure for all control...

WAGO GmbH & Co. KG Industrial Managed Switches

SUMMARY A vulnerability has been found affecting the Managed Switches of WAGO. An unauthenticated attacker can fully compromise the device via an undocumented function. 2. IMPACT This could lead to a full System compromise of the affected devices. 3. REMEDIATION Please update your devices to the...

Multiple IP-KVM Vulnerabilities

RISK EVALUATION Multiple KVM products GL-iNet GL-RM1, Angeet ES3 KVM, Sipeed NanoKVM, and JetKVM are affected by multiple vulnerabilities. The most severe of these vulnerabilities could allow a remote, unauthenticated attacker to take complete control of a vulnerable product. 2. RECOMMENDED...

ABB AWIN Gateways

SUMMARY ABB became aware of vulnerability in the products versions listed as affected in the advisory. An update is available that resolves the reported vulnerabilities. AWIN gateways are not intended to be internet-facing. An attacker who successfully exploited this vulnerability could take...

Trane Tracer SC, Tracer SC+, and Tracer Concierge

RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to disclose sensitive information, execute arbitrary commands, or perform a denial-of-service on the product. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of...

Schneider Electric EcoStruxure Automation Expert

GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install physical controls so no unauthorized personnel can access...

Ceragon Siklu MultiHaul and EtherHaul Series

RISK EVALUATION Successful exploitation of this vulnerability could result in arbitrary file upload to the target equipment. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this these vulnerabilityies, such as: When remote access is...

Mitsubishi Electric CNC Series

RISK EVALUATION Successful exploitation of this vulnerability could allow a remote attacker to cause an out-of-bounds read, resulting in a denial-of-service condition in the affected products. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the exploitation...

Siemens Heliox EV Chargers

SUMMARY Heliox EV Chargers listed below contain improper access control vulnerability that could allow an attacker to reach unauthorized services via the charging cable. Siemens has released new versions for the affected products and recommends to update to the latest versions. 2. GENERAL...

Siemens RUGGEDCOM APE1808 Devices

SUMMARY Fortinet has published information on vulnerabilities in FORTIOS. This advisory lists the related Siemens Industrial products. Siemens has released a new version for RUGGEDCOM APE1808 and recommends to update to the latest version. 2. GENERAL RECOMMENDATIONS As a general security...

Labkotec LID-3300IP

RISK EVALUATION Successful exploitation of this vulnerability could allow attackers to gain unauthorized control over system operations, leading to disruption of normal functionality and potential safety hazards. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize...

EV Energy ev.energy

RISK EVALUATION Successful exploitation of these vulnerabilities could enable attackers to gain unauthorized administrative control over vulnerable charging stations or disrupt charging services through denial-of-service attacks. 2. RECOMMENDED PRACTICES CISA recommends users take defensive...

Gardyn Home Kit (Update A)

RISK EVALUATION Successful exploitation of these vulnerabilities could allow unauthenticated users to access and control edge devices, access cloud-based devices and user information without authentication, and pivot to other edge devices managed in the Gardyn cloud environment. 2. RECOMMENDED...

Valmet DNA Engineering Web Tools

RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated attacker to manipulate the web maintenance services URL to achieve arbitrary file read access. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation...

EnOcean SmartServer IoT

RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to remotely execute arbitrary code and bypass ASLR. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as: Minimize...

GE Vernova Enervista UR Setup

RISK EVALUATION Successful exploitation of these vulnerabilities may allow code execution with elevated privileges. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as: Minimize network exposure for all...

Airleader Master

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to obtain remote code execution. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network exposure for all...

Schneider Electric SCADAPack and RemoteConnect

GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install physical controls so no unauthorized personnel can access...

ZLAN Information Technology Co. ZLAN5143D

RISK EVALUATION Successful exploitation of these vulnerabilities could result in an attacker bypassing authentication, or resetting the device password. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:...

ZOLL ePCR IOS Mobile Application

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to gain unauthorized access to protected health information PHI or device telemetry. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this...

Yokogawa FAST/TOOLS

RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to redirected users to malicious sites, decrypt communications, perform a man-in-the-middle MITM attack, execute malicious scripts, steal files, and perform other various attacks. 2. RECOMMENDED PRACTICES...

AVEVA PI to CONNECT Agent

RISK EVALUATION Successful exploitation of this vulnerability could result in an unauthorized access to the proxy server. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network exposure for all...

Siemens Polarion

SUMMARY Polarion before V2506 contains a vulnerability that could allow authenticated remote attackers to conduct cross-site scripting attacks. Siemens has released new versions for the affected products and recommends to update to the latest versions. 2. GENERAL RECOMMENDATIONS As a general...

Siemens Siveillance Video Management Servers

SUMMARY The Webhooks implementation of Siveillance Video Management Servers contains a vulnerability that could allow an authenticated remote attacker with read-only privileges to achieve full access to Webhooks API. Siemens has released new versions for the affected products and recommends to...

Siemens Desigo CC Product Family and SENTRON Powermanager

SUMMARY Versions V6.0 through V8 QU1 of the Desigo CC product family Desigo CC, Desigo CC Compact, Desigo CC Connect, Cerberus DMS, as well as the Desigo CC-based SENTRON Powermanager, are affected by a vulnerability in the underlying third-party component WIBU Systems CodeMeter Runtime...

Mitsubishi Electric MELSEC iQ-R Series

RISK EVALUATION Successful exploitation of this vulnerability may allow an attacker to read device data or part of a control program from the affected product, write device data in the affected product, or cause a denial-of-service condition on the affected product. 2. RECOMMENDED PRACTICES CISA...

Synectix LAN 232 TRIO

RISK EVALUATION Successful exploitation of this vulnerability could result in an unauthenticated attacker modifying critical device settings or factory resetting the device. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this...

ABB B&R PVI

SUMMARY ABB became aware of vulnerability in the product versions listed as affected in the advisory. An update is now available that addresses and remediates the vulnerability. An attacker who successfully exploited this vulnerability could read sensitive information in the logging data of the...

Hitachi Energy SuprOS

SUMMARY Hitachi Energy is aware of a vulnerability that affects the SuprOS product versions listed in this document. An attacker successfully exploiting this vulnerability can cause confidentiality, integrity and availability impacts. Please refer to the Recommended Immediate Actions for...

Rockwell Automation Verve Asset Manager

RISK EVALUATION Successful exploitation of these vulnerabilities may allow an attacker to access sensitive information stored in variables within the ADI server. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities,...

ABB B&R Automation Studio

SUMMARY ABB became aware of vulnerability in the product versions listed as affected in the advisory. An update is available that resolves a vulnerability. Successful exploitation of this vulnerability may enable an attacker to masquerade as a trusted party when B&R Automation Studio establishes...

NOAA PMEL Live Access Server (LAS) command injection

RISK EVALUATION Sites running NOAA PMEL Live Access Server LAS are vulnerable to remote code execution via specially crafted requests that include PyFerret expressions. By leveraging a SPAWN command, a remote, unauthenticated attacker can execute arbitrary OS commands. 2. RECOMMENDED PRACTICES...

Rockwell Automation 432ES-IG3 Series A

RISK EVALUATION Successful exploitation of this vulnerability could result in a denial-of-service condition. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network exposure for all control...

Rockwell Automation FactoryTalk DataMosaix Private Cloud

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to perform unauthorized sensitive database operations. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize...

Siemens TeleControl Server Basic

SUMMARY TeleControl Server Basic before V3.1.2.4 contains a local privilege escalation vulnerability that could allow an attacker to run arbitrary code with elevated privileges. Siemens has released a new version for TeleControl Server Basic and recommends to update to the latest version. 2...

WHILL Model C2 Electric Wheelchairs and Model F Power Chairs (Update A)

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker within Bluetooth range to take control over the product. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize...

National Instruments LabView

RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to disclose information and execute arbitrary code. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as: Minimize...

Hitachi Energy AFS, AFR and AFF Series

RISK EVALUATION Successful exploitation of this vulnerability could compromise the integrity of the product data and disrupt its availability. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize...

Johnson Controls iSTAR

RISK EVALUATION Successful exploitation of these vulnerabilities could result in unauthorized access to the device. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as: Minimize network exposure for all...

Grassroots DICOM (GDCM)

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to craft a malicious DICOM file and, if opened, could crash the application resulting in a denial-of-service condition. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the...

Johnson Controls iSTAR Ultra

RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to modify firmware and gain full access to the device. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as: Minimize...

AzeoTech DAQFactory (Update A)

RISK EVALUATION Successful exploitation of these vulnerabilities requires an attacker to upload a malicious .ctl file. This could lead to information disclosure or arbitrary code execution. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of...

Universal Boot Loader (U-Boot) (Update A)

RISK EVALUATION Successful exploitation of this vulnerability could result in arbitrary code execution. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network exposure for all control system...

Siemens Energy Services

SUMMARY Energy Services from Siemens previously known as Managed Applications and Services, sell solutions using Elspec G5 devices that allows a person with physical access to the device to reset the Admin password by inserting a USB drive containing a publicly documented reset string into a USB...

Siemens Building X - Security Manager Edge Controller

SUMMARY Building X - Security Manager Edge Controller ACC-AP devices do not properly check the integrity of firmware updates. This could allow an attacker to upload a maliciously modified firmware onto the device. Siemens is preparing fix versions and recommends specific countermeasures for...

Siemens Interniche IP-Stack

SUMMARY Multiple Industrial products are affected by a vulnerability in the Interniche IP-Stack. The affected products do not properly enforce TCP sequence number validation in specific scenarios but accept values within a broad range. This could allow an unauthenticated remote attacker e.g. to...

Siemens SIMATIC CN 4100

SUMMARY SIMATIC CN 4100 contains multiple vulnerabilities which could potentially lead to a compromise in availability, integrity and confidentiality. Siemens has released a new version for SIMATIC CN 4100 and recommends to update to the latest version. 2. GENERAL RECOMMENDATIONS As a general...