4251 matches found
BullWall Ransomware Containment and Server Intrusion Protection multiple vulnerabilities
RISK EVALUATION BullWall Ransomware Containment and Server Intrusion Protection are products used for ransomware containment. Multiple vulnerabilities were reported that when used individually or in conjunction could allow a remote attacker with valid credentials to log in to a system with...
Mitsubishi Electric GT Designer3
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker obtain plaintext credentials from the project file for GT Designer3, which could result in illegally operating GOT2000 and GOT1000 series devices. 2. RECOMMENDED PRACTICES CISA recommends users take defensive...
Güralp Systems Fortimus Series, Minimus Series, and Certimus Series
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service condition. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network exposure for...
CISA Software Acquisition Guide Supplier Response Web Tool XSS
RISK EVALUATION The CISA Software Acquisition Guide Supplier Response Web Tool before 2025-12-11 was vulnerable to cross-site scripting via text fields. If an attacker could convince a user to import a specially-crafted JSON file, the Tool would load JavaScript from the file into the page. The...
Johnson Controls iSTAR Ultra
RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to modify firmware and gain full access to the device. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as: Minimize...
Varex Imaging Panoramic Dental Imaging Software
RISK EVALUATION Successful exploitation of this vulnerability could allow a standard user to obtain NT Authority/SYSTEM privileges. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network...
Universal Boot Loader (U-Boot) (Update A)
RISK EVALUATION Successful exploitation of this vulnerability could result in arbitrary code execution. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network exposure for all control system...
Siemens SINEC Security Monitor
SUMMARY SINEC Security Monitor before V4.10.0 contains multiple vulnerabilities. Siemens has released a new version for SINEC Security Monitor and recommends to update to the latest version. 2. GENERAL RECOMMENDATIONS As a general security measure, Siemens strongly recommends to protect network...
Siemens Gridscale X Prepay
SUMMARY Gridscale X Prepay contains multiple vulnerabilities that could allow an attacker to enumerate valid user names and to bypass locked-out user sessions. Siemens has released a new version for Gridscale X Prepay and recommends to update to the latest version. 2. GENERAL RECOMMENDATIONS...
Siemens Advanced Licensing (SALT) Toolkit
SUMMARY Multiple Siemens products are affected by improper certificate validation in Siemens Advanced Licensing SALT Toolkit. This could allow an unauthenticated remote attacker to perform man in the middle attacks. Siemens has released new versions for several affected products and recommends...
Sunbird DCIM dcTrack and Power IQ
RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to gain unauthorized access or steal credentials. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as: Minimize...
Mitsubishi Electric GX Works2
RISK EVALUATION Successful exploitation of this vulnerability could open project files protected by user authentication using disclosed credential information, and obtain or modify project information. 2. RECOMMENDED PRACTICES CISA reminds organizations to perform proper impact analysis and risk...
SolisCloud Monitoring Platform
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to access sensitive information by manipulating API requests. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize...
Mirion Medical EC2 Software NMIS BioDose
RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to modify program executables, gain access to sensitive information, gain unauthorized access to the application, and execute arbitrary code. 2. RECOMMENDED PRACTICES CISA recommends users take defensive...
Opto 22 groov View
RISK EVALUATION Successful exploitation of this vulnerability could result in credential exposure, key exposure, and privilege escalation. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network...
Emerson Appleton UPSMON-PRO
RISK EVALUATION Successful exploitation of this vulnerability could allow remote attackers to execute arbitrary code on affected installations of Appleton UPSMON-PRO. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this...
*Rockwell Automation AADvance-Trusted SIS Workstation *
RISK EVALUATION Successful exploitation of this vulnerability may allow remote code execution. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network exposure for all control system devices...
Siemens Spectrum Power 4
RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to remotely execute code as application administrator or locally execute code as operating system administrator. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of...
Brightpick Mission Control / Internal Logic Control (Update A)
RISK EVALUATION Successful exploitation of these vulnerabilities could result in the exposure of sensitive information and the manipulation of critical functions by an attacker. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these...
Siemens Software Center and Solid Edge
SUMMARY Siemens Software Center and Solid Edge is affected by a DLL hijacking vulnerability. This could allow an attacker to execute arbitrary code via placing a crafted DLL file on the system. Siemens has released new versions for the affected products and recommends to update to the latest...
Siemens LOGO! 8 BM Devices
SUMMARY LOGO! 8 BM incl. SIPLUS variants contains multiple vulnerabilities. These could allow an attacker to execute code remotely, put the device into a denial of service state, or change the behavior of the device. Siemens is preparing fix versions and recommends specific countermeasures for...
ELOG multiple vulnerabilities
RISK EVALUATION ELOG the Electronic Logbook package contains multiple vulnerabilities. Regardless of configuration, low-privileged attackers can modify user profiles, escalate privileges, and deny access to ELOG. If the execute facility is specifically enabled with the "-x" command line flag,...
Frontier Airlines website publicly available email address validation
RISK EVALUATION The Frontier Airlines website has a publicly available endpoint that validates if an email addresses is associated with an account. An unauthenticated, remote attacker could determine valid email addresses, possibly aiding in further attacks. 2. RECOMMENDED PRACTICES Use a...
IBM DOORS Next Generation multiple vulnerabilities
RISK EVALUATION IBM Engineering Requirements Management DOORS contains multiple vulnerabilities that require authentication. These vulnerabilities include the ability to cause an application denial of service and JavaScript execution in the victim's browser through stored cross site scripting...
OPEXUS FOIAXpress unauthenticated administrator password reset
RISK EVALUATION OPEXUS FOIAXpress allows a remote, unauthenticated attacker to reset the administrator password and gain full administrative access to a vulnerable system. 2. RECOMMENDED PRACTICES Update to FOIAXpress version 11.13.2.0 or later. 3. DESCRIPTION OPEXUS FOIAXpress allows a remote,...
Rockwell Automation 1715 EtherNet/IP Comms Module
RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to cause the web server to crash, requiring a restart to recover. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such...
Siemens SINEC NMS
SUMMARY SINEC NMS is affected by SQL injection vulnerability that could allow an authenticated low privileged attacker to exploit by inserting malicious data and achieve privilege escalation. Siemens has released a new version for SINEC NMS and recommends to update to the latest version. 2...
Rockwell Automation ThinManager
RISK EVALUATION Successful exploitation of this vulnerability could expose the ThinServer service account NTLM hash. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network exposure for all...
Schneider Electric Altivar Products, ATVdPAC Module, ILC992 InterLink Converter (Update B)
GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. https://www.se.com/us/en/download/document/7EN52-0390/ Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install...
GE Vernova CIMPLICITY
RISK EVALUATION Successful exploitation of this vulnerability could allow a low-privileged local attacker to escalate privileges. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network exposure...
INVT VT-Designer and HMITool
RISK EVALUATION Successful exploitation of these vulnerabilities could allow attackers to execute arbitrary code in the context of the current process. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:...
Rockwell FactoryTalk Linx
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to to create, update, and delete FTLinx drivers. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network...
Siemens SINEC Traffic Analyzer
SUMMARY SINEC Traffic Analyzer before V3.0 is affected by multiple vulnerabilities. Siemens has released a new version for SINEC Traffic Analyzer and recommends to update to the latest version. Siemens is preparing further fix versions and recommends countermeasures for products where fixes are...
Siemens Web Installer
SUMMARY The installers used to install several Siemens products are affected by a DLL hijacking vulnerability. This could allow an attacker to execute arbitrary code when a legitimate user installs an application that uses the affected installer component. This vulnerability poses a risk only...
Siemens SIPROTEC 5
SUMMARY Affected SIPROTEC 5 devices do not properly limit the bandwidth for incoming network packets over their local USB port. This could allow an attacker with physical access to send specially crafted packets with high bandwidth to the affected devices thus forcing them to exhaust their...
Siemens RUGGEDCOM ROX II
SUMMARY RUGGEDCOM ROX II devices does not properly enforce limitations on type and size of files that can be uploaded through their web interface. This could allow an attacker with a legitimate, highly privileged account on the web interface to upload arbitrary files onto the filesystem of the...
Siemens SICAM Q100/Q200
SUMMARY SICAM Q100 and Q200 devices are affected by two information disclosure vulnerabilities that could allow an authenticated local attacker to extract the SMTP account password and use the configured SMTP service for arbitrary purposes. Siemens has released new versions for the affected...
Rockwell Automation Arena
RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to disclose information and execute arbitrary code. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as: Minimize...
Honeywell OneWireless Wireless Device Manager (WDM)
RISK EVALUATION Successful exploitation of these vulnerabilities could result in information exposure, denial of service, or remote code execution. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:...
OPEXUS FOIAXpress Public Access Link (PAL) multiple vulnerabilities
RISK EVALUATION Multiple vulnerabilities could allow unauthenticated attackers to bypass rate-limiting measures for login attempts, or check for the existence of other users. Low-privileged users can modify certain site content without authorization. 2. RECOMMENDED PRACTICES Upgrade to OPEXUS...
Network Thermostat X-Series WiFi Thermostats
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to gain full administrative access to the device. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network...
Leviton AcquiSuite and Energy Monitoring Hub
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to craft a malicious payload in URL parameters that would get executed in a client browser when accessed by a user, steal session tokens and control the service. 2. RECOMMENDED PRACTICES CISA recommends users...
Siemens SINEC NMS
SUMMARY Siemens SINEC NMS before V4.0 is affected by multiple vulnerabilities which could allow an attacker to elevate privilege and exceute arbitrary code. Siemens has released a new version for SINEC NMS and recommends to update to the latest version. Siemens is preparing further fix versions...
ABB RMC-100 (Update A)
RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to gain unauthenticated access to the MQTT configuration data, cause a denial-of-service condition on the MQTT configuration web server REST interface, or decrypt encrypted MQTT broker credentials. 2...
Hitachi Energy MSM
SUMMARY Hitachi Energy is aware of the vulnerability CVE-2020-11022 that affects MSM versions as listed below. If an attacker successfully exploits this vulnerability, it could impact the confidentiality, integrity or availability of MSM. Please consult the Recommended Immediate Actions Section...
Kaleris Navis N4 Terminal Operating System
RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to remotely exploit the operating system, achieve remote code execution, or extract sensitive information. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of...
Delta Electronics CNCSoft
RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute code within the context of the current process. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. CISA reminds...
Parsons AccuWeather widget
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to insert a malicious link that users might access through the RSS feed. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such...
Schneider Electric EVLink WallBox (Update A)
GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. Passwords should include upper case, lower case, number and special characters, a length of 20 characters is ideal. A default Admin password must be changed immediately when first received...
Schneider Electric Modicon Controllers (Update A)
GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. https://www.se.com/us/en/download/document/7EN52-0390/ Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install...