4255 matches found
Hitachi Energy Asset Suite (Update A)
RISK EVALUATION Successful exploitation of this vulnerability could result in the manipulation of content or the injection of data with the potential of carrying out further malicious attacks. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of...
National Instruments Circuit Design Suite
RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to cause memory corruption, potentially leading to information disclosure and execution of arbitrary code. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of...
LG Innotek Camera Multiple Models
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to gain administrative access to the device. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network exposure...
Dingtian DT-R002
RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to retrieve credentials without authentication. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as: Minimize network...
Viessmann Vitogate 300
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to modify an intended OS command when it is sent to a downstream component, or allow an attacker to cause unexpected interactions between the client and server. 2. RECOMMENDED PRACTICES CISA recommends users...
psPAS does not enforce TLS 1.2 within Get-PASSAMLResponse
RISK EVALUATION psPAS is a PowerShell module for the CyberArk API. psPAS does not explicitly enforce TLS 1.2 when using the 'Get-PASSAMLResponse' function. An unauthenticated attacker in a 'Man-in-the-Middle' position could manipulate the TLS handshake and downgrade TLS to a deprecated protocol...
Daikin Europe N.V Security Gateway
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to gain unauthorized access to the system. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network exposure...
OPEXUS FOIAXpress Public Access Link (PAL) SQL injection
RISK EVALUATION Successful exploitation could allow a remote, unauthenticated attacker to read, write, or delete any content in the underlying database. 2. RECOMMENDED PRACTICES Upgrade to FOIAXpress PAL version 11.13.1.0. 3. DESCRIPTION OPEXUS FOIAXpress Public Access Link PAL before version...
Rockwell Automation ControlLogix 5580
RISK EVALUATION Successful exploitation of this vulnerability could result in a major nonrecoverable fault on the controller. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network exposure for...
Rockwell Automation Analytics LogixAI
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to access sensitive information. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network exposure for all...
Rockwell Automation Stratix IOS
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to run malicious configurations without authentication. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize...
Siemens Industrial Edge Management
SUMMARY Industrial Edge Management is affected by a vulnerability that could allow a remote attacker to cause a denial of service condition. Siemens recommends specific countermeasures for products where fixes are not, or not yet available. 2. GENERAL RECOMMENDATIONS As a general security...
Siemens SINAMICS Drives
SUMMARY Siemens SINAMICS G220, SINAMICS S210, and SINAMICS S200 contains a privilege escalation vulnerability that could allow users to escalate their privileges. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing...
Siemens SIMATIC Virtualization as a Service (SIVaaS)
SUMMARY SIMATIC Virtualization as a Service SIVaaS is affected by a vulnerability which exposes a network share without any authentication. This could allow an attacker to access or alter sensitive data without proper authorization. Siemens recommends to contact technical support to fix the...
Siemens User Management Component (UMC)
SUMMARY Siemens' User Management Component UMC is affected by multiple vulnerabilities that could allow an unauthenticated remote attacker to execute arbitrary code or to cause a denial of service condition. Siemens has released a new version for User Management Component UMC and recommends to...
Fuji Electric FRENIC-Loader 4
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network exposure for all control...
Mitsubishi Electric MELSEC iQ-F Series CPU Module
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker the ability to obtain credential information by intercepting SLMP communication messages, and read or write the device values of the product by using the obtained credential information. In addition, the...
Delta Electronics CNCSoft-G2
RISK EVALUATION Successful exploitation of this vulnerability could allow attackers to execute arbitrary code on affected installations of the device. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. CISA reminds...
Agiloft multiple vulnerabilities
RISK EVALUATION Agiloft is a web-based contract management platform. Multiple vulnerabilities were found in Agiloft that could allow an attacker to gain administrative access to Agiloft, execute operating system commands, or modify update packages. 2. RECOMMENDED PRACTICES These issues have been...
FUJIFILM Healthcare Americas Synapse Mobility
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to access information beyond their assigned roles. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network...
Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module (Update A)
RISK EVALUATION Successful exploitation of this vulnerability could result in a remote attacker being able to delay the processing of the Web server function and prevent legitimate users from utilizing the Web server function by sending a specially crafted HTTP request. 2. RECOMMENDED PRACTICES...
Rockwell Automation ArmorBlock 5000 I/O - Webserver
RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to predict session numbers or perform privileged actions. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:...
Schneider Electric Modicon M340 Controller and Communication Modules (Update A)
GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. https://www.se.com/us/en/download/document/7EN52-0390/ Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install...
Schneider Electric SESU
GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. https://www.se.com/us/en/download/document/7EN52-0390/ Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install...
Siemens SIMATIC S7-PLCSIM
SUMMARY Affected products do not properly sanitize user-controllable input when parsing project files. This could allow an attacker to cause a type confusion and execute arbitrary code within the affected application. Siemens has released new versions for several affected products and recommends...
Siemens WIBU CodeMeter Runtime
SUMMARY WIBU Systems published information about a privilege escalation vulnerability under a certain circumstances and associated fix releases of CodeMeter Runtime, a product provided by WIBU Systems and used in several Siemens industrial products. Siemens has released new versions for affected...
Siemens Engineering Platforms
SUMMARY Affected products do not properly restrict access permissions to a local Windows Named Pipe and do not properly sanitize user-controllable input sent to that Named Pipe. This could allow a local authenticated attacker to cause a type confusion and execute arbitrary code within the...
Siemens SINUMERIK
SUMMARY Siemens SINUMERIK Controllers are affected by an improper VNC password check vulnerability. Siemens has released new versions for the affected products and recommends to update to the latest versions. 2. GENERAL RECOMMENDATIONS As a general security measure, Siemens strongly recommends...
Siemens SIMATIC RTLS Locating Manager
SUMMARY SIMATIC RTLS Locating Manager Before V3.2 contains an improper input validation vulnerability that could allow an authenticated remote attacker to execute arbitrary code with high privileges. Siemens has released a new version for SIMATIC RTLS Locating Manager and recommends to update to...
Siemens COMOS
SUMMARY COMOS before V10.6 is affected by a local arbitrary code execution vulnerability in the integrated Open Design Alliance Drawings SDK. Siemens has released a new version for COMOS and recommends to update to the latest version. 2. GENERAL RECOMMENDATIONS As a general security measure,...
EG4 Electronics EG4 Inverters (Update B)
RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to intercept and manipulate critical data, install malicious firmware, hijack device access, and gain unauthorized control over the system. 2. RECOMMENDED PRACTICES CISA recommends users take defensive...
Samsung HVAC DMS
RISK EVALUATION Successful exploitation of these vulnerabilities can lead to unauthenticated remote code execution. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as: Minimize network exposure for all...
DuraComm DP-10iN-100-MU
RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to disclose sensitive information or cause a denial-of-service condition. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities,...
Siemens RUGGEDCOM ROS Devices
SUMMARY Multiple vulnerabilities affect the RUGGEDCOM Operating System ROS. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends countermeasures for products where fixes are not,...
Siemens Solid Edge
SUMMARY Solid Edge is affected by multiple file parsing vulnerabilities that could be triggered when the application reads specially crafted files in various formats such as PAR or CFG format. This could allow an attacker to crash the application or execute arbitrary code. Siemens has released a...
Hitachi Energy MicroSCADA X SYS600
RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to tamper with the system file, overwrite files, create a denial-of-service condition, or leak file content. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of...
Fuji Electric Smart Editor
RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as: Minimize network exposure for all...
Siemens Desigo
SUMMARY Desigo CC deployments that use Installed Client are impacted by an information disclosure vulnerability which could result in information leak from the Desigo CC server. The other Desigo CC client options, Windows App Client and Flex Client, are not affected by this vulnerability...
Siemens Industrial Edge Device Kit
SUMMARY Industrial Edge Device Kit contains a weak authentication vulnerability that could facilitate an unauthenticated remote attacker to circumvent authentication and impersonate a legitimate user. Industrial Edge Device Builders integrate Industrial Edge Device Kit into their offerings...
Siemens Solid Edge
SUMMARY Solid Edge is affected by an out of bounds write vulnerability that could be triggered when the application is parsing XT data or a specially crafted file in XT format. If a user is tricked to open a malicious file with the affected applications, an attacker could leverage the...
SMA Sunny Portal
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to upload and remotely execute code. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network exposure for all...
Siemens OpenV2G
SUMMARY The open source software OpenV2G contains a buffer overflow vulnerability that could allow an attacker to trigger a memory corruption. Siemens has released an update for the OpenV2G and recommends to update to the latest version. 2. GENERAL RECOMMENDATIONS As a general security measure,...
Siemens SIMATIC
SUMMARY The webserver of several SIMATIC products is affected by a user enumeration vulnerability that could allow an unauthenticated remote attacker to identify valid usernames. Siemens has released new versions for several affected products and recommends to update to the latest versions...
Siemens SIPROTEC 5 Devices
SUMMARY An information disclosure vulnerability in SIPROTEC 5 devices could allow an unauthenticated, remote attacker to retrieve sensitive information of the device. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is...
Siemens SIPROTEC 5
SUMMARY Affected SIPROTEC 5 devices contain a development shell which is accessible via a physical interface which is not properly restricted. This could allow an unauthenticated attacker with physical access to an affected device to execute arbitrary commands on the device. Siemens has released...
New Rock Technologies Cloud Connected Devices
RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker full control of the device. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as: Minimize network exposure for all...
Fuji Electric Alpha5 SMART
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network exposure for all control...
Schneider Electric EcoStruxure Power Monitoring Expert (PME) (Update A)
RISK EVALUATION Successful exploitation of this vulnerability could cause a denial-of-service of the product when an unauthenticated user sends a crafted HTTPS packet to the webserver. 2. RECOMMENDED PRACTICES CISA reminds organizations to perform proper impact analysis and risk assessment prior...
Schneider Electric RemoteConnect and SCADAPack x70 Utilities (Update A)
RISK EVALUATION Successful exploitation of this vulnerability could lead to loss of confidentiality, integrity and potential remote code execution on workstation when a non-admin authenticated user opens a malicious project file. 2. RECOMMENDED PRACTICES CISA recommends users take defensive...
Schneider Electric Pro-face GP-Pro EX and Remote HMI (Update A)
RISK EVALUATION Successful exploitation of this vulnerability could allow man-in-the-middle attacks which could result in information disclosure, integrity issues and operational failures. 2. RECOMMENDED PRACTICES CISA reminds organizations to perform proper impact analysis and risk assessment...