4251 matches found
Siemens SINAMICS Drives
SUMMARY Siemens SINAMICS G220, SINAMICS S210, and SINAMICS S200 contains a privilege escalation vulnerability that could allow users to escalate their privileges. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing...
Siemens User Management Component (UMC)
SUMMARY Siemens' User Management Component UMC is affected by multiple vulnerabilities that could allow an unauthenticated remote attacker to execute arbitrary code or to cause a denial of service condition. Siemens has released a new version for User Management Component UMC and recommends to...
Siemens SIMATIC Virtualization as a Service (SIVaaS)
SUMMARY SIMATIC Virtualization as a Service SIVaaS is affected by a vulnerability which exposes a network share without any authentication. This could allow an attacker to access or alter sensitive data without proper authorization. Siemens recommends to contact technical support to fix the...
Fuji Electric FRENIC-Loader 4
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network exposure for all control...
Delta Electronics CNCSoft-G2
RISK EVALUATION Successful exploitation of this vulnerability could allow attackers to execute arbitrary code on affected installations of the device. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. CISA reminds...
Mitsubishi Electric MELSEC iQ-F Series CPU Module
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker the ability to obtain credential information by intercepting SLMP communication messages, and read or write the device values of the product by using the obtained credential information. In addition, the...
Agiloft multiple vulnerabilities
RISK EVALUATION Agiloft is a web-based contract management platform. Multiple vulnerabilities were found in Agiloft that could allow an attacker to gain administrative access to Agiloft, execute operating system commands, or modify update packages. 2. RECOMMENDED PRACTICES These issues have been...
Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module (Update A)
RISK EVALUATION Successful exploitation of this vulnerability could result in a remote attacker being able to delay the processing of the Web server function and prevent legitimate users from utilizing the Web server function by sending a specially crafted HTTP request. 2. RECOMMENDED PRACTICES...
Rockwell Automation 1756-EN4TR, 1756-EN4TRXT (Update B)
RISK EVALUATION Successful exploitation of these vulnerabilities could result in an attacker causing a denial of service condition. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as: Minimize network...
Schneider Electric Modicon M340 Controller and Communication Modules (Update A)
GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. https://www.se.com/us/en/download/document/7EN52-0390/ Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install...
Siemens SIMATIC RTLS Locating Manager
SUMMARY SIMATIC RTLS Locating Manager Before V3.2 contains an improper input validation vulnerability that could allow an authenticated remote attacker to execute arbitrary code with high privileges. Siemens has released a new version for SIMATIC RTLS Locating Manager and recommends to update to...
Siemens WIBU CodeMeter Runtime
SUMMARY WIBU Systems published information about a privilege escalation vulnerability under a certain circumstances and associated fix releases of CodeMeter Runtime, a product provided by WIBU Systems and used in several Siemens industrial products. Siemens has released new versions for affected...
Siemens Engineering Platforms
SUMMARY Affected products do not properly restrict access permissions to a local Windows Named Pipe and do not properly sanitize user-controllable input sent to that Named Pipe. This could allow a local authenticated attacker to cause a type confusion and execute arbitrary code within the...
Siemens SIMATIC S7-PLCSIM
SUMMARY Affected products do not properly sanitize user-controllable input when parsing project files. This could allow an attacker to cause a type confusion and execute arbitrary code within the affected application. Siemens has released new versions for several affected products and recommends...
Siemens SINUMERIK
SUMMARY Siemens SINUMERIK Controllers are affected by an improper VNC password check vulnerability. Siemens has released new versions for the affected products and recommends to update to the latest versions. 2. GENERAL RECOMMENDATIONS As a general security measure, Siemens strongly recommends...
Siemens COMOS
SUMMARY COMOS before V10.6 is affected by a local arbitrary code execution vulnerability in the integrated Open Design Alliance Drawings SDK. Siemens has released a new version for COMOS and recommends to update to the latest version. 2. GENERAL RECOMMENDATIONS As a general security measure,...
Siemens RUGGEDCOM APE1808
SUMMARY Nozomi Networks has published information on vulnerabilities in Nozomi Guardian/CMC. This advisory lists the related Siemens Industrial products affected by these vulnerabilities. Siemens is preparing fix versions and recommends countermeasures for products where fixes are not, or not...
EG4 Electronics EG4 Inverters (Update B)
RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to intercept and manipulate critical data, install malicious firmware, hijack device access, and gain unauthorized control over the system. 2. RECOMMENDED PRACTICES CISA recommends users take defensive...
Samsung HVAC DMS
RISK EVALUATION Successful exploitation of these vulnerabilities can lead to unauthenticated remote code execution. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as: Minimize network exposure for all...
DuraComm DP-10iN-100-MU
RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to disclose sensitive information or cause a denial-of-service condition. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities,...
Delta Electronics DTM Soft
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to encrypt files referencing the application in order to extract information. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability,...
Siemens Solid Edge
SUMMARY Solid Edge is affected by multiple file parsing vulnerabilities that could be triggered when the application reads specially crafted files in various formats such as PAR or CFG format. This could allow an attacker to crash the application or execute arbitrary code. Siemens has released a...
Siemens TIA Administrator
SUMMARY Siemens TIA Administrator before V3.0.6 contains multiple vulnerabilities which could allow an attacker to escalate privilege or exceute arbitrary code during installations. Siemens has released a new version for TIA Administrator and recommends to update to the latest version. 2...
Siemens RUGGEDCOM ROS Devices
SUMMARY Multiple vulnerabilities affect the RUGGEDCOM Operating System ROS. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends countermeasures for products where fixes are not,...
Hitachi Energy MicroSCADA X SYS600
RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to tamper with the system file, overwrite files, create a denial-of-service condition, or leak file content. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of...
Hitachi Energy Relion 670/650 and SAM600-IO Series (Update A)
SUMMARY Hitachi Energy is aware of a vulnerability that affects the Relion 670/650 and SAM600-IO series IED device versions that are listed in this document. An authenticated attacker successfully exploiting this vulnerability via FTP access can cause the device to reboot due to improper disk...
Fuji Electric Smart Editor
RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as: Minimize network exposure for all...
Siemens Desigo
SUMMARY Desigo CC deployments that use Installed Client are impacted by an information disclosure vulnerability which could result in information leak from the Desigo CC server. The other Desigo CC client options, Windows App Client and Flex Client, are not affected by this vulnerability...
Siemens Solid Edge
SUMMARY Solid Edge is affected by an out of bounds write vulnerability that could be triggered when the application is parsing XT data or a specially crafted file in XT format. If a user is tricked to open a malicious file with the affected applications, an attacker could leverage the...
Siemens Industrial Edge Device Kit
SUMMARY Industrial Edge Device Kit contains a weak authentication vulnerability that could facilitate an unauthenticated remote attacker to circumvent authentication and impersonate a legitimate user. Industrial Edge Device Builders integrate Industrial Edge Device Kit into their offerings...
SMA Sunny Portal
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to upload and remotely execute code. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network exposure for all...
Siemens SIPROTEC 5
SUMMARY Affected SIPROTEC 5 devices contain a development shell which is accessible via a physical interface which is not properly restricted. This could allow an unauthenticated attacker with physical access to an affected device to execute arbitrary commands on the device. Siemens has released...
Siemens SIMATIC
SUMMARY The webserver of several SIMATIC products is affected by a user enumeration vulnerability that could allow an unauthenticated remote attacker to identify valid usernames. Siemens has released new versions for several affected products and recommends to update to the latest versions...
Siemens OpenV2G
SUMMARY The open source software OpenV2G contains a buffer overflow vulnerability that could allow an attacker to trigger a memory corruption. Siemens has released an update for the OpenV2G and recommends to update to the latest version. 2. GENERAL RECOMMENDATIONS As a general security measure,...
New Rock Technologies Cloud Connected Devices
RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker full control of the device. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as: Minimize network exposure for all...
Fuji Electric Alpha5 SMART
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network exposure for all control...
Schneider Electric EcoStruxure Power Monitoring Expert (PME) (Update A)
RISK EVALUATION Successful exploitation of this vulnerability could cause a denial-of-service of the product when an unauthenticated user sends a crafted HTTPS packet to the webserver. 2. RECOMMENDED PRACTICES CISA reminds organizations to perform proper impact analysis and risk assessment prior...
Schneider Electric RemoteConnect and SCADAPack x70 Utilities (Update A)
RISK EVALUATION Successful exploitation of this vulnerability could lead to loss of confidentiality, integrity and potential remote code execution on workstation when a non-admin authenticated user opens a malicious project file. 2. RECOMMENDED PRACTICES CISA recommends users take defensive...
Schneider Electric Pro-face GP-Pro EX and Remote HMI (Update A)
RISK EVALUATION Successful exploitation of this vulnerability could allow man-in-the-middle attacks which could result in information disclosure, integrity issues and operational failures. 2. RECOMMENDED PRACTICES CISA reminds organizations to perform proper impact analysis and risk assessment...
Tibbo AggreGate Network Manager
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to achieve code execution on the affected device. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network...
Hitachi Energy TropOS Devices Series 1400/2400/6400
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service condition. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network exposure for...
Schneider Electric Modicon
GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. https://www.se.com/us/en/download/document/7EN52-0390/ Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install...
Siemens Siemens Engineering Platforms
SUMMARY Affected products do not properly sanitize user-controllable input when parsing files. This could allow an attacker to cause a type confusion and execute arbitrary code within the affected application. Siemens is preparing fix versions and recommends countermeasures for products where...
mySCADA myPRO Manager
RISK EVALUATION Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands or disclose sensitive information. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such...
Rockwell Automation FactoryTalk Updater (Update A)
RISK EVALUATION Successful exploitation of these vulnerabilities could result in an authentication bypass, remote code execution, and/or a local privilege escalation 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these...
Subnet Solutions PowerSYSTEM Center
RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to cause an integer overflow on the affected device. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as: Minimize...
Siemens Automation License Manager
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
Schneider Electric Modicon M340, BMXNOE0100, and BMXNOE0110 (Update A)
GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. https://www.se.com/us/en/download/document/7EN52-0390/ Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install...
Traffic Alert and Collision Avoidance System (TCAS) II
RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to manipulate safety systems and cause a denial-of-service condition. 2. VULNERABILITY SUMMARY By utilizing software-defined radios and a custom low-latency processing pipeline, RF signals with spoofed...
Festo Firmware
SUMMARY Incomplete Festo product documentation of remote accessible functions and their required IP ports. Depending on the product a description of the supported features can be found in the product documentation to some extent. Update A, 2022-12-13 Added affected device "Bus module CPX-E-PN,...