Lucene search
K
IcsMost viewed

4251 matches found

ICS
ICS
added 2025/05/13 12:0 a.m.5 views

Siemens SIMATIC PCS

SUMMARY Affected products do not correctly invalidate user sessions upon user logout. This could allow a remote unauthenticated attacker, who has obtained the session token by other means, to re-use a legitimate user's session even after logout. Siemens has released new versions for the affected...

9.8CVSS7.1AI score0.00374EPSS
Exploits0References10
ICS
ICS
added 2025/04/08 12:0 a.m.5 views

Siemens Industrial Edge Devices

SUMMARY Siemens Industrial Edge Devices contain a weak authentication vulnerability that could facilitate an unauthenticated remote attacker to circumvent authentication and impersonate a legitimate user. Siemens has released new versions for several affected products and recommends to update to...

9.8CVSS7.3AI score0.00744EPSS
Exploits0References10
ICS
ICS
added 2025/02/11 12:0 a.m.5 views

Siemens SIPROTEC 5 Devices

SUMMARY An information disclosure vulnerability in SIPROTEC 5 devices could allow an unauthenticated, remote attacker to retrieve sensitive information of the device. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is...

8.7CVSS7AI score0.00563EPSS
Exploits0References10
ICS
ICS
added 2025/02/11 12:0 a.m.5 views

Siemens SIPROTEC 5

SUMMARY Affected SIPROTEC 5 devices do not encrypt certain data within the on-board flash storage on their PCB. This could allow an attacker with physical access to read the sensitive information from the filesystem of the device. Siemens is preparing fix versions and recommends specific...

5.1CVSS6.7AI score0.0016EPSS
Exploits0References10
ICS
ICS
added 2025/02/11 12:0 a.m.5 views

Siemens Apogee PXC100 Devices

SUMMARY Apogee PXC and Talon TC contain a vulnerability that could allow an attacker to perform a denial of service using a out-of-bounds read forcing the device to enter a cold state and a vulnerability that would allow an attacker to decrypt the passwords of the device. Siemens recommends...

7.4AI score
Exploits0References10
ICS
ICS
added 2025/01/28 7:0 a.m.5 views

Schneider Electric Power Logic

RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to modify data or cause a denial-of-service condition on web interface functionality. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these...

8.8CVSS7.3AI score0.00539EPSS
Exploits0References10
ICS
ICS
added 2025/01/28 7:0 a.m.5 views

Rockwell Automation DataMosaix Private Cloud

RISK EVALUATION Successful exploitation of these vulnerabilities could overwrite reports, including user projects. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as: Minimize network exposure for all...

7CVSS8.6AI score0.00376EPSS
Exploits0References10
ICS
ICS
added 2025/01/15 3:30 a.m.5 views

B&R Automation Runtime

SUMMARY An update is available that resolves a privately reported vulnerability in the product versions listed as affected in this advisory. An attacker who successfully exploited this vulnerability may masquerade as services on affected devices. 2. WORKAROUNDS The mechanism of creating self...

8.2CVSS6.7AI score0.00325EPSS
Exploits0References10
ICS
ICS
added 2025/01/09 7:0 a.m.5 views

Delta Electronics DRASimuCAD (Update A)

RISK EVALUATION Successful exploitation of these vulnerabilities could crash the device or potentially allow remote code execution. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. CISA reminds organizations to...

7.8CVSS7.4AI score0.00351EPSS
Exploits0References10
ICS
ICS
added 2024/12/10 12:0 a.m.5 views

Siemens Simcenter Femap

SUMMARY Simcenter Femap contains multiple memory corruption vulnerabilities that could be triggered when the application reads files in BDF file formats. If a user is tricked to open a malicious file with any of the affected products, this could lead the application to crash or potentially lead...

8.2AI score
Exploits0References10
ICS
ICS
added 2024/12/10 12:0 a.m.5 views

Siemens RUGGEDCOM ROX II 

SUMMARY The CLI feature in the web interface of RUGGEDCOM ROX II devices is vulnerable to cross-site request forgery CSRF, which could allow an attacker to perform administrative actions if an authenticated user is tricked into accessing a malicious link. Siemens has released new versions for...

8.8CVSS6.9AI score0.00204EPSS
Exploits0References10
ICS
ICS
added 2024/12/10 12:0 a.m.5 views

Siemens SENTRON Powercenter 1000

SUMMARY SENTRON Powercenter devices are affected by a denial of service vulnerability that can be triggered during BLE Bluetooth Low Energy pairing. Siemens is preparing fix versions and recommends specific countermeasures for products where fixes are not, or not yet available. 2. GENERAL...

6.5CVSS6.7AI score0.00189EPSS
Exploits0References10
ICS
ICS
added 2024/11/12 12:0 a.m.5 views

Siemens Engineering Platforms

SUMMARY Affected products do not properly sanitize user-controllable input when parsing files. This could allow an attacker to cause a type confusion and execute arbitrary code within the affected application. Siemens has released new versions for several affected products and recommends to...

7.3CVSS7.8AI score0.00219EPSS
Exploits0References10
ICS
ICS
added 2024/09/09 7:0 a.m.5 views

FESTO Didactic CP, MPS 200, and MPS 400 Firmware

GENERAL RECOMMENDATIONS As part of a security strategy, Festo recommends the following general defense measures to reduce the risk of exploits: - Use controllers and devices only in a protected environment to minimize network exposure and ensure that they are not accessible from outside. - Use...

9.8CVSS9.9AI score0.05184EPSS
Exploits0References12
ICS
ICS
added 2023/10/17 6:0 a.m.5 views

Festo Didactic products

SUMMARY A vulnerability was reported in Siemens TIA Portal. TIA Portal is part of the installation packages of several Festo Didactic products. TP 260 before June 2023 and MES PC based on DELL XE3 contain a vulnerable versions of TIA Portal V15 to V18. Affected products of TIA Portal contain a...

7.8CVSS7.2AI score0.00249EPSS
Exploits0References12
ICS
ICS
added 2023/09/05 10:0 a.m.5 views

Festo MSE6-C2M/D2M/E2M

SUMMARY Incomplete user documentation of undocumented, authenticated test mode and further remote accessible functions. The supported features may be covered only partly by the corresponding user documentation. Festo developed the products according to the respective state of the art. As a...

8.8CVSS6.4AI score0.00504EPSS
Exploits0References12
ICS
ICS
added 2023/06/27 12:0 a.m.6 views

Hitachi Energy GMS600

SUMMARY Hitachi Energy is aware of the vulnerability, CVE-2022-4304 in the OSS component OpenSSL, that affects the GMS600 versions that are listed below. An attacker successfully exploiting this vulnerability could send trial messages to the server and record the time taken to process them...

5.9CVSS6.1AI score0.16195EPSS
Exploits0References9
ICS
ICS
added 2023/06/27 12:0 a.m.5 views

Hitachi Energy Relion 670, 650, SAM600-IO Series (Update A)

SUMMARY Hitachi Energy is aware of the vulnerability CVE-2022-4304 in the OSS component OpenSSL, that affects the Relion 670, 650, SAM600-IO versions that are listed below. An attacker successfully exploiting this vulnerability could send trial messages to the server and record the time taken to...

5.9CVSS7.1AI score0.16195EPSS
Exploits0References9
ICS
ICS
added 2022/07/06 7:0 a.m.5 views

FESTO Hardware Controller, Hardware Servo Press Kit

SUMMARY The Festo controller CECC-X-M1 product family in multiple versions are affected by a preauthentication command injection vulnerability. Update A, 2022-07-05 Remediation has been updated. Fixed firmwares are now available. 2. IMPACT Any person who is able to gain access to the webserver...

10AI score
Exploits0References12
ICS
ICS
added 5 days ago4 views

Superior Court of California Hearing Reminder Service unauthenticated information disclosure

RISK EVALUATION The Hearing Reminder Service for the Superior Court of California at https://www.hrs.courts.ca.gov exposes an API endpoint that returns sensitive court reminder records without authentication. 2. RECOMMENDED PRACTICES Fixed April 28th, 2026. 3. DESCRIPTION The Superior Court of...

6.9CVSS6.1AI score0.00272EPSS
Exploits0References1
ICS
ICS
added 2026/06/30 12:0 a.m.4 views

Hitachi Energy PROMOD V

SUMMARY Hitachi Energy is aware of insecure HTTP transmission vulnerability in PROMOD V product versions listed in this document. This vulnerability could allow attackers to intercept or manipulate sensitive data in transit, potentially leading to credential theft, session hijacking, or...

7CVSS6AI score0.00347EPSS
Exploits0References10
ICS
ICS
added 2026/02/24 12:0 a.m.4 views

Hitachi Energy Ellipse

SUMMARY Hitachi Energy is aware of a Jasper Report vulnerability that affects the Ellipse product versions mentioned in this document below. This vulnerability can be exploited to carry out remote code execution RCE attack on the product. Please refer to the Recommended Immediate Actions for...

9.8CVSS7.8AI score0.00876EPSS
Exploits0References9
ICS
ICS
added 2026/02/10 12:0 a.m.4 views

Siemens Solid Edge

SUMMARY Solid Edge uses PS/IGES Parasolid Translator Component that contains an out of bounds read that could be triggered when the application reads files in IGS file formats. If a user is tricked to open a malicious file with any of the affected products, this could lead the application to...

7.8CVSS6.1AI score0.00181EPSS
Exploits0References10
ICS
ICS
added 2026/01/13 8:0 a.m.4 views

Schneider Electric Zigbee Products

GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. https://www.se.com/us/en/download/document/7EN52-0390/ Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install...

6AI score
Exploits0References11
ICS
ICS
added 2025/12/10 4:46 p.m.4 views

Windscribe for Linux 'changeMTU' local privilege escalation

RISK EVALUATION A command injection vulnerability exists in Windscribe for Linux Desktop App that allows a local user who is a member of the windscribe group to execute arbitrary commands as root via the 'adapterName' parameter of the 'changeMTU' function. Fixed in Windscribe v2.18.3-alpha and...

7.8CVSS7.8AI score0.01137EPSS
Exploits1References1
ICS
ICS
added 2025/11/18 7:0 a.m.4 views

Shelly Pro 3EM

RISK EVALUATION Successful exploitation of this vulnerability could result in a denial-of-service condition. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network exposure for all control...

8.3CVSS6.8AI score0.00163EPSS
Exploits0References11
ICS
ICS
added 2025/09/30 12:50 p.m.4 views

Hitachi Energy MACH GWS

SUMMARY Hitachi Energy is aware of these vulnerabilities that affect the MACH GWS product versions listed in this document. An attacker successfully exploiting these vulnerabilities can cause confidentiality, integrity and availability impacts. Please refer to the Recommended Immediate Actions...

6.7AI score
Exploits0References9
ICS
ICS
added 2025/09/23 6:0 a.m.4 views

AutomationDirect CLICK PLUS

RISK EVALUATION Successful exploitation of these vulnerabilities disclose sensitive information, modify device settings, escalate privileges, or cause a denial-of-service condition on the affected device. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk...

6.7AI score
Exploits0References13
ICS
ICS
added 2025/09/18 6:0 a.m.4 views

Westermo Network Technologies WeOS 5

RISK EVALUATION Successful exploitation of this vulnerability could cause the device to reboot. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network exposure for all control system devices...

5.9CVSS6.7AI score0.00302EPSS
Exploits0References10
ICS
ICS
added 2025/09/16 6:0 a.m.4 views

Siemens SIMATIC NET CP, SINEMA and SCALANCE

RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to cause a denial-of-service DoS condition in the affected devices by exploiting integer overflow bugs. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of...

7.7AI score
Exploits0References10
ICS
ICS
added 2025/09/16 6:0 a.m.4 views

Hitachi Energy RTU500 series

RISK EVALUATION Successful exploitation of these vulnerabilities could cause a Denial-of-Service condition in RTU500 devices. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as: Minimize network exposure...

7.3AI score
Exploits0References10
ICS
ICS
added 2025/08/12 4:0 a.m.4 views

Schneider Electric SESU

GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. https://www.se.com/us/en/download/document/7EN52-0390/ Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install...

7.3CVSS6.9AI score0.00198EPSS
Exploits0References11
ICS
ICS
added 2025/08/12 4:0 a.m.4 views

Schneider Electric Saitel DR & Saitel DP Remote Terminal Unit

GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. https://www.se.com/us/en/download/document/7EN52-0390/ Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install...

8.4CVSS7.9AI score0.00179EPSS
Exploits0References11
ICS
ICS
added 2025/08/07 6:0 a.m.4 views

Burk Technology ARC Solo

RISK EVALUATION Successful exploitation of this vulnerability could result in an attacker gaining access to the device, locking out authorized users, or disrupting operations. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this...

9.8CVSS7.6AI score0.00928EPSS
Exploits0References10
ICS
ICS
added 2025/07/31 6:0 a.m.4 views

Rockwell Automation Lifecycle Services with VMware

RISK EVALUATION Successful exploitation of these vulnerabilities could lead to code execution on the host or leakage of memory from processes communicating with vSockets. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these...

7.8AI score
Exploits0References10
ICS
ICS
added 2025/07/29 6:0 a.m.4 views

National Instruments LabVIEW

RISK EVALUATION Successful exploitation of these vulnerabilities could lead to the execution of arbitrary code on affected installations of LabVIEW, which could result in invalid memory reads. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of...

8AI score
Exploits0References10
ICS
ICS
added 2025/07/29 6:0 a.m.4 views

Delta Electronics DTN Soft

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to use a specially crafted project file to execute arbitrary code. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:...

7.8CVSS7.8AI score0.0026EPSS
Exploits0References10
ICS
ICS
added 2025/06/20 12:0 a.m.4 views

ClamAV

RISK EVALUATION ClamAV is an open source antivirus maintained by Cisco. A heap-based buffer overflow vulnerability in the PDF scanning process of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service or possibly execute arbitrary code. 2. RECOMMENDED PRACTICES...

9.8CVSS10AI score0.01535EPSS
Exploits0References1
ICS
ICS
added 2025/06/17 6:0 a.m.4 views

LS Electric GMWin 4

RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to disclose information or execute arbitrary code. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as: Minimize...

7.2AI score
Exploits0References10
ICS
ICS
added 2025/06/10 12:0 a.m.4 views

Siemens Tecnomatix Plant Simulation

SUMMARY Siemens Tecnomatix Plant Simulation contains a out-of-bound read vulnerability that could be triggered when the application reads files in WRL format. If a user is tricked to open a malicious file with any of the affected products, this could lead the application to crash or potentially...

7.8CVSS8AI score0.00152EPSS
Exploits0References10
ICS
ICS
added 2025/02/04 7:0 a.m.4 views

AutomationDirect C-more EA9 HMI

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service condition or achieve remote code execution on the affected device. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of...

9.8CVSS7.7AI score0.00875EPSS
Exploits0References10
ICS
ICS
added 2025/01/16 12:0 a.m.4 views

TrueFiling authorization bypass via user-controlled keys

RISK EVALUATION TrueFiling trusts some client-controlled identifiers passed in URL requests to retrieve information. Platform users must self-register for an account, and once authenticated, could manipulate those identifiers to gain partial access to case information and the ability to...

6.3CVSS6.6AI score0.00317EPSS
Exploits0References1
ICS
ICS
added 2025/01/14 7:0 a.m.4 views

Belledonne Communications Linphone-Desktop

RISK EVALUATION Successful exploitation of this vulnerability could could result in a remote attacker causing a denial-of-service condition on the affected devices. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability,...

8.7CVSS7AI score0.00468EPSS
Exploits0References10
ICS
ICS
added 2025/01/14 12:0 a.m.4 views

Siemens Mendix LDAP

SUMMARY The Mendix LDAP module is affected by an LDAP injection vulnerability that could allow an unauthenticated remote attacker to bypass username verification. Siemens has released a new version for Mendix LDAP and recommends to update to the latest version. 2. GENERAL RECOMMENDATIONS As a...

9.1CVSS7.7AI score0.00481EPSS
Exploits0References10
ICS
ICS
added 2024/11/12 12:0 a.m.4 views

Siemens RUGGEDCOM CROSSBOW

SUMMARY RUGGEDCOM CROSSBOW Station Access Controller SAC contains multiple vulnerabilities in the integrated SQLite component that could allow an attacker to execute arbitrary code or to create a denial of service condition. Siemens has released a new version for RUGGEDCOM CROSSBOW Station...

9.8AI score
Exploits0References10
ICS
ICS
added 2024/10/08 12:0 p.m.4 views

Microsoft Releases October 2024 Security Updates

Microsoft released security updates to address vulnerabilities in multiple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following and apply necessary updates: Microsoft...

7.6AI score
Exploits0References18
ICS
ICS
added 2022/02/08 12:0 a.m.4 views

Siemens OpenSSL Vulnerability in Industrial Products

RISK EVALUATION Successful exploitation of these vulnerabilities could allow an unauthenticated remote attacker to execute arbitrary code or to cause a denial-of-service condition. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this...

7.4CVSS7.7AI score0.50445EPSS
Exploits0References10
ICS
ICS
added 2025/11/11 12:0 a.m.3 views

Siemens Altair Grid Engine

SUMMARY Altair Grid Engine contain multiple vulnerabilities that could allow an attacker to escalate privileges and execute arbitrary code with superuser permissions. Siemens has released a new version for Altair Grid Engine and recommends to update to the latest version. 2. GENERAL...

7.7AI score
Exploits0References10
ICS
ICS
added 2025/08/12 12:0 a.m.3 views

Siemens SINEC Traffic Analyzer

SUMMARY SINEC Traffic Analyzer before V3.0 is affected by multiple vulnerabilities. Siemens has released a new version for SINEC Traffic Analyzer and recommends to update to the latest version. Siemens is preparing further fix versions and recommends countermeasures for products where fixes are...

7.3AI score
Exploits0References10
ICS
ICS
added 2025/06/12 6:0 a.m.2 views

AVEVA PI Data Archive

RISK EVALUATION Successful exploitation of these vulnerabilities could shut down necessary subsystems and cause a denial-of-service condition. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as: Minimize...

7.1AI score
Exploits0References10
Total number of security vulnerabilities4251