4255 matches found
Johnson Controls FX Server, FX80 and FX90 (Update A)
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to compromise the device's configuration files. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network...
Tyler Technologies ERP Pro 9
RISK EVALUATION Tyler Technologies ERP Pro 9 SaaS allows an authenticated user to escape the application and execute limited operating system commands. 2. RECOMMENDED PRACTICES Tyler Technologies deployed hardened environment settings to all ERP Pro 9 SaaS customer environments as of 2025-08-01...
Rockwell Automation Lifecycle Services with VMware
RISK EVALUATION Successful exploitation of these vulnerabilities could lead to code execution on the host or leakage of memory from processes communicating with vSockets. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these...
Güralp Systems FMUS Series and MIN Series Devices (Update B)
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to modify hardware configurations, manipulate data, or factory reset the device. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this...
Medtronic MyCareLink Patient Monitor (Update A)
RISK EVALUATION Successful exploitation of these vulnerabilities could lead to system compromise, unauthorized access to sensitive data, and manipulation of the monitor's functionality. 2. RECOMMENDED PRACTICES CISA reminds organizations to perform proper impact analysis and risk assessment...
Schneider Electric System Monitor Application
GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. https://www.se.com/us/en/download/document/7EN52-0390/ Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install...
Mitsubishi Electric MELSEC iQ-F Series
RISK EVALUATION Successful exploitation of this vulnerability could result in a denial-of-service condition for legitimate users for a certain period by repeatedly attempting to log in with incorrect passwords. When the product repeatedly receives unauthorized logins from an attacker, legitimate...
ControlID iDSecure On-premises
RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to bypass authentication, retrieve information, leak arbitrary data, or perform SQL injections. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of...
LS Electric GMWin 4
RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to disclose information or execute arbitrary code. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as: Minimize...
Siemens SCALANCE and RUGGEDCOM
SUMMARY Several Industrial Communication Devices based on SINEC OS before V3.2 contain multiple vulnerabilities that could allow an attacker to circumvent authorization checks and perform actions that exceed the permissions of the "guest" role. Siemens has released new versions for the affected...
Siemens SIMATIC PCS
SUMMARY Affected products do not correctly invalidate user sessions upon user logout. This could allow a remote unauthenticated attacker, who has obtained the session token by other means, to re-use a legitimate user's session even after logout. Siemens has released new versions for the affected...
Siemens Industrial Edge Devices
SUMMARY Siemens Industrial Edge Devices contain a weak authentication vulnerability that could facilitate an unauthenticated remote attacker to circumvent authentication and impersonate a legitimate user. Siemens has released new versions for several affected products and recommends to update to...
Siemens SIPROTEC 5
SUMMARY Affected SIPROTEC 5 devices do not encrypt certain data within the on-board flash storage on their PCB. This could allow an attacker with physical access to read the sensitive information from the filesystem of the device. Siemens is preparing fix versions and recommends specific...
Siemens Apogee PXC100 Devices
SUMMARY Apogee PXC and Talon TC contain a vulnerability that could allow an attacker to perform a denial of service using a out-of-bounds read forcing the device to enter a cold state and a vulnerability that would allow an attacker to decrypt the passwords of the device. Siemens recommends...
AutomationDirect C-more EA9 HMI
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service condition or achieve remote code execution on the affected device. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of...
Schneider Electric Power Logic
RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to modify data or cause a denial-of-service condition on web interface functionality. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these...
Rockwell Automation DataMosaix Private Cloud
RISK EVALUATION Successful exploitation of these vulnerabilities could overwrite reports, including user projects. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as: Minimize network exposure for all...
TrueFiling authorization bypass via user-controlled keys
RISK EVALUATION TrueFiling trusts some client-controlled identifiers passed in URL requests to retrieve information. Platform users must self-register for an account, and once authenticated, could manipulate those identifiers to gain partial access to case information and the ability to...
B&R Automation Runtime
SUMMARY An update is available that resolves a privately reported vulnerability in the product versions listed as affected in this advisory. An attacker who successfully exploited this vulnerability may masquerade as services on affected devices. 2. WORKAROUNDS The mechanism of creating self...
Siemens RUGGEDCOM ROX II
SUMMARY The CLI feature in the web interface of RUGGEDCOM ROX II devices is vulnerable to cross-site request forgery CSRF, which could allow an attacker to perform administrative actions if an authenticated user is tricked into accessing a malicious link. Siemens has released new versions for...
Siemens Engineering Platforms
SUMMARY Affected products do not properly sanitize user-controllable input when parsing files. This could allow an attacker to cause a type confusion and execute arbitrary code within the affected application. Siemens has released new versions for several affected products and recommends to...
Siemens RUGGEDCOM CROSSBOW
SUMMARY RUGGEDCOM CROSSBOW Station Access Controller SAC contains multiple vulnerabilities in the integrated SQLite component that could allow an attacker to execute arbitrary code or to create a denial of service condition. Siemens has released a new version for RUGGEDCOM CROSSBOW Station...
FESTO Didactic CP, MPS 200, and MPS 400 Firmware
GENERAL RECOMMENDATIONS As part of a security strategy, Festo recommends the following general defense measures to reduce the risk of exploits: - Use controllers and devices only in a protected environment to minimize network exposure and ensure that they are not accessible from outside. - Use...
Festo Didactic products
SUMMARY A vulnerability was reported in Siemens TIA Portal. TIA Portal is part of the installation packages of several Festo Didactic products. TP 260 before June 2023 and MES PC based on DELL XE3 contain a vulnerable versions of TIA Portal V15 to V18. Affected products of TIA Portal contain a...
Festo MSE6-C2M/D2M/E2M
SUMMARY Incomplete user documentation of undocumented, authenticated test mode and further remote accessible functions. The supported features may be covered only partly by the corresponding user documentation. Festo developed the products according to the respective state of the art. As a...
Hitachi Energy GMS600
SUMMARY Hitachi Energy is aware of the vulnerability, CVE-2022-4304 in the OSS component OpenSSL, that affects the GMS600 versions that are listed below. An attacker successfully exploiting this vulnerability could send trial messages to the server and record the time taken to process them...
Hitachi Energy Relion 670, 650, SAM600-IO Series (Update A)
SUMMARY Hitachi Energy is aware of the vulnerability CVE-2022-4304 in the OSS component OpenSSL, that affects the Relion 670, 650, SAM600-IO versions that are listed below. An attacker successfully exploiting this vulnerability could send trial messages to the server and record the time taken to...
FESTO Hardware Controller, Hardware Servo Press Kit
SUMMARY The Festo controller CECC-X-M1 product family in multiple versions are affected by a preauthentication command injection vulnerability. Update A, 2022-07-05 Remediation has been updated. Fixed firmwares are now available. 2. IMPACT Any person who is able to gain access to the webserver...
Superior Court of California Hearing Reminder Service unauthenticated information disclosure
RISK EVALUATION The Hearing Reminder Service for the Superior Court of California at https://www.hrs.courts.ca.gov exposes an API endpoint that returns sensitive court reminder records without authentication. 2. RECOMMENDED PRACTICES Fixed April 28th, 2026. 3. DESCRIPTION The Superior Court of...
Hitachi Energy PROMOD V
SUMMARY Hitachi Energy is aware of insecure HTTP transmission vulnerability in PROMOD V product versions listed in this document. This vulnerability could allow attackers to intercept or manipulate sensitive data in transit, potentially leading to credential theft, session hijacking, or...
ABB T-MAC Plus
SUMMARY ABB became aware of vulnerability in the products versions listed as affected in the advisory. An update is available that resolves the reported vulnerabilities. An attacker who successfully exploited any of these vulnerabilities could potentially compromise the system in different ways...
Hitachi Energy Ellipse
SUMMARY Hitachi Energy is aware of a Jasper Report vulnerability that affects the Ellipse product versions mentioned in this document below. This vulnerability can be exploited to carry out remote code execution RCE attack on the product. Please refer to the Recommended Immediate Actions for...
Schneider Electric Zigbee Products
GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. https://www.se.com/us/en/download/document/7EN52-0390/ Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install...
Windscribe for Linux 'changeMTU' local privilege escalation
RISK EVALUATION A command injection vulnerability exists in Windscribe for Linux Desktop App that allows a local user who is a member of the windscribe group to execute arbitrary commands as root via the 'adapterName' parameter of the 'changeMTU' function. Fixed in Windscribe v2.18.3-alpha and...
Shelly Pro 3EM
RISK EVALUATION Successful exploitation of this vulnerability could result in a denial-of-service condition. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network exposure for all control...
Siemens Altair Grid Engine
SUMMARY Altair Grid Engine contain multiple vulnerabilities that could allow an attacker to escalate privileges and execute arbitrary code with superuser permissions. Siemens has released a new version for Altair Grid Engine and recommends to update to the latest version. 2. GENERAL...
Hitachi Energy MACH GWS
SUMMARY Hitachi Energy is aware of these vulnerabilities that affect the MACH GWS product versions listed in this document. An attacker successfully exploiting these vulnerabilities can cause confidentiality, integrity and availability impacts. Please refer to the Recommended Immediate Actions...
Westermo Network Technologies WeOS 5
RISK EVALUATION Successful exploitation of this vulnerability could cause the device to reboot. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network exposure for all control system devices...
Hitachi Energy RTU500 series
RISK EVALUATION Successful exploitation of these vulnerabilities could cause a Denial-of-Service condition in RTU500 devices. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as: Minimize network exposure...
Siemens SIMATIC NET CP, SINEMA and SCALANCE
RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to cause a denial-of-service DoS condition in the affected devices by exploiting integer overflow bugs. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of...
Schneider Electric Saitel DR & Saitel DP Remote Terminal Unit
GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. https://www.se.com/us/en/download/document/7EN52-0390/ Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install...
Siemens SINEC Traffic Analyzer
SUMMARY SINEC Traffic Analyzer before V3.0 is affected by multiple vulnerabilities. Siemens has released a new version for SINEC Traffic Analyzer and recommends to update to the latest version. Siemens is preparing further fix versions and recommends countermeasures for products where fixes are...
Burk Technology ARC Solo
RISK EVALUATION Successful exploitation of this vulnerability could result in an attacker gaining access to the device, locking out authorized users, or disrupting operations. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this...
Delta Electronics DTN Soft
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to use a specially crafted project file to execute arbitrary code. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:...
National Instruments LabVIEW
RISK EVALUATION Successful exploitation of these vulnerabilities could lead to the execution of arbitrary code on affected installations of LabVIEW, which could result in invalid memory reads. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of...
ClamAV
RISK EVALUATION ClamAV is an open source antivirus maintained by Cisco. A heap-based buffer overflow vulnerability in the PDF scanning process of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service or possibly execute arbitrary code. 2. RECOMMENDED PRACTICES...
Siemens Tecnomatix Plant Simulation
SUMMARY Siemens Tecnomatix Plant Simulation contains a out-of-bound read vulnerability that could be triggered when the application reads files in WRL format. If a user is tricked to open a malicious file with any of the affected products, this could lead the application to crash or potentially...
Belledonne Communications Linphone-Desktop
RISK EVALUATION Successful exploitation of this vulnerability could could result in a remote attacker causing a denial-of-service condition on the affected devices. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability,...
Siemens Mendix LDAP
SUMMARY The Mendix LDAP module is affected by an LDAP injection vulnerability that could allow an unauthenticated remote attacker to bypass username verification. Siemens has released a new version for Mendix LDAP and recommends to update to the latest version. 2. GENERAL RECOMMENDATIONS As a...
Microsoft Releases October 2024 Security Updates
Microsoft released security updates to address vulnerabilities in multiple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following and apply necessary updates: Microsoft...