4251 matches found
Siemens User Management Component (UMC)
SUMMARY Siemens' User Management Component UMC is affected by multiple vulnerabilities that could allow an unauthenticated remote attacker to execute arbitrary code or to cause a denial of service condition. Siemens has released a new version for User Management Component UMC and recommends to...
Siemens SINEC OS
SUMMARY SINEC OS is affected by multiple vulnerabilities due to open UDP ports, which could allow an attacker to access non-sensitive information without authentication or potentially cause temporary denial of service. Siemens is preparing fix versions and recommends specific countermeasures for...
Siemens Apogee PXC and Talon TC Devices
SUMMARY Apogee PXC and Talon TC contain a vulnerability that could allow an attacker to download the device encrypted database file. Siemens is preparing fix versions and recommends specific countermeasures for products where fixes are not, or not yet available. 2. GENERAL RECOMMENDATIONS As a...
Siemens SINAMICS Drives
SUMMARY Siemens SINAMICS G220, SINAMICS S210, and SINAMICS S200 contains a privilege escalation vulnerability that could allow users to escalate their privileges. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing...
Siemens SIMATIC Virtualization as a Service (SIVaaS)
SUMMARY SIMATIC Virtualization as a Service SIVaaS is affected by a vulnerability which exposes a network share without any authentication. This could allow an attacker to access or alter sensitive data without proper authorization. Siemens recommends to contact technical support to fix the...
Siemens SIMOTION Tools
SUMMARY Several tools for the SIMOTION system are affected by a local privilege escalation vulnerability. This could allow an attacker to execute arbitrary code with SYSTEM privileges when a legitimate user installs an application that uses the affected setup component. This vulnerability poses...
SunPower PVS6
RISK EVALUATION Successful exploitation of this vulnerability could allow attackers to gain full access to the device, enabling them to replace firmware, modify settings, disable the device, create SSH tunnels, and manipulate attached devices. 2. RECOMMENDED PRACTICES CISA recommends users take...
Fuji Electric FRENIC-Loader 4
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network exposure for all control...
Delta Electronics EIP Builder
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to potentially process dangerous external entities, resulting in disclosure of sensitive information. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation...
Delta Electronics CNCSoft-G2
RISK EVALUATION Successful exploitation of this vulnerability could allow attackers to execute arbitrary code on affected installations of the device. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. CISA reminds...
Mitsubishi Electric MELSEC iQ-F Series CPU Module
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker the ability to obtain credential information by intercepting SLMP communication messages, and read or write the device values of the product by using the obtained credential information. In addition, the...
Delta Electronics COMMGR
RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code. 2. RECOMMENDED PRACTICES CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. CISA also provides a section for...
GE Vernova CIMPLICITY
RISK EVALUATION Successful exploitation of this vulnerability could allow a low-privileged local attacker to escalate privileges. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network exposure...
Mitsubishi Electric MELSEC iQ-F Series CPU Module
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to read or write the device values of the product. In addition, the attacker may be able to stop the operation of the programs. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize...
Remote Code Execution Vulnerability in Hitachi Energy Service Suite Product
SUMMARY Hitachi Energy is aware of a remote code execution vulnerability that affects the Oracle WebLogic component in the Service Suite product versions listed in this document. An attacker successfully exploiting these vulnerabilities can cause confidentiality, integrity and availability...
Multiple Open-Source Software Vulnerabilities in Hitachi Energy Asset Suite Product
SUMMARY Hitachi Energy is aware of multiple reported vulnerabilities that affect the Asset Suite product versions mentioned in this document below. If exploited these vulnerabilities can potentially impact on confidentiality, integrity and availability of the product. Please refer to the...
INVT VT-Designer and HMITool
RISK EVALUATION Successful exploitation of these vulnerabilities could allow attackers to execute arbitrary code in the context of the current process. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:...
Agiloft multiple vulnerabilities
RISK EVALUATION Agiloft is a web-based contract management platform. Multiple vulnerabilities were found in Agiloft that could allow an attacker to gain administrative access to Agiloft, execute operating system commands, or modify update packages. 2. RECOMMENDED PRACTICES These issues have been...
Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module (Update A)
RISK EVALUATION Successful exploitation of this vulnerability could result in a remote attacker being able to delay the processing of the Web server function and prevent legitimate users from utilizing the Web server function by sending a specially crafted HTTP request. 2. RECOMMENDED PRACTICES...
FUJIFILM Healthcare Americas Synapse Mobility
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to access information beyond their assigned roles. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network...
Rockwell Automation FactoryTalk Action Manager
RISK EVALUATION Successful exploitation of this vulnerability could allow a local unauthenticated attacker to listen to communications and manipulate the device. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability,...
Rockwell Automation FLEX 5000 I/O (Update A)
RISK EVALUATION Successful exploitation of these vulnerabilities could create a denial-of-service condition. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as: Minimize network exposure for all control...
Rockwell Automation ArmorBlock 5000 I/O - Webserver
RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to predict session numbers or perform privileged actions. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:...
Rockwell Automation Studio 5000 Logix Designer
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to crash the device or execute malicious code. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network...
Rockwell Automation FactoryTalk Viewpoint
RISK EVALUATION Successful exploitation of this vulnerability could result in full privilege escalation. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network exposure for all control system...
Rockwell Automation 1756-EN4TR, 1756-EN4TRXT (Update B)
RISK EVALUATION Successful exploitation of these vulnerabilities could result in an attacker causing a denial of service condition. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as: Minimize network...
Rockwell FactoryTalk Linx
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to to create, update, and delete FTLinx drivers. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network...
Rockwell Automation ControlLogix Ethernet Modules
RISK EVALUATION Successful exploitation of this vulnerability could allow remote attackers to perform memory dumps, modify memory, and control execution flow. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such...
Rockwell Automation Micro800
RISK EVALUATION Successful exploitation of these vulnerabilities could result in remote code execution or may lead to privilege escalation. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as: Minimize...
Siemens Mendix SAML Module
SUMMARY Mendix SAML module contains a vulnerability that could allow unauthenticated remote attackers to hijack an account in specific SSO configurations. Mendix has provided fix releases for the Mendix SAML module and recommends to update to the latest version. 2. GENERAL RECOMMENDATIONS As a...
Siemens Desigo CC Product Family and SENTRON Powermanager
SUMMARY Versions V5.0 through V8 of the Desigo CC product family Desigo CC, Desigo CC Compact, Desigo CC Connect, Cerberus DMS, as well as the Desigo CC-based SENTRON Powermanager, are affected by a vulnerability in the underlying third-party component WIBU Systems CodeMeter Runtime. Successful...
Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, Cobalt Share
RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to disclose information and execute arbitrary code. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as: Minimize...
Johnson Controls iSTAR Ultra, iSTAR Ultra SE, iSTAR Ultra G2, iSTAR Ultra G2 SE, iSTAR Edge G2 (Update A)
RISK EVALUATION Successful exploitation of these vulnerabilities may allow an attacker to modify firmware and access the space that is protected by the device. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities,...
AVEVA PI Integrator
RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to disclose sensitive information, or upload and execute files. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:...
Santesoft Sante PACS Server
RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to create arbitrary files, cause a denial-of-service condition, obtain sensitive information, and steal a user's cookie information. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to...
Schneider Electric EcoStruxure Power Monitoring Expert
RISK EVALUATION Successful exploitation of these vulnerabilities could allow a remote attacker to read arbitrary files from the target machine, or to access internal services directly. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of...
Schneider Electric EcoStruxure
GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install physical controls so no unauthorized personnel can access...
Schneider Electric SESU
GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. https://www.se.com/us/en/download/document/7EN52-0390/ Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install...
Schneider Electric Saitel DR & Saitel DP Remote Terminal Unit
GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. https://www.se.com/us/en/download/document/7EN52-0390/ Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install...
Schneider Electric Modicon M340 Controller and Communication Modules (Update A)
GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. https://www.se.com/us/en/download/document/7EN52-0390/ Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install...
ABB Ability Zenon Remote Transport Vulnerability (Update A)
SUMMARY ABB is aware of vulnerabilities in the product versions listed as affected in the advisory. The vulnerability enables unauthorized access to the Reboot OS function within the Remote Transport Service, allowing an attacker to trigger a system reboot without the required authentication...
Siemens SINEC Traffic Analyzer
SUMMARY SINEC Traffic Analyzer before V3.0 is affected by multiple vulnerabilities. Siemens has released a new version for SINEC Traffic Analyzer and recommends to update to the latest version. Siemens is preparing further fix versions and recommends countermeasures for products where fixes are...
Siemens RUGGEDCOM APE1808
SUMMARY Nozomi Networks has published information on vulnerabilities in Nozomi Guardian/CMC. This advisory lists the related Siemens Industrial products affected by these vulnerabilities. Siemens is preparing fix versions and recommends countermeasures for products where fixes are not, or not...
Siemens Engineering Platforms
SUMMARY Affected products do not properly restrict access permissions to a local Windows Named Pipe and do not properly sanitize user-controllable input sent to that Named Pipe. This could allow a local authenticated attacker to cause a type confusion and execute arbitrary code within the...
Siemens SIMATIC RTLS Locating Manager
SUMMARY Siemens has released a new version for SIMATIC RTLS Locating Manager and recommends to update to the latest version. 2. GENERAL RECOMMENDATIONS As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate...
Siemens SINUMERIK
SUMMARY Siemens SINUMERIK Controllers are affected by an improper VNC password check vulnerability. Siemens has released new versions for the affected products and recommends to update to the latest versions. 2. GENERAL RECOMMENDATIONS As a general security measure, Siemens strongly recommends...
Siemens RUGGEDCOM ROX II
SUMMARY RUGGEDCOM ROX II devices does not properly enforce limitations on type and size of files that can be uploaded through their web interface. This could allow an attacker with a legitimate, highly privileged account on the web interface to upload arbitrary files onto the filesystem of the...
Siemens SICAM Q100/Q200
SUMMARY SICAM Q100 and Q200 devices are affected by two information disclosure vulnerabilities that could allow an authenticated local attacker to extract the SMTP account password and use the configured SMTP service for arbitrary purposes. Siemens has released new versions for the affected...
Siemens RUGGEDCOM ROX II
SUMMARY RUGGEDCOM ROX II devices do not properly limit access through their Built-In-Self-Test BIST mode. This could allow a local attacker to bypass authentication and access a root shell on the device. Siemens is preparing fix versions and recommends specific countermeasures for products where...
Siemens SIMOTION SCOUT, SIMOTION SCOUT TIA, and SINAMICS STARTER
SUMMARY SIMOTION SCOUT, SIMOTION SCOUT TIA and SINAMICS STARTER are affected by an XXE injection vulnerability that could allow an attacker to access arbitrary application files. Siemens has released new versions for several affected products and recommends to update to the latest versions...