4251 matches found
Siemens Simcenter Femap
SUMMARY Simcenter Femap contains a file parsing vulnerability that could be triggered when the application reads files in STP or BMP file format. If a user is tricked to open a malicious file with the affected application, this could lead the application to crash or potentially lead to arbitrary...
Siemens Engineering Platforms
SUMMARY Affected products do not properly restrict access permissions to a local Windows Named Pipe and do not properly sanitize user-controllable input sent to that Named Pipe. This could allow a local authenticated attacker to cause a type confusion and execute arbitrary code within the...
Siemens RUGGEDCOM ROX II
SUMMARY RUGGEDCOM ROX II devices do not properly limit access through their Built-In-Self-Test BIST mode. This could allow a local attacker to bypass authentication and access a root shell on the device. Siemens is preparing fix versions and recommends specific countermeasures for products where...
Siemens RUGGEDCOM ROX II
SUMMARY RUGGEDCOM ROX II devices does not properly enforce limitations on type and size of files that can be uploaded through their web interface. This could allow an attacker with a legitimate, highly privileged account on the web interface to upload arbitrary files onto the filesystem of the...
Siemens SIMATIC S7-PLCSIM
SUMMARY Affected products do not properly sanitize user-controllable input when parsing project files. This could allow an attacker to cause a type confusion and execute arbitrary code within the affected application. Siemens has released new versions for several affected products and recommends...
Siemens RUGGEDCOM CROSSBOW Station Access Controller
SUMMARY RUGGEDCOM CROSSBOW Station Access Controller SAC contains multiple vulnerabilities in the integrated SQLite component that could allow an attacker to execute arbitrary code or to create a denial of service condition. Siemens has released a new version for RUGGEDCOM CROSSBOW Station...
Siemens Third-Party Components in SINEC OS
SUMMARY SINEC OS before V3.2 contains third-party components with multiple vulnerabilities. Siemens has released new versions for the affected products and recommends to update to the latest versions. 2. GENERAL RECOMMENDATIONS As a general security measure, Siemens strongly recommends to...
Siemens SIMATIC RTLS Locating Manager
SUMMARY Siemens has released a new version for SIMATIC RTLS Locating Manager and recommends to update to the latest version. 2. GENERAL RECOMMENDATIONS As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate...
Siemens SINUMERIK
SUMMARY Siemens SINUMERIK Controllers are affected by an improper VNC password check vulnerability. Siemens has released new versions for the affected products and recommends to update to the latest versions. 2. GENERAL RECOMMENDATIONS As a general security measure, Siemens strongly recommends...
Siemens SICAM Q100/Q200
SUMMARY SICAM Q100 and Q200 devices are affected by two information disclosure vulnerabilities that could allow an authenticated local attacker to extract the SMTP account password and use the configured SMTP service for arbitrary purposes. Siemens has released new versions for the affected...
Siemens SIMATIC RTLS Locating Manager
SUMMARY SIMATIC RTLS Locating Manager Before V3.2 contains an improper input validation vulnerability that could allow an authenticated remote attacker to execute arbitrary code with high privileges. Siemens has released a new version for SIMATIC RTLS Locating Manager and recommends to update to...
Siemens RUGGEDCOM APE1808
SUMMARY Nozomi Networks has published information on vulnerabilities in Nozomi Guardian/CMC. This advisory lists the related Siemens Industrial products affected by these vulnerabilities. Siemens is preparing fix versions and recommends countermeasures for products where fixes are not, or not...
Siemens Opcenter Quality
SUMMARY The Opcenter Quality is affected by multiple vulnerabilities in the SmartClient modules Opcenter QL Home SC, SOA Audit and SOA Cockpit. Siemens has released new versions for the affected products and recommends to update to the latest versions. 2. GENERAL RECOMMENDATIONS As a general...
Siemens COMOS
SUMMARY COMOS before V10.6 is affected by a local arbitrary code execution vulnerability in the integrated Open Design Alliance Drawings SDK. Siemens has released a new version for COMOS and recommends to update to the latest version. 2. GENERAL RECOMMENDATIONS As a general security measure,...
Dreame Technology iOS and Android Mobile Applications (Update A)
RISK EVALUATION Successful exploitation of this vulnerability could result in unauthorized information disclosure. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network exposure for all control...
Johnson Controls FX Server, FX80 and FX90 (Update A)
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to compromise the device's configuration files. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network...
Rockwell Automation Arena
RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to disclose information and execute arbitrary code. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as: Minimize...
EG4 Electronics EG4 Inverters (Update B)
RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to intercept and manipulate critical data, install malicious firmware, hijack device access, and gain unauthorized control over the system. 2. RECOMMENDED PRACTICES CISA recommends users take defensive...
Burk Technology ARC Solo
RISK EVALUATION Successful exploitation of this vulnerability could result in an attacker gaining access to the device, locking out authorized users, or disrupting operations. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this...
Delta Electronics DIAView
RISK EVALUATION Successful exploitation of this vulnerability may allow a remote attacker to read or write files on the affected device. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. CISA reminds organizations...
Yealink IP Phones and RPS (Redirect and Provisioning Service)
RISK EVALUATION Successful exploitation of these vulnerabilities could result in an information disclosure. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network exposure for all control system...
Packet Power EMX and EG
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to gain full access to the device without authentication. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimizing...
Tyler Technologies ERP Pro 9
RISK EVALUATION Tyler Technologies ERP Pro 9 SaaS allows an authenticated user to escape the application and execute limited operating system commands. 2. RECOMMENDED PRACTICES Tyler Technologies deployed hardened environment settings to all ERP Pro 9 SaaS customer environments as of 2025-08-01...
Tigo Energy Cloud Connect Advanced (Update A)
RISK EVALUATION Successful exploitation of these vulnerabilities could allow attackers to gain unauthorized administrative access using hard-coded credentials, escalate privileges to take full control of the device, modify system settings, disrupt solar energy production, interfere with safety...
Mitsubishi Electric Iconics Digital Solutions Multiple Products (Update B)
RISK EVALUATION Successful exploitation of this vulnerability could result in information tampering. 2. RECOMMENDED PRACTICES CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. CISA also provides a section for control systems...
Honeywell OneWireless Wireless Device Manager (WDM)
RISK EVALUATION Successful exploitation of these vulnerabilities could result in information exposure, denial of service, or remote code execution. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:...
OPEXUS FOIAXpress Public Access Link (PAL) multiple vulnerabilities
RISK EVALUATION Multiple vulnerabilities could allow unauthenticated attackers to bypass rate-limiting measures for login attempts, or check for the existence of other users. Low-privileged users can modify certain site content without authorization. 2. RECOMMENDED PRACTICES Upgrade to OPEXUS...
Rockwell Automation Lifecycle Services with VMware
RISK EVALUATION Successful exploitation of these vulnerabilities could lead to code execution on the host or leakage of memory from processes communicating with vSockets. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these...
Güralp Systems FMUS Series and MIN Series Devices (Update B)
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to modify hardware configurations, manipulate data, or factory reset the device. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this...
Samsung HVAC DMS
RISK EVALUATION Successful exploitation of these vulnerabilities can lead to unauthenticated remote code execution. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as: Minimize network exposure for all...
National Instruments LabVIEW
RISK EVALUATION Successful exploitation of these vulnerabilities could lead to the execution of arbitrary code on affected installations of LabVIEW, which could result in invalid memory reads. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of...
Delta Electronics DTN Soft
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to use a specially crafted project file to execute arbitrary code. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:...
LG Innotek Camera Model LNV5110R
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to gain administrative access to the device. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network exposure...
Network Thermostat X-Series WiFi Thermostats
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to gain full administrative access to the device. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network...
Honeywell Experion PKS (Update A)
RISK EVALUATION Successful exploitation of these vulnerabilities could result in information exposure, denial of service, or remote code execution. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:...
Mitsubishi Electric CNC Series (Update B)
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute malicious code by getting setup-launcher to load a malicious DLL. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability,...
Medtronic MyCareLink Patient Monitor (Update A)
RISK EVALUATION Successful exploitation of these vulnerabilities could lead to system compromise, unauthorized access to sensitive data, and manipulation of the monitor's functionality. 2. RECOMMENDED PRACTICES CISA reminds organizations to perform proper impact analysis and risk assessment...
ABB AC500 V2
SUMMARY ABB became aware of vulnerabilities in AC500 V2 listed as affected in the advisory. An attacker who successfully exploited this vulnerability could access fragments of Modbus telegrams that have been sent earlier by that PLC 2. MITIGATING FACTORS Mitigating factors describe conditions...
Schneider Electric EcoStruxure Power Operation (Update A)
RISK EVALUATION Successful exploitation of these vulnerabilities could result in the loss of system functionality or unauthorized access to system functions. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. CISA...
DuraComm DP-10iN-100-MU
RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to disclose sensitive information or cause a denial-of-service condition. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities,...
Lantronix Provisioning Manager
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker perform a cross-site scripting attack, which could result in remote code execution. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this...
ABB Busch-Welcome 2 Wire Door Opener Actuator
SUMMARY ABB is aware of vulnerabilities in the product versions listed as affected in the advisory. An attacker who successfully exploited this vulnerability could gain physical, unauthorized access to a Building where the product is installed 2. MITIGATING FACTORS ABB recommends double check...
Panoramic Corporation Digital Imaging Software
RISK EVALUATION Successful exploitation of this vulnerability could allow a standard user to obtain NT Authority/SYSTEM privileges. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network...
Leviton AcquiSuite and Energy Monitoring Hub
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to craft a malicious payload in URL parameters that would get executed in a client browser when accessed by a user, steal session tokens and control the service. 2. RECOMMENDED PRACTICES CISA recommends users...
LITEON IC48A and IC80A EV Chargers
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to access sensitive information when accessing the Liteon EV chargers. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:...
Delta Electronics DTM Soft
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to encrypt files referencing the application in order to extract information. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability,...
KUNBUS RevPi Webstatus
RISK EVALUATION Successful exploitation of this vulnerability could allow attackers to bypass authentication and gain unauthorized access to the application. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such...
Advantech iView
RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to disclose sensitive information, achieve remote code execution, or cause service disruptions. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of...
End-of-Train and Head-of-Train Remote Linking Protocol (Update C)
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to send their own brake control commands to the end-of-train device, causing a sudden stoppage of the train which may lead to a disruption of operations, or induce brake failure. 2. RECOMMENDED PRACTICES CISA...
Emerson ValveLink Products
RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker with access to the system to read sensitive information stored in cleartext, tamper with parameters, and run un-authorized code. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to...