4207 matches found
Inaba Denki Sangyo CHOCO TEI WATCHER mini
RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to obtain the product's login password, gain unauthorized access, tamper with product's data, and/or modify product settings. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to...
B&R APROL
SUMMARY Updates are available that resolve privately reported vulnerabilities in the product versions listed as affected in this advisory. An attacker who successfully exploits these vulnerabilities could elevate privileges or gather sensitive information. 2. MITIGATING FACTORS Mitigating...
Santesoft Sante DICOM Viewer Pro
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause memory corruption that would result in execution of arbitrary code. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability,...
SMA Sunny Portal
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to upload and remotely execute code. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network exposure for all...
CentralSquare eTRAKiT.Net SQL injection vulnerability
RISK EVALUATION eTRAKiT is a public online portal that provides the public with easily accessible information related to permits, projects, licenses, code compliance, land, and inspections. An SQL injection vulnerability in the CRM feature of eTRAKiT.net release 3.2.1.77 allows a remote,...
Rockwell Automation Lifecycle Services with VMware
RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker with local administrative privileges to execute code. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as: Minimize...
Schneider Electric EcoStruxure Power Automation System User Interface (EPAS-UI)
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to bypass device authentication, potentially gain access to sensitive information, or execute arbitrary code. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of...
Sungrow iSolarCloud Android App, WiNet Firmware
RISK EVALUATION Successful exploitation of these vulnerabilities could result in attackers being able to access and could modify sensitive information. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:...
Philips Intellispace Cardiovascular (ISCV)
RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to replay the session of the logged in ISCV user and gain access to patient records. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these...
Siemens Simcenter Femap
SUMMARY Siemens Simcenter Femap is affected by memory corruption vulnerability that could be triggered when the application reads files in .NEU format. If a user is tricked to open a malicious file with the affected application, an attacker could leverage the vulnerability to leak information or...
Optigo Networks Visual BACnet Capture Tool / Optigo Visual Networks Capture Tool
RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to bypass authentication, gain control over the products, or impersonate the web applications. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of...
Schneider Electric EcoStruxure Panel Server
GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. https://www.se.com/us/en/download/document/7EN52-0390/ Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install...
Schneider Electric EcoStruxure Power Automation System
GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. https://www.se.com/us/en/download/document/7EN52-0390/ Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install...
ABB RMC-100
SUMMARY An update is available that resolves a vulnerability in the product versions listed as affected in this advisory. An attacker who successfully exploited this vulnerability could cause the web UI to stop. 2. WORKAROUNDS The vulnerability is only present when the REST interface is enabled...
Siemens SIMATIC IPC Family, ITP1000, and Field PGs
SUMMARY Multiple vulnerabilities has been identified in Siemens SIMATIC IPCs, SIMATIC Tablet PCs, and SIMATIC Field PGs that can allow an authenticated attacker to alter the secure boot and password configurations. Siemens has released new versions of BIOS for several affected products and...
Siemens SINAMICS S200
SUMMARY A specific range of produced SINAMICS S200 devices contains an unlocked bootloader vulnerability that could allow an attacker to download untrusted firmware that could damage or compromise the device. For delivered products listed below Siemens recommends countermeasures. 2. GENERAL...
Siemens Teamcenter Visualization and Tecnomatix
SUMMARY Siemens Teamcenter Visualization and Tecnomatrix Plant Simulation contains multiple file parsing vulnerabilities that could be triggered when the application reads files in WRL format. If a user is tricked to open a malicious file with any of the affected products, this could lead the...
Siemens SINEMA Remote Connect Client
SUMMARY SINEMA Remote Connect Client before V3.2 SP3 is affected by multiple vulnerabilities. Siemens has released a new version for SINEMA Remote Connect Client and recommends to update to the latest version. 2. GENERAL RECOMMENDATIONS As a general security measure, Siemens strongly recommends...
Siemens SIMATIC S7-1500 TM MFP
SUMMARY Multiple vulnerabilities have been identified in the BIOS of the SIMATIC S7-1500 TM MFP. Siemens is preparing fix versions and recommends specific countermeasures for products where fixes are not, or not yet available. 2. GENERAL RECOMMENDATIONS As a general security measure, Siemens...
Siemens OPC UA
SUMMARY The products listed below contain two authentication bypass vulnerabilities that could allow an attacker to gain access to the data managed by the server. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing...
Siemens SCALANCE M-800 and SC-600 Families
SUMMARY SCALANCE M-800 and SC-600 families are affected by improper input validation in the OpenVPN authentication. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends specific...
Siemens Tecnomatix Plant Simulation
SUMMARY Siemens Tecnomatix Plant Simulation do not properly limit the access of the simulation model to the filesystem. This could allow an unauthorized attacker to read or delete arbitrary files or the entire filesystem of the device. Siemens has released new versions for the affected products...
Siemens SCALANCE LPE9403
SUMMARY SCALANCE LPE9403 is affected by multiple vulnerabilities that could allow an attacker to impact its confidentiality, integrity and availability. Siemens has released a new version for SCALANCE LPE9403 and recommends to update to the latest version. 2. GENERAL RECOMMENDATIONS As a general...
Siemens SiPass integrated AC5102/ACC-G2 and ACC-AP
SUMMARY SiPass integrated ACC Advanced Central Controller devices contain multiple vulnerabilities that could allow attackers to execute commands on the devices with root privileges and access sensitive data. Siemens has released new versions for the affected products and recommends to update to...
Siemens SINEMA Remote Connect Server
SUMMARY SINEMA Remote Connect Server before V3.2 SP3 is affected by multiple vulnerabilities. Siemens has released a new version for SINEMA Remote Connect Server and recommends to update to the latest version. 2. GENERAL RECOMMENDATIONS As a general security measure, Siemens strongly recommends...
Edimax IC-7100 IP Camera
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to send specially crafted requests to achieve remote code execution on the device. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this...
Delta Electronics CNCSoft-G2
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute code remotely. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. CISA reminds organizations to perform proper impact...
Carrier Block Load
RISK EVALUATION Successful exploitation of this vulnerability could allow a malicious actor to execute arbitrary code with escalated privileges . 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize...
GMOD Apollo
RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to escalate privileges, bypass authentication, upload malicious files, or disclose sensitive information. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of...
Keysight Ixia Vision Product Family (Update A)
RISK EVALUATION Successful exploitation of these vulnerabilities could crash the device being accessed; a buffer overflow condition may allow remote code execution. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this these...
Dario Health USB-C Blood Glucose Monitoring System Starter Kit Android Application
RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to expose information, inject code, manipulate data, or achieve cross-site scripting XSS, resulting in full session compromise. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to...
Schneider Electric communication modules for Modicon M580 and Quantum controllers (Update B)
GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. https://www.se.com/us/en/download/document/7EN52-0390/ Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install...
Hitachi Energy Service Suite
SUMMARY Hitachi Energy is aware of the multiple vulnerabilities related to open-source Apache Tomcat components that affect the Service Suite product versions listed in this document. An attacker successfully exploiting these vulnerabilities can cause confidentiality, integrity and availability...
Hitachi Energy MACH GWS products
SUMMARY Hitachi Energy is aware of the multiple vulnerabilities that affect the MACH GWS product versions listed in this document. An attacker successfully exploiting these vulnerabilities can cause confidentiality, integrity and availability impacts. Please refer to the Recommended Immediate...
Hitachi Energy PCU400
SUMMARY Hitachi Energy is aware of the multiple vulnerabilities related to various versions of OpenSSL library components used in PCU400 versions listed in this document below for IEC62351-3 secure for IEC104/DNP3 or PCULogger tool. These vulnerabilities if exploited, can cause confidentiality...
Hitachi Energy MACH PS700
SUMMARY Hitachi Energy is aware of a vulnerability in third party component Intel Chipset Device Software, that affects MACH PS700 v2 product versions listed in this document. Authenticated malicious clients successfully exploiting this vulnerability could escalate the privilege to cause...
Rockwell Automation PowerFlex 755
RISK EVALUATION Successful exploitation of this vulnerability could result in exposure of sensitive data. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network exposure for all control system...
Medixant RadiAnt DICOM Viewer
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to perform a machine-in-the-middle attack MITM, resulting in malicious updates being delivered to the user. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of...
Rapid Response Monitoring My Security Account App
RISK EVALUATION Successful exploitation of this vulnerability could allow attacker to access sensitive information of other users. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network exposure...
Carrier Block Load
RISK EVALUATION Successful exploitation of this vulnerability could allow a malicious actor to execute arbitrary code with escalated privileges. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize...
Elseta Vinci Protocol Analyzer
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to escalate privileges and perform code execution on the affected system. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such...
Siemens SiPass Integrated
SUMMARY SiPass integrated is affected by a directory traversal vulnerability in the third-party component DotNetZip. The vulnerability could allow an attacker to execute arbitrary code on the application server, if a specially crafted backup set is used for a restore. Siemens has released a new...
Qardio Heart Health IOS and Android Application and QardioARM A100
RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to obtain sensitive information, cause a denial-of-service condition, and obtain firmware files. 2. RECOMMENDED PRACTICES CISA reminds organizations to perform proper impact analysis and risk assessment...
Dingtian DT-R0 Series
RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated attacker to modify the device settings and gain administrator access. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability,...
ORing IAP-420
RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to invoke commands to compromise the device via the management interface. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this these...
Outback Power Mojave Inverter
RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to access sensitive data or inject commands. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as: Disable un-used...
mySCADA myPRO Manager
RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary OS commands, upload files, and obtain sensitive information without providing associated credentials. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize...
Ivanti Connect Secure and Ivanti Policy Secure external file control vulnerability
RISK EVALUATION Ivanti Connect Secure and Ivanti Policy Secure contain a vulnerability that allows a remote, authenticated attacker to write arbitrary files. These vulnerabilities are addressed in Ivanti Connect Secure version 22.7R2.6 and Ivanti Policy Secure version 22.7R1.3. 2. RECOMMENDED...
Schneider Electric ASCO 5310/5350 Remote Annunciator
GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. https://www.se.com/us/en/download/document/7EN52-0390/ Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install...
Schneider Electric Enerlin’X IFE and eIFE
GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. https://www.se.com/us/en/download/document/7EN52-0390/ Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install...