Lucene search
K

4251 matches found

ICS
ICS
added 2025/04/29 3:59 p.m.25 views

MSP360 Backup insecure filesystem permissions

RISK EVALUATION MSP360 Backup is a data backup and recovery solution. An insecure default permissions vulnerability allows a lower privileged user to execute commands with root level privileges in the 'Online Backup' folder. An attacker could exploit this vulnerability to obtain user...

9.8CVSS6.9AI score0.00363EPSS
Exploits0References1
ICS
ICS
added 2025/04/29 12:30 p.m.14 views

Hitachi Energy Asset Suite

SUMMARY Hitachi Energy is aware multiple vulnerabilities that affects the Asset Suite product versions listed below. If these vulnerabilities are successfully exploited by an attacker, it could have an impact on the confidentiality, integrity, or availability of the product. Please refer to the...

8.6AI score
Exploits0References9
ICS
ICS
added 2025/04/29 6:0 a.m.13 views

Delta Electronics ISPSoft

RISK EVALUATION Successful exploitation of these vulnerabilities could result in an attacker executing arbitrary code. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as: Minimize network exposure for all...

8.2AI score
Exploits0References10
ICS
ICS
added 2025/04/29 6:0 a.m.11 views

Rockwell Automation ThinManager

RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to escalate privileges and cause a denial-of-service condition. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:...

8.5CVSS7.7AI score0.0158EPSS
Exploits0References10
ICS
ICS
added 2025/04/25 3:0 a.m.18 views

Mitsubishi Electric Multiple FA Products (Update C)

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service condition on the affected products. 2. RECOMMENDED PRACTICES CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures...

7.5CVSS5.3AI score0.01089EPSS
Exploits0References9
ICS
ICS
added 2025/04/24 6:0 a.m.9 views

Vestel AC Charger

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker access to sensitive information, such as credentials which could subsequently enable them to cause a denial of service or partial loss of integrity of the charger. 2. RECOMMENDED PRACTICES CISA reminds...

8.7CVSS7AI score0.00343EPSS
Exploits0References10
ICS
ICS
added 2025/04/24 6:0 a.m.16 views

Nice Linear eMerge E3

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute arbitrary OS commands. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. CISA reminds organizations to perform proper...

9.8CVSS8.4AI score0.53472EPSS
Exploits3References10
ICS
ICS
added 2025/04/24 6:0 a.m.12 views

ALBEDO Telecom Net.Time - PTP/NTP clock

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to transmit passwords over unencrypted connections, resulting in the product becoming vulnerable to interception. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of...

8.5CVSS7.2AI score0.00268EPSS
Exploits0References10
ICS
ICS
added 2025/04/24 6:0 a.m.18 views

Planet Technology Network Products

RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to read or manipulate device data, gain administrative privileges, or alter database entries. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of...

8.8AI score
Exploits0References10
ICS
ICS
added 2025/04/24 6:0 a.m.11 views

Johnson Controls Software House iSTAR Configuration Utility (ICU) Tool

RISK EVALUATION Successful exploitation of this vulnerability may allow an attacker to execute arbitrary code. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network exposure for all control...

9.3CVSS8.3AI score0.00476EPSS
Exploits0References10
ICS
ICS
added 2025/04/17 6:0 a.m.13 views

Yokogawa Recorder Products

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to manipulate information on the affected products. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network...

9.8CVSS6.8AI score0.00714EPSS
Exploits0References10
ICS
ICS
added 2025/04/16 12:30 a.m.14 views

ABB CoreSense HM and CoreSense M10

SUMMARY An update is available that resolves vulnerability in the product versions listed as affected in this advisory. A path traversal vulnerability in these products can allow unauthenticated users to gain access to restricted directories. Exploiting this vulnerability can lead to complete...

8.2CVSS5.8AI score0.00175EPSS
Exploits0References10
ICS
ICS
added 2025/04/16 12:0 a.m.13 views

Siemens TeleControl Server Basic SQL

SUMMARY TeleControl Server Basic before V3.1.2.2 contains multiple SQL Injection vulnerabilities that could allow an attacker to read and write to the application's DB, cause denial of service and execute code in an OS shell with limited "NT AUTHORITY\NetworkService" permissions. Siemens has...

8.8AI score
Exploits0References10
ICS
ICS
added 2025/04/16 12:0 a.m.8 views

Siemens TeleControl Server Basic

SUMMARY TeleControl Server Basic before V3.1.2.2 contains a Improper Handling of Length Parameter Inconsistency Vulnerability that could allow an attacker to cause the application to allocate exhaustive amounts of memory and subsequently create a denial of service condition. Siemens has released...

6.3CVSS7.4AI score0.00389EPSS
Exploits0References10
ICS
ICS
added 2025/04/15 1:49 p.m.13 views

SicommNet multiple vulnerabilities

RISK EVALUATION SicommNET BASEC is an online eProcurement solution used by governments and other entities. Multiple vulnerabilities have been found in BASEC. These vulnerabilities allow a remote, unauthenticated attacker to gain administrative privileges, read user passwords, and obtain...

9.3CVSS7.4AI score0.00546EPSS
Exploits0References1
ICS
ICS
added 2025/04/15 6:0 a.m.11 views

National Instruments LabVIEW

RISK EVALUATION Successful exploitation of these vulnerabilities lead to the execution of arbitrary code on affected installations of LabVIEW, which could result in invalid memory writes. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation...

7.8AI score
Exploits0References10
ICS
ICS
added 2025/04/15 6:0 a.m.14 views

Lantronix XPort (Update A)

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker unauthorized access to the configuration interface and cause disruption to monitoring and operations. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation...

9.8CVSS9.8AI score0.00456EPSS
Exploits0References10
ICS
ICS
added 2025/04/15 6:0 a.m.11 views

Growatt Cloud Applications

RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to compromise confidentiality, achieve cross-site scripting, or code execution on affected devices. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation...

7AI score
Exploits0References10
ICS
ICS
added 2025/04/15 6:0 a.m.21 views

Delta Electronics COMMGR (Update A)

RISK EVALUATION Successful exploitation of this vulnerability could allow for an attacker to remotely access the AS3000Simulator family in the COMMGR software and execute arbitrary code. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation...

9.8CVSS6.8AI score0.00637EPSS
Exploits0References10
ICS
ICS
added 2025/04/15 6:0 a.m.14 views

Mitsubishi Electric Europe B.V. smartRTU

RISK EVALUATION Successful exploitation of these vulnerabilities could allow a remote unauthenticated attacker to disclose, tamper with, destroy or delete information in the product, or cause a denial-of service condition on the product. 2. RECOMMENDED PRACTICES CISA recommends users take...

8.7CVSS8.1AI score0.00511EPSS
Exploits0References10
ICS
ICS
added 2025/04/10 8:30 a.m.12 views

ABB MV Drives

SUMMARY Multiple vulnerabilities regarding the CODESYS Runtime System from CODESYS Group have been publicly reported. CODESYS Runtime System v.3.5.15.0 is utilized in the firmware of ABB MV ACS6080 and ACS5000 drives to provide IEC 61131 programming capabilities. These vulnerabilities could lead...

7.7AI score
Exploits0References16
ICS
ICS
added 2025/04/10 6:0 a.m.19 views

Subnet Solutions PowerSYSTEM Center

RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to cause a denial-of-service condition. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this these vulnerabilities, such as: Minimize network...

5.3CVSS7AI score0.00131EPSS
Exploits0References10
ICS
ICS
added 2025/04/10 6:0 a.m.42 views

Rockwell Automation Arena

RISK EVALUATION Successful exploitation of these vulnerabilities could disclose information to an attacker or allow execution of arbitrary code on the system. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities...

8.5CVSS7.6AI score0.00292EPSS
Exploits0References10
ICS
ICS
added 2025/04/10 6:0 a.m.29 views

INFINITT Healthcare INFINITT PACS

RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to upload malicious files and access unauthorized system resources, resulting in arbitrary code execution or information disclosure. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to...

8AI score
Exploits0References10
ICS
ICS
added 2025/04/08 4:0 a.m.9 views

Schneider Electric ConneXium Network Manager Software

GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. https://www.se.com/us/en/download/document/7EN52-0390/ Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install...

7.9AI score
Exploits0References11
ICS
ICS
added 2025/04/08 4:0 a.m.24 views

Schneider Electric Trio Q Licensed Data Radio

GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. https://www.se.com/us/en/download/document/7EN52-0390/ Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install...

6.5AI score
Exploits0References11
ICS
ICS
added 2025/04/08 12:0 a.m.6 views

Siemens Solid Edge

SUMMARY Solid Edge is affected by an out of bounds write vulnerability that could be triggered when the application is parsing XT data or a specially crafted file in XT format. If a user is tricked to open a malicious file with the affected applications, an attacker could leverage the...

7.8CVSS7.9AI score0.00176EPSS
Exploits0References10
ICS
ICS
added 2025/04/08 12:0 a.m.5 views

Siemens Industrial Edge Devices

SUMMARY Siemens Industrial Edge Devices contain a weak authentication vulnerability that could facilitate an unauthenticated remote attacker to circumvent authentication and impersonate a legitimate user. Siemens has released new versions for several affected products and recommends to update to...

9.8CVSS7.3AI score0.00744EPSS
Exploits0References10
ICS
ICS
added 2025/04/08 12:0 a.m.14 views

Siemens Insights Hub Private Cloud

SUMMARY Insights Hub Private Cloud is affected by multiple vulnerabilities in Ingress NGINX Controller for Kubernetes. These vulnerabilities could lead to arbitrary code execution in the context of the ingress-nginx controller, or disclosure of Secrets accessible to the controller, or denial of...

8.7AI score
Exploits0References10
ICS
ICS
added 2025/04/08 12:0 a.m.15 views

Siemens SENTRON 7KT PAC1260 Data Manager

SUMMARY SENTRON 7KT PAC1260 Data Manager is affected by multiple vulnerabilities as listed below. Software fixes can no longer be provided for The SENTRON 7KT PAC1260 Data Manager. This advisory documents the known open vulnerabilities. To fix the vulnerabilities, Siemens recommends to replace...

8.7AI score
Exploits0References10
ICS
ICS
added 2025/04/08 12:0 a.m.25 views

Siemens License Server (SLS)

SUMMARY Siemens License Server before V4.3 contains various vulnerabilities that could allow a low-privileged local user to escalate privileges or perform arbitrary code execution. Siemens has released a new version for Siemens License Server SLS and recommends to update to the latest version...

7.9AI score
Exploits0References10
ICS
ICS
added 2025/04/08 12:0 a.m.12 views

Siemens SIMOCODE, SIMATIC, SIPLUS, SIDOOR, SIWAREX

SUMMARY A vulnerability exists in affected products that could allow remote attackers to affect the availability of the devices under certain conditions. The integrated ICMP services in the underlying TCP/IP stack is vulnerable to a denial of service attack through specially crafted ICMP...

6.9CVSS6.8AI score0.00599EPSS
Exploits0References10
ICS
ICS
added 2025/04/08 12:0 a.m.6 views

Siemens Industrial Edge Device Kit

SUMMARY Industrial Edge Device Kit contains a weak authentication vulnerability that could facilitate an unauthenticated remote attacker to circumvent authentication and impersonate a legitimate user. Industrial Edge Device Builders integrate Industrial Edge Device Kit into their offerings...

9.8CVSS7.3AI score0.00744EPSS
Exploits0References10
ICS
ICS
added 2025/04/08 12:0 a.m.8 views

Siemens Mendix Runtime

SUMMARY Mendix Runtime allows for entity enumeration due to distinguishable responses in certain client actions. This could allow an unauthenticated remote attacker to list all valid entities and attribute names of a Mendix Runtime-based application. Siemens has released new versions for several...

6.9CVSS7.1AI score0.00435EPSS
Exploits0References10
ICS
ICS
added 2025/04/08 12:0 a.m.7 views

Siemens SIDIS Prime

SUMMARY SIDIS Prime before V4.0.700 is affected by multiple vulnerabilities in the components OpenSSL, SQLite, Boost C++ Libraries and several Microsoft components as described below. Siemens has released a new version of SIDIS Prime and recommends to update to the latest version. 2. GENERAL...

5.3CVSS9.1AI score0.02577EPSS
Exploits0References10
ICS
ICS
added 2025/04/07 10:30 a.m.32 views

ABB Arctic Wireless Gateways

SUMMARY ABB is aware of public reports of the vulnerabilities in the product versions listed as affected in this advisory. An attacker who successfully exploited modem module vulnerabilities could run arbitrary code in the wireless modem module of the product. This could lead to denial of...

8.8AI score
Exploits0References11
ICS
ICS
added 2025/04/07 10:30 a.m.22 views

ABB M2M Gateway

SUMMARY ABB is aware of public reports of a vulnerabilities in product versions listed as affected in this advisory. An attacker who successfully exploited these vulnerabilities could cause the product to stop, make the product inacces-sible, take remote control of the product or insert and run...

9.3AI score
Exploits0References13
ICS
ICS
added 2025/04/01 6:0 a.m.23 views

Rockwell Automation Lifecycle Services with Veeam Backup and Replication

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker with administrative privileges to execute code on the target system. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:...

9.9CVSS8.1AI score0.18335EPSS
Exploits1References10
ICS
ICS
added 2025/03/26 12:30 a.m.15 views

ABB ACS880 Drives Containing CODESYS RTS

SUMMARY Multiple vulnerabilities regarding the CODESYS Runtime System from CODESYS Group have been publicly reported. CODESYS Runtime System is utilized in the firmware of ABB ACS880 drives to provide IEC 61131-3 programming capabilities. These vulnerabilities could lead to out-of-bound memory...

7.4AI score
Exploits0References16
ICS
ICS
added 2025/03/26 12:30 a.m.15 views

ABB Low Voltage DC Drives and Power Controllers CODESYS RTS

SUMMARY CODESYS group published several vulnerabilities regarding the CODESYS Runtime System, which is included in the firmware of ABB LV DC drives and power controllers. It is used to implement a selection of features and to provide IEC 611131-3 programming capabilities. These vulnerabilities...

7.6AI score
Exploits0References11
ICS
ICS
added 2025/03/25 1:30 p.m.20 views

Hitachi Energy TRMTracker

SUMMARY Hitachi Energy is aware of the multiple vulnerabilities that affect the TRMTracker product versions listed in this document. An attacker successfully exploiting these vulnerabilities can cause confidentiality and integrity impacts. Please refer to the Recommended Immediate Actions for...

7.9AI score
Exploits0References9
ICS
ICS
added 2025/03/25 12:30 p.m.29 views

Hitachi Energy RTU500 Series (Update B)

SUMMARY Hitachi Energy is aware of the vulnerabilities, CVE-2024-10037, CVE-2024-11499, CVE-2024-12169, and CVE-2025-1445 in the RTU500 Web server component, the IEC 60870-5-104 controlled station implementation and IEC 61850 implementation, that affects the RTU500 versions that are listed...

8.7CVSS6.3AI score0.00365EPSS
Exploits0References9
ICS
ICS
added 2025/03/25 6:0 a.m.20 views

Inaba Denki Sangyo CHOCO TEI WATCHER mini

RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to obtain the product's login password, gain unauthorized access, tamper with product's data, and/or modify product settings. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to...

7.5CVSS8AI score0.00787EPSS
Exploits0References10
ICS
ICS
added 2025/03/25 6:0 a.m.9 views

Rockwell Automation Verve Asset Manager

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker with administrative access to run arbitrary commands in the context of the container running the service. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of...

7.5CVSS7.4AI score0.00663EPSS
Exploits0References10
ICS
ICS
added 2025/03/25 6:0 a.m.11 views

Rockwell Automation 440G TLS-Z

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to take over the device. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. CISA reminds organizations to perform proper impact...

7CVSS7.4AI score0.00342EPSS
Exploits0References10
ICS
ICS
added 2025/03/24 12:30 a.m.12 views

B&R APROL

SUMMARY Updates are available that resolve privately reported vulnerabilities in the product versions listed as affected in this advisory. An attacker who successfully exploits these vulnerabilities could elevate privileges or gather sensitive information. 2. MITIGATING FACTORS Mitigating...

7.7AI score
Exploits0References10
ICS
ICS
added 2025/03/20 6:0 a.m.13 views

Santesoft Sante DICOM Viewer Pro

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause memory corruption that would result in execution of arbitrary code. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability,...

8.4CVSS7.6AI score0.00175EPSS
Exploits0References10
ICS
ICS
added 2025/03/20 6:0 a.m.6 views

SMA Sunny Portal

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to upload and remotely execute code. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network exposure for all...

6.5CVSS7AI score0.00695EPSS
Exploits0References10
ICS
ICS
added 2025/03/20 12:0 a.m.10 views

CentralSquare eTRAKiT.Net SQL injection vulnerability

RISK EVALUATION eTRAKiT is a public online portal that provides the public with easily accessible information related to permits, projects, licenses, code compliance, land, and inspections. An SQL injection vulnerability in the CRM feature of eTRAKiT.net release 3.2.1.77 allows a remote,...

9.8CVSS8.3AI score0.00528EPSS
Exploits0References1
ICS
ICS
added 2025/03/18 6:0 a.m.16 views

Rockwell Automation Lifecycle Services with VMware

RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker with local administrative privileges to execute code. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as: Minimize...

7.9AI score
Exploits0References10
Total number of security vulnerabilities4251