Schneider Electric RemoteConnect and SCADAPack x70 Utilities (Update A)

RISK EVALUATION Successful exploitation of this vulnerability could lead to loss of confidentiality, integrity and potential remote code execution on workstation when a non-admin authenticated user opens a malicious project file. 2. RECOMMENDED PRACTICES CISA recommends users take defensive...

Siemens SIPROTEC 5 Products

SUMMARY Affected SIPROTEC 5 devices do not properly limit the access of the web server to the filesystem. This could allow an authenticated remote attacker to read arbitrary files or the entire filesystem of the device. Siemens has released new versions for several affected products and...

Siemens Industrial Edge Management

SUMMARY Industrial Edge Management is affected by a reflected cross-site scripting XSS vulnerability that could allow an attacker to extract sensitive information by tricking users into accessing a malicious link. Siemens recommends countermeasures for products where fixes are not, or not yet...

Siemens Mendix LDAP

SUMMARY The Mendix LDAP module is affected by an LDAP injection vulnerability that could allow an unauthenticated remote attacker to bypass username verification. Siemens has released a new version for Mendix LDAP and recommends to update to the latest version. 2. GENERAL RECOMMENDATIONS As a...

ABB Drive Composer

SUMMARY An update is available that resolves vulnerability in the product versions as affected in this advisory. An attacker who successfully exploits the vulnerability could get unauthorized access to the file system on the host machine. This can lead to the execution of arbitrary code, data...

Delta Electronics DRASimuCAD (Update A)

RISK EVALUATION Successful exploitation of these vulnerabilities could crash the device or potentially allow remote code execution. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. CISA reminds organizations to...

Nedap Librix Ecoreader

RISK EVALUATION Successful exploitation of this vulnerability could result in remote code execution. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network exposure for all control system...

Schneider Electric Modicon Controllers (Update A)

GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. https://www.se.com/us/en/download/document/7EN52-0390/ Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install...

Ossur Mobile Logic Application

RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker unauthorized access to sensitive information. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as: Minimize network...

Tibbo AggreGate Network Manager

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to achieve code execution on the affected device. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network...

Hitachi Energy RTU500 series CMU

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service condition. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. CISA reminds organizations to perform...

Delta Electronics DTM Soft

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network exposure for all control...

BD Diagnostic Solutions Products (Update A)

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to use default credentials to access, modify, or delete sensitive data, which could impact the availability of the system or cause a system shutdown. 2. RECOMMENDED PRACTICES CISA recommends users take...

Hitachi Energy TropOS Devices Series 1400/2400/6400

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service condition. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network exposure for...

Rockwell Automation PowerMonitor 1000 Remote

RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to perform edit operations, create admin users, perform factory reset, execute arbitrary code, or cause a denial-of-service condition. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures...

ThreatQuotient ThreatQ Platform

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to perform remote code execution. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network exposure for all...

Siemens User Management Component

SUMMARY Siemens User Management Component UMC is affected by a heap-based buffer overflow vulnerability which could allow an unauthenticated remote attacker arbitrary code execution. Siemens has released new versions for several affected products and recommends to update to the latest versions...

Rockwell Automation Arena (Update B)

RISK EVALUATION Successful exploitation of these vulnerabilities could result in execution of arbitrary code. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as: Minimize network exposure for all control...

MOBATIME Network Master Clock - DTS 4801

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to take control of the operating system for this product. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize...

Horner Automation Cscape

RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to disclose information and execute arbitrary code. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as: Minimize...

National Instruments LabVIEW

RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to disclose information or execute arbitrary code. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as: Minimize...

Schneider Electric Modicon

GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. https://www.se.com/us/en/download/document/7EN52-0390/ Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install...

Siemens SENTRON Powercenter 1000

SUMMARY SENTRON Powercenter devices are affected by a denial of service vulnerability that can be triggered during BLE Bluetooth Low Energy pairing. Siemens is preparing fix versions and recommends specific countermeasures for products where fixes are not, or not yet available. 2. GENERAL...

Siemens Teamcenter Visualization 

SUMMARY Siemens Teamcenter Visualization contains multiple file parsing vulnerabilities that could be triggered when the application reads files in WRL format. If a user is tricked to open a malicious file with any of the affected products, this could lead the application to crash or potentially...

Siemens Parasolid

SUMMARY Parasolid is affected by out of bounds write vulnerability that could be triggered when the application reads files in PAR format. If a user is tricked to open a malicious file with the affected applications, an attacker could perform remote code execution in the context of the current...

Siemens Simcenter Femap

SUMMARY Simcenter Femap contains multiple memory corruption vulnerabilities that could be triggered when the application reads files in BDF file formats. If a user is tricked to open a malicious file with any of the affected products, this could lead the application to crash or potentially lead...

Schneider Electric PowerChute Serial Shutdown

GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. https://www.se.com/us/en/download/document/7EN52-0390/ Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install...

Schneider Electric Harmony HMI and Pro-Face HMI Products

GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. https://www.se.com/us/en/download/document/7EN52-0390/ Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install...

Siemens Siemens Engineering Platforms

SUMMARY Affected products do not properly sanitize user-controllable input when parsing files. This could allow an attacker to cause a type confusion and execute arbitrary code within the affected application. Siemens is preparing fix versions and recommends countermeasures for products where...

Siemens COMOS 

SUMMARY COMOS is affected by XXE injection vulnerabilities that could allow an attacker to extract arbitrary application files. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for...

Siemens Solid Edge SE2024

SUMMARY Siemens Solid Edge is affected by multiple file parsing vulnerabilities that could be triggered when the application reads malicious PAR or ASM files. If a user is tricked to open a malicious file with the affected products, this could lead the application to crash or potentially lead to...

Siemens CPCI85 Central Processing/Communication 

SUMMARY The SICAM A8000 CP-8031 and CP-8050 devices are affected by a vulnerability that could allow an attacker with physical access to the device to decrypt the firmware. Siemens has released new firmware and hardware versions for the affected products and recommends to update to the latest...

Siemens RUGGEDCOM ROX II 

SUMMARY The CLI feature in the web interface of RUGGEDCOM ROX II devices is vulnerable to cross-site request forgery CSRF, which could allow an attacker to perform administrative actions if an authenticated user is tricked into accessing a malicious link. Siemens has released new versions for...

Siemens Engineering Platforms

SUMMARY Affected products contain a local arbitrary code execution vulnerability that could allow an attacker to perform actions against the operation system of that environment. Siemens is preparing fix versions and recommends countermeasures for products where fixes are not, or not yet...

Planet Technology Planet WGS-804HPT

RISK EVALUATION Successful exploitation of these vulnerabilities could result in remote code execution. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as: Minimize network exposure for all control system...

AutomationDirect C-More EA9 Programming Software

RISK EVALUATION Successful exploitation of these vulnerabilities could result in memory corruption; a buffer overflow condition may allow remote code execution. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities...

FESTO CODESYS

GENERAL RECOMMENDATION As part of a security strategy, Festo recommends the following general defense measures to reduce the risk of exploits: - Use controllers and devices only in a protected environment to minimize network exposure and ensure that they are not accessible from outside - Use...

Open Automation Software

RISK EVALUATION Successful exploitation of this vulnerability could result in an attacker executing code with escalated privileges. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. CISA reminds organizations to...

Fuji Electric Tellus Lite V-Simulator (Update A)

RISK EVALUATION Successful exploitation of these vulnerabilities could crash the device being accessed. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. CISA reminds organizations to perform proper impact...

Fuji Electric Monitouch V-SFT (Update A)

RISK EVALUATION Successful exploitation of these vulnerabilities could crash the device being accessed. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. CISA reminds organizations to perform proper impact...

Ruijie Reyee OS (Update A)

RISK EVALUATION Successful exploitation of this vulnerabilities could allow attackers to take near full control over the device. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as: Minimize network...

Mitsubishi Electric Iconics Digital Solutions and Mitsubishi Electric Products (Update C)

RISK EVALUATION Successful exploitation of these vulnerabilities could result in remote code execution. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. CISA reminds organizations to perform proper impact...

Valor Apps Easy Folder Listing Pro Joomla! extension deserialization vulnerability

RISK EVALUATION Valor Apps Easy Folder Listing Pro has a deserialization vulnerability that allows any external user can gain console access to vulnerable web servers that could potentially lead to total compromise of the web server, potential privilege escalation, and initial access into...

Siemens RUGGEDCOM APE1808

SUMMARY Palo Alto Networks has published 1 information on vulnerabilities in PAN-OS. This advisory lists the related Siemens Industrial products affected by these vulnerabilities. Siemens is preparing fix versions and recommends countermeasures for products where fixes are not, or not yet...

OSCAT Basic Library

RISK EVALUATION Successful exploitation of this vulnerability allows an local, unprivileged attacker to access limited internal data of the PLC, which may lead to a crash of the affected service. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of...

mySCADA myPRO Manager

RISK EVALUATION Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands or disclose sensitive information. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such...

Automated Logic WebCTRL Premium Server

RISK EVALUATION Successful exploitation of these vulnerabilities could allow an unauthenticated remote attacker to execute arbitrary commands on the server hosting WebCTRL or redirect legitimate users to malicious sites. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to...

Versa Networks Versa Director insecure default PostgreSQL configuration

RISK EVALUATION Versa Networks Versa Director, by default, configures PostgreSQL to listen on all network interfaces using database credentials shared by multiple installations. From Advising Vulnerability In Versa Director: "This combination allows an unauthenticated attacker to access and...

Mitsubishi Electric MELSEC iQ-F Series (Update A)

RISK EVALUATION Successful exploitation of this vulnerability could allow a remote attacker to cause a denial-of-service condition in Ethernet communication on the module. A system reset of the module is required for recovery. 2. RECOMMENDED PRACTICES CISA recommends users take defensive...

Baxter Life2000 Ventilation System

RISK EVALUATION Successful exploitation of these vulnerabilities could lead to information disclosure and/or disruption of the device's function without detection. 2. RECOMMENDED PRACTICES CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying...