4251 matches found
Nedap Librix Ecoreader
RISK EVALUATION Successful exploitation of this vulnerability could result in remote code execution. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network exposure for all control system...
Ossur Mobile Logic Application
RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker unauthorized access to sensitive information. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as: Minimize network...
Delta Electronics DTM Soft
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network exposure for all control...
Schneider Electric Modicon Controllers (Update A)
GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. https://www.se.com/us/en/download/document/7EN52-0390/ Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install...
Tibbo AggreGate Network Manager
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to achieve code execution on the affected device. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network...
Hitachi Energy RTU500 series CMU
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service condition. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. CISA reminds organizations to perform...
BD Diagnostic Solutions Products (Update A)
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to use default credentials to access, modify, or delete sensitive data, which could impact the availability of the system or cause a system shutdown. 2. RECOMMENDED PRACTICES CISA recommends users take...
Rockwell Automation PowerMonitor 1000 Remote
RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to perform edit operations, create admin users, perform factory reset, execute arbitrary code, or cause a denial-of-service condition. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures...
Hitachi Energy TropOS Devices Series 1400/2400/6400
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service condition. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network exposure for...
ThreatQuotient ThreatQ Platform
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to perform remote code execution. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network exposure for all...
Siemens User Management Component
SUMMARY Siemens User Management Component UMC is affected by a heap-based buffer overflow vulnerability which could allow an unauthenticated remote attacker arbitrary code execution. Siemens has released new versions for several affected products and recommends to update to the latest versions...
Rockwell Automation Arena (Update C)
RISK EVALUATION Successful exploitation of these vulnerabilities could result in execution of arbitrary code. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as: Minimize network exposure for all control...
National Instruments LabVIEW
RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to disclose information or execute arbitrary code. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as: Minimize...
MOBATIME Network Master Clock - DTS 4801
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to take control of the operating system for this product. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize...
Horner Automation Cscape
RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to disclose information and execute arbitrary code. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as: Minimize...
Schneider Electric Modicon
GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. https://www.se.com/us/en/download/document/7EN52-0390/ Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install...
Siemens SENTRON Powercenter 1000
SUMMARY SENTRON Powercenter devices are affected by a denial of service vulnerability that can be triggered during BLE Bluetooth Low Energy pairing. Siemens is preparing fix versions and recommends specific countermeasures for products where fixes are not, or not yet available. 2. GENERAL...
Siemens Engineering Platforms
SUMMARY Affected products contain a local arbitrary code execution vulnerability that could allow an attacker to perform actions against the operation system of that environment. Siemens is preparing fix versions and recommends countermeasures for products where fixes are not, or not yet...
Siemens CPCI85 Central Processing/Communication
SUMMARY The SICAM A8000 CP-8031 and CP-8050 devices are affected by a vulnerability that could allow an attacker with physical access to the device to decrypt the firmware. Siemens has released new firmware and hardware versions for the affected products and recommends to update to the latest...
Schneider Electric Harmony HMI and Pro-Face HMI Products
GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. https://www.se.com/us/en/download/document/7EN52-0390/ Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install...
Schneider Electric PowerChute Serial Shutdown
GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. https://www.se.com/us/en/download/document/7EN52-0390/ Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install...
Siemens Teamcenter Visualization
SUMMARY Siemens Teamcenter Visualization contains multiple file parsing vulnerabilities that could be triggered when the application reads files in WRL format. If a user is tricked to open a malicious file with any of the affected products, this could lead the application to crash or potentially...
Siemens COMOS
SUMMARY COMOS is affected by XXE injection vulnerabilities that could allow an attacker to extract arbitrary application files. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for...
Siemens Simcenter Femap
SUMMARY Simcenter Femap contains multiple memory corruption vulnerabilities that could be triggered when the application reads files in BDF file formats. If a user is tricked to open a malicious file with any of the affected products, this could lead the application to crash or potentially lead...
Siemens Siemens Engineering Platforms
SUMMARY Affected products do not properly sanitize user-controllable input when parsing files. This could allow an attacker to cause a type confusion and execute arbitrary code within the affected application. Siemens is preparing fix versions and recommends countermeasures for products where...
Siemens Parasolid
SUMMARY Parasolid is affected by out of bounds write vulnerability that could be triggered when the application reads files in PAR format. If a user is tricked to open a malicious file with the affected applications, an attacker could perform remote code execution in the context of the current...
Siemens RUGGEDCOM ROX II
SUMMARY The CLI feature in the web interface of RUGGEDCOM ROX II devices is vulnerable to cross-site request forgery CSRF, which could allow an attacker to perform administrative actions if an authenticated user is tricked into accessing a malicious link. Siemens has released new versions for...
Siemens Solid Edge SE2024
SUMMARY Siemens Solid Edge is affected by multiple file parsing vulnerabilities that could be triggered when the application reads malicious PAR or ASM files. If a user is tricked to open a malicious file with the affected products, this could lead the application to crash or potentially lead to...
Planet Technology Planet WGS-804HPT
RISK EVALUATION Successful exploitation of these vulnerabilities could result in remote code execution. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as: Minimize network exposure for all control system...
AutomationDirect C-More EA9 Programming Software
RISK EVALUATION Successful exploitation of these vulnerabilities could result in memory corruption; a buffer overflow condition may allow remote code execution. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities...
FESTO CODESYS
GENERAL RECOMMENDATION As part of a security strategy, Festo recommends the following general defense measures to reduce the risk of exploits: - Use controllers and devices only in a protected environment to minimize network exposure and ensure that they are not accessible from outside - Use...
Fuji Electric Tellus Lite V-Simulator (Update A)
RISK EVALUATION Successful exploitation of these vulnerabilities could crash the device being accessed. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. CISA reminds organizations to perform proper impact...
Fuji Electric Monitouch V-SFT (Update A)
RISK EVALUATION Successful exploitation of these vulnerabilities could crash the device being accessed. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. CISA reminds organizations to perform proper impact...
Open Automation Software
RISK EVALUATION Successful exploitation of this vulnerability could result in an attacker executing code with escalated privileges. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. CISA reminds organizations to...
Ruijie Reyee OS (Update A)
RISK EVALUATION Successful exploitation of this vulnerabilities could allow attackers to take near full control over the device. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as: Minimize network...
Mitsubishi Electric Iconics Digital Solutions and Mitsubishi Electric Products (Update C)
RISK EVALUATION Successful exploitation of these vulnerabilities could result in remote code execution. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. CISA reminds organizations to perform proper impact...
Valor Apps Easy Folder Listing Pro Joomla! extension deserialization vulnerability
RISK EVALUATION Valor Apps Easy Folder Listing Pro has a deserialization vulnerability that allows any external user can gain console access to vulnerable web servers that could potentially lead to total compromise of the web server, potential privilege escalation, and initial access into...
Siemens RUGGEDCOM APE1808
SUMMARY Palo Alto Networks has published 1 information on vulnerabilities in PAN-OS. This advisory lists the related Siemens Industrial products affected by these vulnerabilities. Siemens is preparing fix versions and recommends countermeasures for products where fixes are not, or not yet...
mySCADA myPRO Manager
RISK EVALUATION Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands or disclose sensitive information. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such...
OSCAT Basic Library
RISK EVALUATION Successful exploitation of this vulnerability allows an local, unprivileged attacker to access limited internal data of the PLC, which may lead to a crash of the affected service. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of...
Automated Logic WebCTRL Premium Server
RISK EVALUATION Successful exploitation of these vulnerabilities could allow an unauthenticated remote attacker to execute arbitrary commands on the server hosting WebCTRL or redirect legitimate users to malicious sites. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to...
Versa Networks Versa Director insecure default PostgreSQL configuration
RISK EVALUATION Versa Networks Versa Director, by default, configures PostgreSQL to listen on all network interfaces using database credentials shared by multiple installations. From Advising Vulnerability In Versa Director: "This combination allows an unauthenticated attacker to access and...
Mitsubishi Electric MELSEC iQ-F Series (Update A)
RISK EVALUATION Successful exploitation of this vulnerability could allow a remote attacker to cause a denial-of-service condition in Ethernet communication on the module. A system reset of the module is required for recovery. 2. RECOMMENDED PRACTICES CISA recommends users take defensive...
Rockwell Automation Verve Reporting (Update A)
RISK EVALUATION Successful exploitation of this vulnerability could lead to arbitrary code execution. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network exposure for all control system...
Baxter Life2000 Ventilation System
RISK EVALUATION Successful exploitation of these vulnerabilities could lead to information disclosure and/or disruption of the device's function without detection. 2. RECOMMENDED PRACTICES CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying...
Rockwell Automation Arena Input Analyzer
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to disclose information and execute arbitrary code on the program. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:...
Rockwell Automation FactoryTalk Updater (Update A)
RISK EVALUATION Successful exploitation of these vulnerabilities could result in an authentication bypass, remote code execution, and/or a local privilege escalation 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these...
2N Access Commander (Update A)
RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to escalate their privileges, execute arbitrary code, or gain root access to the system. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these...
Ivanti Connect Secure and Ivanti Policy Secure Multiple Vulnerabilities
RISK EVALUATION Ivanti Connect Secure and Ivanti Policy Secure contain multiple vulnerabilities that allow a remote, authenticated attacker to execute arbitrary code. All of the vulnerabilities except for CVE-2024-39709 require the attacker to be authenticated with administrative privileges to...
Hitachi Energy TRO600
RISK EVALUATION Command injection vulnerability in the Edge Computing UI for the TRO600 series radios that allows for the execution of arbitrary system commands. If exploited, an attacker with write access to the web UI can execute commands on the device with root privileges, far more extensive...