4207 matches found
Siemens Siveillance Video Camera
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
Microsoft Releases October 2024 Security Updates
Microsoft released security updates to address vulnerabilities in multiple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following and apply necessary updates: Microsoft...
Schneider Electric EcoStruxure Power Monitoring Expert (PME) (Update B)
GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. https://www.se.com/us/en/download/document/7EN52-0390/ Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install...
Siemens Tecnomatix Plant Simulation
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
Siemens SIMATIC S7-1500 CPUs
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
Siemens JT2Go
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
Siemens HiMed Cockpit
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
Siemens Sentron Powercenter 1000
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
Siemens SENTRON PAC3200 Devices
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
Siemens Simcenter Nastran
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
Schneider Electric Easergy Studio
GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. https://www.se.com/us/en/download/document/7EN52-0390/ Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install...
Schneider Electric EVlink Home Smart and Schneider Charge
GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. https://www.se.com/us/en/download/document/7EN52-0390/ Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install...
Schneider Electric Data Center Expert
GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. https://www.se.com/us/en/download/document/7EN52-0390/ Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install...
Schneider Electric Data Center Expert
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.6 ATTENTION : Exploitable remotely/low attack complexity Vendor : Schneider Electric Equipment : Data Center Expert Vulnerability : Improper Verification of Cryptographic Signature, Missing Authentication for Critical Function 2. RISK EVALUATION Successful...
Schneider Electric System Monitor Application in Harmony and Pro-face PS5000 Legacy Industrial PCs
GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. https://www.se.com/us/en/download/document/7EN52-0390/ Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install...
Siemens RUGGEDCOM APE1808
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
Siemens PSS SINCAL
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
Siemens SIMATIC S7-1500 and S7-1200 CPUs
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
Siemens SINEC Security Monitor
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
Siemens Teamcenter Visualization and JT2Go
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
Siemens Questa and ModelSim
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
Delta Electronics DIAEnergie
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION : Exploitable remotely/low attack complexity Vendor : Delta Electronics Equipment : DIAEnergie Vulnerabilities : SQL Injection 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to retrieve records or...
TEM Opera Plus FM Family Transmitter
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION : Exploitable remotely/low attack complexity/public exploits are available Vendor : TEM Equipment : Opera Plus FM Family Transmitter Vulnerabilities : Missing Authentication for Critical Function, Cross-Site Request Forgery CSRF 2. RISK...
Mitsubishi Electric MELSEC iQ-F FX5-OPC
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION : Exploitable remotely/low attack complexity Vendor : Mitsubishi Electric Equipment : MELSEC iQ-F FX5-OPC Vulnerability : NULL Pointer Dereference 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote attacker to...
Subnet Solutions Inc. PowerSYSTEM Center
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Subnet Solutions Inc. Equipment: PowerSYSTEM Center Vulnerabilities: Server-Side Request Forgery SSRF, Inefficient Regular Expression Complexity, Cross-Site Request Forgery CSRF 2. RISK...
Optigo Networks ONS-S8 - Spectra Aggregation Switch
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Optigo Networks Equipment: ONS-S8 - Spectra Aggregation Switch Vulnerabilities: Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion', Weak...
Advantech ADAM 5630
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION : Low attack complexity Vendor : Advantech Equipment : ADAM-5630 Vulnerabilities : Use of Persistent Cookies Containing Sensitive Information 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to hijack a...
Atelmo Atemio AM 520 HD Full HD Satellite Receiver
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION : Exploitable remotely/low attack complexity/public exploits are available Vendor : Atelmo Equipment : Atemio AM 520 HD Full HD Satellite Receiver Vulnerability : OS Command Injection 2. RISK EVALUATION Successful exploitation of this...
goTenna Pro ATAK Plugin (Update A)
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.1 ATTENTION : Low attack complexity Vendor : goTenna Equipment : Pro ATAK Plugin Vulnerabilities : Weak Password Requirements, Insecure Storage of Sensitive Information, Missing Support for Integrity Check, Cleartext Transmission of Sensitive Information,...
Advantech ADAM-5550
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION : Low attack complexity Vendor : Advantech Equipment : ADAM-5550 Vulnerabilities : Weak Encoding for Password, Cross-site Scripting 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow a remote attacker to intercept...
goTenna Pro X and Pro X2 (Update A)
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION : Low attack complexity Vendor : goTenna Equipment : Pro series Vulnerabilities : Weak Password Requirements, Insecure Storage of Sensitive Information, Missing Support for Integrity Check, Cleartext Transmission of Sensitive Information,...
OMNTEC Proteus Tank Monitoring (Update A)
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION : Exploitable remotely/low attack complexity Vendor : OMNTEC Mfg., Inc. Equipment : Proteus Tank Monitoring Vulnerability : Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability allow an...
Franklin Fueling Systems TS-550 EVO
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION : Exploitable remotely/low attack complexity Vendor : Franklin Fueling Systems Equipment : TS-550 EVO Automatic Tank Gauge Vulnerability : Absolute Path Traversal 2. RISK EVALUATION Successful exploitation of this vulnerability allow an...
Alisonic Sibylla
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Alisonic Equipment: Sibylla Vulnerability: Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' 2. RISK EVALUATION Successful exploitation of this vulnerability...
Moxa MXview One
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.8 ATTENTION : Exploitable remotely/low attack complexity Vendor : Moxa Equipment : MXview One, MXview One Central Manager Series Vulnerabilities : Cleartext Storage In A File or On Disk, Path Traversal, Time-of-Check Time-of-Use Race Condition 2. RISK...
OPW Fuel Management Systems SiteSentinel
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION : Exploitable remotely/low attack complexity Vendor : OPW Fuel Managements Systems Equipment : SiteSentinel Vulnerability : Missing Authentication For Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability could...
Dover Fueling Solutions ProGauge MAGLINK LX CONSOLE
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 10.0 ATTENTION : Exploitable remotely/low attack complexity Vendor : Dover Fueling Solutions DFS Equipment : ProGauge MAGLINK LX CONSOLE Vulnerabilities : Command Injection, Improper Privilege Management, Use of Hard-coded Password, Cross-site Scripting,...
Planet Fitness Workouts mobile apps do not properly validate TLS certificates
RISK EVALUATION The Planet Fitness Workouts iOS and Android mobile apps are vulnerable to network attacks due to improper TLS certificate validation, allowing an attacker to obtain session tokens and sensitive information. This issue was fixed in version 9.8.12. 2. RECOMMENDED PRACTICES Upgrade...
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-8963 Ivanti Cloud Services Appliance CSA Path Traversal Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and...
IDEC CORPORATION WindLDR and WindO/I-NV4
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.9 ATTENTION : Exploitable remotely Vendor : IDEC Corporation Equipment : WindLDR, WindO/I-NV4 Vulnerability : Cleartext Storage of Sensitive Information 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to obtain...
Kastle Systems Access Control System
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.2 ATTENTION : Exploitable remotely/low attack complexity Vendor : Kastle Systems Equipment : Access Control System Vulnerabilities : Use of Hard-coded Credentials, Cleartext Storage of Sensitive Information 2. RISK EVALUATION Successful exploitation of...
MegaSys Computer Technologies Telenium Online Web Application (Update A)
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION : Exploitable remotely/low attack complexity Vendor : MegaSys Computer Technologies Equipment : Telenium Online Web Application Vulnerability : Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could...
Rockwell Automation RSLogix 5 and RSLogix 500
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.8 ATTENTION : Exploitable locally/high attack complexity Vendor : Rockwell Automation Equipment : RSLogix 5 and RSLogix 500 Vulnerability : Insufficient verification of data authenticity 2. RISK EVALUATION Successful exploitation of this vulnerability...
IDEC Products (Update A)
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION : Low Attack Complexity Vendor : IDEC Corporation Equipment : IDEC PLCs Vulnerabilities : Cleartext Transmission of Sensitive Information, Generation of Predictable Identifiers 2. RISK EVALUATION Successful exploitation of these vulnerabilities...
Yokogawa Dual-redundant Platform for Computer (PC2CKM)
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION : Exploitable remotely/low attack complexity Vendor : Yokogawa Equipment : Dual-redundant Platform for Computer PC2CKM Vulnerability : Unchecked Return Value 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an...
Millbeck Communications Proroute H685t-w
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION : Exploitable remotely/low attack complexity Vendor : Millbeck Communications Equipment : Proroute H685t-w Vulnerabilities : Command Injection, Cross-site Scripting 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow...
Rockwell Automation ThinManager
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Rockwell Automation Equipment: ThinManager Vulnerability: Externally Controlled Reference to a Resource in Another Sphere 2. RISK EVALUATION Successful exploitation of this vulnerability could...
Rockwell Automation FactoryTalk Batch View
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.2 ATTENTION: Exploitable remotely Vendor: Rockwell Automation Equipment: FactoryTalk Batch View Vulnerability: Improper Authentication 2. RISK EVALUATION Successful exploitation of this vulnerability could result in an attacker bypassing authentication...
Rockwell Automation 5015-U8IHFT
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: 5015-U8IHFT Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could result in a denial-of-service...
Rockwell Automation Pavilion8
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.8 ATTENTION : Exploitable remotely/low attack complexity Vendor : Rockwell Automation Equipment : Pavilion8 Vulnerabilities : Improper Privilege Management, Path Traversal 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an...