4251 matches found
Hitachi Energy TRO600
RISK EVALUATION Command injection vulnerability in the Edge Computing UI for the TRO600 series radios that allows for the execution of arbitrary system commands. If exploited, an attacker with write access to the web UI can execute commands on the device with root privileges, far more extensive...
Rockwell Automation FactoryTalk View ME
RISK EVALUATION Successful exploitation of this vulnerability could allow a local low-privileged user to escalate their privileges by changing the macro to execute arbitrary code. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this...
Schneider Electric Modicon M340, MC80, and Momentum Unity M1E (Update B)
GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. https://www.se.com/us/en/download/document/7EN52-0390/ Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install...
Schneider Electric PowerLogic PM5300 Series
GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. https://www.se.com/us/en/download/document/7EN52-0390/ Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install...
Schneider Electric EcoStruxure IT Gateway
GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. https://www.se.com/us/en/download/document/7EN52-0390/ Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install...
Siemens Spectrum Power 7
SUMMARY Spectrum Power 7 before V24Q3 contains several root-owned SUID binaries that could allow an authenticated local attacker to escalate privileges. Siemens has released a new version for Spectrum Power 7 and recommends to update to the latest version. 2. GENERAL RECOMMENDATIONS Operators of...
Siemens Engineering Platforms
SUMMARY Affected products do not properly sanitize user-controllable input when parsing files. This could allow an attacker to cause a type confusion and execute arbitrary code within the affected application. Siemens has released new versions for several affected products and recommends to...
Siemens Solid Edge
SUMMARY Solid Edge is affected by multiple file parsing vulnerabilities that could be triggered when the application reads specially crafted files in various formats such as PAR or PSM format, and by a DLL hijacking vulnerability. This could allow an attacker to crash the application or execute...
Siemens OZW672 and OZW772 Web Server
SUMMARY OZW672 and OZW772 Web Server versions before V5.2 contain a stored cross-site scripting XSS vulnerability that could allow an authenticated remote attacker to inject arbitrary JavaScript code that is later executed by another authenticated victim user with potential higher privileges...
Siemens SIPORT
SUMMARY SIPORT before V3.4.0 contains a privilege escalation vulnerability which could allow a local attacker with an unprivileged account to override or modify the service executable and subsequently gain elevated privileges. Siemens has released a new version for SIPORT and recommends to...
Siemens SCALANCE M-800 Family
SUMMARY SCALANCE M-800 family before V8.2 is affected by multiple vulnerabilities. Siemens has released new versions for the affected products and recommends to update to the latest versions. 2. GENERAL RECOMMENDATIONS As a general security measure, Siemens strongly recommends to protect network...
Siemens Mendix Runtime
SUMMARY The basic authentication mechanism of Mendix Runtime contains a race condition vulnerability which could allow unauthenticated remote attackers to circumvent default account lockout measures. Siemens has released new versions for several affected products and recommends to update to the...
Siemens SIMATIC CP
SUMMARY SIMATIC CP 1543-1 devices contain an Incorrect Authorization vulnerability that could allow an unauthenticated attacker to gain access to the filesystem. Siemens has released a new version for SIMATIC CP 1543-1 V4.0 and recommends to update to the latest version. 2. GENERAL...
Siemens SINEC INS
SUMMARY SINEC INS before V1.0 SP2 Update 3 is affected by multiple vulnerabilities. Siemens has released a new version for SINEC INS and recommends to update to the latest version. 2. GENERAL RECOMMENDATIONS As a general security measure, Siemens strongly recommends to protect network access to...
Siemens RUGGEDCOM CROSSBOW
SUMMARY RUGGEDCOM CROSSBOW Station Access Controller SAC contains multiple vulnerabilities in the integrated SQLite component that could allow an attacker to execute arbitrary code or to create a denial of service condition. Siemens has released a new version for RUGGEDCOM CROSSBOW Station...
Siemens TeleControl Server
SUMMARY TeleControl Server Basic V3.1 contains a deserialization vulnerability that could allow an unauthenticated attacker to execute arbitrary code on the device. Siemens has released new versions for the affected products and recommends to update to the latest versions. 2. GENERAL...
Schneider Electric Modicon M340, MC80, and Momentum Unity M1E & EcoStruxure (Update A)
GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. https://www.se.com/us/en/download/document/7EN52-0390/ Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install...
Siemens SINEC NMS
SUMMARY SINEC NMS before V3.0 SP1 is affected by multiple vulnerabilities. Siemens has released a new version for SINEC NMS and recommends to update to the latest version. 2. GENERAL RECOMMENDATIONS As a general security measure, Siemens strongly recommends to protect network access to devices...
Bosch Rexroth IndraDrive
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service, rendering the device unresponsive by sending arbitrary UDP messages. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of...
Beckhoff Automation TwinCAT Package Manager
RISK EVALUATION Successful exploitation this vulnerability could allow a local attacker with administrative access rights to execute arbitrary OS commands on the affected system. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this...
Delta Electronics DIAScreen
RISK EVALUATION Successful exploitation of this these vulnerabilities could crash the device being accessed; a buffer overflow condition may allow remote code execution. 2. RECOMMENDED PRACTICES CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying...
Rockwell Automation FactoryTalk ThinManager
RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to send crafted messages to the device resulting in database manipulation or a denial-of-service condition. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of...
Solar-Log Base 15
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.1 ATTENTION : Exploitable remotely/low attack complexity/public exploits are available Vendor : Solar-Log Equipment : Base 15 Vulnerability : Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' 2. RISK EVALUATION Successful...
Delta Electronics InfraSuite Device Master
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION : Exploitable remotely/low attack complexity Vendor : Delta Electronics Equipment : InfraSuite Device Master Vulnerability : Deserialization of Untrusted Data 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an...
Hitachi Energy MSM (Update A)
RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to impact the confidentiality, integrity or availability of the MSM. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. CISA...
Deep Sea Electronics DSE855
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.1 ATTENTION : low attack complexity/public exploits are available Vendor : Deep Sea Electronics Equipment : DSE855 Vulnerability : Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an...
iniNet Solutions SpiderControl SCADA PC HMI Editor
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.6 ATTENTION : Exploitable remotely/low attack complexity Vendor : iniNet Solutions Equipment : SpiderControl SCADA PC HMI Editor Vulnerability : Path Traversal 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to gain...
VIMESA VHF/FM Transmitter Blue Plus
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.9 ATTENTION : Exploitable remotely/low attack complexity/public exploits are available Vendor : VIMESA Equipment : VHF/FM Transmitter Blue Plus Vulnerability : Improper Access Control 2. RISK EVALUATION Successful exploitation of this vulnerability could...
Siemens InterMesh Subscriber Devices
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
Mitsubishi Electric Iconics Digital Solutions and Mitsubishi Electric Products (Update C)
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION : Low attack complexity Vendor : ICONICS, Mitsubishi Electric Equipment : ICONICS Product Suite, Mitsubishi Electric MC Works64 Vulnerability : Incorrect Default Permissions 2. RISK EVALUATION Successful exploitation of this vulnerability could...
LCDS LAquis SCADA
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.0 ATTENTION : Exploitable remotely/low attack complexity Vendor : LCDS - Leão Consultoria e Desenvolvimento de Sistemas Ltda ME Equipment : LAquis SCADA Vulnerability : Cross-site Scripting 2. RISK EVALUATION Successful exploitation of this vulnerability...
Elvaco M-Bus Metering Gateway CMe3100 (Update A)
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.2 ATTENTION : Exploitable remotely/low attack complexity Vendor : Elvaco Equipment : M-Bus Metering Gateway CMe3100 Vulnerabilities : Missing Authentication for Critical Function, Unrestricted Upload of File with Dangerous Type, Improper Neutralization of...
Kieback&Peter DDC4000 Series
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION : Exploitable remotely/low attack complexity Vendor : Kieback&Peter Equipment : DDC4000 Series Vulnerabilities : Path Traversal, Insufficiently Protected Credentials, Use of Weak Credentials 2. RISK EVALUATION Successful exploitation of these...
HMS Networks EWON FLEXY 202
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.1 ATTENTION : Exploitable remotely/low attack complexity Vendor : HMS Networks Equipment : EWON FLEXY 202 Vulnerability : Insufficiently Protected Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to sniff...
Mitsubishi Electric CNC Series (Update D)
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.9 ATTENTION : Exploitable remotely Vendor : Mitsubishi Electric Equipment : CNC Series Vulnerability : Improper Validation of Specified Quantity in Input 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated remote...
Iranian Cyber Actors’ Brute Force and Credential Access Activity Compromises Critical Infrastructure Organizations
Summary The Federal Bureau of Investigation FBI, the Cybersecurity and Infrastructure Security Agency CISA, the National Security Agency NSA, the Communications Security Establishment Canada CSE, the Australian Federal Police AFP, and Australian Signals Directorate's Australian Cyber Security...
Rockwell Automation DataMosaix Private Cloud
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION : Exploitable remotely/low attack complexity Vendor : Rockwell Automation Equipment : DataMosaix Private Cloud Vulnerabilities : Exposure of Sensitive Information to an Unauthorized Actor, Missing Authorization, Incorrect Authorization 2. RISK...
Schneider Electric Zelio Soft 2
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION : Exploitable remotely/low attack complexity Vendor : Schneider Electric Equipment : Zelio Soft 2 Vulnerabilities : Use After Free, Improper Input Validation 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an...
Delta Electronics CNCSoft-G2
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION : low attack complexity Vendor : Delta Electronics Equipment : CNCSoft-G2 Vulnerabilities : Stack-based Buffer Overflow, Out-of-bounds Write, Heap-Based Buffer Overflow, Out-of-bounds Read, Use of Uninitialized Variable 2. RISK EVALUATION...
Rockwell Automation DataMosaix Private Cloud
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION : Exploitable remotely/low attack complexity Vendor : Rockwell Automation Equipment : DataMosaix Private Cloud Vulnerabilities : Inadequate Encryption Strength, Out-of-bounds Write, Improper Check for Dropped Privileges, Reliance on...
Rockwell Automation ControlLogix
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION : Exploitable remotely/low attack complexity Vendor : Rockwell Automation Equipment : ControlLogix Vulnerability : Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to send a...
Rockwell Automation PowerFlex 6000T
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.2 ATTENTION : Exploitable remotely/low attack complexity Vendor : Rockwell Automation Equipment : PowerFlex 6000T Vulnerability : Improper Check for Unusual or Exceptional Conditions 2. RISK EVALUATION Successful exploitation of this vulnerability could...
Rockwell Automation Verve Asset Manager
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION : Exploitable remotely/low attack complexity Vendor : Rockwell Automation Equipment : Verve Asset Manager Vulnerability : Placement of User into Incorrect Group 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an...
Rockwell Automation Logix Controllers
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION : Exploitable remotely/low attack complexity Vendor : Rockwell Automation Equipment : Compact GuardLogix, CompactLogix, ControlLogix, GuardLogix, 1756-EN4TR Vulnerability : Uncontrolled Resource Consumption 2. RISK EVALUATION Successful...
Siemens Siveillance Video Camera
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
Microsoft Releases October 2024 Security Updates
Microsoft released security updates to address vulnerabilities in multiple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following and apply necessary updates: Microsoft...
Schneider Electric EcoStruxure Power Monitoring Expert (PME) (Update B)
GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. https://www.se.com/us/en/download/document/7EN52-0390/ Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install...
Schneider Electric System Monitor Application in Harmony and Pro-face PS5000 Legacy Industrial PCs
GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. https://www.se.com/us/en/download/document/7EN52-0390/ Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install...
Schneider Electric Data Center Expert
GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. https://www.se.com/us/en/download/document/7EN52-0390/ Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install...
Schneider Electric EVlink Home Smart and Schneider Charge
GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. https://www.se.com/us/en/download/document/7EN52-0390/ Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install...