4251 matches found
Siemens HiMed Cockpit
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
Siemens SENTRON PAC3200 Devices
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
Siemens PSS SINCAL
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
Siemens Questa and ModelSim
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
Siemens Teamcenter Visualization and JT2Go
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
Schneider Electric System Monitor Application in Harmony and Pro-face PS5000 Legacy Industrial PCs
GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. https://www.se.com/us/en/download/document/7EN52-0390/ Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install...
Schneider Electric Easergy Studio
GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. https://www.se.com/us/en/download/document/7EN52-0390/ Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install...
Schneider Electric EVlink Home Smart and Schneider Charge
GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. https://www.se.com/us/en/download/document/7EN52-0390/ Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install...
Siemens SINEC Security Monitor
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
Siemens RUGGEDCOM APE1808
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
Siemens Sentron Powercenter 1000
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
Siemens JT2Go
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
Siemens Tecnomatix Plant Simulation
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
Siemens SIMATIC S7-1500 and S7-1200 CPUs
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
Siemens Simcenter Nastran
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
Delta Electronics DIAEnergie
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION : Exploitable remotely/low attack complexity Vendor : Delta Electronics Equipment : DIAEnergie Vulnerabilities : SQL Injection 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to retrieve records or...
TEM Opera Plus FM Family Transmitter
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION : Exploitable remotely/low attack complexity/public exploits are available Vendor : TEM Equipment : Opera Plus FM Family Transmitter Vulnerabilities : Missing Authentication for Critical Function, Cross-Site Request Forgery CSRF 2. RISK...
Mitsubishi Electric MELSEC iQ-F FX5-OPC
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION : Exploitable remotely/low attack complexity Vendor : Mitsubishi Electric Equipment : MELSEC iQ-F FX5-OPC Vulnerability : NULL Pointer Dereference 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote attacker to...
Subnet Solutions Inc. PowerSYSTEM Center
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Subnet Solutions Inc. Equipment: PowerSYSTEM Center Vulnerabilities: Server-Side Request Forgery SSRF, Inefficient Regular Expression Complexity, Cross-Site Request Forgery CSRF 2. RISK...
Optigo Networks ONS-S8 - Spectra Aggregation Switch
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Optigo Networks Equipment: ONS-S8 - Spectra Aggregation Switch Vulnerabilities: Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion', Weak...
goTenna Pro X and Pro X2 (Update A)
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION : Low attack complexity Vendor : goTenna Equipment : Pro series Vulnerabilities : Weak Password Requirements, Insecure Storage of Sensitive Information, Missing Support for Integrity Check, Cleartext Transmission of Sensitive Information,...
goTenna Pro ATAK Plugin (Update A)
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.1 ATTENTION : Low attack complexity Vendor : goTenna Equipment : Pro ATAK Plugin Vulnerabilities : Weak Password Requirements, Insecure Storage of Sensitive Information, Missing Support for Integrity Check, Cleartext Transmission of Sensitive Information,...
Advantech ADAM-5550
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION : Low attack complexity Vendor : Advantech Equipment : ADAM-5550 Vulnerabilities : Weak Encoding for Password, Cross-site Scripting 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow a remote attacker to intercept...
Advantech ADAM 5630
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION : Low attack complexity Vendor : Advantech Equipment : ADAM-5630 Vulnerabilities : Use of Persistent Cookies Containing Sensitive Information 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to hijack a...
Atelmo Atemio AM 520 HD Full HD Satellite Receiver
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION : Exploitable remotely/low attack complexity/public exploits are available Vendor : Atelmo Equipment : Atemio AM 520 HD Full HD Satellite Receiver Vulnerability : OS Command Injection 2. RISK EVALUATION Successful exploitation of this...
Franklin Fueling Systems TS-550 EVO
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION : Exploitable remotely/low attack complexity Vendor : Franklin Fueling Systems Equipment : TS-550 EVO Automatic Tank Gauge Vulnerability : Absolute Path Traversal 2. RISK EVALUATION Successful exploitation of this vulnerability allow an...
OPW Fuel Management Systems SiteSentinel
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION : Exploitable remotely/low attack complexity Vendor : OPW Fuel Managements Systems Equipment : SiteSentinel Vulnerability : Missing Authentication For Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability could...
Dover Fueling Solutions ProGauge MAGLINK LX CONSOLE
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 10.0 ATTENTION : Exploitable remotely/low attack complexity Vendor : Dover Fueling Solutions DFS Equipment : ProGauge MAGLINK LX CONSOLE Vulnerabilities : Command Injection, Improper Privilege Management, Use of Hard-coded Password, Cross-site Scripting,...
Moxa MXview One
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.8 ATTENTION : Exploitable remotely/low attack complexity Vendor : Moxa Equipment : MXview One, MXview One Central Manager Series Vulnerabilities : Cleartext Storage In A File or On Disk, Path Traversal, Time-of-Check Time-of-Use Race Condition 2. RISK...
OMNTEC Proteus Tank Monitoring (Update A)
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION : Exploitable remotely/low attack complexity Vendor : OMNTEC Mfg., Inc. Equipment : Proteus Tank Monitoring Vulnerability : Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability allow an...
Alisonic Sibylla
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Alisonic Equipment: Sibylla Vulnerability: Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' 2. RISK EVALUATION Successful exploitation of this vulnerability...
Planet Fitness Workouts mobile apps do not properly validate TLS certificates
RISK EVALUATION The Planet Fitness Workouts iOS and Android mobile apps are vulnerable to network attacks due to improper TLS certificate validation, allowing an attacker to obtain session tokens and sensitive information. This issue was fixed in version 9.8.12. 2. RECOMMENDED PRACTICES Upgrade...
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-8963 Ivanti Cloud Services Appliance CSA Path Traversal Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and...
IDEC CORPORATION WindLDR and WindO/I-NV4
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.9 ATTENTION : Exploitable remotely Vendor : IDEC Corporation Equipment : WindLDR, WindO/I-NV4 Vulnerability : Cleartext Storage of Sensitive Information 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to obtain...
MegaSys Computer Technologies Telenium Online Web Application (Update A)
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION : Exploitable remotely/low attack complexity Vendor : MegaSys Computer Technologies Equipment : Telenium Online Web Application Vulnerability : Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could...
Kastle Systems Access Control System
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.2 ATTENTION : Exploitable remotely/low attack complexity Vendor : Kastle Systems Equipment : Access Control System Vulnerabilities : Use of Hard-coded Credentials, Cleartext Storage of Sensitive Information 2. RISK EVALUATION Successful exploitation of...
Rockwell Automation RSLogix 5 and RSLogix 500
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.8 ATTENTION : Exploitable locally/high attack complexity Vendor : Rockwell Automation Equipment : RSLogix 5 and RSLogix 500 Vulnerability : Insufficient verification of data authenticity 2. RISK EVALUATION Successful exploitation of this vulnerability...
IDEC Products (Update A)
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION : Low Attack Complexity Vendor : IDEC Corporation Equipment : IDEC PLCs Vulnerabilities : Cleartext Transmission of Sensitive Information, Generation of Predictable Identifiers 2. RISK EVALUATION Successful exploitation of these vulnerabilities...
Yokogawa Dual-redundant Platform for Computer (PC2CKM)
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION : Exploitable remotely/low attack complexity Vendor : Yokogawa Equipment : Dual-redundant Platform for Computer PC2CKM Vulnerability : Unchecked Return Value 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an...
Millbeck Communications Proroute H685t-w
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION : Exploitable remotely/low attack complexity Vendor : Millbeck Communications Equipment : Proroute H685t-w Vulnerabilities : Command Injection, Cross-site Scripting 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow...
Rockwell Automation Pavilion8
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.8 ATTENTION : Exploitable remotely/low attack complexity Vendor : Rockwell Automation Equipment : Pavilion8 Vulnerabilities : Improper Privilege Management, Path Traversal 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an...
Rockwell Automation 5015-U8IHFT
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: 5015-U8IHFT Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could result in a denial-of-service...
Rockwell Automation ControlLogix/GuardLogix 5580 and CompactLogix/Compact GuardLogix 5380
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION : Exploitable remotely/low attack complexity Vendor : Rockwell Automation Equipment : ControlLogix/GuardLogix 5580 and CompactLogix/Compact GuardLogix 5380, CompactLogix 5480, 1756-EN4 Vulnerability : Improper Input Validation 2. RISK...
Rockwell Automation AADvance Trusted SIS Workstation
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Rockwell Automation Equipment: AADvance Trusted SIS Workstation Vulnerabilities: Improper Input Validation 2. RISK EVALUATION Successful exploitation of these vulnerabilities could result in an attacker executing...
Rockwell Automation ThinManager
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Rockwell Automation Equipment: ThinManager Vulnerability: Externally Controlled Reference to a Resource in Another Sphere 2. RISK EVALUATION Successful exploitation of this vulnerability could...
Rockwell Automation FactoryTalk Batch View
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.2 ATTENTION: Exploitable remotely Vendor: Rockwell Automation Equipment: FactoryTalk Batch View Vulnerability: Improper Authentication 2. RISK EVALUATION Successful exploitation of this vulnerability could result in an attacker bypassing authentication...
Rockwell Automation OptixPanel
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.7 ATTENTION : Exploitable remotely Vendor : Rockwell Automation Equipment : OptixPanel Vulnerability : Improper Privilege Management 2. RISK EVALUATION Successful exploitation of this vulnerability may allow users to exfiltrate credentials and escalate...
Rockwell Automation FactoryTalk View Site
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.2 ATTENTION : Exploitable remotely/low attack complexity Vendor : Rockwell Automation Equipment : FactoryTalk Vulnerability : Command Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to perform...
AutomationDirect DirectLogic H2-DM1E
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION : Exploitable from an adjacent network/low attack complexity Vendor : AutomationDirect Equipment : DirectLogic H2-DM1E Vulnerabilities : Session Fixation, Authentication Bypass by Capture-replay 2. RISK EVALUATION Successful exploitation of...
IBM webMethods Integration Multiple Vulnerabilities
RISK EVALUATION IBM webMethods Integration contains multiple vulnerabilities that could allow an authenticated attacker to escalate privileges within webMethods, execute arbitrary operating system commands, or read arbitrary files. 2. RECOMMENDED PRACTICES Install webMethods Integration Corefix...