4207 matches found
Rockwell Automation FactoryTalk View Site Edition (Update A)
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION : Low attack complexity Vendor : Rockwell Automation Equipment : FactoryTalk View Site Edition Vulnerability : Incorrect Permission Assignment for Critical Resource 2. RISK EVALUATION Successful exploitation of this vulnerability could allow...
Rockwell Automation GuardLogix/ControlLogix 5580 Controller
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION : Exploitable remotely/low attack complexity Vendor : Rockwell Automation Equipment : ControlLogix 5580, GuardLogix 5580 Vulnerability : Improper Check for Unusual or Exceptional Conditions 2. RISK EVALUATION Successful exploitation of this...
Rockwell Automation Pavilion8
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.3 ATTENTION : Exploitable remotely/low attack complexity Vendor : Rockwell Automation Equipment : Pavilion8 Vulnerability : Missing Encryption of Sensitive Data 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to...
Rockwell Automation AADvance Standalone OPC-DA Server
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION : Exploitable remotely/low attack complexity Vendor : Rockwell Automation Equipment : AADvance Standalone OPC-DA Server Vulnerabilities : Improper Input Validation, Use of Externally Controlled Format String 2. RISK EVALUATION Successful...
Rockwell Automation ControlLogix, GuardLogix 5580, CompactLogix, Compact GuardLogix 5380
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION : Exploitable remotely/low attack complexity Vendor : Rockwell Automation Equipment : ControlLogix, GuardLogix 5580, CompactLogix, Compact GuardLogix 5380 Vulnerability : Improper Input Validation 2. RISK EVALUATION Successful exploitation of...
Rockwell Automation DataMosaix Private Cloud
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.6 ATTENTION : Exploitable remotely/low attack complexity Vendor : Rockwell Automation Equipment : DataMosaix Private Cloud Vulnerability : Improper Authentication 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to...
Ocean Data Systems Dream Report
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION : Exploitable remotely/low attack complexity Vendor : Ocean Data Systems Equipment : Dream Report 2023 Vulnerabilities : Path Traversal, Incorrect Permission Assignment for Critical Resource 2. RISK EVALUATION Successful exploitation of these...
AVEVA SuiteLink Server
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION : Exploitable remotely/low attack complexity Vendor : AVEVA Equipment : SuiteLink Server Vulnerability : Allocation of Resources Without Limits or Throttling 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an...
Rockwell Automation Micro850/870
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.9 ATTENTION : Exploitable remotely/low attack complexity Vendor : Rockwell Automation Equipment : Micro850/870 Vulnerability : Uncontrolled Resource Consumption 2. RISK EVALUATION Successful exploitation of this vulnerability may cause CIP/Modbus...
Siemens COMOS
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
Siemens SCALANCE M-800, RUGGEDCOM RM1224
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
Siemens SINEC NMS
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
Siemens NX
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
Siemens LOGO! V8.3 BM Devices
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
Siemens Location Intelligence
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
Siemens Teamcenter Visualization and JT2Go
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
Siemens INTRALOG WMS
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
Siemens SINEC Traffic Analyzer
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
Schneider Electric Accutech Manager
GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. https://www.se.com/us/en/download/document/7EN52-0390/ Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install...
Dorsett Controls InfoScan
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.9 ATTENTION : Exploitable remotely/low attack complexity Vendor : Dorsett Controls Equipment : InfoScan Vulnerabilities : Exposure of Sensitive Information To An Unauthorized Actor, Path Traversal 2. RISK EVALUATION Successful exploitation of these...
Delta Electronics DIAScreen
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION : Low attack complexity Vendor : Delta Electronics Equipment : DIAScreen Vulnerability : Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a stack-based buffer...
AVTECH IP camera
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION : Exploitable remotely/low attack complexity/public exploits are available/known public exploitation Vendor : AVTECH SECURITY Corporation Equipment : IP camera Vulnerability : Command Injection 2. RISK EVALUATION Successful exploitation of this...
Johnson Controls exacqVision Web Service
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.7 ATTENTION : Exploitable remotely/low attack complexity Vendor : Johnson Controls, Inc. Equipment : Web Service Vulnerability : Use of GET Request Method With Sensitive Query Strings 2. RISK EVALUATION Successful exploitation of this vulnerability could...
Johnson Controls exacqVision Server
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.4 ATTENTION : Exploitable remotely Vendor : Johnson Controls, Inc. Equipment : exacqVision Server Vulnerability : Improper Certificate Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to perform a...
Johnson Controls exacqVision Web Service
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.4 ATTENTION : Exploitable remotely Vendor : Johnson Controls, Inc. Equipment : exacqVision Web Service Vulnerability : Cleartext Transmission of Sensitive Information 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker...
Rockwell Automation Logix Controllers
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.3 ATTENTION : Exploitable remotely/low attack complexity Vendor : Rockwell Automation Equipment : ControlLogix, GuardLogix, and 1756 ControlLogix I/O Modules Vulnerability : Unprotected Alternate Channel 2. RISK EVALUATION Successful exploitation of this...
Johnson Controls exacqVision Web Service
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.8 ATTENTION : Exploitable remotely Vendor : Johnson Controls, Inc. Equipment : exacqVision Web Service Vulnerability : Cross-Site Request Forgery CSRF 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to perform...
Vonets WiFi Bridges
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 10.0 ATTENTION : Exploitable remotely/low attack complexity Vendor : Vonets Equipment : VAR1200-H, VAR1200-L, VAR600-H, VAP11AC, VAP11G-500S, VBG1200, VAP11S-5G, VAP11S, VAR11N-300, VAP11G-300, VAP11N-300, VAP11G, VAP11G-500, VBG1200, VAP11AC, VGA-1000...
Johnson Controls exacqVision client and exacqVision server
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.0 ATTENTION : Exploitable remotely Vendor : Johnson Controls Inc. Equipment : exacqVision Client, exacqVision Server key Vulnerability : Inadequate Encryption Strength 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker...
Johnson Controls exacqVision Server web service
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.6 ATTENTION : Exploitable remotely Vendor : Johnson Controls Inc. Equipment : exacqVision Web Service Vulnerability : Permissive Cross-domain Policy with Untrusted Domains 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an...
North Korea Cyber Group Conducts Global Espionage Campaign to Advance Regime’s Military and Nuclear Programs
Summary The U.S. Federal Bureau of Investigation FBI and the following authoring partners are releasing this Cybersecurity Advisory to highlight cyber espionage activity associated with the Democratic People’s Republic of Korea DPRK’s Reconnaissance General Bureau RGB 3rd Bureau based in Pyongyan...
Positron Broadcast Signal Processor
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION : Exploitable remotely/low attack complexity/public exploits are available Vendor : Positron S.R.L Equipment : Broadcast Signal Processor TRA7005 Vulnerability : Authentication Bypass Using an Alternate Path or Channel 2. RISK EVALUATION...
National Instruments IO Trace
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION : Low attack complexity Vendor : National Instruments Equipment : IO Trace Vulnerability : Stack-Based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a local attacker to execute arbitrary code. 3...
National Instruments LabVIEW
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION : Low attack complexity Vendor : National Instruments Equipment : LabVIEW Vulnerabilities : Out-of-Bounds Read, Improper Restriction of Operations within the Bounds of a Memory Buffer 2. RISK EVALUATION Successful exploitation of these...
Hitachi Energy AFS/AFR Series Products
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION : Exploitable remotely/low attack complexity Vendor : Hitachi Energy Equipment : AFS650, AFS660, AFS665, AFS670, AFS675, AFS677, AFR677 Vulnerabilities : Type Confusion, Use After Free, Double Free, Observable Discrepancy 2. RISK EVALUATION...
Siemens SICAM Products
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
Adminer and AdminerEvo Multiple Vulnerabilities
RISK EVALUATION Adminer and AdminerEvo contain multiple vulnerabilities. Successful exploitation of these vulnerabilities could allow a remote, unauthenticated attacker to deny service, enumerate and access systems indirectly, upload arbitrary files, and execute arbitrary code. Adminer is no...
Subnet Solutions PowerSYSTEM Center
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.9 ATTENTION : Exploitable remotely/low attack complexity Vendor : Subnet Solutions Inc. Equipment : Subnet PowerSYSTEM Center Vulnerability : Prototype Pollution 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an authenticated...
Mitsubishi Electric MELSOFT MaiLab and MELSOFT VIXIO (Update A)
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.2 ATTENTION : Exploitable remotely Vendor : Mitsubishi Electric Corporation Equipment : MELSOFT MaiLab Vulnerability : Improper Verification of Cryptographic Signature 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote...
Philips Vue PACS (Update A)
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION : Exploitable remotely/low attack complexity Vendor : Philips Equipment : Vue PACS Vulnerabilities : Out-of-bounds Write, Deserialization of Untrusted Data, Uncontrolled Resource Consumption, Improper Privilege Management, Use of Default...
Rockwell Automation Pavilion 8
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION : Exploitable remotely/low attack complexity Vendor : Rockwell Automation Equipment : Pavilion 8 Vulnerability : Incorrect Permission Assignment for Critical Resource 2. RISK EVALUATION Successful exploitation of this vulnerability could allow...
CISA Red Team’s Operations Against a Federal Civilian Executive Branch Organization Highlights the Necessity of Defense-in-Depth
EXECUTIVE SUMMARY In early 2023, the Cybersecurity and Infrastructure Security Agency CISA conducted a SILENTSHIELD red team assessment against a Federal Civilian Executive Branch FCEB organization. During SILENTSHIELD assessments, the red team first performs a no-notice, long-term simulation of...
HMS Industrial Networks Anybus-CompactCom 30
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: HMS Industrial Networks Equipment: Anybus-CompactCom 30 Vulnerability: Cross-site Scripting 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a...
Rockwell Automation FactoryTalk System Services and Policy Manager
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.0 ATTENTION : Low attack complexity Vendor : Rockwell Automation Equipment : FactoryTalk System Services and Policy Manager Vulnerabilities : Improper Privilege Management 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an...
Rockwell Automation ThinManager ThinServer
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION : Exploitable remotely/low attack complexity Vendor : Rockwell Automation Equipment : ThinManager ThinServer Vulnerabilities : Improper Input Validation 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker...
Mitsubishi Electric MELIPC Series MI5122-VW
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION : Low attack complexity Vendor : Mitsubishi Electric Equipment : MI5122-VW Vulnerability : Incorrect Default Permissions 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to tamper with, destroy, disclose,...
Delta Electronics CNCSoft-G2 (Update A)
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION : Low attack complexity Vendor : Delta Electronics Equipment : CNCSoft-G2 Vulnerabilities : Stack-based Buffer Overflow, Out-of-bounds Write, Out-of-bounds Read, Heap-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of these...
Johnson Controls Inc. Software House C●CURE 9000
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.3 ATTENTION : Exploitable remotely/Low attack complexity Vendor : Johnson Controls, Inc. Equipment : Software House C●CURE 9000 Vulnerability : Use of Weak Credentials 2. RISK EVALUATION Successful exploitations of this vulnerability could allow an...
Johnson Controls Illustra Pro Gen 4
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.0 ATTENTION : Exploitable remotely Vendor : Johnson Controls, Inc. Equipment : Illustra Pro Gen 4 Vulnerability : Dependency on Vulnerable Third-Party Component 2. RISK EVALUATION Successful exploitation of this vulnerability could impact confidentiality...
Johnson Controls Inc. Software House C●CURE 9000 (Update B)
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION : Exploitable remotely/Low attack complexity Vendor : Johnson Controls Inc. Equipment : Software House C●CURE 9000 Vulnerability : Incorrect Default Permissions 2. RISK EVALUATION Successful exploitation of this vulnerability may allow an...