4251 matches found
Siemens TIA Administrator
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
Siemens Mendix Applications
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
Siemens ST7 ScadaConnect
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
Siemens SICAM AK3/BC/TM
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
Siemens SCALANCE W700
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
Siemens PowerSys
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
Siemens SIMATIC and SIPLUS
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
Siemens SITOP UPS1600
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
Siemens SIMATIC S7-200 SMART Devices
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
Siemens TIM 1531 IRC
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
Schneider Electric Modicon M340, BMXNOE0100, and BMXNOE0110 (Update A)
GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. https://www.se.com/us/en/download/document/7EN52-0390/ Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install...
Schneider Electric PowerLogic P5
GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. https://www.se.com/us/en/download/document/7EN52-0390/ Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install...
Schneider Electric Sage Series
GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. https://www.se.com/us/en/download/document/7EN52-0390/ Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install...
Mitsubishi Electric CC-Link IE TSN Industrial Managed Switch
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.1 ATTENTION : Exploitable remotely/low attack complexity Vendor : Mitsubishi Electric Equipment : CC-Link IE TSN Industrial Managed Switch Vulnerability : Allocation of Resources Without Limits or Throttling 2. RISK EVALUATION Successful exploitation of...
Johnson Controls Software House iStar Door Controller (Update A)
View CSAF 1. EXECUTIVE SUMMARY CVSS 4 8.8 ATTENTION : Exploitable remotely/low attack complexity Vendor : Johnson Controls Inc. Equipment : Software House iStar Pro Door Controller, ICU Vulnerability : Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this...
Emerson Ovation
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION : Exploitable remotely/low attack complexity Vendor : Emerson Equipment : Ovation Vulnerabilities : Missing Authentication for Critical Function, Insufficient Verification of Data Authenticity CISA is aware of a public report, known as...
Emerson PACSystem and Fanuc
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.6 ATTENTION : Low attack complexity Vendor : Emerson Equipment : PACSystem, Fanuc Vulnerabilities : Cleartext Transmission of Sensitive Information, Insufficient Verification of Data Authenticity Insufficiently Protected Credentials, Download of Code...
ABB 800xA Base (Update A)
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.9 ATTENTION : Low attack complexity Vendor : ABB Equipment : 800xA Base Vulnerabilities : Improper Input Validation 2. RISK EVALUATION Successful exploitation of these vulnerabilities could cause services to crash and restart. 3. TECHNICAL DETAILS 3.1...
Uniview NVR301-04S2-P4 (Update A)
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.1 ATTENTION : Exploitable remotely/low attack complexity/public exploits available Vendor : Uniview Equipment : NVR301-04S2-P4 Vulnerability : Cross-site Scripting 2. RISK EVALUATION An attacker could send a user a URL that if clicked on could execute...
Inosoft VisiWin
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION : Low attack complexity/public exploits are available Vendor : Inosoft Equipment : VisiWin Vulnerability : Incorrect Default Permissions 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to gain SYSTEM...
Westermo EDW-100
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION : Exploitable remotely/low attack complexity Vendor : Westermo Equipment : EDW-100 Vulnerabilities : Use of Hard-coded Password, Insufficiently Protected Credentials 2. RISK EVALUATION Successful exploitation of these vulnerabilities could...
Fuji Electric Monitouch V-SFT (Update A)
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION : Low attack complexity Vendor : Fuji Electric Equipment : Monitouch V-SFT Vulnerabilities : Out-of-Bounds Write, Stack-Based Buffer Overflow, Type Confusion 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an...
LenelS2 NetBox
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION : Exploitable remotely/low attack complexity Vendor : LenelS2 Equipment : NetBox Vulnerabilities : Use of Hard-coded Password, OS Command Injection, Argument Injection 2. RISK EVALUATION Successful exploitation of these vulnerabilities could...
Baxter Welch Allyn Connex Spot Monitor
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.1 ATTENTION : Exploitable remotely Vendor : Baxter Equipment : Welch Allyn Connex Spot Monitor CSM Vulnerability : Use of Default Cryptographic Key 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to modify device...
Baxter Welch Allyn Configuration Tool
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.4 ATTENTION : Exploitable remotely Vendor : Baxter Equipment : Welch Allyn Configuration Tool Vulnerability : Insufficiently Protected Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could lead to the unintended exposure of...
Campbell Scientific CSI Web Server
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.9 ATTENTION : Exploitable remotely/low attack complexity Vendor : Campbell Scientific Equipment : CSI Web Server Vulnerabilities : Path Traversal, Weak Encoding for Password 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an...
AutomationDirect Productivity PLCs
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION : Exploitable remotely/low attack complexity Vendor : AutomationDirect Equipment : Productivity PLCs Vulnerabilities : Buffer Access with Incorrect Length Value, Out-of-bounds Write, Stack-based Buffer Overflow, Improper Access Control, Active...
LCDS LAquis SCADA
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION : Low attack complexity Vendor : LCDS - Leão Consultoria e Desenvolvimento de Sistemas Ltda ME Equipment : LAquis SCADA Vulnerabilities : Path Traversal 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to...
Rockwell Automation FactoryTalk View SE
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.8 ATTENTION : Exploitable remotely/low attack complexity Vendor : Rockwell Automation Equipment : FactoryTalk View SE Vulnerability : Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to...
Johnson Controls Software House C●CURE 9000
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.7 ATTENTION : Low attack complexity Vendor : Johnson Controls Equipment : Software House C●CURE 9000 Vulnerability : Insertion of Sensitive Information into Log File 2. RISK EVALUATION Successful exploitation of this vulnerability may allow an attacker to...
SUBNET PowerSYSTEM Center
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.6 ATTENTION : Low attack complexity Vendor : Subnet Solutions Inc. Equipment : PowerSYSTEM Center Vulnerabilities : Reliance on Insufficiently Trustworthy Component 2. RISK EVALUATION Successful exploitation of the vulnerabilities in components used by...
Rockwell Automation FactoryTalk Remote Access
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.0 ATTENTION : Low attack complexity Vendor : Rockwell Automation Equipment : Factory Talk Remote Access Vulnerability : Unquoted Search Path or Element 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to enter a...
Siemens RUGGEDCOM APE1808
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
Siemens Desigo Fire Safety UL and Cerberus PRO UL Fire Protection Systems
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
Siemens Simcenter Nastran
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
Siemens Solid Edge
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
Siemens SIMATIC RTLS Locating Manager
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
Siemens Polarion ALM
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
Siemens RUGGEDCOM CROSSBOW
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
Siemens SICAM Products
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
Siemens Industrial Products
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
Siemens PS/IGES Parasolid Translator Component
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
Siemens SIMATIC CN 4100
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
Siemens Teamcenter Visualization and JT2Go
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
Siemens Parasolid
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
Mitsubishi Electric Multiple FA Engineering Software Products (Update E)
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.0 ATTENTION : Low attack complexity Vendor : Mitsubishi Electric Equipment : Multiple FA Engineering Software Products Vulnerabilities : Improper Privilege Management, Uncontrolled Resource Consumption, Out-of-bounds Write, Improper Privilege Management 2...
#StopRansomware: Black Basta
Actions for critical infrastructure organizations to take today to mitigate cyber threats from ransomware: 1. Install updates for operating systems, software, and firmware as soon as they are released. 2. Require phishing-resistant MFA for as many services as possible. 3. Train users to recognize...
Delta Electronics InfraSuite Device Master
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION : Exploitable remotely/low attack complexity Vendor : Delta Electronics Equipment : InfraSuite Device Master Vulnerability : Deserialization of Untrusted Data 2. RISK EVALUATION Successful exploitation of this vulnerability could allow remote...
Rockwell Automation FactoryTalk Historian SE
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.7 ATTENTION : Exploitable remotely/low attack complexity Vendor : Rockwell Automation Equipment : FactoryTalk Historian SE Vulnerabilities : Missing Release of Resource after Effective Lifetime, Improper Check or Handling of Exceptional Conditions 2. RISK...
alpitronic Hypercharger EV charger
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.3 ATTENTION: Exploitable remotely/Low attack complexity Vendor: alpitronic Equipment: Hypercharger EV charger Vulnerability: Use of Default Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could result in an attacker disabling...