4207 matches found
Siemens SIMATIC RTLS Locating Manager
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
Siemens Polarion ALM
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
#StopRansomware: Black Basta
Actions for critical infrastructure organizations to take today to mitigate cyber threats from ransomware: 1. Install updates for operating systems, software, and firmware as soon as they are released. 2. Require phishing-resistant MFA for as many services as possible. 3. Train users to recognize...
alpitronic Hypercharger EV charger
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.3 ATTENTION: Exploitable remotely/Low attack complexity Vendor: alpitronic Equipment: Hypercharger EV charger Vulnerability: Use of Default Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could result in an attacker disabling...
Delta Electronics InfraSuite Device Master
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION : Exploitable remotely/low attack complexity Vendor : Delta Electronics Equipment : InfraSuite Device Master Vulnerability : Deserialization of Untrusted Data 2. RISK EVALUATION Successful exploitation of this vulnerability could allow remote...
Rockwell Automation FactoryTalk Historian SE
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.7 ATTENTION : Exploitable remotely/low attack complexity Vendor : Rockwell Automation Equipment : FactoryTalk Historian SE Vulnerabilities : Missing Release of Resource after Effective Lifetime, Improper Check or Handling of Exceptional Conditions 2. RISK...
PTC Codebeamer
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.1 ATTENTION : Exploitable remotely/low attack complexity Vendor : PTC Equipment : Codebeamer Vulnerability : Cross-site Scripting 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to inject malicious code in the...
SUBNET Substation Server
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.6 ATTENTION : Low attack complexity Vendor : Subnet Solutions Inc. Equipment : Substation Server Vulnerabilities : Reliance on Insufficiently Trustworthy Component 2. RISK EVALUATION Successful exploitation of the vulnerabilities in components used by...
CyberPower PowerPanel Business
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/Low attack complexity Vendor: CyberPower Equipment: PowerPanel business Vulnerabilities: Use of Hard-coded Password, Relative Path Traversal, Use of Hard-coded Credentials, Active Debug Code, Storing Passwords in a...
Delta Electronics DIAEnergie
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION : Exploitable remotely/low attack complexity Vendor : Delta Electronics Equipment : DIAEnergie Vulnerabilities : SQL Injection, Path Traversal 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an authenticated...
Hitachi Energy SDM600
SUMMARY Hitachi Energy is aware of multiple vulnerabilities that affect the SDM600 versions listed below. An attacker who managed to be authenticated to SDM600 and successfully exploit these vulnerabilities could elevate privileges and gain unauthorized access to the system. SDM600 version 1.3.4...
Delta Electronics CNCSoft-G2 DOPSoft (Update A)
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION : Low attack complexity Vendor : Delta Electronics Equipment : CNCSoft-G2 DOPSoft Vulnerability : Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code...
Hitachi Energy RTU500 Series Product (Update B)
SUMMARY Hitachi Energy is aware of the vulnerability CVE-2024-2617 in the RTU500 Web server component, that affects the RTU500 versions that are listed below. An attacker successfully exploiting this vulnerability could bypass secure update. Please refer to the Recommended Immediate Actions for...
Honeywell Experion PKS, Experion LX, PlantCruise by Experion, Safety Manager, Safety Manager SC
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION : Exploitable remotely/low attack complexity Vendor : Honeywell Equipment : Experion PKS, Experion LX, PlantCruise by Experion, Safety Manager, Safety Manager SC Vulnerabilities : Exposed Dangerous Method or Function, Absolute Path Traversal,...
Hitachi Energy RTU500 Series
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.0 ATTENTION : Exploitable remotely/low attack complexity Vendor : Hitachi Energy Equipment : RTU500 Series Vulnerabilities : Unrestricted Upload of File with Dangerous Type 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow the...
Siemens RUGGEDCOM APE1808 devices configured with Palo Alto Networks Virtual NGFW
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
#StopRansomware: Akira Ransomware
Actions to take today to mitigate cyber threats from Akira ransomware: 1. Prioritize remediating known exploited vulnerabilities. 2. Enable multifactor authentication MFA for all services to the extent possible, particularly for webmail, VPN, and accounts that access critical systems. 3. Regularl...
Unitronics Vision Legacy series (Update A)
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION : Exploitable remotely/low attack complexity Vendor : Unitronics Equipment : Vision Legacy series Vulnerability : Storing Passwords in a Recoverable Format 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker...
Rockwell Automation ControlLogix and GuardLogix (Update A)
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.2 ATTENTION : Exploitable remotely/low attack complexity Vendor : Rockwell Automation Equipment : ControlLogix 5580, GuardLogix 5580, CompactLogix 5380, 1756-EN4TR Vulnerability : Improper Input Validation 2. RISK EVALUATION Successful exploitation of this...
Measuresoft ScadaPro
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.8 ATTENTION : Low attack complexity Vendor : Measuresoft Equipment : ScadaPro Vulnerability : Improper Access Control 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to escalate their privileges from unprivileged to...
Electrolink FM/DAB/TV Transmitter
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION : Exploitable remotely/low attack complexity/public exploits are available Vendor : Electrolink Equipment : FM/DAB/TV Transmitter Vulnerabilities : Authentication Bypass by Assumed-Immutable Data, Reliance on Cookies without Validation and...
RoboDK RoboDK
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 3.3 ATTENTION: Low attack complexity Vendor: RoboDK Equipment: RoboDK Vulnerability: Heap-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could result in an attacker crashing the program through heap-based buffer...
Rockwell Automation 5015-AENFTXT (Update A)
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION : Exploitable remotely/low attack complexity Vendor : Rockwell Automation Equipment : 5015-AENFTXT Vulnerability : Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to crash the...
SUBNET PowerSYSTEM Server and Substation Server
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.6 ATTENTION : Low attack complexity Vendor : SUBNET Solutions Inc. Equipment : PowerSYSTEM Server, Substation Server 2021 Vulnerabilities : Reliance on Insufficiently Trustworthy Component 2. RISK EVALUATION Successful exploitation of the vulnerabilities...
Siemens RUGGEDCOM APE1808
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
Siemens SIMATIC S7-1500 TM MFP
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
Siemens SINEC NMS
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
Siemens Parasolid
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
Siemens Scalance W1750D
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
Siemens SIMATIC WinCC
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
Siemens RUGGEDCOM APE1808
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
Schweitzer Engineering Laboratories SEL 700 series relays
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.9 ATTENTION : Exploitable remotely/low attack complexity Vendor : Schweitzer Engineering Laboratories Equipment : SEL 700 series relays Vulnerability : Inclusion of Undocumented Features 2. RISK EVALUATION Successful exploitation of this vulnerability...
Hitachi Energy Asset Suite 9
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.9 ATTENTION : Exploitable remotely/low attack complexity Vendor : Hitachi Energy Equipment : Asset Suite 9 Vulnerability : Improper Authentication 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to use an...
IOSIX IO-1020 Micro ELD
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.4 ATTENTION : Exploitable from adjacent network/Low attack complexity Vendor : IOSiX Equipment : IO-1020 Micro ELD Vulnerabilities : Use of Default Credentials, Download of Code Without Integrity Check 2. RISK EVALUATION Successful exploitation of these...
Hitachi Energy MACH SCM (Update A)
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.9 ATTENTION : Exploitable remotely Vendor : Hitachi Energy Equipment : MACH SCM Vulnerabilities : Improper Control of Generation of Code, Improper Neutralization of Directives in Dynamically Evaluated Code 2. RISK EVALUATION Successful exploitation of...
Rockwell Automation Arena Simulation
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION : low attack complexity Vendor : Rockwell Automation Equipment : Arena Simulation Software Vulnerabilities : Out-of-bounds Write, Heap-based Buffer Overflow, Improper Restriction of Operations within the Bounds of a Memory Buffer, Use After...
Rockwell Automation FactoryTalk View ME
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.9 ATTENTION : Exploitable remotely/low attack complexity Vendor : Rockwell Automation Equipment : FactoryTalk View ME Vulnerability : Cross-site Scripting 2. RISK EVALUATION Successful exploitation of this vulnerability could lead to the loss of view or...
AutomationDirect C-MORE EA9 HMI
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION : Exploitable remotely/low attack complexity Vendor : AutomationDirect Equipment : C-MORE EA9 HMI Vulnerabilities : Path Traversal, Stack-Based Buffer Overflow, Plaintext Storage of a Password 2. RISK EVALUATION Successful exploitation of these...
Rockwell Automation PowerFlex 527
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION : Exploitable remotely/low attack complexity Vendor : Rockwell Automation Equipment : PowerFlex 527 Vulnerabilities : Improper Input Validation, Uncontrolled Resource Consumption 2. RISK EVALUATION Successful exploitation of this these...
Advantech WebAccess/SCADA
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.1 ATTENTION : Exploitable remotely/low attack complexity/public exploits are available Vendor : Advantech Equipment : WebAccess/SCADA Vulnerability : SQL Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an...
Franklin Fueling System EVO 550/5000
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION : Exploitable remotely/low attack complexity Vendor : Franklin Fueling System Equipment : EVO 550, EVO 5000 Vulnerability : Path Traversal 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to read...
Softing edgeConnector
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.2 ATTENTION : Low attack complexity Vendor : Softing Equipment : edgeConnector Vulnerabilities : Cleartext Transmission of Sensitive Information, Path Traversal 2. RISK EVALUATION Successful exploitation of these vulnerabilities could create conditions...
Delta Electronics DIAEnergie
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION : Exploitable remotely Vendor : Delta Electronics Equipment : DIAEnergie Vulnerabilities : Improper Authorization, SQL Injection, Path Traversal, Cross-site Scripting 2. RISK EVALUATION Successful exploitation of these vulnerabilities could...
Siemens SIMATIC
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
Mitsubishi Electric MELSEC-Q/L Series (Update B)
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION : Exploitable remotely/low attack complexity Vendor : Mitsubishi Electric Equipment : MELSEC-Q/L Series Vulnerabilities : Incorrect Pointer Scaling, Integer Overflow or Wraparound 2. RISK EVALUATION Successful exploitation of these...
Schneider Electric EcoStruxure Power Design
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION : Low Attack Complexity Vendor : Schneider Electric Equipment : EcoStruxure Power Design Vulnerability : Deserialization of Untrusted Data 2. RISK EVALUATION Successful exploitation of this vulnerability may allow for arbitrary code execution...
Siemens Siveillance Control
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
Siemens SENTRON 7KM PAC3x20
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
Siemens RUGGEDCOM APE1808
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
Siemens Sinteso EN Cerberus PRO EN Fire Protection Systems
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...