4214 matches found
Siemens SIMATIC
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
Softing edgeConnector
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.2 ATTENTION : Low attack complexity Vendor : Softing Equipment : edgeConnector Vulnerabilities : Cleartext Transmission of Sensitive Information, Path Traversal 2. RISK EVALUATION Successful exploitation of these vulnerabilities could create conditions...
Schneider Electric EcoStruxure Power Design
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION : Low Attack Complexity Vendor : Schneider Electric Equipment : EcoStruxure Power Design Vulnerability : Deserialization of Untrusted Data 2. RISK EVALUATION Successful exploitation of this vulnerability may allow for arbitrary code execution...
Siemens SCALANCE XB-200 / XC-200 / XP-200 / XF-200BA / XR-300WG Family
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
Siemens Sinteso EN Cerberus PRO EN Fire Protection Systems
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
Siemens SINEMA Remote Connect Server
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
Siemens SENTRON
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
Siemens SENTRON 7KM PAC3x20
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
Siemens Siveillance Control
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
Siemens RUGGEDCOM APE1808 with Fortigate NGFW Devices
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
Siemens SINEMA Remote Connect Client
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
Siemens Solid Edge
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
Siemens RUGGEDCOM APE1808
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
Chirp Systems Chirp Access (Update C)
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 2.3 ATTENTION : Low attack complexity Vendor : Chirp Systems Equipment : Chirp Access Vulnerability : Use of Hard-coded Password 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to adjust the Beacon configuration...
Nice Linear eMerge E3-Series
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION : Exploitable remotely/low attack complexity/public exploits are available Vendor : Nice Equipment : Linear eMerge E3-Series Vulnerabilities : Path traversal, Cross-site scripting, OS command injection, Unrestricted Upload of File with...
Santesoft Sante FFT Imaging
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION : Low attack complexity Vendor : Santesoft Equipment : Sante FFT Imaging Vulnerability : Out-of-Bounds Write 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a local attacker to execute arbitrary code once a user...
#StopRansomware: Phobos Ransomware
Actions to take today to mitigate Phobos ransomware activity: 1. Secure RDP ports to prevent threat actors from abusing and leveraging RDP tools. 2. Prioritize remediating known exploited vulnerabilities. 3. Implement EDR solutions to disrupt threat actor memory allocation techniques...
Threat Actors Exploit Multiple Vulnerabilities in Ivanti Connect Secure and Policy Secure Gateways
Actions to take today to mitigate cyber threats against Ivanti appliances: 1. Limit outbound internet connections from SSL VPN appliances to restrict access to required services. 2. Keep all operating systems and firmware up to date. 3. Limit SSL VPN connections to unprivileged accounts...
MicroDicom DICOM Viewer
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION : Low attack complexity Vendor : MicroDicom Equipment : DICOM Viewer Vulnerabilities : Heap-based Buffer Overflow, Out-of-Bounds Write 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to cause memory...
Delta Electronics CNCSoft-B
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION : Low attack complexity Vendor : Delta Electronics Equipment : CNCSoft-B Vulnerability : Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code. 3...
#StopRansomware: ALPHV Blackcat
Actions to take today to mitigate against the threat of ransomware: 1. Routinely take inventory of assets and data to identify authorized and unauthorized devices and software. 2. Prioritize remediation of known exploited vulnerabilities. 3. Enable and enforce multifactor authentication with stro...
Festo Didactic SE MES PC
GENERAL RECOMMENDATION Festo Didactic offers products with security functions that aid the safe operation of plants, systems, machines and networks. In order to protect plants, systems, machines and networks from cyber threats, a comprehensive security concept must be implemented and...
Mitsubishi Electric Multiple Factory Automation Products (Update A)
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION : Exploitable remotely/low attack complexity Vendor : Mitsubishi Electric Corporation Equipment : MELSEC iQ-F Series Vulnerability : Insufficient Resource Pool 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a...
Santesoft Sante DICOM Viewer Pro
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION : Low attack complexity Vendor : Santesoft Equipment : Sante DICOM Viewer Pro Vulnerability : Out-of-Bounds Read 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to disclose information and execute...
SVR Cyber Actors Adapt Tactics for Initial Cloud Access
How SVR-Attributed Actors are Adapting to the Move of Government and Corporations to Cloud Infrastructure OVERVIEW This advisory details recent tactics, techniques, and procedures TTPs of the group commonly known as APT29, also known as Midnight Blizzard, the Dukes, or Cozy Bear. The UK National...
Delta Electronics CNCSoft-B DOPSoft
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION : Low attack complexity Vendor : Delta Electronics Equipment : CNCSoft-B DOPSoft Vulnerability : Uncontrolled Search Path Element 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to achieve remote code...
Mitsubishi Electric Electrical discharge machines
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION : Exploitable remotely/low attack complexity Vendor : Mitsubishi Electric Corporation Equipment : Electrical discharge machines Vulnerability : Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could...
ICSNPP - Ethercat Zeek Plugin
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION : Exploitable remotely/low attack complexity Vendor : CISA Equipment : Industrial Control Systems Network Protocol Parsers ICSNPP - Ethercat Plugin for Zeek Vulnerabilities : Out-of-bounds Write, Out-of-bounds Read 2. RISK EVALUATION Successful...
Commend WS203VICM
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.4 ATTENTION : Exploitable remotely/low attack complexity Vendor : Commend Equipment : WS203VICM Vulnerabilities : Argument Injection, Improper Access Control, Weak Encoding for Password 2. RISK EVALUATION Successful exploitation of these vulnerabilities...
Threat Actor Leverages Compromised Account of Former Employee to Access State Government Organization
Actions to take today to mitigate malicious cyber activity: 1. Continuously remove and disable accounts and groups from the enterprise that are no longer needed, especially privileged accounts. 2. Enable and enforce multifactor authentication with strong passwords. 3. Store credentials in a secur...
Rockwell Automation FactoryTalk Service Platform
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.0 ATTENTION : Exploitable remotely Vendor : Rockwell Automation Equipment : FactoryTalk Service Platform Vulnerability : Incorrect Execution-Assigned Permissions 2. RISK EVALUATION Successful exploitation of this vulnerability could allow malicious users...
Schneider Electric EcoStruxure Control Expert, EcoStruxure Process Expert, and Modicon M340, M580 and M580 Safety PLCs
GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. https://www.se.com/us/en/download/document/7EN52-0390/ Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install...
Mitsubishi Electric MELSEC iQ-R Series Safety CPU and SIL2 Process CPU (Update A)
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION : Exploitable remotely/low attack complexity Vendor : Mitsubishi Electric Equipment : MELSEC iQ-R Series Safety CPU and SIL2 Process CPU Vulnerability : Incorrect Privilege Assignment 2. RISK EVALUATION Successful exploitation of this...
Siemens SINEC NMS
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
Siemens Location Intelligence
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
Siemens Tecnomatix Plant Simulation
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
Siemens RUGGEDCOM APE1808
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
Siemens Simcenter Femap
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
Siemens SCALANCE W1750D
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
Siemens Polarion ALM
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
Siemens Parasolid
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
Siemens SIMATIC WinCC, OpenPCS
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
Siemens SCALANCE SC-600 Family
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
Siemens CP343-1 Devices
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
Siemens SIMATIC RTLS Gateways
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
Siemens SIDIS Prime
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
Siemens Unicam FX
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
Siemens SCALANCE XCM-/XRM-300
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
Qolsys IQ Panel 4, IQ4 HUB
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.3 ATTENTION : Low attack complexity Vendor : Qolsys, Inc. Equipment : IQ Panel 4, IQ4 Hub Vulnerability : Exposure of Sensitive Information to an Unauthorized Actor 2. RISK EVALUATION Successful exploitation of this vulnerability could allow the panel...
PRC State-Sponsored Actors Compromise and Maintain Persistent Access to U.S. Critical Infrastructure
Actions to take today to mitigate Volt Typhoon activity: 1. Apply patches for internet-facing systems. Prioritize patching critical vulnerabilities in appliances known to be frequently exploited by Volt Typhoon. 2. Implement phishing-resistant MFA. 3. Ensure logging is turned on for application,...