Ics - Page 25 of Ics Vulnerabilities List

ICS•added 2024/02/06 7:0 a.m.•61 views

HID Global Reader Configuration Cards

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION : Low attack complexity Vendor : HID Global Equipment : Reader Configuration Cards Vulnerability : Improper Authorization 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to read the credential and device...

5.3CVSS5.4AI score0.00253EPSS

ICS•added 2024/02/01 7:0 a.m.•32 views

AVEVA Edge products (formerly known as InduSoft Web Studio)

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.3 ATTENTION: Low attack complexity Vendor: AVEVA Equipment: AVEVA Edge products formerly known as InduSoft Web Studio Vulnerability: Uncontrolled Search Path Element 2. RISK EVALUATION Successful exploitation of this vulnerability could result in an...

7.8CVSS7.7AI score0.00193EPSS

ICS•added 2024/02/01 7:0 a.m.•35 views

Gessler GmbH WEB-MASTER

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION : Exploitable Remotely/Low attack complexity Vendor : Gessler GmbH Equipment : WEB-MASTER Vulnerabilities : Use of Weak Credentials, Use of Weak Hash 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow a user to take...

9.8CVSS7AI score0.00719EPSS

ICS•added 2024/01/30 7:0 a.m.•70 views

Rockwell Automation FactoryTalk Service Platform

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION : Exploitable remotely/low attack complexity Vendor : Rockwell Automation Equipment : FactoryTalk Service Platform Vulnerability : Improper Verification of Cryptographic Signature 2. RISK EVALUATION Successful exploitation of this vulnerability...

9.8CVSS7.8AI score0.00858EPSS

ICS•added 2024/01/30 7:0 a.m.•40 views

Rockwell Automation ControlLogix and GuardLogix

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION : Exploitable remotely/low attack complexity Vendor : Rockwell Automation Equipment : ControlLogix, GuardLogix Vulnerability : Improper Restriction of Operations within the Bounds of a Memory Buffer 2. RISK EVALUATION Successful exploitation of...

8.6CVSS8.1AI score0.00648EPSS

ICS•added 2024/01/30 7:0 a.m.•74 views

Rockwell Automation LP30/40/50 and BM40 Operator Interface

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION : Exploitable remotely/low attack complexity Vendor : Rockwell Automation Equipment : LP30, LP40, LP50, and BM40 Operator Panels Vulnerability : Improper Validation of Consistency within Input, Out-of-bounds Write, Stack-based Buffer Overflow,...

8.8CVSS8.5AI score0.0199EPSS

ICS•added 2024/01/30 7:0 a.m.•62 views

Mitsubishi Electric FA Engineering Software Products (Update D)

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION : Exploitable remotely/low attack complexity Vendor : Mitsubishi Electric Equipment : EZSocket, FR Configurator2, GT Designer3 Version1GOT1000, GT Designer3 Version1GOT2000, GX Works2, GX Works3, MELSOFT Navigator, MT Works2, MX Component, MX...

9.8CVSS9.2AI score0.01844EPSS

ICS•added 2024/01/30 7:0 a.m.•37 views

Emerson Rosemount GC370XA, GC700XA, GC1500XA

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION : Exploitable remotely Vendor : Emerson Equipment : Rosemount GC370XA, GC700XA, GC1500XA Vulnerabilities : Command Injection, Improper Authentication, Improper Authorization 2. RISK EVALUATION Successful exploitation of these vulnerabilities...

9.8CVSS9.7AI score0.00936EPSS

ICS•added 2024/01/30 7:0 a.m.•27 views

Mitsubishi Electric MELSEC WS Series Ethernet Interface Module

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.9 ATTENTION : Exploitable remotely Vendor : Mitsubishi Electric Equipment : MELSEC WS Series Vulnerability : Authentication Bypass by Capture-replay 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthorized attacker to...

7.5CVSS6.8AI score0.00755EPSS

ICS•added 2024/01/30 7:0 a.m.•62 views

Hitron Systems Security Camera DVR

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION : Exploitable remotely/low attack complexity/public exploits are available/known public exploitation Vendor : Hitron Systems Equipment : DVR Vulnerability : Improper Input Validation 2. RISK EVALUATION Successful exploitation of these...

7.5CVSS7.7AI score0.00562EPSS

ICS•added 2024/01/25 7:0 a.m.•66 views

MachineSense FeverWarn

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION : Exploitable remotely/low attack complexity Vendor : MachineSense LLC. Equipment : MachineSense FeverWarn Vulnerabilities: Missing Authentication for Critical Function, Use of Hard-coded Credentials, Improper Access Control, OS Command...

10CVSS9.2AI score0.00798EPSS

ICS•added 2024/01/25 7:0 a.m.•53 views

SystemK NVR 504/508/516

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION : Exploitable remotely/low attack complexity/public exploits are available Vendor : SystemK Equipment : NVR 504/508/516 Vulnerability : Command Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker...

9.8CVSS10AI score0.01278EPSS

ICS•added 2024/01/23 7:0 a.m.•42 views

APsystems Energy Communication Unit (ECU-C) Power Control Software

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION : Exploitable via adjacent network / low attack complexity Vendor : APsystems Equipment : Energy communication Unit ECU-C Power Control Software Vulnerability : Improper Access Control 2. RISK EVALUATION Successful exploitation of this...

8.8CVSS9AI score0.00642EPSS

Exploits1References8

ICS•added 2024/01/23 7:0 a.m.•36 views

Lantronix XPort

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.7 ATTENTION : Low attack complexity Vendor : Lantronix Equipment : XPort Vulnerability : Weak Encoding for Password 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to obtain credentials. 3. TECHNICAL DETAILS 3.1...

7.5CVSS6.7AI score0.00305EPSS

ICS•added 2024/01/23 7:0 a.m.•26 views

Crestron AM-300

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.4 ATTENTION : Low attack complexity Vendor : Crestron Equipment : AM-300 Vulnerability : OS Command Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to escalate their privileges to root-level access. 3...

8.4CVSS8.5AI score0.00529EPSS

ICS•added 2024/01/23 7:0 a.m.•37 views

Voltronic Power ViewPower Pro

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Voltronic Power Equipment: ViewPower Pro Vulnerabilities: Deserialization of Untrusted Data, Missing Authentication for Critical Function, Exposed Dangerous Method or Function, OS Command...

9.8CVSS9.9AI score0.45744EPSS

ICS•added 2024/01/23 7:0 a.m.•68 views

Westermo Lynx 206-F2G

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.0 ATTENTION : Exploitable remotely/low attack complexity Vendor : Westermo Equipment : Lynx 206-F2G Vulnerabilities : Cross-site Scripting, Code Injection, Cross-Origin Resource Sharing, Cleartext Transmission of Sensitive Information, Cross-Site Request...

8.8CVSS7.6AI score0.00514EPSS

ICS•added 2024/01/23 7:0 a.m.•41 views

Orthanc Osimis DICOM Web Viewer

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.1 ATTENTION : Exploitable remotely/low attack complexity Vendor : Orthanc Equipment : Osimis Web Viewer Vulnerability : Cross-site Scripting 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute arbitrary...

7.1CVSS6.7AI score0.00308EPSS

ICS•added 2024/01/21 7:0 a.m.•4 views

Traffic Alert and Collision Avoidance System (TCAS) II

RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to manipulate safety systems and cause a denial-of-service condition. 2. VULNERABILITY SUMMARY By utilizing software-defined radios and a custom low-latency processing pipeline, RF signals with spoofed...

7.1CVSS6.9AI score0.00275EPSS

ICS•added 2024/01/18 7:0 a.m.•59 views

AVEVA PI Server

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION : Exploitable remotely/low attack complexity Vendor : AVEVA Equipment : PI Server Vulnerabilities : Improper Check or Handling of Exceptional Conditions, Missing Release of Resource after Effective Lifetime 2. RISK EVALUATION Successful...

7.5CVSS6.9AI score0.00555EPSS

ICS•added 2024/01/16 12:0 p.m.•54 views

Known Indicators of Compromise Associated with Androxgh0st Malware

Actions to take today to mitigate malicious cyber activity: 1. Prioritize patching known exploited vulnerabilities in internet-facing systems. 2. Review and ensure only necessary servers and services are exposed to the internet. 3. Review platforms or services that have credentials listed in .env...

9.8CVSS9.4AI score0.99999EPSS

Exploits176References72

ICS•added 2024/01/16 7:0 a.m.•82 views

SEW-EURODRIVE MOVITOOLS MotionStudio

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.6 ATTENTION : Low attack complexity Vendor : SEW-EURODRIVE Equipment : MOVITOOLS MotionStudio Vulnerability : Improper Restriction of XML EXTERNAL Entity Reference 2. RISK EVALUATION Successful exploitation of this vulnerability could result in open access...

7.5CVSS7.6AI score0.00541EPSS

ICS•added 2024/01/16 7:0 a.m.•37 views

Integration Objects OPC UA Server Toolkit (Update A)

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION : Exploitable remotely/low attack complexity Vendor : Integration Objects Equipment : OPC UA Server Toolkit Vulnerability : Improper Output Neutralization for Logs 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a...

5.3CVSS5.5AI score0.00362EPSS

ICS•added 2024/01/11 7:0 a.m.•59 views

Schneider Electric Easergy Studio

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION : Low attack complexity Vendor : Schneider Electric Equipment : Easergy Studio Vulnerability : Deserialization of Untrusted Data 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to gain full control of a...

7.8CVSS8AI score0.00421EPSS

ICS•added 2024/01/11 7:0 a.m.•82 views

Rapid Software LLC Rapid SCADA

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.6 ATTENTION: Exploitable remotely, low attack complexity Vendor: Rapid Software LLC Equipment: Rapid SCADA Vulnerabilities: Path Traversal, Relative Path Traversal, Local Privilege Escalation through Incorrect Permission Assignment for Critical Resource,...

9.8CVSS7.8AI score0.01233EPSS

ICS•added 2024/01/11 7:0 a.m.•33 views

Horner Automation Cscape

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION : Low attack complexity Vendor : Horner Automation Equipment : Cscape Vulnerability : Stack-Based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code. 3. TECHNICAL...

7.8CVSS7.9AI score0.00213EPSS

ICS•added 2024/01/09 12:0 a.m.•27 views

Siemens SIMATIC

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

10CVSS9.4AI score0.00646EPSS

ICS•added 2024/01/09 12:0 a.m.•75 views

Siemens Teamcenter Visualization and JT2Go

7.8CVSS6.8AI score0.00264EPSS

ICS•added 2024/01/09 12:0 a.m.•43 views

Siemens Solid Edge

7.8CVSS8.2AI score0.00205EPSS

ICS•added 2024/01/09 12:0 a.m.•37 views

Siemens SICAM A8000

7.2CVSS6.9AI score0.00547EPSS

ICS•added 2024/01/09 12:0 a.m.•52 views

Siemens Spectrum Power 7

7.8CVSS7.9AI score0.00148EPSS

ICS•added 2024/01/09 12:0 a.m.•28 views

Siemens SIMATIC CN 4100

9.8CVSS9.9AI score0.00597EPSS

ICS•added 2024/01/04 7:0 a.m.•55 views

Rockwell Automation FactoryTalk Activation

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION : Exploitable remotely/low attack complexity Vendor : Rockwell Automation Equipment : FactoryTalk Activation Manager Vulnerabilities : Out-of-Bounds Write 2. RISK EVALUATION Successful exploitation of these vulnerabilities could result in a...

9.8CVSS10AI score0.78483EPSS

Exploits6References8

ICS•added 2024/01/04 7:0 a.m.•76 views

Mitsubishi Electric Factory Automation Products

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION : Exploitable remotely/low attack complexity Vendor : Mitsubishi Electric Equipment : Multiple Factory Automation Products Vulnerabilities : Observable Timing Discrepancy, Double Free, Access of Resource Using Incompatible Type 'Type Confusion'...

7.5CVSS8AI score0.61979EPSS

ICS•added 2023/12/21 7:0 a.m.•37 views

QNAP VioStor NVR

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.0 ATTENTION : Exploitable remotely/low attack complexity/public exploits are available/known public exploitation Vendor : QNAP Equipment : VioStor NVR Vulnerability : OS Command Injection 2. RISK EVALUATION Successful exploitation of this vulnerability...

8.8CVSS8.9AI score0.73277EPSS

ICS•added 2023/12/21 7:0 a.m.•65 views

FXC AE1021/AE1021PE

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.0 ATTENTION : Exploitable remotely/low attack complexity/public exploits are available/known public exploitation Vendor : FXC Equipment : AE1021, AE1021PE Vulnerability : OS Command Injection 2. RISK EVALUATION Successful exploitation of this vulnerability...

8.8CVSS9.2AI score0.50729EPSS

Exploits1References8

ICS•added 2023/12/19 1:30 p.m.•8 views

Hitachi Energy RTU500 Scripting Interface

SUMMARY Hitachi Energy is aware of a reported vulnerability in the RTU500 Scripting interface. When a client connects to a server using TLS, the server presents a certificate. This certificate links a public key to the identity of the service and is signed by a Certification Authority CA,...

7.5CVSS6.6AI score0.00316EPSS

Exploits1References9

ICS•added 2023/12/19 7:0 a.m.•29 views

Subnet Solutions Inc. PowerSYSTEM Center

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Subnet Solutions Inc. Equipment: PowerSYSTEM Center Vulnerability: Unquoted Search Path or Element 2. RISK EVALUATION Successful exploitation of this vulnerability could result in an attacker achieving arbitrary...

7.8CVSS8.4AI score0.00174EPSS

ICS•added 2023/12/19 7:0 a.m.•46 views

Open Design Alliance Drawing SDK

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION : Low attack complexity Vendor : Open Design Alliance ODA Equipment : Drawing SDK Vulnerabilities : Use after Free, Heap-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could allow remote attackers to...

7.8CVSS8.5AI score0.0044EPSS

ICS•added 2023/12/19 7:0 a.m.•51 views

EFACEC UC 500E

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.3 ATTENTION : Exploitable remotely/low attack complexity Vendor : EFACEC Equipment : UC 500 Vulnerabilities : Cleartext Transmission of Sensitive Information, Open Redirect, Exposure of Sensitive Information to an Unauthorized Actor, Improper Access Contro...

6.3CVSS5.8AI score0.00516EPSS

ICS•added 2023/12/19 7:0 a.m.•50 views

EuroTel ETL3100 Radio Transmitter

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION : Exploitable remotely/low attack complexity/public exploits are available Vendor : EuroTel Equipment : ETL3100 Vulnerabilities : Improper Restriction of Excessive Authentication Attempts, Authorization Bypass Through User-Controlled Key,...

9.8CVSS10AI score0.00821EPSS

Exploits3References8

ICS•added 2023/12/19 7:0 a.m.•33 views

EFACEC BCU 500

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.6 ATTENTION : Exploitable remotely/low attack complexity Vendor : EFACEC Equipment : BCU 500 Vulnerabilities : Uncontrolled Resource Consumption, Cross-site Request Forgery 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an...

8.9AI score

ICS•added 2023/12/18 12:0 p.m.•91 views

#StopRansomware: Play Ransomware

Actions to take today to mitigate cyber threats from Play ransomware: 1. Prioritize remediating known exploited vulnerabilities. 2. Enable multifactor authentication MFA for all services to the extent possible, particularly for webmail, VPN, and accounts that access critical systems. 3. Regularly...

9.8CVSS9AI score0.99999EPSS

Exploits37References103

ICS•added 2023/12/15 12:0 p.m.•66 views

Enhancing Cyber Resilience: Insights from the CISA Healthcare and Public Health Sector Risk and Vulnerability Assessment

Actions to take today to harden your internal environment to mitigate follow-on activity after initial access. 1. Use phishing-resistant multi-factor authentication MFA for all administrative access. 2. Verify the implementation of appropriate hardening measures, and change, remove, or deactivate...

10CVSS9.7AI score0.99999EPSS

Exploits176References133

ICS•added 2023/12/14 7:0 a.m.•28 views

Johnson Controls Kantech Gen1 ioSmart

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION : Exploitable from adjacent network Vendor : Sensormatic Electronics, LLC, an affiliate of Johnson Controls Inc. Equipment : Kantech Gen1 ioSmart card reader Vulnerability : Missing Release of Memory after Effective Lifetime 2. RISK EVALUATION...

7.5CVSS6.3AI score0.003EPSS

ICS•added 2023/12/14 7:0 a.m.•43 views

Cambium ePMP 5GHz Force 300-25 Radio (Update A)

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION : Low attack complexity Vendor : Cambium Equipment : ePMP Force 300-25 Vulnerability : Code Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to perform code execution on the affected product...

7.8CVSS8AI score0.00431EPSS

ICS•added 2023/12/14 7:0 a.m.•39 views

Unitronics Vision and Samba Series (Update A)

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION : Exploitable remotely/low attack complexity/public exploits are available/known public exploitation Vendor : Unitronics Equipment : Vision Series, Samba Series Vulnerability : Initialization of a Resource with an Insecure Default 2. RISK...

9.8CVSS10AI score0.02089EPSS