Lucene search
K

4251 matches found

ICS
ICS
added 2024/03/07 7:0 a.m.67 views

Chirp Systems Chirp Access (Update C)

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 2.3 ATTENTION : Low attack complexity Vendor : Chirp Systems Equipment : Chirp Access Vulnerability : Use of Hard-coded Password 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to adjust the Beacon configuration...

4.3CVSS4.4AI score0.00283EPSS
Exploits0References10
ICS
ICS
added 2024/03/05 7:0 a.m.27 views

Santesoft Sante FFT Imaging

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION : Low attack complexity Vendor : Santesoft Equipment : Sante FFT Imaging Vulnerability : Out-of-Bounds Write 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a local attacker to execute arbitrary code once a user...

7.8CVSS7.8AI score0.00341EPSS
Exploits0References8
ICS
ICS
added 2024/03/05 7:0 a.m.85 views

Nice Linear eMerge E3-Series

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION : Exploitable remotely/low attack complexity/public exploits are available Vendor : Nice Equipment : Linear eMerge E3-Series Vulnerabilities : Path traversal, Cross-site scripting, OS command injection, Unrestricted Upload of File with...

10CVSS10AI score0.97136EPSS
Exploits49References8
ICS
ICS
added 2024/02/29 12:0 p.m.36 views

#StopRansomware: Phobos Ransomware

Actions to take today to mitigate Phobos ransomware activity: 1. Secure RDP ports to prevent threat actors from abusing and leveraging RDP tools. 2. Prioritize remediating known exploited vulnerabilities. 3. Implement EDR solutions to disrupt threat actor memory allocation techniques...

7.2AI score
Exploits0References193
ICS
ICS
added 2024/02/29 12:0 p.m.64 views

Threat Actors Exploit Multiple Vulnerabilities in Ivanti Connect Secure and Policy Secure Gateways

Actions to take today to mitigate cyber threats against Ivanti appliances: 1. Limit outbound internet connections from SSL VPN appliances to restrict access to required services. 2. Keep all operating systems and firmware up to date. 3. Limit SSL VPN connections to unprivileged accounts...

9.1CVSS8.6AI score0.99999EPSS
Exploits27References72
ICS
ICS
added 2024/02/29 7:0 a.m.43 views

MicroDicom DICOM Viewer

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION : Low attack complexity Vendor : MicroDicom Equipment : DICOM Viewer Vulnerabilities : Heap-based Buffer Overflow, Out-of-Bounds Write 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to cause memory...

7.8CVSS8.5AI score0.00264EPSS
Exploits0References8
ICS
ICS
added 2024/02/29 7:0 a.m.50 views

Delta Electronics CNCSoft-B

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION : Low attack complexity Vendor : Delta Electronics Equipment : CNCSoft-B Vulnerability : Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code. 3...

7.8CVSS8AI score0.00739EPSS
Exploits0References8
ICS
ICS
added 2024/02/27 12:0 p.m.18 views

#StopRansomware: ALPHV Blackcat

Actions to take today to mitigate against the threat of ransomware: 1. Routinely take inventory of assets and data to identify authorized and unauthorized devices and software. 2. Prioritize remediation of known exploited vulnerabilities. 3. Enable and enforce multifactor authentication with stro...

7.5AI score
Exploits0References55
ICS
ICS
added 2024/02/27 12:0 p.m.11 views

Festo Didactic SE MES PC

GENERAL RECOMMENDATION Festo Didactic offers products with security functions that aid the safe operation of plants, systems, machines and networks. In order to protect plants, systems, machines and networks from cyber threats, a comprehensive security concept must be implemented and...

7.9AI score
Exploits0References12
ICS
ICS
added 2024/02/27 7:0 a.m.59 views

Santesoft Sante DICOM Viewer Pro

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION : Low attack complexity Vendor : Santesoft Equipment : Sante DICOM Viewer Pro Vulnerability : Out-of-Bounds Read 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to disclose information and execute...

7.8CVSS7.7AI score0.00251EPSS
Exploits0References8
ICS
ICS
added 2024/02/27 7:0 a.m.46 views

Mitsubishi Electric Multiple Factory Automation Products (Update A)

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION : Exploitable remotely/low attack complexity Vendor : Mitsubishi Electric Corporation Equipment : MELSEC iQ-F Series Vulnerability : Insufficient Resource Pool 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a...

5.3CVSS5.5AI score0.00854EPSS
Exploits0References10
ICS
ICS
added 2024/02/26 12:0 p.m.46 views

SVR Cyber Actors Adapt Tactics for Initial Cloud Access

How SVR-Attributed Actors are Adapting to the Move of Government and Corporations to Cloud Infrastructure OVERVIEW This advisory details recent tactics, techniques, and procedures TTPs of the group commonly known as APT29, also known as Midnight Blizzard, the Dukes, or Cozy Bear. The UK National...

7.6AI score
Exploits0References40
ICS
ICS
added 2024/02/22 7:0 a.m.71 views

Delta Electronics CNCSoft-B DOPSoft

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION : Low attack complexity Vendor : Delta Electronics Equipment : CNCSoft-B DOPSoft Vulnerability : Uncontrolled Search Path Element 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to achieve remote code...

7.8CVSS7.9AI score0.0039EPSS
Exploits0References10
ICS
ICS
added 2024/02/20 7:0 a.m.62 views

ICSNPP - Ethercat Zeek Plugin

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION : Exploitable remotely/low attack complexity Vendor : CISA Equipment : Industrial Control Systems Network Protocol Parsers ICSNPP - Ethercat Plugin for Zeek Vulnerabilities : Out-of-bounds Write, Out-of-bounds Read 2. RISK EVALUATION Successful...

9.8CVSS9.9AI score0.00819EPSS
Exploits0References8
ICS
ICS
added 2024/02/20 7:0 a.m.43 views

Commend WS203VICM

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.4 ATTENTION : Exploitable remotely/low attack complexity Vendor : Commend Equipment : WS203VICM Vulnerabilities : Argument Injection, Improper Access Control, Weak Encoding for Password 2. RISK EVALUATION Successful exploitation of these vulnerabilities...

9.4CVSS7.7AI score0.00647EPSS
Exploits0References10
ICS
ICS
added 2024/02/20 7:0 a.m.85 views

Mitsubishi Electric Electrical discharge machines

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION : Exploitable remotely/low attack complexity Vendor : Mitsubishi Electric Corporation Equipment : Electrical discharge machines Vulnerability : Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could...

9.8CVSS9.6AI score0.95454EPSS
Exploits7References8
ICS
ICS
added 2024/02/15 12:0 p.m.25 views

Threat Actor Leverages Compromised Account of Former Employee to Access State Government Organization

Actions to take today to mitigate malicious cyber activity: 1. Continuously remove and disable accounts and groups from the enterprise that are no longer needed, especially privileged accounts. 2. Enable and enforce multifactor authentication with strong passwords. 3. Store credentials in a secur...

7.4AI score
Exploits0References69
ICS
ICS
added 2024/02/15 7:0 a.m.41 views

Rockwell Automation FactoryTalk Service Platform

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.0 ATTENTION : Exploitable remotely Vendor : Rockwell Automation Equipment : FactoryTalk Service Platform Vulnerability : Incorrect Execution-Assigned Permissions 2. RISK EVALUATION Successful exploitation of this vulnerability could allow malicious users...

9CVSS9.3AI score0.0099EPSS
Exploits0References10
ICS
ICS
added 2024/02/13 12:41 p.m.14 views

Schneider Electric EcoStruxure Control Expert, EcoStruxure Process Expert, and Modicon M340, M580 and M580 Safety PLCs

GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. https://www.se.com/us/en/download/document/7EN52-0390/ Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install...

7.2AI score
Exploits0References11
ICS
ICS
added 2024/02/13 7:0 a.m.41 views

Mitsubishi Electric MELSEC iQ-R Series Safety CPU and SIL2 Process CPU (Update A)

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION : Exploitable remotely/low attack complexity Vendor : Mitsubishi Electric Equipment : MELSEC iQ-R Series Safety CPU and SIL2 Process CPU Vulnerability : Incorrect Privilege Assignment 2. RISK EVALUATION Successful exploitation of this...

6.5CVSS6.6AI score0.00697EPSS
Exploits0References10
ICS
ICS
added 2024/02/13 12:0 a.m.71 views

Siemens SINEC NMS

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

7.5CVSS10AI score0.20444EPSS
Exploits0References12
ICS
ICS
added 2024/02/13 12:0 a.m.35 views

Siemens RUGGEDCOM APE1808

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

7.5CVSS6.7AI score0.00451EPSS
Exploits0References12
ICS
ICS
added 2024/02/13 12:0 a.m.34 views

Siemens SIMATIC RTLS Gateways

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

10CVSS9.7AI score0.36965EPSS
Exploits3References12
ICS
ICS
added 2024/02/13 12:0 a.m.48 views

Siemens SCALANCE W1750D

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

9.8CVSS9AI score0.02132EPSS
Exploits0References12
ICS
ICS
added 2024/02/13 12:0 a.m.113 views

Siemens SIDIS Prime

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

7.5CVSS8.1AI score0.70561EPSS
Exploits7References12
ICS
ICS
added 2024/02/13 12:0 a.m.25 views

Siemens Parasolid

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

7.8CVSS6.4AI score0.00199EPSS
Exploits0References12
ICS
ICS
added 2024/02/13 12:0 a.m.47 views

Siemens Polarion ALM

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

9.8CVSS8.1AI score0.00589EPSS
Exploits0References12
ICS
ICS
added 2024/02/13 12:0 a.m.24 views

Siemens Location Intelligence

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

9.8CVSS10AI score0.00733EPSS
Exploits0References12
ICS
ICS
added 2024/02/13 12:0 a.m.30 views

Siemens CP343-1 Devices

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

7.5CVSS7.6AI score0.00597EPSS
Exploits0References12
ICS
ICS
added 2024/02/13 12:0 a.m.83 views

Siemens Tecnomatix Plant Simulation

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

7.8CVSS7.5AI score0.00318EPSS
Exploits0References12
ICS
ICS
added 2024/02/13 12:0 a.m.56 views

Siemens SIMATIC WinCC, OpenPCS

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

7.1CVSS6.9AI score0.0027EPSS
Exploits0References10
ICS
ICS
added 2024/02/13 12:0 a.m.38 views

Siemens Unicam FX

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

7.8CVSS8AI score0.00148EPSS
Exploits0References12
ICS
ICS
added 2024/02/13 12:0 a.m.64 views

Siemens Simcenter Femap

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

7.8CVSS8.3AI score0.00318EPSS
Exploits0References12
ICS
ICS
added 2024/02/13 12:0 a.m.95 views

Siemens SCALANCE SC-600 Family

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

9.4CVSS7.9AI score0.01352EPSS
Exploits0References12
ICS
ICS
added 2024/02/13 12:0 a.m.84 views

Siemens SCALANCE XCM-/XRM-300

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

7.5CVSS10AI score0.03546EPSS
Exploits1References12
ICS
ICS
added 2024/02/08 7:0 a.m.50 views

Qolsys IQ Panel 4, IQ4 HUB

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.3 ATTENTION : Low attack complexity Vendor : Qolsys, Inc. Equipment : IQ Panel 4, IQ4 Hub Vulnerability : Exposure of Sensitive Information to an Unauthorized Actor 2. RISK EVALUATION Successful exploitation of this vulnerability could allow the panel...

9.8CVSS8.6AI score0.00585EPSS
Exploits0References8
ICS
ICS
added 2024/02/07 12:0 p.m.77 views

PRC State-Sponsored Actors Compromise and Maintain Persistent Access to U.S. Critical Infrastructure

Actions to take today to mitigate Volt Typhoon activity: 1. Apply patches for internet-facing systems. Prioritize patching critical vulnerabilities in appliances known to be frequently exploited by Volt Typhoon. 2. Implement phishing-resistant MFA. 3. Ensure logging is turned on for application,...

9.8CVSS9.9AI score0.99474EPSS
Exploits11References246
ICS
ICS
added 2024/02/06 7:0 a.m.69 views

HID Global Reader Configuration Cards

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION : Low attack complexity Vendor : HID Global Equipment : Reader Configuration Cards Vulnerability : Improper Authorization 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to read the credential and device...

5.3CVSS5.4AI score0.00253EPSS
Exploits0References8
ICS
ICS
added 2024/02/06 7:0 a.m.51 views

HID Global Encoders

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.9 ATTENTION : Exploitable locally Vendor : HID Global Equipment : iCLASS SE, OMNIKEY Vulnerability : Improper Authorization 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to read data from reader configuration...

7.8CVSS6.8AI score0.00168EPSS
Exploits0References8
ICS
ICS
added 2024/02/01 7:0 a.m.35 views

AVEVA Edge products (formerly known as InduSoft Web Studio)

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.3 ATTENTION: Low attack complexity Vendor: AVEVA Equipment: AVEVA Edge products formerly known as InduSoft Web Studio Vulnerability: Uncontrolled Search Path Element 2. RISK EVALUATION Successful exploitation of this vulnerability could result in an...

7.8CVSS7.7AI score0.00193EPSS
Exploits0References10
ICS
ICS
added 2024/02/01 7:0 a.m.38 views

Gessler GmbH WEB-MASTER

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION : Exploitable Remotely/Low attack complexity Vendor : Gessler GmbH Equipment : WEB-MASTER Vulnerabilities : Use of Weak Credentials, Use of Weak Hash 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow a user to take...

9.8CVSS7AI score0.00719EPSS
Exploits0References10
ICS
ICS
added 2024/01/30 7:0 a.m.63 views

Mitsubishi Electric FA Engineering Software Products (Update D)

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION : Exploitable remotely/low attack complexity Vendor : Mitsubishi Electric Equipment : EZSocket, FR Configurator2, GT Designer3 Version1GOT1000, GT Designer3 Version1GOT2000, GX Works2, GX Works3, MELSOFT Navigator, MT Works2, MX Component, MX...

9.8CVSS9.2AI score0.01844EPSS
Exploits0References10
ICS
ICS
added 2024/01/30 7:0 a.m.65 views

Hitron Systems Security Camera DVR

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION : Exploitable remotely/low attack complexity/public exploits are available/known public exploitation Vendor : Hitron Systems Equipment : DVR Vulnerability : Improper Input Validation 2. RISK EVALUATION Successful exploitation of these...

7.5CVSS7.7AI score0.00562EPSS
Exploits0References8
ICS
ICS
added 2024/01/30 7:0 a.m.77 views

Rockwell Automation LP30/40/50 and BM40 Operator Interface

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION : Exploitable remotely/low attack complexity Vendor : Rockwell Automation Equipment : LP30, LP40, LP50, and BM40 Operator Panels Vulnerability : Improper Validation of Consistency within Input, Out-of-bounds Write, Stack-based Buffer Overflow,...

8.8CVSS8.5AI score0.0199EPSS
Exploits0References8
ICS
ICS
added 2024/01/30 7:0 a.m.42 views

Rockwell Automation ControlLogix and GuardLogix

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION : Exploitable remotely/low attack complexity Vendor : Rockwell Automation Equipment : ControlLogix, GuardLogix Vulnerability : Improper Restriction of Operations within the Bounds of a Memory Buffer 2. RISK EVALUATION Successful exploitation of...

8.6CVSS8.1AI score0.00648EPSS
Exploits0References8
ICS
ICS
added 2024/01/30 7:0 a.m.29 views

Mitsubishi Electric MELSEC WS Series Ethernet Interface Module

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.9 ATTENTION : Exploitable remotely Vendor : Mitsubishi Electric Equipment : MELSEC WS Series Vulnerability : Authentication Bypass by Capture-replay 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthorized attacker to...

7.5CVSS6.8AI score0.00755EPSS
Exploits0References8
ICS
ICS
added 2024/01/30 7:0 a.m.40 views

Emerson Rosemount GC370XA, GC700XA, GC1500XA

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION : Exploitable remotely Vendor : Emerson Equipment : Rosemount GC370XA, GC700XA, GC1500XA Vulnerabilities : Command Injection, Improper Authentication, Improper Authorization 2. RISK EVALUATION Successful exploitation of these vulnerabilities...

9.8CVSS9.7AI score0.00936EPSS
Exploits0References10
ICS
ICS
added 2024/01/30 7:0 a.m.73 views

Rockwell Automation FactoryTalk Service Platform

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION : Exploitable remotely/low attack complexity Vendor : Rockwell Automation Equipment : FactoryTalk Service Platform Vulnerability : Improper Verification of Cryptographic Signature 2. RISK EVALUATION Successful exploitation of this vulnerability...

9.8CVSS7.8AI score0.00858EPSS
Exploits0References10
ICS
ICS
added 2024/01/25 7:0 a.m.55 views

SystemK NVR 504/508/516

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION : Exploitable remotely/low attack complexity/public exploits are available Vendor : SystemK Equipment : NVR 504/508/516 Vulnerability : Command Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker...

9.8CVSS10AI score0.01278EPSS
Exploits0References8
ICS
ICS
added 2024/01/25 7:0 a.m.71 views

MachineSense FeverWarn

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION : Exploitable remotely/low attack complexity Vendor : MachineSense LLC. Equipment : MachineSense FeverWarn Vulnerabilities: Missing Authentication for Critical Function, Use of Hard-coded Credentials, Improper Access Control, OS Command...

10CVSS9.2AI score0.00798EPSS
Exploits0References12
Total number of security vulnerabilities4251