Lucene search
K

4251 matches found

ICS
ICS
added 2024/01/23 7:0 a.m.72 views

Westermo Lynx 206-F2G

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.0 ATTENTION : Exploitable remotely/low attack complexity Vendor : Westermo Equipment : Lynx 206-F2G Vulnerabilities : Cross-site Scripting, Code Injection, Cross-Origin Resource Sharing, Cleartext Transmission of Sensitive Information, Cross-Site Request...

8.8CVSS7.6AI score0.00514EPSS
Exploits0References10
ICS
ICS
added 2024/01/23 7:0 a.m.43 views

Orthanc Osimis DICOM Web Viewer

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.1 ATTENTION : Exploitable remotely/low attack complexity Vendor : Orthanc Equipment : Osimis Web Viewer Vulnerability : Cross-site Scripting 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute arbitrary...

7.1CVSS6.7AI score0.00308EPSS
Exploits0References10
ICS
ICS
added 2024/01/23 7:0 a.m.43 views

Voltronic Power ViewPower Pro

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Voltronic Power Equipment: ViewPower Pro Vulnerabilities: Deserialization of Untrusted Data, Missing Authentication for Critical Function, Exposed Dangerous Method or Function, OS Command...

9.8CVSS9.9AI score0.45744EPSS
Exploits0References8
ICS
ICS
added 2024/01/23 7:0 a.m.38 views

Lantronix XPort

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.7 ATTENTION : Low attack complexity Vendor : Lantronix Equipment : XPort Vulnerability : Weak Encoding for Password 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to obtain credentials. 3. TECHNICAL DETAILS 3.1...

7.5CVSS6.7AI score0.00305EPSS
Exploits0References10
ICS
ICS
added 2024/01/23 7:0 a.m.28 views

Crestron AM-300

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.4 ATTENTION : Low attack complexity Vendor : Crestron Equipment : AM-300 Vulnerability : OS Command Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to escalate their privileges to root-level access. 3...

8.4CVSS8.5AI score0.00529EPSS
Exploits0References8
ICS
ICS
added 2024/01/23 7:0 a.m.44 views

APsystems Energy Communication Unit (ECU-C) Power Control Software

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION : Exploitable via adjacent network / low attack complexity Vendor : APsystems Equipment : Energy communication Unit ECU-C Power Control Software Vulnerability : Improper Access Control 2. RISK EVALUATION Successful exploitation of this...

8.8CVSS9AI score0.00642EPSS
Exploits1References8
ICS
ICS
added 2024/01/21 7:0 a.m.6 views

Traffic Alert and Collision Avoidance System (TCAS) II

RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to manipulate safety systems and cause a denial-of-service condition. 2. VULNERABILITY SUMMARY By utilizing software-defined radios and a custom low-latency processing pipeline, RF signals with spoofed...

7.1CVSS6.9AI score0.00275EPSS
Exploits0References10
ICS
ICS
added 2024/01/18 7:0 a.m.61 views

AVEVA PI Server

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION : Exploitable remotely/low attack complexity Vendor : AVEVA Equipment : PI Server Vulnerabilities : Improper Check or Handling of Exceptional Conditions, Missing Release of Resource after Effective Lifetime 2. RISK EVALUATION Successful...

7.5CVSS6.9AI score0.00555EPSS
Exploits0References8
ICS
ICS
added 2024/01/16 12:0 p.m.57 views

Known Indicators of Compromise Associated with Androxgh0st Malware

Actions to take today to mitigate malicious cyber activity: 1. Prioritize patching known exploited vulnerabilities in internet-facing systems. 2. Review and ensure only necessary servers and services are exposed to the internet. 3. Review platforms or services that have credentials listed in .env...

9.8CVSS9.4AI score0.99999EPSS
Exploits180References72
ICS
ICS
added 2024/01/16 7:0 a.m.41 views

Integration Objects OPC UA Server Toolkit (Update A)

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION : Exploitable remotely/low attack complexity Vendor : Integration Objects Equipment : OPC UA Server Toolkit Vulnerability : Improper Output Neutralization for Logs 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a...

5.3CVSS5.5AI score0.00362EPSS
Exploits0References8
ICS
ICS
added 2024/01/16 7:0 a.m.85 views

SEW-EURODRIVE MOVITOOLS MotionStudio

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.6 ATTENTION : Low attack complexity Vendor : SEW-EURODRIVE Equipment : MOVITOOLS MotionStudio Vulnerability : Improper Restriction of XML EXTERNAL Entity Reference 2. RISK EVALUATION Successful exploitation of this vulnerability could result in open access...

7.5CVSS7.6AI score0.00541EPSS
Exploits0References8
ICS
ICS
added 2024/01/11 7:0 a.m.92 views

Rapid Software LLC Rapid SCADA

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.6 ATTENTION: Exploitable remotely, low attack complexity Vendor: Rapid Software LLC Equipment: Rapid SCADA Vulnerabilities: Path Traversal, Relative Path Traversal, Local Privilege Escalation through Incorrect Permission Assignment for Critical Resource,...

9.8CVSS7.8AI score0.01233EPSS
Exploits0References10
ICS
ICS
added 2024/01/11 7:0 a.m.72 views

Schneider Electric Easergy Studio

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION : Low attack complexity Vendor : Schneider Electric Equipment : Easergy Studio Vulnerability : Deserialization of Untrusted Data 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to gain full control of a...

7.8CVSS8AI score0.00487EPSS
Exploits0References8
ICS
ICS
added 2024/01/11 7:0 a.m.36 views

Horner Automation Cscape

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION : Low attack complexity Vendor : Horner Automation Equipment : Cscape Vulnerability : Stack-Based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code. 3. TECHNICAL...

7.8CVSS7.9AI score0.00213EPSS
Exploits0References10
ICS
ICS
added 2024/01/09 12:0 a.m.39 views

Siemens SIMATIC

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

10CVSS9.4AI score0.00646EPSS
Exploits0References12
ICS
ICS
added 2024/01/09 12:0 a.m.52 views

Siemens Spectrum Power 7

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

7.8CVSS7.9AI score0.00148EPSS
Exploits0References12
ICS
ICS
added 2024/01/09 12:0 a.m.38 views

Siemens SICAM A8000

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

7.2CVSS6.9AI score0.00547EPSS
Exploits0References12
ICS
ICS
added 2024/01/09 12:0 a.m.53 views

Siemens SIMATIC CN 4100

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

9.8CVSS9.9AI score0.00597EPSS
Exploits0References12
ICS
ICS
added 2024/01/09 12:0 a.m.91 views

Siemens Solid Edge

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

7.8CVSS8.2AI score0.00205EPSS
Exploits0References12
ICS
ICS
added 2024/01/09 12:0 a.m.77 views

Siemens Teamcenter Visualization and JT2Go

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

7.8CVSS6.8AI score0.00264EPSS
Exploits0References12
ICS
ICS
added 2024/01/04 7:0 a.m.57 views

Rockwell Automation FactoryTalk Activation

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION : Exploitable remotely/low attack complexity Vendor : Rockwell Automation Equipment : FactoryTalk Activation Manager Vulnerabilities : Out-of-Bounds Write 2. RISK EVALUATION Successful exploitation of these vulnerabilities could result in a...

9.8CVSS10AI score0.78483EPSS
Exploits6References8
ICS
ICS
added 2024/01/04 7:0 a.m.77 views

Mitsubishi Electric Factory Automation Products

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION : Exploitable remotely/low attack complexity Vendor : Mitsubishi Electric Equipment : Multiple Factory Automation Products Vulnerabilities : Observable Timing Discrepancy, Double Free, Access of Resource Using Incompatible Type 'Type Confusion'...

7.5CVSS8AI score0.59501EPSS
Exploits0References8
ICS
ICS
added 2023/12/21 7:0 a.m.39 views

QNAP VioStor NVR

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.0 ATTENTION : Exploitable remotely/low attack complexity/public exploits are available/known public exploitation Vendor : QNAP Equipment : VioStor NVR Vulnerability : OS Command Injection 2. RISK EVALUATION Successful exploitation of this vulnerability...

8.8CVSS8.9AI score0.73277EPSS
Exploits0References8
ICS
ICS
added 2023/12/21 7:0 a.m.67 views

FXC AE1021/AE1021PE

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.0 ATTENTION : Exploitable remotely/low attack complexity/public exploits are available/known public exploitation Vendor : FXC Equipment : AE1021, AE1021PE Vulnerability : OS Command Injection 2. RISK EVALUATION Successful exploitation of this vulnerability...

8.8CVSS9.2AI score0.50729EPSS
Exploits1References8
ICS
ICS
added 2023/12/19 1:30 p.m.9 views

Hitachi Energy RTU500 Scripting Interface

SUMMARY Hitachi Energy is aware of a reported vulnerability in the RTU500 Scripting interface. When a client connects to a server using TLS, the server presents a certificate. This certificate links a public key to the identity of the service and is signed by a Certification Authority CA,...

7.5CVSS6.6AI score0.00316EPSS
Exploits1References9
ICS
ICS
added 2023/12/19 7:0 a.m.32 views

Subnet Solutions Inc. PowerSYSTEM Center

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Subnet Solutions Inc. Equipment: PowerSYSTEM Center Vulnerability: Unquoted Search Path or Element 2. RISK EVALUATION Successful exploitation of this vulnerability could result in an attacker achieving arbitrary...

7.8CVSS8.4AI score0.00174EPSS
Exploits0References8
ICS
ICS
added 2023/12/19 7:0 a.m.52 views

EuroTel ETL3100 Radio Transmitter

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION : Exploitable remotely/low attack complexity/public exploits are available Vendor : EuroTel Equipment : ETL3100 Vulnerabilities : Improper Restriction of Excessive Authentication Attempts, Authorization Bypass Through User-Controlled Key,...

9.8CVSS10AI score0.00821EPSS
Exploits3References8
ICS
ICS
added 2023/12/19 7:0 a.m.34 views

EFACEC BCU 500

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.6 ATTENTION : Exploitable remotely/low attack complexity Vendor : EFACEC Equipment : BCU 500 Vulnerabilities : Uncontrolled Resource Consumption, Cross-site Request Forgery 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an...

8.9AI score
Exploits0References10
ICS
ICS
added 2023/12/19 7:0 a.m.51 views

Open Design Alliance Drawing SDK

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION : Low attack complexity Vendor : Open Design Alliance ODA Equipment : Drawing SDK Vulnerabilities : Use after Free, Heap-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could allow remote attackers to...

7.8CVSS8.5AI score0.0044EPSS
Exploits0References10
ICS
ICS
added 2023/12/19 7:0 a.m.56 views

EFACEC UC 500E

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.3 ATTENTION : Exploitable remotely/low attack complexity Vendor : EFACEC Equipment : UC 500 Vulnerabilities : Cleartext Transmission of Sensitive Information, Open Redirect, Exposure of Sensitive Information to an Unauthorized Actor, Improper Access Contro...

6.3CVSS5.8AI score0.00516EPSS
Exploits0References10
ICS
ICS
added 2023/12/18 12:0 p.m.93 views

#StopRansomware: Play Ransomware

Actions to take today to mitigate cyber threats from Play ransomware: 1. Prioritize remediating known exploited vulnerabilities. 2. Enable multifactor authentication MFA for all services to the extent possible, particularly for webmail, VPN, and accounts that access critical systems. 3. Regularly...

9.8CVSS9AI score0.99999EPSS
Exploits38References103
ICS
ICS
added 2023/12/15 12:0 p.m.70 views

Enhancing Cyber Resilience: Insights from the CISA Healthcare and Public Health Sector Risk and Vulnerability Assessment

Actions to take today to harden your internal environment to mitigate follow-on activity after initial access. 1. Use phishing-resistant multi-factor authentication MFA for all administrative access. 2. Verify the implementation of appropriate hardening measures, and change, remove, or deactivate...

10CVSS9.7AI score0.99999EPSS
Exploits177References133
ICS
ICS
added 2023/12/14 7:0 a.m.41 views

Unitronics Vision and Samba Series (Update A)

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION : Exploitable remotely/low attack complexity/public exploits are available/known public exploitation Vendor : Unitronics Equipment : Vision Series, Samba Series Vulnerability : Initialization of a Resource with an Insecure Default 2. RISK...

9.8CVSS10AI score0.02089EPSS
Exploits0References8
ICS
ICS
added 2023/12/14 7:0 a.m.31 views

Johnson Controls Kantech Gen1 ioSmart

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION : Exploitable from adjacent network Vendor : Sensormatic Electronics, LLC, an affiliate of Johnson Controls Inc. Equipment : Kantech Gen1 ioSmart card reader Vulnerability : Missing Release of Memory after Effective Lifetime 2. RISK EVALUATION...

7.5CVSS6.3AI score0.003EPSS
Exploits0References8
ICS
ICS
added 2023/12/14 7:0 a.m.46 views

Cambium ePMP 5GHz Force 300-25 Radio (Update A)

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION : Low attack complexity Vendor : Cambium Equipment : ePMP Force 300-25 Vulnerability : Code Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to perform code execution on the affected product...

7.8CVSS8AI score0.00431EPSS
Exploits0References8
ICS
ICS
added 2023/12/13 12:0 p.m.66 views

Russian Foreign Intelligence Service (SVR) Exploiting JetBrains TeamCity CVE Globally

SUMMARY The U.S. Federal Bureau of Investigation FBI, U.S. Cybersecurity & Infrastructure Security Agency CISA, U.S. National Security Agency NSA, Polish Military Counterintelligence Service SKW, CERT Polska CERT.PL, and the UK’s National Cyber Security Centre NCSC assess Russian Foreign...

9.8CVSS10AI score0.99979EPSS
Exploits17References100
ICS
ICS
added 2023/12/12 12:0 p.m.30 views

Schneider Electric Easy UPS Online Monitoring Software

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Vendor: Schneider Electric Equipment: Easy UPS Online Monitoring Software Vulnerability: Path Traversal 2. RISK EVALUATION Successful exploitation of this vulnerability could allow elevation of privileges which could result in arbitrary file...

7.2AI score0.00238EPSS
Exploits0References34
ICS
ICS
added 2023/12/12 12:0 p.m.188 views

Karakurt Data Extortion Group

Actions to take today to mitigate cyber threats from Karakurt ransomware: 1. Prioritize patching known exploited vulnerabilities. 2. Train users to recognize and report phishing attempts. 3. Enforce multifactor authentication...

10CVSS9.8AI score0.99999EPSS
Exploits352References58
ICS
ICS
added 2023/12/12 7:0 a.m.30 views

Schneider Electric Easy UPS Online Monitoring Software

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION : Vendor : Schneider Electric Equipment : Easy UPS Online Monitoring Software Vulnerability : Path Traversal 2. RISK EVALUATION Successful exploitation of this vulnerability could allow elevation of privileges which could result in arbitrary...

7.1CVSS6.7AI score0.00238EPSS
Exploits0References10
ICS
ICS
added 2023/12/12 12:0 a.m.197 views

Siemens SIMATIC S7-1500

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

9.7AI score
Exploits0References10
ICS
ICS
added 2023/12/12 12:0 a.m.29 views

Siemens Web Server of Industrial Products

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

8.7CVSS7.9AI score0.00956EPSS
Exploits0References12
ICS
ICS
added 2023/12/12 12:0 a.m.62 views

Siemens RUGGEDCOM and SCALANCE M-800/S615 Family

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

6.9CVSS7.8AI score0.007EPSS
Exploits0References10
ICS
ICS
added 2023/12/12 12:0 a.m.24 views

Siemens LOGO! and SIPLUS LOGO!

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

7.6CVSS7.2AI score0.00248EPSS
Exploits0References10
ICS
ICS
added 2023/12/12 12:0 a.m.44 views

Siemens SIMATIC and SIPLUS Products

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

7.5CVSS8.2AI score0.00722EPSS
Exploits0References12
ICS
ICS
added 2023/12/12 12:0 a.m.25 views

Siemens Simantic S7-1500 CPU family

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

7.5CVSS7.7AI score0.01244EPSS
Exploits0References12
ICS
ICS
added 2023/12/12 12:0 a.m.25 views

Siemens SINUMERIK

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

7.5CVSS7.6AI score0.01244EPSS
Exploits0References10
ICS
ICS
added 2023/12/12 12:0 a.m.28 views

Siemens OPC UA Implementation in SINUMERIK ONE and SINUMERIK MC

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

8.7CVSS8AI score0.00819EPSS
Exploits0References12
ICS
ICS
added 2023/12/12 12:0 a.m.43 views

Siemens SICAM Q100 Devices

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

8.6CVSS7.9AI score0.00623EPSS
Exploits0References12
ICS
ICS
added 2023/12/12 12:0 a.m.51 views

Siemens SINEC INS

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

9.8CVSS7.8AI score0.03658EPSS
Exploits1References12
ICS
ICS
added 2023/12/12 12:0 a.m.29 views

Siemens SCALANCE and RUGGEDCOM M-800/S615 Family

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

8.8CVSS8AI score0.00427EPSS
Exploits0References10
Total number of security vulnerabilities4251