Lucene search
K

4251 matches found

ICS
ICS
added 2023/12/12 12:0 a.m.25 views

Siemens SINUMERIK

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

7.5CVSS7.6AI score0.01244EPSS
Exploits0References10
ICS
ICS
added 2023/12/12 12:0 a.m.28 views

Siemens OPC UA Implementation in SINUMERIK ONE and SINUMERIK MC

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

8.7CVSS8AI score0.00819EPSS
Exploits0References12
ICS
ICS
added 2023/12/07 12:0 p.m.36 views

Russian FSB Cyber Actor Star Blizzard Continues Worldwide Spear-phishing Campaigns

The Russia-based actor is targeting organizations and individuals in the UK and other geographical areas of interest. OVERVIEW The Russia-based actor Star Blizzard formerly known as SEABORGIUM, also known as Callisto Group/TA446/COLDRIVER/TAG-53/BlueCharlie continues to successfully use...

9.1AI score
Exploits0References55
ICS
ICS
added 2023/12/07 7:0 a.m.27 views

Johnson Controls Metasys and Facility Explorer (Update A)

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION : Exploitable remotely/low attack complexity Vendor : Johnson Controls Equipment : Metasys and Facility Explorer Vulnerability : Uncontrolled Resource Consumption 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an...

7.5CVSS7.9AI score0.00827EPSS
Exploits0References8
ICS
ICS
added 2023/12/07 7:0 a.m.47 views

Schweitzer Engineering Laboratories SEL-411L

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 4.3 ATTENTION : Exploitable remotely/low attack complexity Vendor : Schweitzer Engineering Laboratories Equipment : SEL-411L Vulnerability : Improper Restriction of Rendered UI Layers or Frames 2. RISK EVALUATION Successful exploitation of this vulnerability...

6.1CVSS5.6AI score0.0039EPSS
Exploits0References8
ICS
ICS
added 2023/12/07 7:0 a.m.28 views

ControlbyWeb Relay

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION : Exploitable remotely/low attack complexity Vendor : ControlByWeb Equipment : X-332 and X-301 Vulnerability : Cross-Site Scripting 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an authenticated attacker to run...

7.5CVSS6.5AI score0.00416EPSS
Exploits0References10
ICS
ICS
added 2023/12/07 7:0 a.m.37 views

Mitsubishi Electric FA Engineering Software Products

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.3 Vendor : Mitsubishi Electric Equipment : MELIPC , MELSEC iQ-R, and MELSEC Q Series Vulnerabilities : Processor Optimization Removal or Modification of Security-Critical Code, Observable Discrepancy 2. RISK EVALUATION Successful exploitation of these...

5.5CVSS6.2AI score0.00347EPSS
Exploits0References10
ICS
ICS
added 2023/12/07 7:0 a.m.61 views

Sierra Wireless AirLink with ALEOS firmware

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION : Exploitable remotely/low attack complexity Vendor : Sierra Wireless Equipment : AirLink Vulnerabilities : Infinite Loop, NULL Pointer Dereference, Cross-site Scripting, Reachable Assertion, Use of Hard-coded Credentials, Use of Hard-coded...

8.1CVSS8AI score0.02296EPSS
Exploits2References8
ICS
ICS
added 2023/12/05 12:0 p.m.73 views

Threat Actors Exploit Adobe ColdFusion CVE-2023-26360 for Initial Access to Government Servers

Actions to take today to mitigate malicious cyber activity: 1. Prioritize remediating known exploited vulnerabilities. 2. Employ proper network segmentation. 3. Enable multifactor authentication MFA for all services to the extent possible, particularly for webmail, VPN, and accounts that access...

9.8CVSS8.8AI score0.97339EPSS
Exploits13References98
ICS
ICS
added 2023/12/05 7:0 a.m.28 views

Zebra ZTC Industrial ZT400 and ZTC Desktop GK420d

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.4 ATTENTION : Exploitable with adjacent access/low attack complexity Vendor : Zebra Technologies Equipment : ZTC Industrial ZT410, ZTC Desktop GK420d Vulnerability : Authentication Bypass Using an Alternate Path or Channel 2. RISK EVALUATION Successful...

5.4CVSS5.1AI score0.00269EPSS
Exploits0References8
ICS
ICS
added 2023/12/01 12:0 p.m.47 views

IRGC-Affiliated Cyber Actors Exploit PLCs in Multiple Sectors, Including U.S. Water and Wastewater Systems Facilities

Actions to take today to mitigate malicious activity: 1. Implement multifactor authentication. 2. Use strong, unique passwords. 3. Check PLCs for default passwords...

9.8CVSS9.1AI score0.02089EPSS
Exploits0References63
ICS
ICS
added 2023/11/30 7:0 a.m.26 views

Mitsubishi Electric FA Engineering Software Products

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION : Low attack complexity Vendor : Mitsubishi Electric Equipment : FA Engineering Software Products Vulnerability : External Control of File Name or Path 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a malicious...

7.8CVSS7.9AI score0.00261EPSS
Exploits0References10
ICS
ICS
added 2023/11/30 7:0 a.m.33 views

Delta Electronics DOPSoft

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION : Exploitable remotely/low attack complexity Vendor : Delta Electronics Equipment : DOPSoft Vulnerability : Stack-Based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could lead to remote code execution. 3...

7.8CVSS8AI score0.00365EPSS
Exploits0References10
ICS
ICS
added 2023/11/30 7:0 a.m.33 views

Yokogawa STARDOM

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION : Exploitable remotely/low attack complexity Vendor : Yokogawa Equipment : STARDOM FCN/FCJ Vulnerability : Uncontrolled Resource Consumption 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote attacker to cause...

5.3CVSS5.5AI score0.01166EPSS
Exploits0References8
ICS
ICS
added 2023/11/30 7:0 a.m.56 views

PTC KEPServerEx

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION : Exploitable remotely/low attack complexity Vendor : PTC Equipment : KEPServerEX, ThingWorx, OPC-Aggregator Vulnerabilities : Heap-based Buffer Overflow, Improper Validation of Certificate with Host Mismatch 2. RISK EVALUATION Successful...

9.1CVSS9AI score0.00962EPSS
Exploits0References8
ICS
ICS
added 2023/11/28 1:30 p.m.24 views

Hitachi Energy RTU500 series

SUMMARY Hitachi Energy is aware of the vulnerabilities CVE-2023-5767, CVE-2023-5768 and CVE-2023-5769 in the Web server and HCI IEC 60870-5-104 component, that affects the RTU500 versions that are listed below. An at- tacker successfully exploiting these vulnerabilities could perform cross-site...

6.1CVSS6.7AI score0.00412EPSS
Exploits0References9
ICS
ICS
added 2023/11/28 7:0 a.m.37 views

Franklin Electric Fueling Systems Colibri

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION : Exploitable remotely/low attack complexity/public exploits are available Vendor : Franklin Electric Fueling Systems Equipment : Colibri Vulnerability : Path Traversal 2. RISK EVALUATION Successful exploitation of this vulnerability could...

6.5CVSS6.7AI score0.01103EPSS
Exploits0References10
ICS
ICS
added 2023/11/28 7:0 a.m.53 views

Delta Electronics InfraSuite Device Master

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION : Exploitable remotely/low attack complexity Vendor : Delta Electronics Equipment : InfraSuite Device Master Vulnerabilities : Path Traversal, Deserialization of Untrusted Data, Exposed Dangerous Method or Function. 2. RISK EVALUATION...

9.8CVSS9.7AI score0.16573EPSS
Exploits0References10
ICS
ICS
added 2023/11/28 7:0 a.m.33 views

Mitsubishi Electric GX Works2

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 2.5 ATTENTION : Exploitable locally Vendor : Mitsubishi Electric Corporation Equipment : GX Works2 Vulnerability : Denial-of-Service 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow a Denial-of-service DoS due to improper input...

4.7CVSS5AI score0.00271EPSS
Exploits0References8
ICS
ICS
added 2023/11/28 7:0 a.m.40 views

BD FACSChorus

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.4 ATTENTION : Low attack complexity Vendor : Becton, Dickinson and Company BD Equipment : FACSChorus Vulnerabilities : Missing Protection Mechanism for Alternate Hardware Interface, Missing Authentication for Critical Function, Improper Authentication, Use...

5.7CVSS5.5AI score0.00378EPSS
Exploits0References8
ICS
ICS
added 2023/11/28 7:0 a.m.11 views

FESTO Automation Suite, FluidDraw, and Festo Didactic Products

GENERAL RECOMENDATION Users running communication over an untrusted network who require full protection should switch to an alternative solution such as running the communication over a VPN. Festo strongly recommends to minimize and protect network access to connected devices with state of the...

9.8CVSS10AI score0.01505EPSS
Exploits0References10
ICS
ICS
added 2023/11/28 12:0 a.m.23 views

Hitachi Energy Relion 670/650/SAM600-IO Series (Update C)

SUMMARY Hitachi Energy is aware of the vulnerability CVE-2023-4518 that affects the Relion 670/650/SAM600-IO series that are listed below. An attacker successfully exploiting this vulnerability could cause operational disruptions of the devices. For immediate mitigation/workaround information,...

7.5CVSS7.4AI score0.00701EPSS
Exploits0References9
ICS
ICS
added 2023/11/21 12:0 p.m.184 views

#StopRansomware: LockBit 3.0 Ransomware Affiliates Exploit CVE 2023-4966 Citrix Bleed Vulnerability

SUMMARY Note: This joint Cybersecurity Advisory CSA is part of an ongoing StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These StopRansomware advisories include recently and historically observed tactics,...

9.4CVSS9.4AI score0.99999EPSS
Exploits15References55
ICS
ICS
added 2023/11/21 7:0 a.m.36 views

WAGO PFC200 Series

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 2.7 ATTENTION : low attack complexity Vendor : WAGO Equipment : PFC200 Series Vulnerability : Externally Controlled Reference to a Resource in Another Sphere 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker with...

2.7CVSS3.8AI score0.0047EPSS
Exploits0References8
ICS
ICS
added 2023/11/21 7:0 a.m.54 views

Fuji Electric Tellus Lite V-Simulator

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION : Low attack complexity Vendor : Fuji Electric Equipment : Tellus Lite V-Simulator Vulnerabilities : Stack-based Buffer Overflow, Out-of-bounds Write, Improper Access Control 2. RISK EVALUATION Successful exploitation of these vulnerabilities...

8.8CVSS8.6AI score0.00484EPSS
Exploits0References10
ICS
ICS
added 2023/11/16 12:0 p.m.114 views

Scattered Spider

SUMMARY The Federal Bureau of Investigation FBI and Cybersecurity and Infrastructure Security Agency CISA are releasing this joint Cybersecurity Advisory CSA in response to recent activity by Scattered Spider threat actors against the commercial facilities sectors and subsectors. This advisory...

10AI score
Exploits0References134
ICS
ICS
added 2023/11/16 7:0 a.m.30 views

Hitachi Energy MACH System Software

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION : Exploitable remotely/low attack complexity Vendor : Hitachi Energy Equipment : MACH System Software Vulnerabilities : Path Traversal, Exposure of Resource to Wrong Sphere 2. RISK EVALUATION Successful exploitation of these vulnerabilities...

6.5CVSS5.6AI score0.00486EPSS
Exploits0References8
ICS
ICS
added 2023/11/16 7:0 a.m.35 views

Red Lion Sixnet RTUs

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION : Exploitable remotely/low attack complexity Vendor : Red Lion Equipment : Sixnet RTU Vulnerabilities : Authentication Bypass using an Alternative Path or Channel, Exposed Dangerous Method or Function 2. RISK EVALUATION Successful exploitation...

10CVSS10AI score0.01149EPSS
Exploits0References8
ICS
ICS
added 2023/11/15 12:0 p.m.73 views

#StopRansomware: Rhysida Ransomware

Actions to take today to mitigate malicious cyber activity: 1. Prioritize remediating known exploited vulnerabilities. 2. Enable multifactor authentication MFA for all services to the extent possible, particularly for webmail, VPN, and accounts that access critical systems. 3. Segment networks to...

10CVSS6.7AI score0.99512EPSS
Exploits75References119
ICS
ICS
added 2023/11/14 7:0 a.m.37 views

AVEVA Operations Control Logger

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION : Low attack complexity Vendor : AVEVA Equipment : Operations Control Logger Vulnerabilities : Execution with Unnecessary Privileges, External Control of File Name or Path 2. RISK EVALUATION Successful exploitation of these vulnerabilities...

7.8CVSS7.5AI score0.00236EPSS
Exploits0References8
ICS
ICS
added 2023/11/14 7:0 a.m.43 views

Rockwell Automation SIS Workstation and ISaGRAF Workbench

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION : Low attack complexity Vendor : Rockwell Automation Equipment : SIS Workstation and ISaGRAF Workbench Vulnerability : Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow unprivileged local...

9.3CVSS7.7AI score0.01525EPSS
Exploits1References10
ICS
ICS
added 2023/11/14 12:0 a.m.38 views

Siemens SIMATIC MV500

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

9.8CVSS8.9AI score0.5346EPSS
Exploits4References12
ICS
ICS
added 2023/11/14 12:0 a.m.22 views

Siemens SCALANCE W700

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

7.5CVSS7.1AI score0.00897EPSS
Exploits1References12
ICS
ICS
added 2023/11/14 12:0 a.m.47 views

Siemens SIMATIC PCS neo

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

8.8CVSS7.4AI score0.00618EPSS
Exploits0References12
ICS
ICS
added 2023/11/14 12:0 a.m.61 views

Siemens Desigo CC product family

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

9.8CVSS9.8AI score0.33304EPSS
Exploits2References10
ICS
ICS
added 2023/11/14 12:0 a.m.66 views

Siemens Mendix Studio Pro

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

8.8CVSS9.4AI score0.99735EPSS
Exploits9References12
ICS
ICS
added 2023/11/14 12:0 a.m.63 views

Siemens SCALANCE Family Products

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

9.4AI score
Exploits0References12
ICS
ICS
added 2023/11/14 12:0 a.m.58 views

Siemens PNI

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

9.8CVSS9.2AI score0.16004EPSS
Exploits1References12
ICS
ICS
added 2023/11/14 12:0 a.m.25 views

Siemens RUGGEDCOM APE1808 Devices

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

9.2CVSS8.4AI score0.00531EPSS
Exploits0References12
ICS
ICS
added 2023/11/14 12:0 a.m.18 views

Siemens OPC UA Modeling Editor (SiOME)

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

7.5CVSS7.8AI score0.00652EPSS
Exploits0References12
ICS
ICS
added 2023/11/14 12:0 a.m.36 views

Siemens Mendix Runtime

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

8.1CVSS7.6AI score0.0044EPSS
Exploits0References12
ICS
ICS
added 2023/11/14 12:0 a.m.52 views

Siemens SIPROTEC 4 7SJ66

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

9.8CVSS9.3AI score0.7525EPSS
Exploits7References12
ICS
ICS
added 2023/11/14 12:0 a.m.75 views

Siemens COMOS

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

9.8CVSS9.7AI score0.02591EPSS
Exploits0References12
ICS
ICS
added 2023/11/09 7:0 a.m.54 views

Johnson Controls Quantum HD Unity

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION : Exploitable Remotely/Low attack complexity Vendor : Johnson Controls Inc. Equipment : Quantum HD Unity Vulnerability : Active Debug Code 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthorized user to...

10CVSS9.6AI score0.00807EPSS
Exploits0References8
ICS
ICS
added 2023/11/09 7:0 a.m.41 views

Hitachi Energy eSOMS

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION : Exploitable remotely/low attack complexity Vendor : Hitachi Energy Equipment : eSOMS Vulnerabilities : Generation of Error Message Containing Sensitive Information, Exposure of Sensitive System Information to an Unauthorized Control Sphere 2...

5.3CVSS5.6AI score0.00377EPSS
Exploits0References8
ICS
ICS
added 2023/11/07 12:0 p.m.58 views

GE MiCOM S1 Agile

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Low attack complexity Vendor: General Electric Equipment: MiCOM S1 Agile Vulnerability: Uncontrolled Search Path Element 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to upload malicious files and...

7.5AI score0.00255EPSS
Exploits0References31
ICS
ICS
added 2023/11/07 7:0 a.m.20 views

GE MiCOM S1 Agile

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION : Low attack complexity Vendor : General Electric Equipment : MiCOM S1 Agile Vulnerability : Uncontrolled Search Path Element 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to upload malicious files and...

7.3CVSS6.4AI score0.00255EPSS
Exploits0References10
ICS
ICS
added 2023/11/02 6:0 a.m.33 views

Weintek EasyBuilder Pro

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION : Exploitable remotely/low attack complexity Vendor : Weintek Equipment : EasyBuilder Pro Vulnerability : Use of Hard-coded Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to obtain remote...

9.8CVSS9.7AI score0.00536EPSS
Exploits0References8
ICS
ICS
added 2023/11/02 6:0 a.m.44 views

Mitsubishi Electric MELSEC iQ-F/iQ-R Series CPU Module (Update A)

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION : Exploitable remotely/low attack complexity Equipment : MELSEC iQ-F/iQ-R Series Vulnerability : Improper Restriction of Excessive Authentication Attempts 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote...

5.3CVSS5.3AI score0.0095EPSS
Exploits0References8
ICS
ICS
added 2023/11/02 6:0 a.m.41 views

Franklin Fueling System TS-550

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.3 ATTENTION : Exploitable remotely/low attack complexity/public exploits are available Vendor : Franklin Fueling System Equipment : TS-550 Vulnerability : Use of Password Hash with Insufficient Computational Effort 2. RISK EVALUATION Successful...

9.8CVSS9.5AI score0.00284EPSS
Exploits0References8
Total number of security vulnerabilities4251