Yokogawa CENTUM VP

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to login as the PROG user and modify permissions. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Minimize network exposure for...

Anritsu Remote Spectrum Monitor

RISK EVALUATION Successful exploitation of this vulnerability could allow attackers with network access to alter operational settings, obtain sensitive signal data, or disrupt device availability. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of...

PX4 Autopilot

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker with access to the MAVLink interface to execute arbitrary shell commands without cryptographic authentication. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of...

PTC Windchill Product Lifecycle Management

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to achieve remote code execution. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Minimize network exposure for all control...

OC Messaging and Custom Messaging Gateway

RISK EVALUATION Successful exploitation of this vulnerability could allow an authenticated low-privileged user to gain access to SMS messages outside of their authorized tenant scope via a crafted company or tenant identifier parameter. 2. RECOMMENDED PRACTICES CISA recommends users take...

Siemens SICAM 8 Products

SUMMARY Multiple SICAM 8 products are affected by multiple vulnerabilities that could lead to denial of service, namely: - SICAM A8000 Device firmware - CPCI85 for CP-8031/CP-8050 - SICORE for CP-8010/CP-8012 - RTUM85 for CP-8010/CP-8012 - SICAM EGS Device firmware - CPCI85 - SICAM S8000 -...

Nanoleaf Lines unauthenticated firmware file store

RISK EVALUATION Nanoleaf Lines 12.3.2 does not authenticate firmware file uploads. A remote, unauthenticated attacker can upload firmware files on the device and consume storage resources. 2. RECOMMENDED PRACTICES Update to 12.3.6. 3. DESCRIPTION Nanoleaf Lines 12.3.2 does not authenticate...

Grassroots DICOM (GDCM)

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to send a specially crafted file, and when parsed, could result in a denial-of-service condition. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of...

Pharos Controls Mosaic Show Controller

RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated attacker to execute arbitrary commands with root privileges. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Minimize...

WAGO GmbH & Co. KG Industrial Managed Switches

SUMMARY A vulnerability has been found affecting the Managed Switches of WAGO. An unauthenticated attacker can fully compromise the device via an undocumented function. 2. IMPACT This could lead to a full System compromise of the affected devices. 3. REMEDIATION Please update your devices to the...

OPEXUS eComplaint and eCase multiple vulnerabilities

RISK EVALUATION OPEXUS eComplaint and eCase contain multiple vulnerabilities. In the worst case, an unauthenticated attacker could take over any account with a known username. 2. RECOMMENDED PRACTICES Update to OPEXUS eCase and eComplaint 10.1.0.0. 3. DESCRIPTION OPEXUS eComplaint and eCASE...

Automated Logic WebCTRL Premium Server

RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to read, intercept, or modify communications. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as: Minimize network...

CTEK Chargeportal

RISK EVALUATION Successful exploitation of these vulnerabilities could enable attackers to gain unauthorized administrative control over vulnerable charging stations or disrupt charging services through denial-of-service attacks. 2. RECOMMENDED PRACTICES CISA recommends users take defensive...

IGL-Technologies eParking.fi

RISK EVALUATION Successful exploitation of these vulnerabilities could enable attackers to gain unauthorized administrative control over vulnerable charging stations or disrupt charging services through denial-of-service attacks. 2. RECOMMENDED PRACTICES CISA recommends users take defensive...

Multiple IP-KVM Vulnerabilities

RISK EVALUATION Multiple KVM products GL-iNet GL-RM1, Angeet ES3 KVM, Sipeed NanoKVM, and JetKVM are affected by multiple vulnerabilities. The most severe of these vulnerabilities could allow a remote, unauthenticated attacker to take complete control of a vulnerable product. 2. RECOMMENDED...

ABB AWIN Gateways

SUMMARY ABB became aware of vulnerability in the products versions listed as affected in the advisory. An update is available that resolves the reported vulnerabilities. AWIN gateways are not intended to be internet-facing. An attacker who successfully exploited this vulnerability could take...

Trane Tracer SC, Tracer SC+, and Tracer Concierge

RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to disclose sensitive information, execute arbitrary commands, or perform a denial-of-service on the product. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of...

Inductive Automation Ignition Software

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute malicious code with OS application service account permissions that the authenticated, privileged application user did not intend on running. 2. RECOMMENDED PRACTICES CISA recommends users take...

ABB AC500 V3 Stack Buffer Overflow in Cryptographic Message Syntax

SUMMARY ABB became aware of vulnerability in the products versions listed as affected in the advisory. An update is available that resolves publicly reported vulnerability. An attacker who successfully exploited these vulnerabilities could cause a crash, denial-of-service DoS, or potentially...

Schneider Electric EcoStruxure PME and EPO

GENERAL SECURITY RECOMMENDATIONS Schneider Electric strongly recommends the following industry cybersecurity best practices. https://www.se.com/us/en/download/document/7EN52-0390/ Locate control and safety system networks and remote devices behind firewalls and isolate them from the business...

Schneider Electric EcoStruxure Automation Expert

GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install physical controls so no unauthorized personnel can access...

Schneider Electric Modicon Controllers M241, M251, M258, and LMC058

GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install physical controls so no unauthorized personnel can access...

Schneider Electric Modicon M241, M251, and M262

GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. https://www.se.com/us/en/download/document/7EN52-0390/ Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install...

Schneider Electric EcoStruxure Data Center Expert

GENERAL SECURITY RECOMMENDATIONS Schneider Electric strongly recommends the following industry cybersecurity best practices: Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install physical controls so no unauthorized...

Schneider Electric EcoStruxure Foxboro DCS

GENERAL SECURITY RECOMMENDATIONS Schneider Electric strongly recommends the following industry cybersecurity best practices. https://www.se.com/us/en/download/document/7EN52-0390/ Locate control and safety system networks and remote devices behind firewalls and isolate them from the business...

Apeman Cameras

RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to take control of the device or view camera feeds. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as: Minimize...

Lantronix EDS3000PS and EDS5000

RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to bypass authentication and execute code with root-level privileges. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities,...

Honeywell IQ4 Series BMS Controller (Update A)

RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthorized attacker to access controller management settings, control components, disclose information, or cause a denial-of-service condition. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to...

Ceragon Siklu MultiHaul and EtherHaul Series

RISK EVALUATION Successful exploitation of this vulnerability could result in arbitrary file upload to the target equipment. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this these vulnerabilityies, such as: When remote access is...

Mitsubishi Electric CNC Series

RISK EVALUATION Successful exploitation of this vulnerability could allow a remote attacker to cause an out-of-bounds read, resulting in a denial-of-service condition in the affected products. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the exploitation...

Siemens SICAM SIAPP SDK

SUMMARY The SICAM SIAPP SDK contains multiple vulnerabilities that could allow an attacker to disrupt the customer-developed SIAPP or its simulation environment. Potential impacts include denial of service within the SIAPP, corruption of SIAPP data, or exploit the simulation environment. These...

Siemens Heliox EV Chargers

SUMMARY Heliox EV Chargers listed below contain improper access control vulnerability that could allow an attacker to reach unauthorized services via the charging cable. Siemens has released new versions for the affected products and recommends to update to the latest versions. 2. GENERAL...

Siemens SIMATIC

SUMMARY SIMATIC S7-1500 devices contain a vulnerability that could allow an attacker to inject code by tricking a legitimate user into importing a specially crafted trace file in the web interface. Siemens has released new versions for several affected products and recommends to update to the...

Siemens SIDIS Prime

SUMMARY SIDIS Prime before V4.0.800 is affected by multiple vulnerabilities in the components OpenSSL, SQLite, and several Node.js packages as described below. Siemens has released a new version of SIDIS Prime and recommends to update to the latest version. 2. GENERAL RECOMMENDATIONS As a...

Siemens RUGGEDCOM APE1808 Devices

SUMMARY Fortinet has published information on vulnerabilities in FORTIOS. This advisory lists the related Siemens Industrial products. Siemens has released a new version for RUGGEDCOM APE1808 and recommends to update to the latest version. 2. GENERAL RECOMMENDATIONS As a general security...

Delta Electronics CNCSoft-G2

RISK EVALUATION Successful exploitation of this vulnerability could result in an attacker achieving remote code execution on the device. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as: Minimize network...

Labkotec LID-3300IP

RISK EVALUATION Successful exploitation of this vulnerability could allow attackers to gain unauthorized control over system operations, leading to disruption of normal functionality and potential safety hazards. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize...

Portwell Engineering Toolkits

RISK EVALUATION Successful exploitation of this vulnerability could allow a local attacker to escalate privileges or cause a denial-of-service condition. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:...

Everon OCPP Backends

RISK EVALUATION Successful exploitation of these vulnerabilities could enable attackers to gain unauthorized administrative control over vulnerable charging stations or disrupt charging services through denial-of-service attacks. 2. RECOMMENDED PRACTICES CISA recommends users take defensive...

ePower epower.ie

RISK EVALUATION Successful exploitation of these vulnerabilities could enable attackers to gain unauthorized administrative control over vulnerable charging stations or disrupt charging services through denial-of-service attacks. 2. RECOMMENDED PRACTICES CISA recommends users take defensive...

Mobiliti e-mobi.hu

RISK EVALUATION Successful exploitation of these vulnerabilities could enable attackers to gain unauthorized administrative control over vulnerable charging stations or disrupt charging services through denial-of-service attacks. 2. RECOMMENDED PRACTICES CISA recommends users take defensive...

Mitsubishi Electric MELSEC iQ-F Series EtherNet/IP module and Ethernet module

RISK EVALUATION Successful exploitation of these vulnerabilities could allow a remote attacker to cause a denial-of-service condition by continuously sending UDP packets to the affected products. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of...

Mitsubishi Electric MELSEC iQ-F Series EtherNet/IP module and Ethernet Module (Update A)

RISK EVALUATION Successful exploitation of these vulnerabilities could allow a remote attacker to cause a denial-of-service condition by continuously sending UDP packets to the affected products. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of...

CODESYS in Festo Automation Suite

SUMMARY Starting with Festo Automation Suite FAS version 2.8.0.138, the suite is delivered only with a connector to Codesys, rather than including Codesys directly. Prior to this version, Codesys was bundled within the FAS installation. From version 2.8.0.138 onwards, customers are required to...

Yokogawa CENTUM VP R6, R7

RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to terminate the software stack process, cause a denial-of-service condition, or execute arbitrary code. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of...

Chargemap chargemap.com

RISK EVALUATION Successful exploitation of these vulnerabilities could enable attackers to gain unauthorized administrative control over vulnerable charging stations or disrupt charging services through denial-of-service attacks. 2. RECOMMENDED PRACTICES CISA recommends users take defensive...

EV2GO ev2go.io

RISK EVALUATION Successful exploitation of these vulnerabilities could allow attackers to impersonate charging stations, hijack sessions, suppress or misroute legitimate traffic to cause large-scale denial of service, and manipulate data sent to the backend. 2. RECOMMENDED PRACTICES CISA...

Mobility46 mobility46.se

RISK EVALUATION Successful exploitation of these vulnerabilities could enable attackers to gain unauthorized administrative control over vulnerable charging stations or disrupt charging services through denial-of-service attacks. 2. RECOMMENDED PRACTICES CISA recommends users take defensive...

EV Energy ev.energy

RISK EVALUATION Successful exploitation of these vulnerabilities could enable attackers to gain unauthorized administrative control over vulnerable charging stations or disrupt charging services through denial-of-service attacks. 2. RECOMMENDED PRACTICES CISA recommends users take defensive...

Copeland XWEB and XWEB Pro

RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to bypass authentication, cause a denial-of-service condition, cause memory corruption, and execute arbitrary code. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk...