Lucene search
K

4251 matches found

ICS
ICS
added 2023/05/18 7:1 p.m.51 views

Hitachi Energy’s MicroSCADA Pro/X SYS600 Products

1. EXECUTIVE SUMMARY CVSS v3 6.7 ATTENTION: Public exploits are available Vendor: Hitachi Energy Equipment: MicroSCADA Pro/X SYS600 Products Vulnerabilities: Permissions, Privileges, and Access Controls 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to...

9.3CVSS7.5AI score0.05261EPSS
Exploits0References7
ICS
ICS
added 2023/05/18 12:0 p.m.70 views

Rockwell Automation FactoryTalk Diagnostics (Update B)

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Rockwell Automation Equipment: FactoryTalk Diagnostics Vulnerabilities: Deserialization of Untrusted Data 2. UPDATE OR REPOSTED INFORMATION This updated advisory is a follow-up to the original...

10CVSS9.9AI score0.05363EPSS
Exploits0References28
ICS
ICS
added 2023/05/18 6:0 a.m.37 views

Mitsubishi Electric MELSEC WS Series

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: WS0-GETH00200 Vulnerabilities: Active Debug Code 2. UPDATE OR REPOSTED INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-23-138-02...

8.6CVSS8.4AI score0.01132EPSS
Exploits0References8
ICS
ICS
added 2023/05/16 7:48 p.m.35 views

Rockwell Automation FactoryTalk Vantagepoint

1. EXECUTIVE SUMMARY CVSS v3 7.1 ATTENTION: Exploitable remotely Vendor: Rockwell Automation Equipment: FactoryTalk Vantagepoint Vulnerabilities: Insufficient Verification of Data Authenticity 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to impersonate...

8.8CVSS8.1AI score0.00378EPSS
Exploits0References7
ICS
ICS
added 2023/05/16 12:0 p.m.70 views

#StopRansomware: BianLian Ransomware Group

Actions to take today to mitigate cyber threats from BianLian ransomware and data extortion: 1. Strictly limit the use of RDP and other remote desktop services. 2. Disable command-line and scripting activities and permissions. 3. Restrict usage of PowerShell and update Windows PowerShell or...

10CVSS7.5AI score0.99512EPSS
Exploits75References122
ICS
ICS
added 2023/05/16 6:0 a.m.63 views

Snap One OvrC Cloud (Update A)

1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Snap One Equipment: OvrC Cloud, OvrC Pro Devices Vulnerabilities: Improper Input Validation, Observable Response Discrepancy, Improper Access Control, Cleartext Transmission of Sensitive Information,...

10CVSS8.6AI score0.00764EPSS
Exploits0References10
ICS
ICS
added 2023/05/12 6:9 p.m.69 views

SDG PnPSCADA

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: SDG Technologies Equipment: PnPSCADA Vulnerabilities: SQL Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to interact with the database and retrieve...

9.8CVSS9.1AI score0.08079EPSS
Exploits3References5
ICS
ICS
added 2023/05/12 6:9 p.m.65 views

PTC Vuforia Studio

1. EXECUTIVE SUMMARY CVSS v3 8.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: PTC Equipment: Vuforia Studio Vulnerabilities: Insufficiently Protected Credentials, Improper Authorization, Unrestricted Upload of File with Dangerous Type, Path Traversal, Cross-site Request Forgery...

9.9CVSS7.3AI score0.00657EPSS
Exploits0References7
ICS
ICS
added 2023/05/12 3:7 p.m.41 views

Rockwell Automation Arena Simulation Software

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Rockwell Automation Equipment: Arena Simulation Software Vulnerabilities: Incorrect Restriction of Operations within the Bounds of a Memory Buffer 2. RISK EVALUATION Successful exploitation of these vulnerabilities could...

9.8CVSS9.6AI score0.009EPSS
Exploits0References5
ICS
ICS
added 2023/05/11 10:14 p.m.36 views

Rockwell Automation ThinManager

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: ThinManager Vulnerabilities: Inadequate Encryption Strength 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to decrypt traffic...

7.5CVSS7.5AI score0.00666EPSS
Exploits0References5
ICS
ICS
added 2023/05/11 10:14 p.m.33 views

Rockwell Automation Kinetix 5500

1. EXECUTIVE SUMMARY CVSS v3 9.4 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: Kinetix 5500 EtherNet/IP Servo Drive Vulnerabilities: Improper Access Control 2. RISK EVALUATION Successful exploitation of this vulnerability could create a...

9.4CVSS9.3AI score0.01253EPSS
Exploits0References5
ICS
ICS
added 2023/05/11 10:14 p.m.30 views

Rockwell Automation PanelView 800

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: PanelView 800 Vulnerabilities: Out-of-bounds Write, Out-of-bounds Read 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow remote code...

10CVSS10AI score0.03524EPSS
Exploits1References5
ICS
ICS
added 2023/05/11 12:0 p.m.58 views

Malicious Actors Exploit CVE-2023-27350 in PaperCut MF and NG

SUMMARY The Federal Bureau of Investigation FBI and Cybersecurity and Infrastructure Security Agency CISA are releasing this joint Cybersecurity Advisory CSA in response to the active exploitation of CVE-2023-27350. This vulnerability occurs in certain versions of PaperCut NG and PaperCut MF and...

9.8CVSS9.7AI score0.99999EPSS
Exploits24References33
ICS
ICS
added 2023/05/11 6:0 a.m.99 views

Teltonika Remote Management System and RUT Model Routers

1. EXECUTIVE SUMMARY CVSS v3 9.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Teltonika Equipment: Remote Management System and RUT model routers Vulnerabilities: Observable Response Discrepancy, Improper Authentication, Server-Side Request Forgery, Cross-site Scripting, Inclusio...

9.8CVSS9.5AI score0.0148EPSS
Exploits0References10
ICS
ICS
added 2023/05/10 9:14 p.m.40 views

Sierra Wireless AirVantage

1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Sierra Wireless Equipment: AirVantage Vulnerabilities: Improper Authentication, Exposure of Sensitive Information to an Unauthorized Actor 2. RISK EVALUATION Successful exploitation of these...

8.8CVSS7.6AI score0.00403EPSS
Exploits0References7
ICS
ICS
added 2023/05/10 9:13 p.m.83 views

Hitachi Energy MSM

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: Modular Switchgear Monitoring MSM Vulnerabilities: Improper Restriction of Excessive Authentication Attempts, Authentication Bypass by Capture-replay, Code Injection, Improper...

9.8CVSS9.6AI score0.08848EPSS
Exploits11References4
ICS
ICS
added 2023/05/10 8:52 p.m.68 views

BirdDog Cameras & Encoders

1. EXECUTIVE SUMMARY CVSS v3 8.4 ATTENTION: Exploitable remotely/low attack complexity Vendor: BirdDog Equipment: STUDIO R3, 4K QUAD, MINI, A300 EYES Vulnerabilities: Cross-Site Request Forgery, Use of Hard-Coded Credentials 2. RISK EVALUATION Successful exploitation of these vulnerabilities...

9.8CVSS9.4AI score0.00462EPSS
Exploits0References7
ICS
ICS
added 2023/05/09 12:0 p.m.72 views

Hunting Russian Intelligence “Snake” Malware

SUMMARY The Snake implant is considered the most sophisticated cyber espionage tool designed and used by Center 16 of Russia’s Federal Security Service FSB for long-term intelligence collection on sensitive targets. To conduct operations using this tool, the FSB created a covert peer-to-peer P2P...

9.1AI score
Exploits0References78
ICS
ICS
added 2023/05/09 12:0 a.m.44 views

Siemens SCALANCE W1750D

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please seeSiemens' ProductCERT Security Advisories CERT Services | Services |...

7.5CVSS7.1AI score0.00897EPSS
Exploits1References12
ICS
ICS
added 2023/05/09 12:0 a.m.41 views

Siemens Solid Edge

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please seeSiemens' ProductCERT Security Advisories CERT Services | Services |...

7.8CVSS6.4AI score0.00226EPSS
Exploits0References12
ICS
ICS
added 2023/05/09 12:0 a.m.40 views

Siemens SCALANCE LPE9403

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please seeSiemens' ProductCERT Security Advisories CERT Services | Services |...

9.9CVSS6.5AI score0.01297EPSS
Exploits0References12
ICS
ICS
added 2023/05/09 12:0 a.m.46 views

Siemens SINEC NMS Third-Party

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please seeSiemens' ProductCERT Security Advisories CERT Services | Services |...

9.8CVSS8.7AI score0.04325EPSS
Exploits5References12
ICS
ICS
added 2023/05/09 12:0 a.m.30 views

Siemens SIMATIC Cloud Connect 7

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please seeSiemens' ProductCERT Security Advisories CERT Services | Services |...

7.6CVSS7.8AI score0.01535EPSS
Exploits0References12
ICS
ICS
added 2023/05/09 12:0 a.m.41 views

Siemens Siveillance

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please seeSiemens' ProductCERT Security Advisories CERT Services | Services |...

9.9CVSS9.7AI score0.01114EPSS
Exploits0References12
ICS
ICS
added 2023/05/05 6:0 a.m.73 views

Hitachi Energy's RTU500 Series Product (UPDATE B)

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION : Exploitable remotely/low attack complexity Vendor : Hitachi Energy Equipment : RTU500 Series Vulnerabilities : Type Confusion, Observable Timing Discrepancy, Out-of-bounds Read, Infinite Loop, Classic Buffer Overflow 2. RISK EVALUATION...

9.8CVSS9.1AI score0.87816EPSS
Exploits3References8
ICS
ICS
added 2023/05/02 6:41 p.m.72 views

Mitsubishi Electric Factory Automation Products

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Low attack complexity Vendor: Mitsubishi Electric Equipment: Factory Automation FA Products Vulnerabilities: Dependency on Vulnerable Third-Party Component 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow a malicious...

8.8CVSS7.6AI score0.00447EPSS
Exploits0References6
ICS
ICS
added 2023/04/28 6:53 p.m.37 views

Scada-LTS Third Party Component

1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: Scada-LTS Equipment: Scada-LTS Vulnerability: Cross-site Scripting 2. RISK EVALUATION Successful exploitation of this vulnerability could allow loss of sensitive...

4.3CVSS6.6AI score0.01534EPSS
Exploits2References5
ICS
ICS
added 2023/04/28 6:53 p.m.64 views

Illumina Universal Copy Service

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Illumina Equipment: Universal Copy Service UCS Vulnerabilities: Binding to an Unrestricted IP Address, Execution with Unnecessary Privileges 2. RISK EVALUATION Successful exploitation of these...

10CVSS9.4AI score0.01812EPSS
Exploits0References7
ICS
ICS
added 2023/04/25 6:0 a.m.56 views

Keysight N8844A Data Analytics Web Service (Update A)

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION : Exploitable remotely/low attack complexity Vendor : Keysight Equipment : N8844A Data Analytics Web Service Vulnerability: Deserialization of Untrusted Data 2. RISK EVALUATION Successful exploitation of this vulnerability could lead to remote code...

9.8CVSS10AI score0.00799EPSS
Exploits0References10
ICS
ICS
added 2023/04/20 7:52 p.m.58 views

Datakit CrossCAD-WARE

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Datakit Equipment: CrossCAD/Warex64 library Vulnerability: Out-of-bounds Read, Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to disclose sensitive...

7.8CVSS6.3AI score0.00235EPSS
Exploits0References7
ICS
ICS
added 2023/04/20 3:30 p.m.30 views

INEA ME RTU

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: INEA Equipment: ME RTU Vulnerability: OS Command Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED...

10CVSS10AI score0.01726EPSS
Exploits0References5
ICS
ICS
added 2023/04/20 3:30 p.m.31 views

Omron CS/CJ Series

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Omron Equipment: SYSMAC CS/CJ Series Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to access...

8.6CVSS8.6AI score0.00536EPSS
Exploits0References4
ICS
ICS
added 2023/04/18 7:27 p.m.72 views

Siemens Mendix Forgot Password Module

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please seeSiemens' ProductCERT Security Advisories CERT Services | Services |...

7.8CVSS5.6AI score0.00458EPSS
Exploits0References9
ICS
ICS
added 2023/04/18 7:27 p.m.74 views

FANUC ROBOGUIDE-HandlingPRO

1. EXECUTIVE SUMMARY CVSS v3 6.8 ATTENTION: Exploitable remotely Vendor: FANUC Equipment: ROBOGUIDE-HandlingPRO Vulnerability: Path Traversal 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to read and/or overwrite files on the system running the affected...

7.5CVSS7.3AI score0.00943EPSS
Exploits0References7
ICS
ICS
added 2023/04/18 7:27 p.m.28 views

B. Braun Battery Pack SP with Wi-Fi

1. EXECUTIVE SUMMARY CVSS v3 5.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: B. Braun Melsungen AG Equipment: Battery Pack SP with Wi-Fi Vulnerability: Improper neutralization of directives in dynamically evaluated code 'Eval Injection' 2. RISK EVALUATION Successful exploitation...

7.2CVSS7AI score0.00604EPSS
Exploits0References5
ICS
ICS
added 2023/04/18 12:0 p.m.140 views

APT28 Exploits Known Vulnerability to Carry Out Reconnaissance and Deploy Malware on Cisco Routers

APT28 accesses poorly maintained Cisco routers and deploys malware on unpatched devices using CVE-2017-6742. Overview and Context The UK National Cyber Security Centre NCSC, the US National Security Agency NSA, US Cybersecurity and Infrastructure Security Agency CISA and US Federal Bureau of...

9CVSS9.6AI score0.21424EPSS
Exploits1References47
ICS
ICS
added 2023/04/18 6:0 a.m.57 views

Schneider Electric APC Easy UPS Online Monitoring Software (Update A)

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/Low attack complexity/Public exploits available Vendor: Schneider Electric Equipment: APC Easy UPS Online Monitoring Software Vulnerability: OS Command Injection, Missing Authentication for Critical Function 2. RISK...

9.8CVSS10AI score0.01315EPSS
Exploits0References10
ICS
ICS
added 2023/04/14 8:6 p.m.39 views

Mitsubishi Electric GOC35 Series

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric India Equipment: GC-ENET-COM Vulnerability: Signal Handler Race Condition 2. RISK EVALUATION Successful exploitation of this vulnerability could lead to a communication error and may...

7.5CVSS7.2AI score0.00686EPSS
Exploits0References5
ICS
ICS
added 2023/04/11 12:0 a.m.30 views

Siemens Teamcenter Visualization and JT2Go

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please seeSiemens' ProductCERT Security Advisories CERT Services | Services |...

7.8CVSS7.3AI score0.00261EPSS
Exploits0References12
ICS
ICS
added 2023/04/11 12:0 a.m.20 views

Siemens TIA Portal

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please seeSiemens' ProductCERT Security Advisories CERT Services | Services |...

7.8CVSS7.7AI score0.00249EPSS
Exploits0References10
ICS
ICS
added 2023/04/11 12:0 a.m.36 views

Siemens Adaptec Maxview Application

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please seeSiemens' ProductCERT Security Advisories CERT Services | Services |...

6.3CVSS6.4AI score0.00092EPSS
Exploits0References12
ICS
ICS
added 2023/04/11 12:0 a.m.55 views

Siemens CPCI85 Firmware of SICAM A8000 Devices

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please seeSiemens' ProductCERT Security Advisories CERT Services | Services |...

9.8CVSS10AI score0.02836EPSS
Exploits1References12
ICS
ICS
added 2023/04/11 12:0 a.m.39 views

Siemens SCALANCE XCM332

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please seeSiemens' ProductCERT Security Advisories CERT Services | Services |...

9.8CVSS9.3AI score0.3197EPSS
Exploits6References12
ICS
ICS
added 2023/04/11 12:0 a.m.37 views

Siemens SIPROTEC 5 Devices

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please seeSiemens' ProductCERT Security Advisories CERT Services | Services |...

7.5CVSS7.8AI score0.00935EPSS
Exploits0References10
ICS
ICS
added 2023/04/11 12:0 a.m.53 views

Siemens in OPC Foundation Local Discovery Server

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please seeSiemens' ProductCERT Security Advisories CERT Services | Services |...

7.8CVSS7.9AI score0.0017EPSS
Exploits0References10
ICS
ICS
added 2023/04/11 12:0 a.m.36 views

Siemens JT Open and JT Utilities

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please seeSiemens' ProductCERT Security Advisories CERT Services | Services |...

7.8CVSS7.7AI score0.00217EPSS
Exploits0References12
ICS
ICS
added 2023/04/11 12:0 a.m.29 views

Siemens Polarion ALM

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please seeSiemens' ProductCERT Security Advisories CERT Services | Services |...

7.5CVSS6.1AI score0.0059EPSS
Exploits0References12
ICS
ICS
added 2023/04/11 12:0 a.m.65 views

Siemens SCALANCE Switch Families

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please seeSiemens' ProductCERT Security Advisories CERT Services | Services |...

9.6AI score
Exploits0References10
ICS
ICS
added 2023/04/11 12:0 a.m.38 views

Siemens SCALANCE X-200IRT Devices

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please seeSiemens' ProductCERT Security Advisories CERT Services | Services |...

7.4CVSS7AI score0.00256EPSS
Exploits0References12
ICS
ICS
added 2023/04/11 12:0 a.m.68 views

Siemens OPC Foundation Local Discovery Server Affecting Siemens Products

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

9.8CVSS9.1AI score0.22791EPSS
Exploits3References10
Total number of security vulnerabilities4251