4214 matches found
Siemens Teamcenter Visualization and JT2Go
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Siemens Equipment: Teamcenter Visualization and JT2Go Vulnerabilities: Stack-based Buffer Overflow, Heap-based Buffer Overflow, Improper Restriction of Operations within the Bounds of a Memory Buffer 2. RISK EVALUATION...
Siemens Parasolid
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Siemens Equipment: Parasolid Vulnerabilities: Out-of-bounds Write, Out-of-bounds Read 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute code in the context of the current...
Siemens Simcenter STAR-CCM+
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services ...
Siemens SIMATIC WinCC OA Ultralight Client
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
Siemens SCALANCE X-200RNA Switch Devices
1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity/public exploits available Vendor: Siemens Equipment: SCALANCE Vulnerabilities: Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS, Uncontrolled Resource Consumption, Use of...
Siemens PLM Help Server
1. EXECUTIVE SUMMARY CVSS v3 6.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: PLM Help Server Vulnerability: Cross-site Scripting 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute code after tricking users into...
Schneider Electric APC Easy UPS Online
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: APC Easy UPS Online Vulnerabilities: Missing Authentication for Critical Function, Unrestricted Upload of File with Dangerous Type, Incorrect Permission Assignment for...
Weak Security Controls and Practices Routinely Exploited for Initial Access
Summary Best Practices to Protect Your Systems: • Control access. • Harden Credentials. • Establish centralized log management. • Use antivirus solutions. • Employ detection tools. • Operate services exposed on internet-accessible hosts with secure configurations. • Keep software updated. Cyber...
Advantech iView
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: Advantech Equipment: iView Vulnerability: SQL Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to acquire credentials. 3...
AVEVA InTouch Access Anywhere and Plant SCADA Access Anywhere
1. EXECUTIVE SUMMARY --------- Begin Update A Part 1 of 6 --------- CVSS v3 9.8 --------- End Update A Part 1 of 6 --------- ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: AVEVA --------- Begin Update A Part 2 of 6 --------- Equipment: InTouch Access...
Rockwell Automation Logix controllers
1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: CompactLogix, Compact GuardLogix, ControlLogix, and GuardLogix controllers Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this...
Mitsubishi Electric FA Engineering Software (Update C)
1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: GX Works3, MX OPC UA Module Configurator-R Vulnerabilities: Cleartext Storage of Sensitive Information, Use of Hard-coded Password, Insufficiently Protected Credentials,...
BD BodyGuard Pumps
1. EXECUTIVE SUMMARY CVSS v3 5.3 Vendor: Becton, Dickinson and Company BD Equipment: BodyGuard Pumps Vulnerability: Missing Protection Mechanism for Alternate Hardware Interface 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to change configuration...
Horner Automation Remote Compact Controller
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Horner Automation Equipment: Remote Compact Controller RCC 972 Vulnerabilities: Inadequate Encryption Strength, Use of Hard-coded Cryptographic Key, Excessive Reliance on Global Variables 2. RISK...
Mitsubishi Electric MELSEC iQ-R Series
1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: MELSEC iQ-R Series Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote unauthenticated attacker...
Festo Firmware
SUMMARY Incomplete Festo product documentation of remote accessible functions and their required IP ports. Depending on the product a description of the supported features can be found in the product documentation to some extent. Update A, 2022-12-13 Added affected device "Bus module CPX-E-PN,...
Hitachi Energy MicroSCADA Pro/X SYS600 Products (Update A)
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION : Low attack complexity Vendor : Hitachi Energy Equipment : MicroSCADA X SYS600, MicroSCADA Pro Vulnerability : Improper Use of Validation Framework 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthorized...
Hitachi Energy IED Connectivity Packages and PCM600 Products (Update A)
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.1 ATTENTION : Low attack complexity Vendor : Hitachi Energy Equipment : PCM600 Vulnerability : Cleartext Storage of Sensitive Information 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to obtain sensitive...
Mitsubishi Electric GOT2000
1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely Vendor: Mitsubishi Electric Equipment: GOT2000 Series Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service condition by...
Moxa UC Series
1. EXECUTIVE SUMMARY CVSS v3 7.6 ATTENTION: Low attack complexity Vendor: Moxa Equipment: UC Series Vulnerability: Improper Physical Access Control 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-22-333-04 Moxa UC Series that was published November...
#StopRansomware: Hive Ransomware
Actions to Take Today to Mitigate Cyber Threats from Ransomware: 1. Prioritize remediating known exploited vulnerabilities. 2. Enable and enforce multifactor authentication with strong passwords. 3. Close unused ports and remove any application not deemed necessary for day-to-day operations...
Iranian Government-Sponsored APT Actors Compromise Federal Network, Deploy Crypto Miner, Credential Harvester
Summary From mid-June through mid-July 2022, CISA conducted an incident response engagement at a Federal Civilian Executive Branch FCEB organization where CISA observed suspected advanced persistent threat APT activity. In the course of incident response activities, CISA determined that cyber...
Digital Alert Systems DASDEC
1. EXECUTIVE SUMMARY CVSS v3 4.7 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: Digital Alert Systems Equipment: DASDEC Vulnerability: Cross-site Scripting 2. RISK EVALUATION Successful exploitation of these vulnerabilities might result in false alerts...
Phoenix Contact Automation Worx
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Phoenix Contact Equipment: Automation Worx Software Suite Vulnerabilities: Improper Restriction of Operations within the Bounds of a Memory Buffer, Out-of-bounds Read 2. RISK EVALUATION Successful exploitation of these...
Moxa Multiple ARM-Based Computers
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Moxa Equipment: ARM-Based Computers Vulnerability: Privilege Escalation 2. RISK EVALUATION Successful exploitation of this vulnerability could provide an attacker with root privileges and total control of the system. 3...
GE CIMPLICITY
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: GE Equipment: CIMPLICITY Vulnerabilities: Access of Uninitialized Pointer, Heap-based Buffer Overflow, Untrusted Pointer Dereference, Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of these vulnerabilities...
AVEVA Edge
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: AVEVA Equipment: Edge Vulnerabilities: Uncontrolled Search Path Element, Exposure of Sensitive Information to an Unauthorized Actor, Uncontrolled Resource Consumption, Improper Access Control, Windows...
Cradlepoint IBR600
1. EXECUTIVE SUMMARY CVSS v3 7.1 ATTENTION: Low attack complexity Vendor: Cradlepoint Equipment: IBR600 Vulnerabilities: Command Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute code and native system commands. 3. TECHNICAL DETAILS 3.1...
Red Lion Crimson
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Red Lion Controls Equipment: Crimson Vulnerability: Path Traversal 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to obtain user credential hashes. 3...
Mitsubishi Electric GT SoftGOT2000
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Corporation Equipment: GT SoftGOT2000 Vulnerability: Operating System OS Command Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to...
Omron NJ/NX-series Machine Automation Controllers
1. EXECUTIVE SUMMARY CVSS v3 9.4 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: Omron Equipment: NJ/NX-series Controllers and Software Vulnerabilities: Hard-coded Credentials, Authentication Bypass by Capture-replay 2. RISK EVALUATION Successful...
Omron NJ/NX-series Machine Automation Controllers
1. EXECUTIVE SUMMARY CVSS v3 8.3 ATTENTION: Exploitable remotely, public exploits are available Vendor: Omron Equipment: NJ/NX-series Machine Automation Controllers Vulnerability: Active Debug Code 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to obtain...
Delta Electronics DIAEnergie
1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Delta Electronics Equipment: DIAEnergie --------- Begin Update B part 1 of 5 --------- Vulnerabilities: Cross-site Scripting, SQL Injection, Authorization Bypass --------- End Update B part 1 of 5...
Siemens Web Server Login Page of Industrial Controllers
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
Siemens SCALANCE W1750D
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SCALANCE W1750D Vulnerabilities: Uncontrolled Resource Consumption, Buffer Copy without Checking Size of Input, Improper Neutralization of Input During Web Page Generation, Improper...
Siemens QMS Automotive
1. EXECUTIVE SUMMARY CVSS v3 7.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: QMS Automotive Vulnerability: Cleartext Storage of Sensitive Information in Memory 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to read...
Siemens SINUMERIK ONE and SINUMERIK MC
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please seeSiemens' ProductCERT Security Advisories CERT Services | Services |...
Siemens Teamcenter Visualization and JT2Go
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
Siemens SICAM Q100
1. EXECUTIVE SUMMARY CVSS v3 9.9 ATTENTION: Exploitable remotely / low attack complexity Vendor: Siemens Equipment: SICAM Q100 Vulnerabilities: Session Fixation, Improper Input Validation 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to take over the...
Siemens SINEC Network Management System Logback Component
1. EXECUTIVE SUMMARY CVSS v3 6.6 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: SINEC NMS Vulnerability: Deserialization of Untrusted Data 2. RISK EVALUATION Successful exploitation of this vulnerability could allow attackers with write access to the logback configuration file to...
Siemens Parasolid
1. EXECUTIVE SUMMARY. CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Siemens Equipment: Parasolid Vulnerabilities: Out-of-bounds Read, Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute code in the context of the...
Siemens RUGGEDCOM ROS
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please seeSiemens' ProductCERT Security Advisories CERT Services | Services |...
Nokia ASIK AirScale System Module
1. EXECUTIVE SUMMARY CVSS v3 8.4 ATTENTION: Low attack complexity Vendor: Nokia Equipment: ASIK AirScale 5G Common System Module Vulnerabilities: Improper Access Control for Volatile Memory Containing Boot Code, Assumed-Immutable Data is Stored in Writable Memory 2. RISK EVALUATION Successful...
ETIC Telecom Remote Access Server (RAS) (Update B)
1. EXECUTIVE SUMMARY --------- Begin Update A Part 1 of 5 --------- CVSS v3 7.6 ATTENTION: Exploitable remotely/low attack complexity --------- End Update A Part 1 of 5 --------- Vendor: ETIC Telecom Equipment: Remote Access Server RAS Vulnerabilities: Insufficient Verification of Data...
Delta Industrial Automation DIALink
1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Delta Industrial Automation Equipment: DIALink Vulnerability: Path traversal 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to place malicious code on the...
Rockwell Automation Stratix Devices Containing Cisco IOS
1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: Stratix Devices Vulnerabilities: Incorrect Authorization, Improper Input Validation, Improper Check for Unusual or Exceptional Conditions, Interpretation Conflict, OS...
SAUTER Controls moduWeb
1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: SAUTER Controls Equipment: moduWeb Vulnerability: Cross-site Scripting 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to trick users into clicking on malicious...
Trihedral VTScada
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Trihedral Equipment: VTScada Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could cause a denial-of-service condition in the affected product...
Rockwell Automation FactoryTalk Alarm and Events Server
1. EXECUTIVE SUMMARY CVSS v3 7.5 Vendor: Rockwell Automation Equipment: FactoryTalk Alarm and Events Server Vulnerability: Improper Access Control 2. RISK EVALUATION Successful exploitation of this vulnerability could result in a denial-of-service condition causing the server to be unavailable...
#StopRansomware: Daixin Team
Summary Actions to take today to mitigate cyber threats from ransomware: Install updates for operating systems, software, and firmware as soon as they are released. Require phishing-resistant MFA for as many services as possible. Train users to recognize and report phishing attempts. Note: This...