Lucene search
K

4251 matches found

ICS
ICS
added 2023/01/10 12:0 a.m.42 views

Siemens Mendix SAML Module

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

9.3CVSS7.7AI score0.0047EPSS
Exploits0References11
ICS
ICS
added 2023/01/10 12:0 a.m.30 views

Siemens Automation License Manager

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

9.8CVSS9.6AI score0.01543EPSS
Exploits0References11
ICS
ICS
added 2023/01/10 12:0 a.m.39 views

Siemens SINEC INS

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

10CVSS10AI score0.96275EPSS
Exploits9References11
ICS
ICS
added 2023/01/10 12:0 a.m.22 views

Black Box KVM

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Low attack complexity/public exploits are available Vendor: Black Box Equipment: KVM Switches and Extenders Vulnerability: Path Traversal 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to read sensitive data on...

7.5CVSS7.8AI score0.00876EPSS
Exploits0References4
ICS
ICS
added 2023/01/10 12:0 a.m.35 views

Siemens Solid Edge before V2023 MP1

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

7.8CVSS8.1AI score0.00279EPSS
Exploits0References11
ICS
ICS
added 2023/01/10 12:0 a.m.22 views

Siemens S7-1500 CPU devices

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

6.8CVSS6.1AI score0.00293EPSS
Exploits0References10
ICS
ICS
added 2023/01/05 12:0 p.m.186 views

#StopRansomware: Cuba Ransomware

Summary Actions to take today to mitigate cyber threats from ransomware: • Prioritize remediating known exploited vulnerabilities. • Train users to recognize and report phishing attempts. • Enable and enforce phishing-resistant multifactor authentication. Note: This joint Cybersecurity Advisory C...

10CVSS9.6AI score0.99512EPSS
Exploits77References82
ICS
ICS
added 2023/01/05 12:0 a.m.42 views

Hitachi Energy Lumada Asset Performance Management

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: Lumada Asset Performance Management APM Vulnerabilities: Classic Buffer Overflow, Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of these vulnerabilities could...

9.8CVSS10AI score0.92488EPSS
Exploits7References3
ICS
ICS
added 2023/01/05 12:0 a.m.36 views

Hitachi Energy UNEM

1. EXECUTIVE SUMMARY CVSS v3 8.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: UNEM Vulnerabilities: Inadequate Encryption Strength, Use of Hard-coded Cryptographic Key, Cleartext Transmission of Sensitive Information. 2. RISK EVALUATION Successful...

9.8CVSS7.4AI score0.00569EPSS
Exploits0References3
ICS
ICS
added 2023/01/05 12:0 a.m.42 views

Hitachi Energy FOXMAN-UN

1. EXECUTIVE SUMMARY CVSS v3 8.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: FOXMAN-UN Vulnerabilities: Inadequate Encryption Strength, Use of Default Cryptographic Key, Use of Hard-coded Cryptographic Key, Cleartext Transmission of Sensitive...

9.8CVSS7.4AI score0.00569EPSS
Exploits0References3
ICS
ICS
added 2022/12/22 7:0 a.m.56 views

Mitsubishi Electric MELSEC iQ-R, iQ-L Series and MELIPC Series (Update E)

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION : Exploitable remotely/low attack complexity Vendor : Mitsubishi Electric Equipment : MELSEC iQ-R, iQ-L Series and MELIPC Series Vulnerability : Improper Resource Shutdown or Release 2. RISK EVALUATION Successful exploitation of this vulnerability could...

7.5CVSS7.7AI score0.0167EPSS
Exploits0References10
ICS
ICS
added 2022/12/22 12:0 a.m.51 views

Rockwell Automation Studio 5000 Logix Emulate

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Rockwell Automation Equipment: Studio 5000 Logix Emulate Vulnerability: Improper Access Control 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a malicious user to perform remote code execution,...

7.8CVSS8.1AI score0.00368EPSS
Exploits0References4
ICS
ICS
added 2022/12/22 12:0 a.m.41 views

Priva TopControl Suite

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Priva Equipment: TopControl Suite Vulnerability: Use of Password Hash with Insufficient Computational Effort 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to...

7.5CVSS7.7AI score0.00584EPSS
Exploits0References4
ICS
ICS
added 2022/12/22 12:0 a.m.35 views

Omron CX-Programmer

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Omron Equipment: CX-Programmer Vulnerability: Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of this vulnerability could allow arbitrary code execution or loss of sensitive information if a user opens a...

7.8CVSS8AI score0.00242EPSS
Exploits0References4
ICS
ICS
added 2022/12/20 12:0 a.m.35 views

Rockwell Automation GuardLogix and ControlLogix controllers

1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: GuardLogix, ControlLogix, Compact Logix, and Compact GaurdLogix controllers Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this...

8.6CVSS8.3AI score0.0143EPSS
Exploits0References4
ICS
ICS
added 2022/12/20 12:0 a.m.89 views

Rockwell Automation MicroLogix 1100 and 1400

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: MicroLogix 1100 and 1400 Vulnerabilities: Cross-site Scripting, Improper Restriction of Rendered UI Layers or Frames 2. RISK EVALUATION Successful exploitation of these...

7.5CVSS7.6AI score0.00678EPSS
Exploits0References4
ICS
ICS
added 2022/12/20 12:0 a.m.48 views

Fuji Electric Tellus Lite V-Simulator

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Fuji Electric Equipment: Tellus Lite V-Simulator Vulnerabilities: Out-of-bounds Write, Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute...

7.8CVSS8.5AI score0.00301EPSS
Exploits0References4
ICS
ICS
added 2022/12/20 12:0 a.m.42 views

ARC Informatique PcVue

1. EXECUTIVE SUMMARY CVSS v3 5.5 ATTENTION: Low attack complexity Vendor: ARC Informatique Equipment: PcVue Vulnerabilities: Cleartext Storage of Sensitive Information, Insertion of Sensitive Information into Log File 2. UPDATE OR REPOSTED INFORMATION This updated advisory is a follow-up to the...

6.5CVSS6.4AI score0.00329EPSS
Exploits0References4
ICS
ICS
added 2022/12/20 12:0 a.m.40 views

Delta 4G Router DX-3021

1. EXECUTIVE SUMMARY CVSS v3 7.2 ATTENTION: Exploitable remotely/low attack complexity Vendor : Delta Industrial Automation Equipment: 4G Router DX-3021 Vulnerabilities: Command Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote unauthenticated user to...

9.1CVSS8.8AI score0.04757EPSS
Exploits1References4
ICS
ICS
added 2022/12/15 12:0 p.m.26 views

Siemens SIMATIC S7-1500 CPU GNU/Linux subsystem (Update A)

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please seeSiemens' ProductCERT Security Advisories CERT Services | Services |...

8.7AI score
Exploits0References30
ICS
ICS
added 2022/12/15 12:0 a.m.48 views

Siemens APOGEE/TALON Field Panels

1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: APOGEE PXC/TALON TC Vulnerabilities: Predictable Exact Value from Previous Values 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to hijack...

6.5CVSS6.8AI score0.01555EPSS
Exploits0References8
ICS
ICS
added 2022/12/15 12:0 a.m.84 views

Prosys OPC UA Simulation Server (Update A)

1. EXECUTIVE SUMMARY CVSS v3 6.5 --------- Begin Update A part 1 of 3 --------- ATTENTION: Low attack complexity Vendor: Prosys OPC Equipment: UA Simulation Server, UA Modbus Server --------- End Update A part 1 of 3 --------- Vulnerability: Insufficiently Protected Credentials 2. UPDATE...

7.5CVSS7.5AI score0.00404EPSS
Exploits0References4
ICS
ICS
added 2022/12/13 12:0 a.m.39 views

Siemens SICAM PAS

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SICAM PAS Vulnerabilities: Uncontrolled Search Path Element, Improper Validation of Specified Type of Input, Cleartext Transmission of Sensitive Information 2. RISK EVALUATION...

9.8CVSS9.1AI score0.00919EPSS
Exploits0References11
ICS
ICS
added 2022/12/13 12:0 a.m.110 views

Siemens SCALANCE X-200RNA Switch Devices

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: Siemens Equipment: SCALANCE X-200RNA switch devices before V3.2.7 Vulnerabilities: Observable Timing Discrepancy; Race Condition; Improper Restriction of Operations within...

7.6CVSS10AI score0.98631EPSS
Exploits33References11
ICS
ICS
added 2022/12/13 12:0 a.m.60 views

Siemens SCALANCE SC-600 Family

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SCALANCE SC-600 Family Vulnerability: Out-of-bounds Write, Use After Free, Allocation of Resources Without Limits or Throttling 2. RISK EVALUATION Successful exploitation of this...

7.8CVSS8.9AI score0.3197EPSS
Exploits3References11
ICS
ICS
added 2022/12/13 12:0 a.m.34 views

Siemens Mendix Workflow Commons

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

8.1CVSS8.2AI score0.00691EPSS
Exploits0References11
ICS
ICS
added 2022/12/13 12:0 a.m.54 views

Siemens Parasolid

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Siemens Equipment: Parasolid Vulnerabilities: Out-of-bounds Write, Out-of-bounds Read 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute code in the context of the current...

7.8CVSS8.1AI score0.92488EPSS
Exploits6References12
ICS
ICS
added 2022/12/13 12:0 a.m.37 views

Siemens SIMATIC WinCC OA Ultralight Client

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

5.4CVSS6AI score0.00532EPSS
Exploits0References11
ICS
ICS
added 2022/12/13 12:0 a.m.50 views

Siemens APOGEE and TALON

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: APOGEE and TALON Vulnerability: Improper Access Control 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a low privilege authenticated attacker to gain...

8.8CVSS7.6AI score0.01555EPSS
Exploits0References12
ICS
ICS
added 2022/12/13 12:0 a.m.48 views

Siemens Teamcenter Visualization and JT2Go

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Siemens Equipment: Teamcenter Visualization and JT2Go Vulnerabilities: Stack-based Buffer Overflow, Heap-based Buffer Overflow, Improper Restriction of Operations within the Bounds of a Memory Buffer 2. RISK EVALUATION...

7.8CVSS8.4AI score0.00472EPSS
Exploits0References11
ICS
ICS
added 2022/12/13 12:0 a.m.47 views

Siemens Polarion ALM

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please seeSiemens' ProductCERT Security Advisories CERT Services | Services |...

6.1CVSS5.7AI score0.00375EPSS
Exploits0References12
ICS
ICS
added 2022/12/13 12:0 a.m.84 views

Siemens SCALANCE X-200RNA Switch Devices

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity/public exploits available Vendor: Siemens Equipment: SCALANCE Vulnerabilities: Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS, Uncontrolled Resource Consumption, Use of...

9.8CVSS7.8AI score0.01001EPSS
Exploits0References11
ICS
ICS
added 2022/12/13 12:0 a.m.61 views

Contec CONPROSYS HMI System (CHS)

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Contec Equipment: CONPROSYS HMI System CHS --------- Begin Update A part 1 of 5 --------- Vulnerability: OS Command Injection, Use of Default Credentials, Use of Password Hash Instead of Password for...

9.8CVSS7.8AI score0.69877EPSS
Exploits0References4
ICS
ICS
added 2022/12/13 12:0 a.m.34 views

Siemens SIPROTEC 5 Devices

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please seeSiemens' ProductCERT Security Advisories CERT Services | Services |...

7.5CVSS6AI score0.00699EPSS
Exploits0References10
ICS
ICS
added 2022/12/13 12:0 a.m.69 views

Siemens Products affected by OpenSSL 3.0

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please seeSiemens' ProductCERT Security Advisories CERT Services | Services |...

7.5CVSS7.7AI score0.92488EPSS
Exploits6References10
ICS
ICS
added 2022/12/13 12:0 a.m.45 views

Siemens Multiple Denial of Service Vulnerabilities in Industrial Products

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please seeSiemens' ProductCERT Security Advisories CERT Services | Services |...

7.5CVSS6.4AI score0.00871EPSS
Exploits0References12
ICS
ICS
added 2022/12/13 12:0 a.m.53 views

Schneider Electric APC Easy UPS Online

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: APC Easy UPS Online Vulnerabilities: Missing Authentication for Critical Function, Unrestricted Upload of File with Dangerous Type, Incorrect Permission Assignment for...

9.8CVSS9.9AI score0.01071EPSS
Exploits0References4
ICS
ICS
added 2022/12/13 12:0 a.m.60 views

Siemens Teamcenter Visualization and JT2Go

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please seeSiemens' ProductCERT Security Advisories CERT Services | Services |...

7.8CVSS6AI score0.00312EPSS
Exploits0References12
ICS
ICS
added 2022/12/13 12:0 a.m.68 views

Siemens Mendix Email Connector

1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Mendix Email Connector Vulnerability: Improper Access Control 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an authenticated remote attacker to read and...

8.1CVSS8.3AI score0.00705EPSS
Exploits0References11
ICS
ICS
added 2022/12/13 12:0 a.m.72 views

Siemens SISCO MMS-EASE Third Party Component

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION : Exploitable remotely/low attack complexity Vendor : Siemens Equipment : SISCO MMS-EASE third party component Vulnerability : Resource Management Errors 2. RISK EVALUATION Successful exploitation of this vulnerability could allow attackers to cause a...

7.8CVSS7.7AI score0.05413EPSS
Exploits1References12
ICS
ICS
added 2022/12/13 12:0 a.m.41 views

Siemens Simcenter STAR-CCM+

​​As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services ...

7.8CVSS7.8AI score0.00206EPSS
Exploits0References12
ICS
ICS
added 2022/12/13 12:0 a.m.51 views

Siemens SCALANCE Products

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please seeSiemens' ProductCERT Security Advisories CERT Services | Services |...

9.8CVSS7.4AI score0.02177EPSS
Exploits0References10
ICS
ICS
added 2022/12/13 12:0 a.m.47 views

ICONICS and Mitsubishi Electric Products

1. EXECUTIVE SUMMARY CVSS v3 6.3 ATTENTION: Low attack complexity Vendor: ICONICS, Mitsubishi Electric Equipment: ICONICS Product Suite Vulnerability: Path Traversal 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to write arbitrary files. 3. TECHNICAL...

7.1CVSS7AI score0.00299EPSS
Exploits0References3
ICS
ICS
added 2022/12/13 12:0 a.m.48 views

Siemens PLM Help Server

1. EXECUTIVE SUMMARY CVSS v3 6.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: PLM Help Server Vulnerability: Cross-site Scripting 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute code after tricking users into...

6.1CVSS6.4AI score0.00359EPSS
Exploits0References11
ICS
ICS
added 2022/12/08 12:0 p.m.33 views

Weak Security Controls and Practices Routinely Exploited for Initial Access

Summary Best Practices to Protect Your Systems: • Control access. • Harden Credentials. • Establish centralized log management. • Use antivirus solutions. • Employ detection tools. • Operate services exposed on internet-accessible hosts with secure configurations. • Keep software updated. Cyber...

9.9AI score
Exploits0References60
ICS
ICS
added 2022/12/08 12:0 a.m.31 views

Rockwell Automation Logix controllers

1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: CompactLogix, Compact GuardLogix, ControlLogix, and GuardLogix controllers Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this...

8.6CVSS7.9AI score0.01221EPSS
Exploits0References5
ICS
ICS
added 2022/12/08 12:0 a.m.30 views

Advantech iView

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: Advantech Equipment: iView Vulnerability: SQL Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to acquire credentials. 3...

7.5CVSS7.9AI score0.30674EPSS
Exploits1References5
ICS
ICS
added 2022/12/08 12:0 a.m.148 views

AVEVA InTouch Access Anywhere and Plant SCADA Access Anywhere

1. EXECUTIVE SUMMARY --------- Begin Update A Part 1 of 6 --------- CVSS v3 9.8 --------- End Update A Part 1 of 6 --------- ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: AVEVA --------- Begin Update A Part 2 of 6 --------- Equipment: InTouch Access...

9.8CVSS9.6AI score0.99019EPSS
Exploits13References5
ICS
ICS
added 2022/12/05 7:0 a.m.262 views

Mitsubishi Electric FA Engineering Software (Update C)

1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: GX Works3, MX OPC UA Module Configurator-R Vulnerabilities: Cleartext Storage of Sensitive Information, Use of Hard-coded Password, Insufficiently Protected Credentials,...

9.1CVSS8.7AI score0.0129EPSS
Exploits0References11
ICS
ICS
added 2022/12/01 12:0 a.m.36 views

Mitsubishi Electric MELSEC iQ-R Series

1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: MELSEC iQ-R Series Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote unauthenticated attacker...

8.6CVSS8.4AI score0.00935EPSS
Exploits0References5
Total number of security vulnerabilities4251