4255 matches found
AVEVA InTouch Access Anywhere and Plant SCADA Access Anywhere
1. EXECUTIVE SUMMARY --------- Begin Update A Part 1 of 6 --------- CVSS v3 9.8 --------- End Update A Part 1 of 6 --------- ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: AVEVA --------- Begin Update A Part 2 of 6 --------- Equipment: InTouch Access...
Advantech iView
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: Advantech Equipment: iView Vulnerability: SQL Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to acquire credentials. 3...
Mitsubishi Electric FA Engineering Software (Update C)
1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: GX Works3, MX OPC UA Module Configurator-R Vulnerabilities: Cleartext Storage of Sensitive Information, Use of Hard-coded Password, Insufficiently Protected Credentials,...
Mitsubishi Electric MELSEC iQ-R Series
1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: MELSEC iQ-R Series Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote unauthenticated attacker...
Horner Automation Remote Compact Controller
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Horner Automation Equipment: Remote Compact Controller RCC 972 Vulnerabilities: Inadequate Encryption Strength, Use of Hard-coded Cryptographic Key, Excessive Reliance on Global Variables 2. RISK...
BD BodyGuard Pumps
1. EXECUTIVE SUMMARY CVSS v3 5.3 Vendor: Becton, Dickinson and Company BD Equipment: BodyGuard Pumps Vulnerability: Missing Protection Mechanism for Alternate Hardware Interface 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to change configuration...
Festo Firmware
SUMMARY Incomplete Festo product documentation of remote accessible functions and their required IP ports. Depending on the product a description of the supported features can be found in the product documentation to some extent. Update A, 2022-12-13 Added affected device "Bus module CPX-E-PN,...
Hitachi Energy MicroSCADA Pro/X SYS600 Products (Update A)
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION : Low attack complexity Vendor : Hitachi Energy Equipment : MicroSCADA X SYS600, MicroSCADA Pro Vulnerability : Improper Use of Validation Framework 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthorized...
Hitachi Energy IED Connectivity Packages and PCM600 Products (Update A)
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.1 ATTENTION : Low attack complexity Vendor : Hitachi Energy Equipment : PCM600 Vulnerability : Cleartext Storage of Sensitive Information 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to obtain sensitive...
Moxa UC Series
1. EXECUTIVE SUMMARY CVSS v3 7.6 ATTENTION: Low attack complexity Vendor: Moxa Equipment: UC Series Vulnerability: Improper Physical Access Control 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-22-333-04 Moxa UC Series that was published November...
Mitsubishi Electric GOT2000
1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely Vendor: Mitsubishi Electric Equipment: GOT2000 Series Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service condition by...
Iranian Government-Sponsored APT Actors Compromise Federal Network, Deploy Crypto Miner, Credential Harvester
Summary From mid-June through mid-July 2022, CISA conducted an incident response engagement at a Federal Civilian Executive Branch FCEB organization where CISA observed suspected advanced persistent threat APT activity. In the course of incident response activities, CISA determined that cyber...
#StopRansomware: Hive Ransomware
Actions to Take Today to Mitigate Cyber Threats from Ransomware: 1. Prioritize remediating known exploited vulnerabilities. 2. Enable and enforce multifactor authentication with strong passwords. 3. Close unused ports and remove any application not deemed necessary for day-to-day operations...
Digital Alert Systems DASDEC
1. EXECUTIVE SUMMARY CVSS v3 4.7 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: Digital Alert Systems Equipment: DASDEC Vulnerability: Cross-site Scripting 2. RISK EVALUATION Successful exploitation of these vulnerabilities might result in false alerts...
AVEVA Edge
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: AVEVA Equipment: Edge Vulnerabilities: Uncontrolled Search Path Element, Exposure of Sensitive Information to an Unauthorized Actor, Uncontrolled Resource Consumption, Improper Access Control, Windows...
Moxa Multiple ARM-Based Computers
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Moxa Equipment: ARM-Based Computers Vulnerability: Privilege Escalation 2. RISK EVALUATION Successful exploitation of this vulnerability could provide an attacker with root privileges and total control of the system. 3...
Phoenix Contact Automation Worx
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Phoenix Contact Equipment: Automation Worx Software Suite Vulnerabilities: Improper Restriction of Operations within the Bounds of a Memory Buffer, Out-of-bounds Read 2. RISK EVALUATION Successful exploitation of these...
GE CIMPLICITY
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: GE Equipment: CIMPLICITY Vulnerabilities: Access of Uninitialized Pointer, Heap-based Buffer Overflow, Untrusted Pointer Dereference, Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of these vulnerabilities...
Cradlepoint IBR600
1. EXECUTIVE SUMMARY CVSS v3 7.1 ATTENTION: Low attack complexity Vendor: Cradlepoint Equipment: IBR600 Vulnerabilities: Command Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute code and native system commands. 3. TECHNICAL DETAILS 3.1...
Red Lion Crimson
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Red Lion Controls Equipment: Crimson Vulnerability: Path Traversal 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to obtain user credential hashes. 3...
Mitsubishi Electric GT SoftGOT2000
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Corporation Equipment: GT SoftGOT2000 Vulnerability: Operating System OS Command Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to...
Omron NJ/NX-series Machine Automation Controllers
1. EXECUTIVE SUMMARY CVSS v3 8.3 ATTENTION: Exploitable remotely, public exploits are available Vendor: Omron Equipment: NJ/NX-series Machine Automation Controllers Vulnerability: Active Debug Code 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to obtain...
Omron NJ/NX-series Machine Automation Controllers
1. EXECUTIVE SUMMARY CVSS v3 9.4 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: Omron Equipment: NJ/NX-series Controllers and Software Vulnerabilities: Hard-coded Credentials, Authentication Bypass by Capture-replay 2. RISK EVALUATION Successful...
Delta Electronics DIAEnergie
1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Delta Electronics Equipment: DIAEnergie --------- Begin Update B part 1 of 5 --------- Vulnerabilities: Cross-site Scripting, SQL Injection, Authorization Bypass --------- End Update B part 1 of 5...
Siemens QMS Automotive
1. EXECUTIVE SUMMARY CVSS v3 7.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: QMS Automotive Vulnerability: Cleartext Storage of Sensitive Information in Memory 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to read...
Siemens SINUMERIK ONE and SINUMERIK MC
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please seeSiemens' ProductCERT Security Advisories CERT Services | Services |...
Siemens Teamcenter Visualization and JT2Go
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
Siemens SICAM Q100
1. EXECUTIVE SUMMARY CVSS v3 9.9 ATTENTION: Exploitable remotely / low attack complexity Vendor: Siemens Equipment: SICAM Q100 Vulnerabilities: Session Fixation, Improper Input Validation 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to take over the...
Siemens RUGGEDCOM ROS
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please seeSiemens' ProductCERT Security Advisories CERT Services | Services |...
Siemens Web Server Login Page of Industrial Controllers
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
Siemens SINEC Network Management System Logback Component
1. EXECUTIVE SUMMARY CVSS v3 6.6 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: SINEC NMS Vulnerability: Deserialization of Untrusted Data 2. RISK EVALUATION Successful exploitation of this vulnerability could allow attackers with write access to the logback configuration file to...
Siemens Parasolid
1. EXECUTIVE SUMMARY. CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Siemens Equipment: Parasolid Vulnerabilities: Out-of-bounds Read, Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute code in the context of the...
Siemens SCALANCE W1750D
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SCALANCE W1750D Vulnerabilities: Uncontrolled Resource Consumption, Buffer Copy without Checking Size of Input, Improper Neutralization of Input During Web Page Generation, Improper...
Nokia ASIK AirScale System Module
1. EXECUTIVE SUMMARY CVSS v3 8.4 ATTENTION: Low attack complexity Vendor: Nokia Equipment: ASIK AirScale 5G Common System Module Vulnerabilities: Improper Access Control for Volatile Memory Containing Boot Code, Assumed-Immutable Data is Stored in Writable Memory 2. RISK EVALUATION Successful...
ETIC Telecom Remote Access Server (RAS) (Update B)
1. EXECUTIVE SUMMARY --------- Begin Update A Part 1 of 5 --------- CVSS v3 7.6 ATTENTION: Exploitable remotely/low attack complexity --------- End Update A Part 1 of 5 --------- Vendor: ETIC Telecom Equipment: Remote Access Server RAS Vulnerabilities: Insufficient Verification of Data...
Delta Industrial Automation DIALink
1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Delta Industrial Automation Equipment: DIALink Vulnerability: Path traversal 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to place malicious code on the...
Rockwell Automation Stratix Devices Containing Cisco IOS
1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: Stratix Devices Vulnerabilities: Incorrect Authorization, Improper Input Validation, Improper Check for Unusual or Exceptional Conditions, Interpretation Conflict, OS...
Trihedral VTScada
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Trihedral Equipment: VTScada Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could cause a denial-of-service condition in the affected product...
Rockwell Automation FactoryTalk Alarm and Events Server
1. EXECUTIVE SUMMARY CVSS v3 7.5 Vendor: Rockwell Automation Equipment: FactoryTalk Alarm and Events Server Vulnerability: Improper Access Control 2. RISK EVALUATION Successful exploitation of this vulnerability could result in a denial-of-service condition causing the server to be unavailable...
SAUTER Controls moduWeb
1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: SAUTER Controls Equipment: moduWeb Vulnerability: Cross-site Scripting 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to trick users into clicking on malicious...
#StopRansomware: Daixin Team
Summary Actions to take today to mitigate cyber threats from ransomware: Install updates for operating systems, software, and firmware as soon as they are released. Require phishing-resistant MFA for as many services as possible. Train users to recognize and report phishing attempts. Note: This...
HEIDENHAIN Controller TNC (Update A)
1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely Vendor: HEIDENHAIN Equipment: HEIDENHAIN TNC 640 controlling a HARTFORD 5A-65E CNC machine Vulnerability: Improper Authentication 2. RISK EVALUATION Successful exploitation of this vulnerability could cause a loss of sensitive data,...
AliveCor KardiaMobile
1. EXECUTIVE SUMMARY CVSS v3 5.2 ATTENTION: Public exploits are available, low attack complexity Vendor: AliveCor Equipment: KardiaMobile Vulnerabilities: Authentication Bypass by Assumed-immutable Data, Missing Encryption of Sensitive Data 2. RISK EVALUATION Successful exploitation of these...
Johnson Controls CKS CEVAS
1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable Remotely/low attack complexity Vendor: CKS, a subsidiary of Johnson Controls Inc. Equipment: CEVAS Vulnerability: Cross-site Scripting 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a user to bypass...
Hitachi Energy MicroSCADA X DMS600
1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Hitachi Energy Equipment: DMS600 Vulnerability: Reliance on Uncontrolled Component 2. RISK EVALUATION Successful exploitation of this vulnerabilities could allow an attacker to gain unauthorized access...
Delta Electronics InfraSuite Device Master
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Delta Electronics Equipment: InfraSuite Device Master Vulnerabilities: Deserialization of Untrusted Data, Path Traversal, Missing Authentication for Critical Function 2. UPDATE OR REPOSTED INFORMATION...
Haas Controller
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Haas Automation, Inc Equipment: Haas Controller Vulnerabilities: Missing Authentication for Critical Function, Insufficient Granularity of Access Control, Cleartext Transmission of Sensitive Information...
Siemens Siveillance Video Mobile Server
1. EXECUTIVE SUMMARY CVSS v3 9.4 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Siveillance Video 2022 R2 Vulnerability: Weak Authentication 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to access...
Bentley Systems MicroStation Connect
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Bentley Systems Equipment: MicroStation Connect Vulnerabilities: Stack-based Buffer Overflow, Out-of-bounds Read 2. RISK EVALUATION Successful exploitation of these vulnerabilities may crash the device being accessed or...
Advantech R-SeeNet
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Advantech Equipment: R-SeeNet Vulnerabilities: Path Traversal, Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of these vulnerabilities could result in an unauthorized attacker...