4255 matches found
Siemens Industrial Edge Management
1. EXECUTIVE SUMMARY CVSS v3 7.4 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: Industrial Edge Management Vulnerability: Improper Certificate Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to inject malicious maintenance requests...
Hitachi Energy Lumada Asset Performance Management Prognostic Model Executor Service
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/public exploits are available Vendor: Hitachi Energy Equipment: Lumada Asset Performance Manager APM Vulnerabilities: Allocation of Resources Without Limits or Throttling, Code injection 2. RISK EVALUATION Successful exploitation of...
Threat Actors Exploiting F5 BIG-IP CVE-2022-1388
Summary Actions for administrators to take today: • Do not expose management interfaces to the internet. • Enforce multi-factor authentication. • Consider using CISA’s Cyber Hygiene Services. The Cybersecurity and Infrastructure Security Agency CISA and the Multi-State Information Sharing &...
Siemens JT Open Toolkit and Simcenter Femap
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Siemens Equipment: JT Open Toolkit and Simcenter Femap Vulnerability: Access of Uninitialized Pointer 2. RISK EVALUATION Successful exploitation of this vulnerability could crash the application or lead to arbitrary code...
Siemens LOGO! 8 BM Devices
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment : LOGO! 8 BM Devices Vulnerabilities: Buffer Copy without Checking Size of Input; Improper Input Validation; Improper Validation of Specified Index, Position, or Offset in Input. 2...
Siemens SIMATIC S7-1200 and S7-1500 CPU Families
1. EXECUTIVE SUMMARY CVSS v3 9.3 ATTENTION: Low attack complexity Vendor: Siemens Equipment: SIMATIC S7-1200 and S7-1500 CPU families Vulnerability: Insufficiently Protected Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could expose confidential configuration data...
Siemens Solid Edge
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Siemens Equipment: Solid Edge Vulnerability: Heap-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code in the current process. 3...
Altair HyperView Player
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Altair Equipment: HyperView Player Vulnerabilities: Improper Restriction of Operations within the Bounds of a Memory Buffer, Use of Uninitialized Resource, Improper Validation of Array Index 2. RISK EVALUATION Successful...
Siemens Desigo CC and Cerberus DMS
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Desigo CC and Cerberus DMS Vulnerability: Use of Client-Side Authentication 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to impersonate...
Siemens SCALANCE X-200 and X-200IRT Families (Update A)
1. EXECUTIVE SUMMARY --------- Begin Update A part 1 of 2 --------- CVSS v3 9.6 --------- End Update A part 1 of 2 --------- ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SCALANCE X-200 and X-200IRT Families Vulnerability: Cross-site Scripting 2. UPDATE OR...
Siemens SIMATIC HMI Panels
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIMATIC Human Machine Interface HMI Panels Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a...
Siemens APOGEE, TALON and Desigo PXC/PXM Products
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: FTP Server of Nucleus RTOS based APOGEE, TALON and Desigo PXC/PXM Products Vulnerabilities: Uncontrolled Resource Consumption 2. RISK EVALUATION Successful exploitation of these...
Siemens SCALANCE and RUGGEDCOM Products
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
Siemens SICAM P850 and P855 Devices
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
Siemens Desigo PXM Devices
1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Desigo PXM Devices Vulnerabilities: OS Command Injection, Exposure of Sensitive Information to an Unauthorized Actor, Cross-Site Scripting, Cross-Site Request Forgery, Improper...
Siemens Nucleus RTOS FTP Server
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please seeSiemens' ProductCERT Security Advisories CERT Services | Services |...
Siemens SCALANCE and RUGGEDCOM Devices
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
Siemens LOGO!
1. EXECUTIVE SUMMARY CVSS v3 6.1 ATTENTION: Low attack complexity Vendor: Siemens Equipment: LOGO! Vulnerability: Insufficient Verification of Data Authenticity 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to manipulate a firmware update and flash the...
Sensormatic Electronics C-CURE 9000
1. EXECUTIVE SUMMARY CVSS v3 4.3 ATTENTION: Low attack complexity Vendor: Sensormatic Electronics, LLC, a subsidiary of Johnson Controls Inc. Equipment: C-CURE 9000 Vulnerability: Observable Response Discrepancy 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an...
Daikin Holdings Singapore
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Daikin Holdings Singapore Pte Ltd. Equipment: SVMPC1, SVMPC2 Vulnerabilities: Use of Hard-coded Password, Improper Access Control 2. RISK EVALUATION Successful exploitation of these vulnerabilities...
Top CVEs Actively Exploited By People’s Republic of China State-Sponsored Cyber Actors
Summary This joint Cybersecurity Advisory CSA provides the top Common Vulnerabilities and Exposures CVEs used since 2020 by People’s Republic of China PRC state-sponsored cyber actors as assessed by the National Security Agency NSA, Cybersecurity and Infrastructure Security Agency CISA, and Feder...
Rockwell Automation FactoryTalk VantagePoint
1. EXECUTIVE SUMMARY CVSS v3 9.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: FactoryTalk VantagePoint software Vulnerabilities: Improper Access Control, SQL Injection 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow...
HIWIN Robot System Software (HRSS)
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: HIWIN Equipment: HIWIN Robot System Software HRSS Vulnerability: Improper Access Control 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote attacker to cause a...
Impacket and Exfiltration Tool Used to Steal Sensitive Information from Defense Industrial Base Organization
Summary Actions to Help Protect Against APT Cyber Activity: • Enforce multifactor authentication MFA on all user accounts. • Implement network segmentation to separate network segments based on role and functionality. • Update software, including operating systems, applications, and firmware, on...
Horner Automation Cscape
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Horner Automation Equipment: Cscape Vulnerabilities: Out-of-bounds Write, Access of Uninitialized Pointer 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow local attackers to execute arbitrary...
BD Totalys MultiProcessor
1. EXECUTIVE SUMMARY CVSS v3 6.6 ATTENTION: Low attack complexity Vendor: Becton, Dickinson and Company BD Equipment: Totalys MultiProcessor Vulnerability: Use of Hard-coded Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to access, modify, or...
Johnson Controls Metasys ADX Server
1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Johnson Controls Inc. Equipment: Metasys ADX Extended Application and Data Server Server running MVE Metasys for Validated Environments Vulnerability: Improper Authentication 2. RISK EVALUATION...
OMRON CX-Programmer
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION : Low attack complexity Vendor : Omron Equipment : CX-Programmer Vulnerabilities : Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of these vulnerabilities could crash the device or may allow arbitrary code execution. 3. TECHNICAL DETAILS...
Hitachi Energy Modular Switchgear Monitoring (MSM)
1. EXECUTIVE SUMMARY CVSS v3 5.0 ATTENTION: Exploitable remotely Vendor: Hitachi Energy Equipment: Modular Switchgear Monitoring MSM Vulnerabilities: Cross-Site Request Forgery CSRF, HTTP Response Splitting 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an...
Hitachi Energy MicroSCADA Pro X SYS600
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: MicroSCADA Pro/X SYS600 Vulnerability: NULL Pointer Dereference, Infinite Loop 2. RISK EVALUATION Successful exploitation of these vulnerabilities could cause the affected...
Hitachi Energy MicroSCADA Pro X SYS600
1. EXECUTIVE SUMMARY CVSS v3 8.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: MicroSCADA Pro/X SYS600 Vulnerability: Improper Input Validation, Improper Privilege Management, Improper Access Control, Improper Handling of Unexpected Data Type. 2. RISK...
Rockwell Automation ThinManager ThinServer
1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely Vendor: Rockwell Automation Equipment: ThinManager ThinServer Vulnerability: Heap-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could lead to the software crashing; a buffer overflow...
Hitachi Energy AFS660/AFS665
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: AFS660/AFS665 Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to overflow an internal buffer...
Hitachi Energy APM Edge
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity/public exploits are available Vendor: Hitachi Energy Equipment: Lumada Asset Performance Management APM Edge Vulnerabilities: Out-of-Bounds Write and Improper Authentication 2. RISK EVALUATION Successful exploitation of this...
Iranian State Actors Conduct Cyber Operations Against the Government of Albania
Summary The Federal Bureau of Investigation FBI and the Cybersecurity and Infrastructure Security Agency CISA are releasing this joint Cybersecurity Advisory to provide information on recent cyber operations against the Government of Albania in July and September. This advisory provides a timelin...
Control System Defense: Know the Opponent
Summary Traditional approaches to securing OT/ICS do not adequately address current threats. Operational technology/industrial control system OT/ICS assets that operate, control, and monitor day-to-day critical infrastructure and industrial processes continue to be an attractive target for...
Measuresoft ScadaPro Server
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Measuresoft Equipment: ScadaPro Server Vulnerability: Improper Access Control 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a local user with limited privileges to modify the service binary...
Festo CPX-CEC-C1 and CPX-CMXX
SUMMARY Unauthenticated access to critical webpage functions e.g. reboot may cause a denial of service of the device. 2. IMPACT CPX-CEC-C1 and CPX-CMXX allow unauthenticated access to critical webpage functions e.g. reboot which may cause a denial of service of the device 3. REMEDIATION...
Dataprobe iBoot-PDU
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Dataprobe Equipment: iBoot-PDU FW Vulnerabilities: OS Command Injection, Path Traversal, Exposure of Sensitive Information to an Unauthorized Actor, Improper Access Control, Improper Authorization,...
Host Engineering Communications Module
1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable from adjacent network/low attack complexity Vendor: Host Engineering Equipment: H0-ECOM100 Communications Module Vulnerability: Stack-based Buffer overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could crash the...
Hitachi Energy PROMOD IV
1. EXECUTIVE SUMMARY CVSS v3 9.0 ATTENTION: Exploitable Remotely Vendor: Hitachi Energy Equipment: PROMOD IV Vulnerability: Improper Access Control 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to delete arbitrary files once the system is compromised...
Medtronic NGP 600 Series Insulin Pumps
1. EXECUTIVE SUMMARY CVSS v3 4.8 ATTENTION: Exploitable from an adjacent network Vendor: Medtronic Equipment: MiniMed 600 Series Insulin Pumps Vulnerability: Protection Mechanism Failure 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthorized user to deliver...
Hitachi Energy AFF660/665 Series
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: AFF660/665 Firewall Vulnerability: Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could overflow a buffer on the device and fully...
Delta Electronics DIAEnergie
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Delta Electronics Equipment: DIAEnergie Vulnerabilities: Use of Hard-coded Credentials 2. UPDATE OR REPOSTED INFORMATION This updated advisory is a follow-up to the original advisory titled...
Iranian Islamic Revolutionary Guard Corps-Affiliated Cyber Actors Exploiting Vulnerabilities for Data Extortion and Disk Encryption for Ransom Operations
Summary Actions to take today to protect against ransom operations: • Keep systems and software updated and prioritize remediating known exploited vulnerabilities. • Enforce MFA. • Make offline backups of your data. This joint Cybersecurity Advisory CSA is the result of an analytic effort among t...
Siemens Mobility CoreShield OWG Software
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Siemens Mobility Equipment: CoreShield One-Way Gateway OWG Software Vulnerability: Improper Access Control 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to leverage the default...
Honeywell SoftMaster
1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Honeywell Equipment: SoftMaster Vulnerabilities: Uncontrolled Search Path Element, Incorrect Permission Assignment for Critical Resource. 2. RISK EVALUATION Successful exploitation of these...
Siemens RUGGEDCOM ROS
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please seeSiemens' ProductCERT Security Advisories CERT Services | Services |...
Siemens Mendix SAML Module
1. EXECUTIVE SUMMARY CVSS v3 7.4 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: Mendix SAML Module Vulnerability: Authentication Bypass by Capture-replay 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA- ICSA-22-258-04 Siemens Mendix SAML...
Kingspan TMS300 CS
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Kingspan Equipment : TMS300 CS Vulnerability: Improper Authentication 2. RISK EVALUATION The TMS300 CS system does not properly restrict access to endpoints, and successful exploitation of this...