4255 matches found
Siemens Simcenter STAR-CCM+
1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Simcenter STAR-CCM+ Vulnerability: Exposure of Sensitive Information to an Unauthorized Actor 2. RISK EVALUATION Simcenter STAR-CCM+ contains an information disclosure vulnerability...
Siemens Teamcenter
1. EXECUTIVE SUMMARY CVSS v3 7.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Teamcenter Vulnerabilities: Command Injection, Infinite Loop 2. RISK EVALUATION Successful exploitation of these vulnerabilities could lead to command injection and denial-of-service...
Digi ConnectPort X2D
1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Digi International, Inc. Equipment: ConnectPort X2D Gateway Vulnerability: Execution with Unnecessary Privileges 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker...
Rockwell Products Impacted by Chromium Type Confusion
1. EXECUTIVE SUMMARY CVSS v3 4.0 ATTENTION: Low attack complexity/public exploits are available Vendor: Rockwell Automation Equipment: FactoryTalk Software, Enhanced HIM for PowerFlex, Connected Components Workbench Vulnerability: Type Confusion 2. RISK EVALUATION Successful exploitation of this...
Honeywell Safety Manager
1. EXECUTIVE SUMMARY CVSS v3 7.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Honeywell Equipment: Safety Manager 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow for configuration and firmware manipulation or remote code execution. 3. TECHNICAL...
ICONICS Suite and Mitsubishi Electric MC Works64 Products (Update C)
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Low attack complexity Vendors: ICONICS, Mitsubishi Electric Equipment: ICONICS Product Suite, MC Works64 Vulnerabilities: Path Traversal, Deserialization of Untrusted Data, Inclusion of Functionality from Untrusted Control Sphere, Out-of-Bounds Read 2...
Inductive Automation Ignition
1. EXECUTIVE SUMMARY CVSS v3 8.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Inductive Automation Equipment: Ignition Vulnerability: Improper Restriction of XML External Entity Reference 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled...
MOXA NPort 5110
1. EXECUTIVE SUMMARY CVSS v3 8.2 ATTENTION: Exploitable remotely/low attack complexity Vendor: MOXA Equipment: NPort 5110 Vulnerabilities: Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to change memory values and/or cause the...
Honeywell Saia Burgess PG5 PCD
1. EXECUTIVE SUMMARY CVSS v3 7.6 ATTENTION: Exploitable on adjacent network/low attack complexity Vendor: Honeywell Equipment: Saia Burgess PG5 PCD Vulnerabilities: Authentication Bypass, Use of a Broken or Risky Cryptographic Algorithm CISA is aware of a public report known as “OT:ICEFALL” that...
Johnson Controls Metasys ADS, ADX, OAS
1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Johnson Controls, Inc Equipment: Metasys ADS, ADX, OAS with MUI Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability could allow...
ABB Drive Composer, Automation Builder, Mint Workbench
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: ABB Equipment: Drive Composer, Automation Builder, Mint Workbench Vulnerability: Improper Privilege Management 2. RISK EVALUATION Successful exploitation of this vulnerability could allow remote code execution. 3...
AutomationDirect Stride Field I/O
1. EXECUTIVE SUMMARY CVSS v3 9.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: AutomationDirect Equipment: Stride Field I/O Vulnerability: Cleartext Transmission of Sensitive Information. 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to...
Rockwell Automation ISaGRAF Workbench
1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION: Low attack complexity Vendor: Rockwell Automation Equipment: ISaGRAF Workbench Vulnerabilities: Deserialization of Untrusted Data, Path Traversal 2. RISK EVALUATION Successful exploitation of these vulnerabilities could result in directory traversal,...
MiCODUS MV720 GPS tracker
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: MiCODUS Equipment: MV720 GPS tracker Vulnerabilities: Use of Hard-coded Credentials, Improper Authentication, Cross-site Scripting, Authorization Bypass Through User-controlled Key 2. UPDATE OR REPOSTED...
Malicious Cyber Actors Continue to Exploit Log4Shell in VMware Horizon Systems
Summary Actions to take today: • Install fixed builds, updating all affected VMware Horizon and UAG systems to the latest versions. If updates or workarounds were not promptly applied following VMware’s release of updates for Log4Shell in December 2021,treat all affected VMware systems as...
Siemens RUGGEDCOM ROS Code Injection
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please seeSiemens' ProductCERT Security Advisories CERT Services | Services |...
Siemens Mendix Applications
1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Mendix Applications Vulnerability: Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a malicious user to leak sensitive information if the...
Siemens SIMATIC eaSie Core Package
1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIMATIC eaSie Vulnerabilities: Improper Input Validation, Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow...
Siemens SRCS VPN Feature in SIMATIC CP Devices
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please seeSiemens' ProductCERT Security Advisories CERT Services | Services |...
Siemens RUGGEDCOM ROX
1. EXECUTIVE SUMMARY CVSS v3 7.2 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: RUGGEDCOM ROX Vulnerability: Command Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker with administrative privileges to gain root...
Siemens PADS Standard/Plus Viewer
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Siemens Equipment: PADS Standard/Plus Viewer Vulnerabilities: Out-of-bounds Read, Out-of-bounds Write, Improper Restriction of Operations within the Bounds of a Memory Buffer 2. RISK EVALUATION Successful exploitations of...
Siemens Opcenter Quality
1. EXECUTIVE SUMMARY CVSS v3 9.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Opcenter Quality Vulnerability: Incorrect Implementation of Authentication Algorithm. 2. RISK EVALUATION Successful exploitation of this vulnerability could allow unauthenticated...
Siemens CPC80 Firmware of SICAM A8000
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: CPC80 Firmware of SICAM A8000 Vulnerability: Missing Release of Resource after Effective Lifetime 2. RISK EVALUATION Successful exploitation of this vulnerability could crash the...
Siemens Mendix
1. EXECUTIVE SUMMARY CVSS v3 4.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Mendix Vulnerability: Improper Access Control 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to change the user’s password bypassing password...
Open Design Alliance Drawings SDK
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Open Design Alliance Equipment: Drawings SDK Vulnerability: Out-of-Bounds Read 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a user to open a malicious DWG file that could lead to the...
Siemens Mendix Excel Importer
1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Mendix Excel Importer Module Vulnerability: XML Entity Expansion 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to compromise the...
Siemens Simcenter Femap
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Siemens Equipment: Simcenter Femap Vulnerability: Out-of-bounds Write 2. RISK EVALUATION If a user is tricked into opening a malicious file with the affected application, then this vulnerability could allow remote code...
Siemens SICAM GridEdge
1. EXECUTIVE SUMMARY CVSS v3 6.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SICAM GridEdge Vulnerability: Exposure of Resource to Wrong Sphere 2. RISK EVALUATION The SICAM GridEdge software contains an improper access control vulnerability, which could allow...
Siemens EN100 Ethernet Module
1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: EN100 Ethernet Module Vulnerability: Improper Restriction of Operations within the Bounds of a Memory Buffer. 2. RISK EVALUATION Successful exploitation of this vulnerability could...
Simcenter Femap and Parasolid
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Siemens Equipment: Simcenter Femap and Parasolid Vulnerability: Out-of-bounds Read 2. UPDATE This updated advisory is a follow-up to the original advisory titled ICSA-22-195-09 Simcenter Femap and Parasolid Update A that...
Siemens Datalogics File Parsing Vulnerability
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Siemens Equipment: Teamcenter Visualization and JT2Go Vulnerability: Heap-based buffer Overflow 2. UPDATE This updated advisory is a follow-up to the original advisory titled ICSA-22-195-07 Siemens Datalogics file Parsing...
Siemens SIMATIC MV500 Devices
1. EXECUTIVE SUMMARY CVSS v3 8.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIMATIC MV500 Devices Vulnerabilities: Insufficient Session Expiration, Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of these...
Siemens SCALANCE X Switch Devices
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please seeSiemens' ProductCERT Security Advisories CERT Services | Services |...
Dahua ASI7213X-T1 (Update A)
1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Dahua Equipment: DHI-ASI7213X-T1 --------- Begin Update A Part 1 of 4 --------- Vulnerabilities: Unrestricted Upload of File with Dangerous Type, Authentication Bypass by Capture-replay, Generation of...
North Korean State-Sponsored Cyber Actors Use Maui Ransomware to Target the Healthcare and Public Health Sector
Summary The Federal Bureau of Investigation FBI, Cybersecurity and Infrastructure Security Agency CISA, and the Department of the Treasury Treasury are releasing this joint Cybersecurity Advisory CSA to provide information on Maui ransomware, which has been used by North Korean state-sponsored...
Bently Nevada ADAPT 3701/4X Series and 60M100
1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Bently Nevada Equipment: 3701/4X series and 60M100 3701/60 Condition Monitoring System Vulnerabilities: Use of Hard-coded Credentials, Missing Authentication for Critical Function CISA is aware of a...
Rockwell Automation MicroLogix
1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: MicroLogix 1100/1400 Vulnerability: Improper Restriction of Rendered UI Layers or Frames 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a...
FESTO Hardware Controller, Hardware Servo Press Kit
SUMMARY The Festo controller CECC-X-M1 product family in multiple versions are affected by a preauthentication command injection vulnerability. Update A, 2022-07-05 Remediation has been updated. Fixed firmwares are now available. 2. IMPACT Any person who is able to gain access to the webserver...
CODESYS Gateway Server (Update A)
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: CODESYS GmbH Equipment: CODESYS Gateway Server Vulnerability: Heap Based Buffer Overflow 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-15-258-02 3S...
Emerson DeltaV Distributed Control System
1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable on adjacent network/high attack complexity Vendor: Emerson Equipment: DeltaV Distributed Control System Vulnerabilities: Missing Authentication for Critical Function, Use of Hard-coded Credentials, Insufficient Verification of Data...
Yokogawa Wide Area Communication Router
1. EXECUTIVE SUMMARY CVSS v3 5.9 ATTENTION: Exploitable remotely Vendor: Yokogawa Equipment: Wide Area Communication Router WAC Router Vulnerability: Use of Insufficiently Random Values 2. RISK EVALUATION Successful exploitation of this vulnerability could cause the functions provided by the WAC...
Exemys RME1
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Exemys Equipment: RME1 Vulnerability: Improper Authentication 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker with network access to bypass authentication and...
Distributed Data Systems WebHMI
1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: Distributed Data Systems Equipment: WebHMI Vulnerabilities: Cross-site Scripting, OS Command Injection 2. RISK EVALUATION Successful exploitation of these vulnerabilities...
ABB e-Design
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: ABB Equipment: e-Design Vulnerabilities: Incorrect Default Permissions 2. RISK EVALUATION Exploitation of these vulnerabilities could allow privilege escalation or a denial-of service condition. 3. TECHNICAL DETAILS 3.1...
Omron SYSMAC CS/CJ/CP Series and NJ/NX Series
1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Omron Equipment: SYSMAC CS/CJ/CP Series and NJ/NX Series Vulnerabilities: Cleartext Transmission of Sensitive Information, Insufficient Verification of Data Authenticity, Plaintext Storage of a Password...
Motorola Solutions MOSCAD IP and ACE IP Gateways
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely Vendor: Motorola Solutions Equipment: MOSCAD IP Gateway and ACE IP Gateway Vulnerability: Missing Authentication for Critical Function CISA is aware of a public report, known as “OT:ICEFALL” that details vulnerabilities found in...
Motorola Solutions ACE1000
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Motorola Solutions Equipment: ACE1000 Vulnerabilities: Use of Hard-coded Cryptographic Key, Use of Hard-coded Credentials, Insufficient Verification of Data Authenticity CISA is aware of a public report...
Advantech iView
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Advantech Equipment: iView Vulnerabilities: SQL Injection, Missing Authentication for Critical Function, Relative Path Traversal, Command Injection 2. RISK EVALUATION Successful exploitation of these...
Motorola Solutions MDLC
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely Vendor: Motorola Solutions Equipment: MDLC Vulnerabilities: Use of a Broken or Risky Cryptographic Algorithm, Plaintext Storage of a Password CISA is aware of a public report, known as “OT:ICEFALL” that details vulnerabilities found...
Pyramid Solutions EtherNet/IP Adapter Development Kit
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely, low attack complexity Vendor: Pyramid Solutions, Inc. Equipment: EtherNet/IP Adapter Development Kit Vulnerability: Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker with...