4251 matches found
Nanoleaf Lines unauthenticated firmware file store
RISK EVALUATION Nanoleaf Lines 12.3.2 does not authenticate firmware file uploads. A remote, unauthenticated attacker can upload firmware files on the device and consume storage resources. 2. RECOMMENDED PRACTICES Update to 12.3.6. 3. DESCRIPTION Nanoleaf Lines 12.3.2 does not authenticate...
Pharos Controls Mosaic Show Controller
RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated attacker to execute arbitrary commands with root privileges. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Minimize...
Grassroots DICOM (GDCM)
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to send a specially crafted file, and when parsed, could result in a denial-of-service condition. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of...
WAGO GmbH & Co. KG Industrial Managed Switches
SUMMARY A vulnerability has been found affecting the Managed Switches of WAGO. An unauthenticated attacker can fully compromise the device via an undocumented function. 2. IMPACT This could lead to a full System compromise of the affected devices. 3. REMEDIATION Please update your devices to the...
OPEXUS eComplaint and eCase multiple vulnerabilities
RISK EVALUATION OPEXUS eComplaint and eCase contain multiple vulnerabilities. In the worst case, an unauthenticated attacker could take over any account with a known username. 2. RECOMMENDED PRACTICES Update to OPEXUS eCase and eComplaint 10.1.0.0. 3. DESCRIPTION OPEXUS eComplaint and eCASE...
Automated Logic WebCTRL Premium Server
RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to read, intercept, or modify communications. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as: Minimize network...
CTEK Chargeportal
RISK EVALUATION Successful exploitation of these vulnerabilities could enable attackers to gain unauthorized administrative control over vulnerable charging stations or disrupt charging services through denial-of-service attacks. 2. RECOMMENDED PRACTICES CISA recommends users take defensive...
IGL-Technologies eParking.fi
RISK EVALUATION Successful exploitation of these vulnerabilities could enable attackers to gain unauthorized administrative control over vulnerable charging stations or disrupt charging services through denial-of-service attacks. 2. RECOMMENDED PRACTICES CISA recommends users take defensive...
Multiple IP-KVM Vulnerabilities
RISK EVALUATION Multiple KVM products GL-iNet GL-RM1, Angeet ES3 KVM, Sipeed NanoKVM, and JetKVM are affected by multiple vulnerabilities. The most severe of these vulnerabilities could allow a remote, unauthenticated attacker to take complete control of a vulnerable product. 2. RECOMMENDED...
ABB AWIN Gateways
SUMMARY ABB became aware of vulnerability in the products versions listed as affected in the advisory. An update is available that resolves the reported vulnerabilities. AWIN gateways are not intended to be internet-facing. An attacker who successfully exploited this vulnerability could take...
Inductive Automation Ignition Software
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute malicious code with OS application service account permissions that the authenticated, privileged application user did not intend on running. 2. RECOMMENDED PRACTICES CISA recommends users take...
Trane Tracer SC, Tracer SC+, and Tracer Concierge
RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to disclose sensitive information, execute arbitrary commands, or perform a denial-of-service on the product. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of...
ABB AC500 V3 Stack Buffer Overflow in Cryptographic Message Syntax
SUMMARY ABB became aware of vulnerability in the products versions listed as affected in the advisory. An update is available that resolves publicly reported vulnerability. An attacker who successfully exploited these vulnerabilities could cause a crash, denial-of-service DoS, or potentially...
Schneider Electric EcoStruxure PME and EPO
GENERAL SECURITY RECOMMENDATIONS Schneider Electric strongly recommends the following industry cybersecurity best practices. https://www.se.com/us/en/download/document/7EN52-0390/ Locate control and safety system networks and remote devices behind firewalls and isolate them from the business...
Schneider Electric EcoStruxure Foxboro DCS
GENERAL SECURITY RECOMMENDATIONS Schneider Electric strongly recommends the following industry cybersecurity best practices. https://www.se.com/us/en/download/document/7EN52-0390/ Locate control and safety system networks and remote devices behind firewalls and isolate them from the business...
Schneider Electric EcoStruxure Automation Expert
GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install physical controls so no unauthorized personnel can access...
Schneider Electric Modicon Controllers M241, M251, M258, and LMC058
GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install physical controls so no unauthorized personnel can access...
Schneider Electric Modicon M241, M251, and M262
GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. https://www.se.com/us/en/download/document/7EN52-0390/ Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install...
Schneider Electric EcoStruxure Data Center Expert
GENERAL SECURITY RECOMMENDATIONS Schneider Electric strongly recommends the following industry cybersecurity best practices: Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install physical controls so no unauthorized...
Lantronix EDS3000PS and EDS5000
RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to bypass authentication and execute code with root-level privileges. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities,...
Honeywell IQ4 Series BMS Controller (Update A)
RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthorized attacker to access controller management settings, control components, disclose information, or cause a denial-of-service condition. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to...
Apeman Cameras
RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to take control of the device or view camera feeds. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as: Minimize...
Ceragon Siklu MultiHaul and EtherHaul Series
RISK EVALUATION Successful exploitation of this vulnerability could result in arbitrary file upload to the target equipment. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this these vulnerabilityies, such as: When remote access is...
Siemens SICAM SIAPP SDK
SUMMARY The SICAM SIAPP SDK contains multiple vulnerabilities that could allow an attacker to disrupt the customer-developed SIAPP or its simulation environment. Potential impacts include denial of service within the SIAPP, corruption of SIAPP data, or exploit the simulation environment. These...
Siemens Heliox EV Chargers
SUMMARY Heliox EV Chargers listed below contain improper access control vulnerability that could allow an attacker to reach unauthorized services via the charging cable. Siemens has released new versions for the affected products and recommends to update to the latest versions. 2. GENERAL...
Siemens RUGGEDCOM APE1808 Devices
SUMMARY Fortinet has published information on vulnerabilities in FORTIOS. This advisory lists the related Siemens Industrial products. Siemens has released a new version for RUGGEDCOM APE1808 and recommends to update to the latest version. 2. GENERAL RECOMMENDATIONS As a general security...
Mitsubishi Electric CNC Series
RISK EVALUATION Successful exploitation of this vulnerability could allow a remote attacker to cause an out-of-bounds read, resulting in a denial-of-service condition in the affected products. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the exploitation...
Siemens SIMATIC
SUMMARY SIMATIC S7-1500 devices contain a vulnerability that could allow an attacker to inject code by tricking a legitimate user into importing a specially crafted trace file in the web interface. Siemens has released new versions for several affected products and recommends to update to the...
Siemens SIDIS Prime
SUMMARY SIDIS Prime before V4.0.800 is affected by multiple vulnerabilities in the components OpenSSL, SQLite, and several Node.js packages as described below. Siemens has released a new version of SIDIS Prime and recommends to update to the latest version. 2. GENERAL RECOMMENDATIONS As a...
Delta Electronics CNCSoft-G2
RISK EVALUATION Successful exploitation of this vulnerability could result in an attacker achieving remote code execution on the device. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as: Minimize network...
Labkotec LID-3300IP
RISK EVALUATION Successful exploitation of this vulnerability could allow attackers to gain unauthorized control over system operations, leading to disruption of normal functionality and potential safety hazards. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize...
Portwell Engineering Toolkits
RISK EVALUATION Successful exploitation of this vulnerability could allow a local attacker to escalate privileges or cause a denial-of-service condition. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:...
ePower epower.ie
RISK EVALUATION Successful exploitation of these vulnerabilities could enable attackers to gain unauthorized administrative control over vulnerable charging stations or disrupt charging services through denial-of-service attacks. 2. RECOMMENDED PRACTICES CISA recommends users take defensive...
Mobiliti e-mobi.hu
RISK EVALUATION Successful exploitation of these vulnerabilities could enable attackers to gain unauthorized administrative control over vulnerable charging stations or disrupt charging services through denial-of-service attacks. 2. RECOMMENDED PRACTICES CISA recommends users take defensive...
Everon OCPP Backends
RISK EVALUATION Successful exploitation of these vulnerabilities could enable attackers to gain unauthorized administrative control over vulnerable charging stations or disrupt charging services through denial-of-service attacks. 2. RECOMMENDED PRACTICES CISA recommends users take defensive...
Mitsubishi Electric MELSEC iQ-F Series EtherNet/IP module and Ethernet Module (Update A)
RISK EVALUATION Successful exploitation of these vulnerabilities could allow a remote attacker to cause a denial-of-service condition by continuously sending UDP packets to the affected products. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of...
Mitsubishi Electric MELSEC iQ-F Series EtherNet/IP module and Ethernet module
RISK EVALUATION Successful exploitation of these vulnerabilities could allow a remote attacker to cause a denial-of-service condition by continuously sending UDP packets to the affected products. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of...
CODESYS in Festo Automation Suite
SUMMARY Starting with Festo Automation Suite FAS version 2.8.0.138, the suite is delivered only with a connector to Codesys, rather than including Codesys directly. Prior to this version, Codesys was bundled within the FAS installation. From version 2.8.0.138 onwards, customers are required to...
Chargemap chargemap.com
RISK EVALUATION Successful exploitation of these vulnerabilities could enable attackers to gain unauthorized administrative control over vulnerable charging stations or disrupt charging services through denial-of-service attacks. 2. RECOMMENDED PRACTICES CISA recommends users take defensive...
EV2GO ev2go.io
RISK EVALUATION Successful exploitation of these vulnerabilities could allow attackers to impersonate charging stations, hijack sessions, suppress or misroute legitimate traffic to cause large-scale denial of service, and manipulate data sent to the backend. 2. RECOMMENDED PRACTICES CISA...
EV Energy ev.energy
RISK EVALUATION Successful exploitation of these vulnerabilities could enable attackers to gain unauthorized administrative control over vulnerable charging stations or disrupt charging services through denial-of-service attacks. 2. RECOMMENDED PRACTICES CISA recommends users take defensive...
CloudCharge cloudcharge.se
RISK EVALUATION Successful exploitation of these vulnerabilities could allow attackers to impersonate charging stations, hijack sessions, suppress or misroute legitimate traffic to cause large-scale denial of service, and manipulate data sent to the backend. 2. RECOMMENDED PRACTICES CISA...
Johnson Controls, Inc. Frick Controls Quantum HD
RISK EVALUATION Successful exploitation of these vulnerabilities can lead to pre-authentication remote code execution, information leak or denial of service. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such...
Copeland XWEB and XWEB Pro
RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to bypass authentication, cause a denial-of-service condition, cause memory corruption, and execute arbitrary code. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk...
Mobility46 mobility46.se
RISK EVALUATION Successful exploitation of these vulnerabilities could enable attackers to gain unauthorized administrative control over vulnerable charging stations or disrupt charging services through denial-of-service attacks. 2. RECOMMENDED PRACTICES CISA recommends users take defensive...
Pelco, Inc. Sarix Pro 3 Series IP Cameras
RISK EVALUATION Successful exploitation of this vulnerability could allow attackers to gain unauthorized access to sensitive device data, bypass surveillance controls, and expose facilities to privacy breaches, operational risks, and regulatory compliance issues. 2. RECOMMENDED PRACTICES CISA...
Yokogawa CENTUM VP R6, R7
RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to terminate the software stack process, cause a denial-of-service condition, or execute arbitrary code. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of...
SWTCH EV swtchenergy.com (Update A)
RISK EVALUATION Successful exploitation of these vulnerabilities could allow attackers to impersonate charging stations, hijack sessions, suppress or misroute legitimate traffic to cause large-scale denial of service, and manipulate data sent to the backend. 2. RECOMMENDED PRACTICES CISA...
InSAT MasterSCADA BUK-TS
RISK EVALUATION Successful exploitation of these vulnerabilities may allow remote code execution. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as: Minimize network exposure for all control system...
Gardyn Home Kit (Update B)
RISK EVALUATION Successful exploitation of these vulnerabilities could allow unauthenticated users to access and control edge devices, access cloud-based devices and user information without authentication, and pivot to other edge devices managed in the Gardyn cloud environment. 2. RECOMMENDED...