Ics - Page 41 of Ics Vulnerabilities List

ICS•added 2022/04/14 12:0 a.m.•46 views

Delta Electronics DMARS

1. EXECUTIVE SUMMARY CVSS v3 5.5 ATTENTION: Low attack complexity Vendor: Delta Electronics Equipment: DMARS Vulnerability: Improper Restriction of XML External Entity Reference 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to gain sensitive information...

5.5CVSS5.6AI score0.00735EPSS

ICS•added 2022/04/12 12:0 a.m.•46 views

Siemens Mendix

1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Mendix Vulnerability: Exposure of Sensitive Information to an Unauthorized Actor 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled...

7.5CVSS7.7AI score0.01257EPSS

ICS•added 2022/04/12 12:0 a.m.•38 views

Siemens Mendix

1. EXECUTIVE SUMMARY CVSS v3 3.1 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: Mendix Vulnerability: Improper Access Control 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an authenticated attacker to extract information from a database protected field...

6.5CVSS6.6AI score0.0063EPSS

ICS•added 2022/04/12 12:0 a.m.•67 views

Siemens SIMATIC S7-400

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please seeSiemens' ProductCERT Security Advisories CERT Services | Services |...

7.5CVSS7.7AI score0.00937EPSS

Exploits0References12

ICS•added 2022/04/12 12:0 a.m.•35 views

Siemens SICAM A8000

1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SICAM A8000 Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to access files...

7.5CVSS7.8AI score0.02376EPSS

Exploits1References11

ICS•added 2022/04/12 12:0 a.m.•86 views

Siemens SCALANCE X-300 Switches

1. EXECUTIVE SUMMARY CVSS v3 9.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SCALANCE X-300 switch family devices Vulnerabilities: Improper Input Validation, Use of Insufficiently Random Values, Stack-based Buffer Overflow, Cross-site Request Forgery, Improper...

9.8CVSS9AI score0.01552EPSS

ICS•added 2022/04/12 12:0 a.m.•36 views

Inductive Automation Ignition

1. EXECUTIVE SUMMARY CVSS v3 6.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Inductive Automation Equipment: Ignition Vulnerability: Path Traversal 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an authenticated attacker with network access to...

8.8CVSS8.2AI score0.00781EPSS

ICS•added 2022/04/12 12:0 a.m.•57 views

Valmet DNA

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable from an adjacent network /low attack complexity Vendor: Valmet Equipment: DNA Vulnerability: Inadequate Encryption Strength 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute commands remotely...

8.8CVSS9.2AI score0.01105EPSS

ICS•added 2022/04/12 12:0 a.m.•75 views

Siemens TIA Administrator

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIMATICS PCS neo Admin Console, SINTEPLAN, TIA Portal Vulnerability: Uncontrolled Resource Consumption 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory...

7.8CVSS7.8AI score0.01336EPSS

ICS•added 2022/04/12 12:0 a.m.•46 views

Siemens PROFINET Stack Integrated on Interniche Stack

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

7.5CVSS6.6AI score0.00818EPSS

Exploits0References10

ICS•added 2022/04/12 12:0 a.m.•37 views

Siemens SIMATIC STEP 7 (TIA Portal)

1. EXECUTIVE SUMMARY CVSS v3 6.4 Vendor: Siemens Equipment: STEP 7 TIA Portal Vulnerability: Improper Access Control 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to achieve privilege escalation on the web server of certain devices configured by SIMATIC...

7.8CVSS8.1AI score0.0023EPSS

ICS•added 2022/04/12 12:0 a.m.•47 views

Aethon TUG Home Base Server

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Aethon owned by ST Engineering Equipment: TUG Home Base Server Vulnerabilities: Missing Authorization, Channel Accessible by Non-endpoint, Cross-site Scripting 2. RISK EVALUATION Successful exploitation...

8.2CVSS8.3AI score0.0069EPSS

ICS•added 2022/04/12 12:0 a.m.•70 views

Siemens Simcenter Femap

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Siemens Equipment: Simcenter Femap Vulnerabilities: Out-of-bounds Read, Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow arbitrary code execution. 3. TECHNICAL DETAILS 3.1...

8.8CVSS8.1AI score0.01097EPSS

ICS•added 2022/04/12 12:0 a.m.•43 views

Siemens SIMATIC Energy Manager

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIMATIC Energy Manager Vulnerabilities: Incorrect Permission Assignment for Critical Resource, Uncontrolled Search Path Element, Deserialization of Untrusted Data 2. RISK EVALUATION...

10CVSS8.9AI score0.34903EPSS

ICS•added 2022/04/12 12:0 a.m.•73 views

Siemens SCALANCE W1700

1. EXECUTIVE SUMMARY CVSS v3 7.4 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SCALANCE W1700 Vulnerabilities: Race Condition, Improper Input Validation 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to cause various...

7.8CVSS6.6AI score0.00884EPSS

ICS•added 2022/04/12 12:0 a.m.•61 views

Mitsubishi Electric MELSEC-Q Series C Controller Module

1. EXECUTIVE SUMMARY CVSS v3 9.0 ATTENTION: Exploitable remotely Vendor: Mitsubishi Electric Equipment: MELSEC-Q Series C Controller Module Vulnerability: Heap-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could cause a denial-of-service condition or allow...

9.8CVSS10AI score0.02373EPSS

ICS•added 2022/04/12 12:0 a.m.•73 views

Mitsubishi Electric GT25-WLAN

1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable remotely Vendor: Mitsubishi Electric Equipment: Wireless LAN communication unit GT25-WLAN in GOT2000 Series GT25 or GT27 Vulnerabilities: Improper Removal of Sensitive Information Before Storage or Transfer, Inadequate Encryption Strength,...

6.5CVSS8.1AI score0.05765EPSS

Exploits4References5

ICS•added 2022/04/07 12:0 a.m.•148 views

Pepperl+Fuchs WirelessHART-Gateway

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Pepperl+Fuchs Equipment: WirelessHART-Gateway Vulnerabilities: Use of Hard-coded Credentials, Uncontrolled Resource Consumption, Reliance on Reverse DNS Resolution for a Security-critical Action, Path...

9.8CVSS8.6AI score0.99019EPSS

Exploits20References5

ICS•added 2022/04/07 12:0 a.m.•61 views

ABB SPIET800 and PNI800

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: ABB Equipment: Symphony Plus SPIET800 and PNI800 Vulnerabilities: Incomplete Internal State Distinction, Improper Handling of Unexpected Data Type, Uncontrolled Resource Consumption 2. RISK EVALUATION...

7.5CVSS8.1AI score0.01043EPSS

ICS•added 2022/04/05 12:0 a.m.•52 views

LifePoint Informatics Patient Portal

1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: LifePoint Informatics Equipment: Patient Portal Vulnerability: Authentication Bypass Using Alternate Path or Channel 2. RISK EVALUATION Successful exploitation of this vulnerability could disclose...

6.5CVSS6.9AI score0.00826EPSS

ICS•added 2022/04/05 12:0 a.m.•68 views

Johnson Controls Metasys

1. EXECUTIVE SUMMARY CVSS v3 8.4 ATTENTION: Exploitable remotely/low attack complexity Vendor: Johnson Controls Inc. Equipment: Metasys Vulnerability: Server-side Request Forgery 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an authenticated attacker to inject...

8.8CVSS8.9AI score0.00757EPSS

ICS•added 2022/04/05 12:0 a.m.•46 views

Rockwell Automation ISaGRAF

1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION: Low attack complexity Vendor: Rockwell Automation Equipment: ISaGRAF Vulnerability: Deserialization of Untrusted Data 2. RISK EVALUATION Successful exploitation of this vulnerability could allow arbitrary code execution. 3. TECHNICAL DETAILS 3.1...

8.6CVSS8.2AI score0.11368EPSS

ICS•added 2022/03/31 12:0 a.m.•62 views

General Electric Renewable Energy MDS Radios

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: General Electric Renewable Energy Equipment: MDS iNET/iNET II/SD/TD220/TD220MAX Radios Vulnerabilities: I mproper Input Validation, Hidden Functionality, Inadequate Encryption Strength, Uncontrolled...

9.8CVSS8AI score0.96327EPSS

Exploits15References5

ICS•added 2022/03/31 12:0 a.m.•79 views

Hitachi Energy e-mesh EMS

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: e-mesh EMS Vulnerabilities: Improper Restriction of Operations Within the Bounds of a Memory Buffer, Use After Free, Uncontrolled Resource Consumption 2. RISK EVALUATION...

9.3CVSS8AI score0.77385EPSS

Exploits2References5

ICS•added 2022/03/31 12:0 a.m.•78 views

Mitsubishi Electric FA Products

1. EXECUTIVE SUMMARY CVSS v3 7.4 ATTENTION: Exploitable remotely Vendor: Mitsubishi Electric Equipment: FA products Vulnerabilities: Use of Password Hash Instead of Password for Authentication, Use of Weak Hash, Cleartext Storage of Sensitive Information, Authentication Bypass by Capture-replay...

9.1CVSS7.9AI score0.0229EPSS

ICS•added 2022/03/31 12:0 a.m.•41 views

Fuji Electric Alpha5

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Fuji Electric Equipment: Alpha5 Vulnerabilities: Access of Uninitialized Pointer, Out-of-bound Read, Stack-based Buffer Overflow, Heap-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of these...

7.8CVSS6.9AI score0.01074EPSS

ICS•added 2022/03/31 12:0 a.m.•99 views

Rockwell Automation Logix Controllers

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: Logix Controllers Vulnerability: Inclusion of Functionality from Untrusted Control Sphere 2. RISK EVALUATION Successful exploitation of this vulnerability may allow an...

10CVSS8.7AI score0.04871EPSS

ICS•added 2022/03/31 12:0 a.m.•44 views

Schneider Electric SCADAPack Workbench

1. EXECUTIVE SUMMARY CVSS v3 5.5 ATTENTION: Low attack complexity Vendor: Schneider Electric Equipment: SCADAPack Workbench Vulnerability: Improper Restriction of XML External Entity Reference 2. RISK EVALUATION Successful exploitation of this vulnerability could result from exfiltration of data...

5.5CVSS5.5AI score0.00941EPSS

ICS•added 2022/03/31 12:0 a.m.•82 views

Rockwell Automation Studio 5000 Logix Designer

1. EXECUTIVE SUMMARY CVSS v3 7.7 ATTENTION: Low attack complexity Vendor: Rockwell Automation Equipment: Studio 5000 Logix Designer Vulnerability: Code Injection 2. RISK EVALUATION Successful exploitation of this vulnerability may allow an attacker to download a modified program to the...

7.7CVSS7.9AI score0.03398EPSS

ICS•added 2022/03/29 12:0 a.m.•44 views

Philips e-Alert

1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable from an adjacent network/low attack complexity Vendor: Philips Equipment: e-Alert Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability may allow an unauthorized actor to...

6.5CVSS6.9AI score0.00381EPSS

ICS•added 2022/03/29 12:0 a.m.•48 views

Hitachi Energy LinkOne WebView

1. EXECUTIVE SUMMARY CVSS v3 4.2 ATTENTION: Exploitable remotely Vendor: Hitachi Energy Equipment: LinkOne WebView Vulnerabilities: Cross-site Scripting, Use of a Password System for Primary Authentication, Configuration, Exposure of Sensitive Information to an Unauthorized Actor 2. RISK...

7.5CVSS5.9AI score0.00725EPSS

ICS•added 2022/03/29 12:0 a.m.•84 views

Omron CX-Position

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Omron Equipment: CX-Position Vulnerabilities: Stack-based Buffer Overflow, Improper Restriction of Operations Within the Bounds of a Memory Buffer, Use After Free, Out-of-bounds Write 2. RISK EVALUATION Successful...

7.8CVSS8.6AI score0.01985EPSS

ICS•added 2022/03/29 12:0 a.m.•60 views

Rockwell Automation ISaGRAF

1. EXECUTIVE SUMMARY CVSS v3 5.5 ATTENTION: Low attack complexity Vendor: Rockwell Automation Equipment: ISaGRAF Vulnerability: I mproper Restriction of XML External Entity Reference 2.UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled ICSA-22-088-01 Rockwell...

5.5CVSS5.8AI score0.02072EPSS

ICS•added 2022/03/29 12:0 a.m.•52 views

Modbus Tools Modbus Slave

1. EXECUTIVE SUMMARY CVSS v3 5.5 ATTENTION: Low attack complexity/public exploits are available Vendor: Modbus Tools Equipment: Modbus Slave Vulnerability : Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could crash the application when inputting a...

7.5CVSS6.7AI score0.00949EPSS

ICS•added 2022/03/24 12:0 p.m.•24 views

Tactics, Techniques, and Procedures of Indicted State-Sponsored Russian Cyber Actors Targeting the Energy Sector

Summary Actions to Take Today to Protect Energy Sector Networks: • Implement and ensure robust network segmentation between IT and ICS networks. • Enforce MFA to authenticate to a system. • Manage the creation of, modification of, use of—and permissions associated with—privileged accounts. This...

9.5AI score

Exploits0References183

ICS•added 2022/03/24 12:0 a.m.•231 views

Yokogawa CENTUM and Exaopc

1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Yokogawa Equipment: CENTUM and Exaopc Vulnerabilities: Use of Hard-coded Credentials, Relative Path Traversal, Improper Output Neutralization for Logs, OS Command Injection, Permissions, Privileges...

9.8CVSS9.1AI score0.01017EPSS

ICS•added 2022/03/24 12:0 a.m.•51 views

mySCADA myPRO

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: mySCADA Equipment: myPRO Vulnerability: Command Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow arbitrary operating system commands injection. 3. TECHNICAL...

9CVSS9AI score0.01304EPSS

ICS•added 2022/03/22 12:0 a.m.•209 views

Delta Electronics DIAEnergie (Update C)

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Delta Electronics Equipment: DIAEnergie Vulnerabilities: Path Traversal, Incorrect Default Permissions, SQL Injection, Uncontrolled Search Path Element 2. UPDATE INFORMATION This updated advisory is a...

10CVSS10AI score0.11124EPSS

ICS•added 2022/03/15 12:0 p.m.•46 views

American Auto-Matrix Front-End Solutions Vulnerabilities

OVERVIEW Independent researcher Maxim Rupp has identified a local file inclusion and a plain text storage of password vulnerabilities in American Auto-Matrix’s Building Automation Front-End Solutions application. The Aspect-Matrix hardware platform was made end of life in 2015 and will no longer...

8.6CVSS8.7AI score0.01491EPSS

Exploits0References18

ICS•added 2022/03/15 12:0 a.m.•44 views

ABB OPC Server for AC 800M

1. EXECUTIVE SUMMARY CVSS v3 8.4 ATTENTION: Exploitable remotely/low attack complexity Vendor: ABB Equipment: OPC Server for AC 800M Vulnerability: Execution with Unnecessary Privileges 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a low privileged authenticated...

8.8CVSS8.9AI score0.008EPSS

ICS•added 2022/03/08 12:0 a.m.•48 views

Siemens SINUMERIK MC

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Siemens Equipment: SINUMERIK MC Vulnerability: Improper Privilege Management 2. RISK EVALUATION Successful exploitation of this vulnerability could allow local attackers to escalate privileges to root. 3. TECHNICAL DETAILS...

7.8CVSS8AI score0.00201EPSS

ICS•added 2022/03/08 12:0 a.m.•77 views

Siemens Polarion ALM

1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Polarion ALM Vulnerability: Cross-site Scripting 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-22-069-08 Siemens Polarion ALM that...

6.1CVSS6.9AI score0.00715EPSS

ICS•added 2022/03/08 12:0 a.m.•93 views

Siemens SINEC NMS

8.8CVSS8.1AI score0.03354EPSS

Exploits0References12

ICS•added 2022/03/08 12:0 a.m.•58 views

Siemens SIMOTICS CONNECT 400

1. EXECUTIVE SUMMARY CVSS v3 8.2 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIMOTICS CONNECT 400 Vulnerabilities: Type Confusion, Improper Validation of Specified Quantity in Input, Wrap or Wraparound, Improper Handling of Inconsistent Structural Elements 2...

9.1CVSS8.4AI score0.02424EPSS

ICS•added 2022/03/08 12:0 a.m.•61 views

AVEVA System Platform

1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Low attack complexity Vendor: AVEVA Equipment: System Platform Vulnerability: Cleartext Storage of Sensitive Information in Memory 2. RISK EVALUATION Successful exploitation of this vulnerability could expose cleartext credentials for the network user...

8.1CVSS6.3AI score0.00166EPSS

ICS•added 2022/03/08 12:0 a.m.•49 views

Siemens Mendix

1. EXECUTIVE SUMMARY CVSS v3 5.9 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: Mendix Vulnerability: Improper Access Control 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled ICSA-22-069-13 Siemens Mendix that was published March 10, 2021, to...

8.1CVSS8.2AI score0.00577EPSS

Exploits0References10

ICS•added 2022/03/08 12:0 a.m.•86 views

Siemens SINEMA Mendix Forgot Password Appstore

1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Mendix Forgot Password Appstore module Vulnerabilities: Improper Access Control, Improper Restriction of Excessive Authentication Attempts 2. RISK EVALUATION These vulnerabilities...

9.8CVSS10AI score0.01437EPSS

Exploits1References11

ICS•added 2022/03/08 12:0 a.m.•80 views

Siemens COMOS

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Siemens Equipment: COMOS Vulnerabilities: Memory Allocation with Excessive Size Value, Untrusted Pointer Dereference, Type Confusion, Stack-based Buffer Overflow, Out-of-bounds Write, Out-of-bounds Read, Use After Free,...

7.8CVSS9AI score0.0323EPSS

ICS•added 2022/03/08 12:0 a.m.•79 views

Siemens Climatix POL909

1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Climatix POL909 AWB and AWM modules Vulnerabilities: Cross-site Scripting, Improper Access Control 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an...

6.5CVSS7AI score0.00718EPSS