Johnson Controls CEM Systems AC2000

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Controlled Electronic Management Systems, Ltd., a subsidiary of Johnson Controls, Inc. Equipment: CEM Systems AC2000 Vulnerability: Off-by-one Error 2. RISK EVALUATION Successful exploitation of this vulnerability could...

Philips MRI 1.5T and 3T (Update A)

1. EXECUTIVE SUMMARY CVSS v3 6.2 ATTENTION: Low attack complexity Vendor: Philips Equipment: MRI 1.5T and 3T Vulnerabilities: Improper Access Control, Incorrect Ownership Assignment, Exposure of Sensitive Information to an Unauthorized Actor 2. RISK EVALUATION Successful exploitation of these...

APT Actors Exploiting Newly Identified Vulnerability in ManageEngine ADSelfService Plus

Summary This Joint Cybersecurity Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge ATT &CK® framework, Version 8. See the ATT&CK for Enterprise for referenced threat actor tactics and for techniques. This joint advisory is the result of analytic efforts between the...

Iranian Government-Sponsored APT Cyber Actors Exploiting Microsoft Exchange and Fortinet Vulnerabilities in Furtherance of Malicious Activities

Summary Actions to Take Today to Protect Against Iranian State-Sponsored Malicious Cyber Activity • Immediately patch software affected by the following vulnerabilities: CVE-2021-34473, 2018-13379, 2020-12812, and 2019-5591. • Implementmulti-factor authentication. • Usestrong, unique passwords.v...

Philips Patient Information Center iX (PIC iX) and Efficia CM Series

1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable from adjacent network/low attack complexity Vendor: Philips Equipment: Patient Information Center iX PIC iX and Efficia CM Series Vulnerabilities: Improper Input Validation, Use of Hard-coded Cryptographic Key, Use of a Broken or Risky...

Philips IntelliBridge EC 40 and EC 80 Hub

1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Low attack complexity Vendor: Philips Equipment: IntelliBridge EC 40 and EC 80 Hub Vulnerabilities: Use of Hard-coded Credentials, Authentication Bypass Using an Alternate Path or Channel 2. RISK EVALUATION Successful exploitation of these...

Mitsubishi Electric GOT products

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: GOT2000 series, GOT SIMPLE series, GT SoftGOT2000 Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow the...

FATEK Automation WinProladder

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: FATEK Automation Equipment: WinProladder Vulnerabilities: Out-of-bounds Write, Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow for arbitrary code execution. 3...

WECON PLC Editor

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: WECON Equipment: PLC Editor Vulnerabilities: Stack-based Buffer Overflow, Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of these vulnerabilities may allow arbitrary code execution. 3. TECHNICAL DETAILS 3.1...

Multiple Data Distribution Service (DDS) Implementations (Update A)

1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION: Exploitable remotely/low attack complexity Vendors: Eclipse, eProsima, GurumNetworks, Object Computing, Inc. OCI, Real-Time Innovations RTI, TwinOaks Computing Equipment: CycloneDDS, FastDDS, GurumDDS, OpenDDS, Connext DDS Professional, Connext DDS...

Siemens Climatix POL909 (Update A)

1. EXECUTIVE SUMMARY CVSS v3 6.4 ATTENTION: Exploitable remotely Vendor: Siemens --------- Begin Update A Part 1 of 3 --------- Equipment: Climatix POL909 AWM and AWB modules --------- End Update A Part 1 of 3 --------- Vulnerability: Missing Encryption of Sensitive Data 2. RISK EVALUATION...

Siemens SENTRON powermanager

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Siemens Equipment: SENTRON powermanager Vulnerability: Incorrect Permission Assignment for Critical Resource 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an authenticated local attacker to...

Siemens NX JT Translator

1. EXECUTIVE SUMMARY CVSS v3 3.3 ATTENTION: Low attack complexity Vendor: Siemens Equipment: NX Vulnerabilities: Out-of-bounds Read, Access of Uninitialized Pointer 2. RISK EVALUATION Successful exploitation of these vulnerabilities could lead to access violation and arbitrary code execution on...

Siemens SIMATIC RTLS Locating Manager

1. EXECUTIVE SUMMARY CVSS v3 5.5 ATTENTION: Low attack complexity Vendor: Siemens Equipment: SIMATIC RTLS Locating Manager Vulnerabilities: Insertion of Sensitive Information into Log File, Cleartext Storage of Sensitive Information, Improper Input Validation 2. RISK EVALUATION Successful...

Siemens Mendix

1. EXECUTIVE SUMMARY CVSS v3 4.0 ATTENTION: Low attack complexity Vendor: Siemens Equipment: Mendix Vulnerability: Use of Web Browser Cache Containing Sensitive Information 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a local attacker to read cached documents by...

OSIsoft PI Web API

1. EXECUTIVE SUMMARY CVSS v3 6.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: OSIsoft Equipment: PI Web API Vulnerability: Cross-site Scripting 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote authenticated attacker access to sensitive...

OSIsoft PI Vision

1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: OSIsoft Equipment: PI Vision Vulnerabilities: Cross-site Scripting, Incorrect Authorization 2. RISK EVALUATION Successful exploitation of these vulnerabilities could lead to information disclosure,...

Schneider Electric NMC cards and Embedded Devices

1. EXECUTIVE SUMMARY CVSS v3 6.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: Network Management Cards NMC and NMC Embedded Devices Vulnerabilities: Cross-site Scripting, Exposure of Sensitive Information to an Unauthorized Actor 2. RISK EVALUATION...

Siemens Nucleus RTOS-based APOGEE and TALON Products (Update C)

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Nucleus RTOS based APOGEE and TALON Products Vulnerabilities: Type Confusion, Improper Validation of Specified Quantity in Input, Out-of-bounds Read, Improper Restriction of Operation...

Siemens NX OBJ Translator

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: low attack complexity Vendor: Siemens Equipment: NX Vulnerabilities: Use After Free, Access of Uninitialized Pointer 2. RISK EVALUATION Successful exploitation of these vulnerabilities could lead to an access violation and arbitrary code execution on...

Siemens Mendix Studio Pro

1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: Mendix Studio Pro Vulnerabilities: Incorrect Authorization 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow authenticated attackers to manipulate the content of specific...

Siemens SIMATIC WinCC (Update E)

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please seeSiemens' ProductCERT Security Advisories CERT Services | Services |...

Schneider Electric GUIcon

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Schneider Electric Equipment: GUIcon Vulnerabilities: Out-of-bounds Write, Use After Free, Out-of-bounds Read 2. RISK EVALUATION Successful exploitation of these vulnerabilities may allow an attacker to execute arbitrary...

Siemens Siveillance Video DLNA Server

1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Siveillance Video DLNA Server Vulnerability: Path Traversal 2. RISK EVALUATION Successful exploitation of this vulnerability could allow access to sensitive information on the DLNA...

Siemens SCALANCE W1750D

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SCALANCE W1750D Vulnerabilities: Improper Restriction of Operations Within the Bounds of a Memory Buffer, Command Injection, Path Traversal 2. UPDATE INFORMATION This updated advisory...

mySCADA myDESIGNER

1. EXECUTIVE SUMMARY CVSS v3 7.3 ATTENTION: Low attack complexity Vendor: mySCADA Equipment: myDESIGNER Vulnerability: Relative Path Traversal 2. RISK EVALUATION Successful exploitation of this vulnerability could allow for remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The...

Siemens Nucleus RTOS TCP/IP Stack

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Nucleus Net, Nucleus ReadyStart, Capital VSTAR Vulnerabilities: Type Confusion, Improper Validation of Specified Quantity in Input, Out-of-bounds Read, Improper Restriction of...

Hitachi Energy Relion 670/650/SAM600-IO

1. EXECUTIVE SUMMARY CVSS v3 8.1 Vendor: Hitachi Energy Equipment: Relion 670/650/SAM600-IO Vulnerability: Insecure Default Initialization of Resource 2. RISK EVALUATION Successful exploitation of this vulnerability could hijack existing TCP sessions to inject packets of their choosing or cause...

Hitachi Energy Relion 670/650/SAM600-IO

SUMMARY Hitachi Energy is aware of a vulnerability report from U.S. Department of Energy CyTRICS researcher of a vulnerability in the Relion® 670/650/SAM600-IO series versions listed below. Remediation is available for some versions. Recommended actions for each affected version are listed in...

AzeoTech DAQFactory

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: AzeoTech Equipment: DAQFactory Vulnerabilities: Use of Inherently Dangerous Function, Deserialization of Untrusted Data, Cleartext Transmission of Sensitive Information, Modification of Assumed-Immutable Data MAID 2. RISK...

VISAM VBASE Editor

1. EXECUTIVE SUMMARY CVSS v3 7.4 ATTENTION: Exploitable remotely/low attack complexity Vendor: VISAM Equipment: VBASE Vulnerabilities: Improper Access Control, Cross-site Scripting, Improper Restriction of XML External Entity Reference, Using Components with Known Vulnerabilities 2. RISK...

Philips Tasy EMR

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: Philips Equipment: Tasy EMR Vulnerabilities: SQL Injection 2. RISK EVALUATION Successful exploitation of these vulnerabilities could result in patient’s confidential data...

Sensormatic Electronics VideoEdge

1. EXECUTIVE SUMMARY CVSS v3 6.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Sensormatic Electronics, LLC, a subsidiary of Johnson Controls, Inc. Equipment: VideoEdge Vulnerability: Cross-site Scripting 2. RISK EVALUATION Successful exploitation of this vulnerability could allow...

Sensormatic Electronics victor

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Sensormatic Electronics, LLC, a subsidiary of Johnson Controls, Inc. Equipment: victor Vulnerability: Use of Hard-coded Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an...

Fuji Electric Tellus Lite V-Simulator and V-Server Lite

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Fuji Electric Equipment: Tellus Lite V-Simulator, and V-Server Lite Vulnerabilities : Stack-based Buffer Overflow, Out-of-bounds Write, Untrusted Pointer Dereference, Out-of-bounds Read, Access of Uninitialized Pointer,...

Ongoing Cyber Threats to U.S. Water and Wastewater Systems

Summary Immediate Actions WWS Facilities Can Take Now to Protect Against Malicious Cyber Activity • Do not click on suspicious links. • If you use RDP, secure and monitor it. • Usestrong passwords. • Usemulti-factor authentication. Note: This advisory uses the MITRE Adversarial Tactics, Technique...

ICONICS GENESIS64 and Mitsubishi Electric MC Works64 OPC UA

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendors: ICONICS, Mitsubishi Electric Equipment: ICONICS GENESIS64, Mitsubishi Electric MC Works64 Vulnerability: Uncontrolled Recursion 2. RISK EVALUATION Successful exploitation of this vulnerability could...

ICONICS GENESIS64 and Mitsubishi Electric MC Works64

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: ICONICS, Mitsubishi Electric Equipment: ICONICS GENESIS64, Mitsubishi Electric MC Works64 Vulnerabilities: Out-of-bounds Read, Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of these vulnerabilities may...

B. Braun Infusomat Space Large Volume Pump

1. EXECUTIVE SUMMARY CVSS v3 9.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: B. Braun Melsungen AG Equipment: Infusomat Space Large Volume Pump Vulnerabilities: Unrestricted Upload of File with Dangerous Type, Cleartext Transmission of Sensitive Information, Missing...

Delta Electronics DIALink

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Delta Electronics Equipment: DIALink Vulnerabilities: Cleartext Transmission of Sensitive Information, Cross-site Scripting, Improper Neutralization of Formula Elements in a CSV File, Cleartext Storage...

Trane HVAC Systems Controls

1. EXECUTIVE SUMMARY CVSS v3 6.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Trane Equipment: Building Automation Controllers Tracer SC Vulnerability: Cross-site Scripting 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to redirect a user...

AUVESY Versiondog

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: AUVESY Equipment: Versiondog Vulnerabilities: Improper Access Control, Incorrect Permission Assignment for Critical Resource, Use of Hard-coded Cryptographic Key, Out-of-bounds Read, Use After Free,...

BlackMatter Ransomware

Summary Actions You Can Take Now to Protect Against BlackMatter Ransomware • Implement and enforce backup and restoration policies and procedures. • Usestrong, unique passwords. • Usemulti-factor authentication. • Implement network segmentation and traversal monitoring. Note: this advisory uses t...

Schneider Electric CNM

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Schneider Electric Equipment: ConneXium Network Manager CNM Software Vulnerability: Improper Privilege Management 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute arbitrary...

Schneider Electric CNM

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Schneider Electric Equipment: ConneXium Network Manager CNM Software Vulnerability: Improper Privilege Management 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute arbitrary...

Uffizio GPS Tracker

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Uffizio Equipment: GPS Tracker Vulnerabilities: Improper Access Control, Unrestricted Upload of File with Dangerous Type, Open Redirect, Cross-site Scripting, Cross-site Request Forgery 2. RISK...

Siemens SIMATIC Process Historian

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIMATIC Process Historian Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability could enable the execution of...

Schneider Electric IGSS

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: IGSS Interactive Graphical SCADA System Vulnerabilities: Classic Buffer Overflow, Unrestricted Upload of File with Dangerous Type, Path Traversal, Missing Authentication fo...

Siemens SCALANCE

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SCALANCE Vulnerabilities: Cross-site Request Forgery, OS Command Injection, Classic Buffer Overflow, Command Injection, Path Traversal, Missing Encryption of Sensitive Data 2. UPDATE...

Siemens SINEC NMS

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SINEC NMS network management software Vulnerabilities: Improper Limitation of a Pathname to a Restricted Directory, Improper Authorization, Exposure of Sensitive Information to an...