4255 matches found
Delta Electronics ISPSoft
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: Delta Electronics Delta Equipment: ISPSoft Vulnerability: Use After Free 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute code under the privileges of the application...
Philips Interventional Workstations
1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Low skill level to exploit Vendor: Philips Equipment: Philips Interventional WorkSpot, Coronary Tools/Dynamic Coronary Roadmap/Stentboost Live, ViewForum Vulnerability: OS Command Injection 2. RISK EVALUATION Successful exploitation of this...
Reolink P2P Cameras
1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Reolink Equipment: P2P protocol Vulnerabilities: Use of Hard-coded Cryptographic Key, Cleartext Transmission of Sensitive Information 2. RISK EVALUATION Successful exploitation of these...
dnsmasq by Simon Kelley (Update A)
1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: dnsmasq by Simon Kelley Equipment: dnsmasq Vulnerabilities: Heap-based Buffer Overflow, Insufficient Verification of Data Authenticity, Use of a Broken or Risky Cryptographic Algorithm CISA is awar...
SOOIL Dana Diabecare RS Products
1. EXECUTIVE SUMMARY CVSS v3 7.6 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: SOOIL Developments Co., Ltd. Equipment: Diabecare RS, AnyDana-i and AnyDana-A Vulnerabilities: Use of Hard Coded Credentials, Insufficiently Protected Credentials, Use of Insufficiently Random...
Siemens Solid Edge
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: Siemens Equipment: Solid Edge Vulnerabilities: Out-of-bounds Write, Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow arbitrary code execution on an affected...
Siemens SCALANCE X Products (Update B)
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SCALANCE X Products Vulnerabilities: Missing Authentication for Critical Function, Heap-based Buffer Overflow 2. UPDATE INFORMATION This updated advisory is a follow-up to the...
Siemens SCALANCE X Switches (Update B)
1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SCALANCE X200, X200IRT, X300 Vulnerabilities: Use of Hard-coded Cryptographic Key 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled...
Schneider Electric EcoStruxure Power Build-Rapsody (Update A)
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: Schneider Electric Equipment: EcoStruxure Power Build-Rapsody Vulnerability: Unrestricted Upload of File with Dangerous Type 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled...
Siemens JT2Go and Teamcenter Visualization (Update B)
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: Siemens Equipment: JT2Go and Teamcenter Visualization --------- Begin Update B Part 1 of 2 --------- Vulnerabilities: Type Confusion, Improper Restriction of XML External Entity Reference, Out-of-Bounds Write,...
Innokas Yhtymä Oy Vital Signs Monitor
1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Innokas Yhtymä Oy Equipment: Vital Signs Monitor VC150 Vulnerabilities: Cross-site Scripting, Improper Neutralization of Special Elements in Output Used by a Downstream Component 2. RISK EVALUATION...
Hitachi ABB Power Grids FOX615 Multiservice-Multiplexer
1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Hitachi ABB Power Grids Equipment: FOX615 Multiservice-Multiplexer Vulnerability: Improper Authentication 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker...
Omron CX-One
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: Omron Equipment: CX-One Vulnerabilities: Untrusted Pointer Dereference, Stack-based Buffer Overflow, Type Confusion 2. RISK EVALUATION Successful exploitation of these vulnerabilities could crash the device being...
Delta Electronics CNCSoft-B
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: Delta Electronics Equipment: CNCSoft-B Vulnerabilities: Out-of-bounds Write, Out-of-bounds Read, Untrusted Pointer Dereference, Type Confusion 2. RISK EVALUATION Successful exploitation of these vulnerabilities could...
Eaton EASYsoft (Update A)
1. EXECUTIVE SUMMARY CVSS v3 5.8 Vendor: Eaton Equipment: EASYsoft Vulnerabilities: Type Confusion, Out-of-bounds Read 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-21-007-03 Eaton EASYsoft that was published January 7, 2021, to the ICS webpage on...
Panasonic FPWIN Pro
1. EXECUTIVE SUMMARY CVSS v3 7.3 ATTENTION: Low skill level to exploit Vendor: Panasonic Equipment: FPWIN Pro Vulnerability: Out-of-bounds Read 2. RISK EVALUATION Successful exploitation of this vulnerability could result in an out-of-bounds read, which may allow remote code execution. 3...
Delta Electronics DOPSoft
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: Delta Electronics Equipment: DOPSoft Vulnerabilities: Out-of-bounds Write, Untrusted Pointer Dereference 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow arbitrary code execution. 3...
Schneider Electric Web Server on Modicon M340
1. EXECUTIVE SUMMARY CVSS v3 6.3 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Schneider Electric Equipment: Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy Vulnerabilities: Out-of-bounds Read, Out-of-bounds Write, Classic Buffer Overflow 2. RISK...
Delta Electronics CNCSoft ScreenEditor
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: Delta Electronics Equipment: CNCSoft ScreenEditor Vulnerability: Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability may allow arbitrary code execution. 3. TECHNICAL DETAILS...
Red Lion Crimson 3.1
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Red Lion Equipment: Crimson 3.1 Vulnerabilities: NULL Pointer Dereference, Missing Authentication for Critical Function, Improper Resource Shutdown or Release 2. RISK EVALUATION Successful...
GE Reason RT43X Clocks
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: GE Equipment: Reason RT43X Clocks Vulnerabilities: Code Injection, Use of Hard-coded Cryptographic Key 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an...
Treck TCP/IP Stack (Update A)
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely Vendor: Treck Inc. Equipment: TCP/IP Vulnerability : Heap-based Buffer Overflow, Out-of-bounds Read, Out-of-bounds Write The Treck TCP/IP stack may be known by other names such as Kasago TCP/IP, ELMIC, Net+ OS, Quadnet, GHNET v2,...
PTC Kepware LinkMaster
1. EXECUTIVE SUMMARY CVSS v3 9.3 ATTENTION: Low skill level to exploit Vendor: PTC Equipment: Kepware LinkMaster Vulnerability: Incorrect Default Permissions 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a local attacker to globally overwrite the service...
Emerson Rosemount X-STREAM
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Emerson Equipment: Rosemount X-STREAM Gas Analyzer Vulnerability: Improper Authentication 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker through a...
PTC Kepware KEPServerEX (Update A)
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: PTC Equipment: Kepware KEPServerEX Vulnerabilities: Stack-based Buffer Overflow, Heap-based Buffer Overflow, Use After Free 2. UPDATE INFORMATION This updated advisory is a follow-up to the...
Cyber Actors Target K-12 Distance Learning Education to Cause Disruptions and Steal Data
Summary This Joint Cybersecurity Advisory was coauthored by the Federal Bureau of Investigation FBI, the Cybersecurity and Infrastructure Security Agency CISA, and the Multi-State Information Sharing and Analysis Center MS-ISAC. The FBI, CISA, and MS-ISAC assess malicious cyber actors are targeti...
Host Engineering H2-ECOM100 Module
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Host Engineering Equipment: ECOM100 Module Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could lead to a denial-of-service condition,...
Mitsubishi Electric MELSEC iQ-F Series
1. EXECUTIVE SUMMARY CVSS v3 7.4 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Mitsubishi Electric Equipment: MELSEC iQ-F Series Vulnerability: Improper Check or Handling of Exceptional Conditions 2. RISK EVALUATION Successful exploitation of this vulnerability could cause...
Medtronic MyCareLink Smart
1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable with adjacent access/low skill level to exploit Vendor: Medtronic Equipment: MyCareLink MCL Smart Model 25000 Patient Reader Vulnerabilities: Improper Authentication, Heap-based Buffer Overflow, Time-of-check Time-of-use Race Condition 2...
Siemens Embedded TCP/IP Stack Vulnerabilities-AMNESIA:33 (Update C)
1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: ENTRON 3VA COM100/800, SENTRON 3VA DSP800, SENTRON PAC2200, SENTRON PAC3200T, SENTRON PAC3200, SENTRON PAC4200, SIRIUS 3RW5 Vulnerability: Integer Overflow 2. UPDATE INFORMATION This...
Siemens LOGO! 8 BM
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: LOGO! 8 BM Vulnerabilities: Missing Authentication for Critical Function, Use of Hard-coded Cryptographic Key, Use of a Broken or Risky Cryptographic Algorithm, Insufficiently...
Schneider Electric Modicon M221 Programmable Logic Controller
1. EXECUTIVE SUMMARY CVSS v3 7.1 ATTENTION: Exploitable from an adjacent network Vendor: Schneider Electric Equipment: Modicon M221 Programmable Logic Controller Vulnerabilities: Inadequate Encryption Strength, Small Space of Random Values, Missing Encryption of Sensitive Data, Exposure of...
Schneider Electric Easergy T300
1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely Vendor: Schneider Electric Equipment: Easergy T300 Vulnerability : Missing Authentication for Critical Function, Missing Authorization, Missing Encryption of Sensitive Data, Improper Restriction of Rendered UI Layers or Frames 2...
GE Healthcare Imaging and Ultrasound Products
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: GE Healthcare Equipment: GE Imaging and Ultrasound Products Vulnerabilities: Unprotected Transport of Credentials, Exposure of Sensitive System Information to an Unauthorized Control Sphere 2. RISK...
Siemens SIMATIC Controller Web Servers
1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIMATIC Controller Web Servers Vulnerability: Uncaught Exception 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a...
Multiple Embedded TCP/IP Stacks
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Multiple open source Equipment: uIP-Contiki-OS, uIP-Contiki-NG, uIP, open-iscsi, picoTCP-NG, picoTCP, FNET, Nut/Net Vulnerabilities: Infinite Loop, Integer Wraparound, Out-of-bounds Read, Integer...
Siemens SICAM A8000 RTUs
1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SICAM A8000 Remote Terminal Unit Series Vulnerability: Protection Mechanism Failure 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to...
Siemens Products using TightVNC (Update A)
1. EXECUTIVE SUMMARY --------- Begin Update A Part 1 of 5 --------- This advisory was previously released with a set of Siemens products considered to be affected. Following further investigation by the Siemens’ team, it was determined all products previously advised are not affected by any...
Mitsubishi Electric GOT and Tension Controller (Update B)
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Mitsubishi Electric Corporation Equipment: GOT and Tension Controller Vulnerability: Out-of-bounds Read 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled...
Siemens XHQ Operations Intelligence
1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: XHQ Operations Intelligence Vulnerabilities: Exposure of Sensitive Information to an Unauthorized Actor, Cross-site Scripting, Basic XSS, SQL Injection, Relative Path Traversal,...
National Instruments CompactRIO
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: National Instruments Corp. NI Equipment: CompactRIO Vulnerability: Incorrect Permission Assignment for Critical Resource 2. RISK EVALUATION Successful exploitation of this vulnerability could allow...
Advanced Persistent Threat Actors Targeting U.S. Think Tanks
Summary This Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge ATT &CK® framework. See the ATT&CK for Enterprise for all referenced threat actor tactics and techniques. The Cybersecurity and Infrastructure Security Agency CISA and the Federal Bureau of Investigation FB...
Russian State-Sponsored Advanced Persistent Threat Actor Compromises U.S. Government Targets
Summary This joint cybersecurity advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge ATT &CK® framework. See the ATT&CK for Enterprise framework for all referenced threat actor tactics and techniques This joint cybersecurity advisory—written by the Federal Bureau of...
Schneider Electric EcoStruxure Operator Terminal Expert runtime (Vijeo XD)
1. EXECUTIVE SUMMARY CVSS v3 7.4 Vendor: Schneider Electric Equipment: EcoStruxure Operator Terminal Expert Vulnerability: Improper Privilege Management 2. RISK EVALUATION Successful exploitation of this vulnerability may allow unauthorized command execution by a local user of the Windows...
Fuji Electric V-Server Lite
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: Fuji Electric Equipment: V-Server Lite Vulnerability: Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of this vulnerability could allow for remote code execution on the device. 3. TECHNICAL DETAILS 3.1...
Rockwell Automation FactoryTalk Linx
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/Low skill level to exploit Vendor: Rockwell Automation Equipment: FactoryTalk Linx Vulnerabilities: Improper Input Validation, Heap-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of these vulnerabilities could...
Mitsubishi Electric MELSEC iQ-R Series (Update D)
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION : Exploitable remotely/low attack complexity Vendor : Mitsubishi Electric Equipment : MELSEC iQ-R Series Vulnerability : Uncontrolled Resource Consumption 2. RISK EVALUATION Successful exploitation of this vulnerability could cause a...
Mitsubishi Electric MELSEC iQ-R Series (Update C)
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: MELSEC iQ-R series Vulnerability: Uncontrolled Resource Consumption 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled ICSA-20-324-05...
Johnson Controls Sensormatic Electronics American Dynamics victor Web Client
1. EXECUTIVE SUMMARY CVSS v3 7.1 ATTENTION: Exploitable remotely Vendor: Sensormatic Electronics, LLC; a subsidiary of Johnson Controls Equipment: American Dynamics victor Web Client, Software House C•CURE Web Client Vulnerability: Improper Authorization 2. RISK EVALUATION Successful exploitation...
Paradox IP150 (Update A)
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Paradox Equipment: IP150 Vulnerabilities: Stack-based Buffer Overflow, Classic Buffer Overflow 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled...