4255 matches found
Siemens SIMATIC, SINAMICS (Update C)
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Siemens Equipment: SIMATIC, SINAMICS Vulnerabilities: Uncontrolled Search Path Element, Heap-based Buffer Overflow 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled ICSA-20-161-05...
Mitsubishi Electric MELSEC iQ-R Series (Update C)
1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Mitsubishi Electric Equipment: MELSEC iQ-R Series Vulnerability: Resource Exhaustion 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled ICSA-20-161-02 Mitsubishi...
Advantech WebAccess Node
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Advantech Equipment: WebAccess Node Vulnerability: Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could crash the application being accessed; a buffer...
ABB System 800xA Base
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: ABB Equipment: System 800xA Base Vulnerability: Incorrect Permission Assignment for Critical Resource 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to escalate privileges and...
ABB Central Licensing System
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: ABB Equipment: Central Licensing System CLS Vulnerabilities: Information Exposure; Improper Restriction of XML External Entity Reference; Uncontrolled Resource Consumption; Permissions, Privilege,...
SWARCO CPU LS4000
1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: SWARCO TRAFFIC SYSTEMS Equipment: CPU LS4000 Vulnerability: Improper Access Control 2. RISK EVALUATION Successful exploitation of this vulnerability could allow access to the device and disturb...
GE Grid Solutions Reason RT Clocks
1. EXECUTIVE SUMMARY CVSS v3 9.6 ATTENTION: Low skill level to exploit/exploitable remotely Vendor: GE Equipment: Grid Solutions Reason RT Clocks Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability could allow access to...
ABB System 800xA
1. EXECUTIVE SUMMARY CVSS v3 7.3 ATTENTION: Low skill level to exploit Vendor: ABB Equipment: System 800xA Vulnerabilities: Incorrect Default Permissions 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to escalate privileges, cause system functions to...
ABB Multiple System 800xA Products
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: ABB Equipment: System 800xA Vulnerabilities: Incorrect Default Permissions 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to make the system node inaccessible or tamper with...
Johnson Controls Kantech EntraPass
1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: low skill level to exploit Vendor: Kantech, a subsidiary of Johnson Controls Equipment: EntraPass Vulnerability: Improper Access Control 2. RISK EVALUATION Successful exploitation of this vulnerability could potentially allow an authorized...
Inductive Automation Ignition (Update B)
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Inductive Automation Equipment: Ignition Vulnerabilities: Missing Authentication for Critical Function, Deserialization of Untrusted Data 2. UPDATE INFORMATION This updated advisory is a follow-up...
Critical Vulnerability in Citrix Application Delivery Controller, Gateway, and SD-WAN WANOP
Summary Note: As of January 24, 2020, Citrix has released all expected updates in response to CVE-2019-19781.1 On January 19, 2020, Citrix released firmware updates for Citrix Application Delivery Controller ADC and Citrix Gateway versions 11.1 and 12.0. On January 22, 2020, Citrix released...
Detecting Citrix CVE-2019-19781
Summary Unknown cyber network exploitation CNE actors have successfully compromised numerous organizations that employed vulnerable Citrix devices through a critical vulnerability known as CVE-2019-19781.1 Though mitigations were released on the same day Citrix announced CVE-2019-19781,...
Johnson Controls Software House C-CURE 9000 and American Dynamics victor VMS
1. EXECUTIVE SUMMARY CVSS v3 9.9 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Sensormatic Electronics, LLC, a subsidiary of Johnson Controls Equipment: Software House C•CURE 9000 and American Dynamics victor Video Management System Vulnerability: Cleartext Storage of...
Schneider Electric EcoStruxure Operator Terminal Expert
1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION: Low skill level to exploit/public exploits are available Vendor: Schneider Electric Equipment: EcoStruxure Operator Terminal Expert Vulnerabilities: SQL Injection, Path Traversal, Argument Injection 2. RISK EVALUATION Successful exploitation of these...
Rockwell Automation EDS Subsystem
1. EXECUTIVE SUMMARY CVSS v3 8.2 ATTENTION: Exploitable from adjacent network/low skill level to exploit Vendor: Rockwell Automation Equipment: EDS Subsystem Vulnerabilities: Improper Restriction of Operations within the Bounds of a Memory Buffer, SQL Injection 2. RISK EVALUATION Successful...
Emerson OpenEnterprise
1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Emerson Equipment: OpenEnterprise SCADA Software Vulnerabilities: Missing Authentication for Critical Function, Improper Ownership Management, Inadequate Encryption Strength 2. RISK EVALUATION...
Opto 22 SoftPAC Project
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Opto 22 Equipment: SoftPAC Project Vulnerabilities: External Control of File Name or Path, Improper Verification of Cryptographic Signature, Improper Access Control, Uncontrolled Search Path...
Emerson WirelessHART Gateway
1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Emerson Equipment: Emerson WirelessHART Gateways 1410, 1420 and 1552WU Vulnerability: Improper Access Control 2. RISK EVALUATION Successful exploitation of this vulnerability could disable the...
Top 10 Routinely Exploited Vulnerabilities
Summary The Cybersecurity and Infrastructure Security Agency CISA, the Federal Bureau of Investigation FBI, and the broader U.S. Government are providing this technical guidance to advise IT security professionals at public and private sector organizations to place an increased priority on patchi...
Eaton Intelligent Power Manager
1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Eaton Equipment: Intelligent Power Manager Vulnerabilities: Improper Input Validation, Incorrect Privilege Assignment 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow...
OSIsoft PI System (Update A)
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: OSIsoft Equipment: PI System Vulnerabilities: Uncontrolled Search Path Element, Improper Verification of Cryptographic Signature, Incorrect Default Permissions, Uncaught Exception, Null Pointer...
Advantech WebAccess Node
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Advantech Equipment: WebAccess Node Vulnerabilities: Improper Validation of Array Index, Relative Path Traversal, SQL Injection, Stack-based Buffer Overflow, Heap-based Buffer Overflow,...
SAE IT-systems FW-50 Remote Telemetry Unit (RTU)
1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: SAE IT-systems Equipment: FW-50 Remote Telemetry Unit RTU Vulnerabilities: Cross-site Scripting, Path Traversal 2. RISK EVALUATION Successful exploitation of these vulnerabilities may allow an...
Fazecast jSerialComm
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: Fazecast Equipment: jSerialComm Vulnerability: Uncontrolled Search Path Element 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated attacker to execute arbitrary code on a...
Fazecast jSerialComm
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: Fazecast Equipment: jSerialComm Vulnerability: Uncontrolled Search Path Element 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated attacker to execute arbitrary code on a...
SAE IT-systems FW-50 Remote Telemetry Unit (RTU)
1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: SAE IT-systems Equipment: FW-50 Remote Telemetry Unit RTU Vulnerabilities: Cross-site Scripting, Path Traversal 2. RISK EVALUATION Successful exploitation of these vulnerabilities may allow an...
Microsoft Office 365 Security Recommendations
Summary As organizations adapt or change their enterprise collaboration capabilities to meet “telework” requirements, many organizations are migrating to Microsoft Office 365 O365 and other cloud collaboration services. Due to the speed of these deployments, organizations may not be fully...
LCDS LAquis SCADA
1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Low skill level to exploit Vendor: LCDS - Leão Consultoria e Desenvolvimento de Sistemas Ltda ME Equipment: LAquis SCADA Vulnerabilities: Exposure of Sensitive Information to an Unauthorized Actor, Improper Input Validation 2. RISK EVALUATION Successful...
Inductive Automation Ignition
1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Inductive Automation Equipment: Ignition 8 Gateway Vulnerability: Improper Access Control 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to write endless...
Continued Exploitation of Pulse Secure VPN Vulnerability
Summary Unpatched Pulse Secure VPN servers continue to be an attractive target for malicious actors. Affected organizations that have not applied the software patch to fix an arbitrary file reading vulnerability, known as CVE-2019-11510, can become compromised in an attack. 1 Although Pulse Secur...
Enterprise VPN Security
Summary As organizations prepare for possible impacts of Coronavirus Disease 2019 COVID-19, many may consider alternate workplace options for their employees. Remote work options—or telework—require an enterprise virtual private network VPN solution to connect employees to an organization’s...
Siemens KTK, SIDOOR, SIMATIC, and SINAMICS (Update D)
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
Siemens SCALANCE and SIMATIC (Update H)
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SCALANCE, SIMATIC Vulnerability: Resource Exhaustion 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled ICSA-20-105-07 Siemens SCALANCE & SIMATIC...
Eaton HMiSoft VU3
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: Eaton Equipment: HMiSoft VU3 HMIVU3 runtime not impacted Vulnerabilities: Stack-based Buffer Overflow, Out-of-bounds Read 2. RISK EVALUATION Successful exploitation of these vulnerabilities could crash the device being...
Siemens TIM 3V-IE and 4R-IE Family Devices
1. EXECUTIVE SUMMARY CVSS v3 9.0 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: TIM 3V-IE and 4R-IE Family Devices Vulnerability: Active Debug Code 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated attacker with network access to gain full...
Triangle MicroWorks DNP3 Outstation Libraries
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Triangle MicroWorks Equipment: DNP3 Outstation Libraries Vulnerability: Stacked-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could possibly allow remote...
Siemens RUGGEDCOM, SCALANCE, SIMATIC, SINEMA (Update B)
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment : RUGGEDCOM, SCALANCE, SIMATIC, SINEMA Vulnerabilities: Uncontrolled Resource Consumption, Improper Input Validation 2. UPDATE INFORMATION This updated advisory is a follow-up to...
Siemens Climatix (Update A)
1. EXECUTIVE SUMMARY CVSS v3 6.1 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: Climatix Vulnerability: Cross-site Scripting, Basic XSS 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-20-105-04 Siemens Climatix...
Triangle MicroWorks SCADA Data Gateway
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION : Exploitable remotely/low skill level to exploit Vendor : Triangle MicroWorks Equipment : SCADA Data Gateway Vulnerabilities : Stacked-based Buffer Overflow, Out-of-Bounds Read, Type Confusion 2. RISK EVALUATION These vulnerabilities allow remote...
Siemens SIMOTICS, Desigo, APOGEE, and TALON
1. EXECUTIVE SUMMARY CVSS v3 7.1 ATTENTION: Exploitable from an adjacent network/low skill level to exploit Vendor: Siemens Equipment: SIMOTICS, Desigo, APOGEE, and TALON Vulnerability: Business Logic Errors 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled...
Rockwell Automation RSLinx Classic
1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Low skill level to exploit Vendor: Rockwell Automation Equipment: RSLinx Classic Vulnerability: Incorrect Permission Assignment for Critical Resource 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a local authenticated...
COVID-19 Exploited by Malicious Cyber Actors
Summary This is a joint alert from the United States Department of Homeland Security DHS Cybersecurity and Infrastructure Security Agency CISA and the United Kingdom’s National Cyber Security Centre NCSC. This alert provides information on exploitation by cybercriminal and advanced persistent...
ICSA-20-098-05_KUKA.Sim Pro
1. EXECUTIVE SUMMARY CVSS v3 4.3 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: KUKA Equipment: Sim Pro Vulnerability: Improper Enforcement of Message Integrity During Transmission in a Communication Channel 2. RISK EVALUATION Successful exploitation of this vulnerability...
Fuji Electric V-Server Lite
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Fuji Electric Equipment: V-Server Lite Vulnerability: Heap-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote attacker to gain elevated...
HMS Networks eWON Flexy and Cosy
1. EXECUTIVE SUMMARY CVSS v3 6.1 ATTENTION: Exploitable remotely Vendor: HMS Networks Equipment: eWON Flexy and Cosy Vulnerability: Cross-site Scripting 2. RISK EVALUATION Successful exploitation of this vulnerability could initiate a password change. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS...
Advantech WebAccess/NMS
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Advantech Equipment: WebAccess/NMS Vulnerabilities: Unrestricted Upload of File with Dangerous Type, SQL Injection, Relative Path Traversal, Missing Authentication for Critical Function, Improper...
GE Digital CIMPLICITY
1. EXECUTIVE SUMMARY CVSS v3 6.0 ATTENTION: Low skill level to exploit Vendor: GE Digital Equipment: CIMPLICITY Vulnerability: Improper Privilege Management 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an adversary to modify the systemwide CIMPLICITY configuration,...
B&R Automation Studio
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: B&R Automation Equipment: Automation Studio Vulnerabilities: Improper Privilege Management, Missing Required Cryptographic Step, Path Traversal 2. RISK EVALUATION Successful exploitation of these...
Hirschmann Automation and Control HiOS and HiSecOS Products
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Hirschmann Automation and Control GmbH, a division of Belden Inc. Equipment: HiOS, HiSecOS Vulnerability: Classic Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability...