4255 matches found
ICSA-20-035-01_AutomationDirect C-More Touch Panels
1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: AutomationDirect Equipment: C-More Touch Panels EA9 Series Vulnerability: Insufficiently Protected Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability may allow an...
GE CARESCAPE, ApexPro, and Clinical Information Center systems
1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: GE Equipment: CARESCAPE Telemetry Server, ApexPro Telemetry Server, CARESCAPE Central Station CSCS and Clinical Information Center CIC systems, CARESCAPE B450, B650, B850 Monitors Vulnerabilities:...
ICSA-20-021-01_Honeywell Maxpro VMS & NVR
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Honeywell Equipment: MAXPRO VMS & NVR Vulnerabilities : Deserialization of Untrusted Data, SQL Injection 2. RISK EVALUATION Successful exploitation of these vulnerabilities could result in...
Siemens TIA Portal (Update F)
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: Siemens Equipment: TIA Portal Vulnerability: Path Traversal 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled ICSA-20-014-05 Siemens TIA Portal Update E that was published June...
Schneider Electric Modicon Controllers (Update A)
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Schneider Electric Equipment: Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium Vulnerability: Improper Check for Unusual or Exceptional Conditions 2. UPDATE INFORMATION This updated...
Critical Vulnerabilities in Microsoft Windows Operating Systems
Summary New vulnerabilities are continually emerging, but the best defense against attackers exploiting patched vulnerabilities is simple: keep software up to date. Timely patching is one of the most efficient and cost-effective steps an organization can take to minimize its exposure to...
Siemens SCALANCE X Switches (Update B)
1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SCALANCE X Switches Vulnerability: Missing Authentication for Critical Function 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled...
Siemens SINEMA Server
1. EXECUTIVE SUMMARY CVSS v3 9.9 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SINEMA Server Vulnerability: Incorrect Privilege Assignment 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker with a valid session, with...
GE PACSystems RX3i
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: GE/Emerson Equipment: PACSystems RX3i Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could cause the system to change to halt-mode,...
OSIsoft PI Vision
1. EXECUTIVE SUMMARY CVSS v3 7.1 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: OSIsoft LLC Equipment: PI Vision Vulnerabilities: Improper Access Control, Cross-site Request Forgery CSRF, Cross-site Scripting, Inclusion of Sensitive Information in Log Files 2. RISK EVALUATION...
Siemens SINAMICS PERFECT HARMONY GH180
1. EXECUTIVE SUMMARY CVSS v3 6.8 ATTENTION: Low skill level to exploit Vendor: Siemens Equipment: SINAMICS PERFECT HARMONY GH180 Vulnerability: Protection Mechanism Failure 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthorized attacker with physical access...
Philips Veradius Unity, Pulsera, and Endura Dual WAN Routers
1. EXECUTIVE SUMMARY CVSS v3 5.3 Vendor: Philips Equipment: Veradius Unity, Pulsera, and Endura Dual WAN Router Vulnerability: Inadequate Encryption Strength 2. RISK EVALUATION Successful exploitation of this vulnerability could compromise the management interface of the front end router...
WECON PLC Editor
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: WECON Equipment: PLC Editor Vulnerability: Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation could allow an attacker to execute code under the privileges of the application. 3. TECHNICAL DETAILS...
Equinox Control Expert
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Equinox Equipment: Control Expert Vulnerability: Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' 2. RISK EVALUATION Successful exploitation of this vulnerability...
Reliable Controls MACH-ProWebCom/Sys
1. EXECUTIVE SUMMARY CVSS v3 8.2 ATTENTION: Exploitable remotely Vendor: Reliable Controls Equipment: MACH-ProWebCom/Sys Vulnerability: Cross-site Scripting 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute commands on behalf of the affected user...
Moxa EDS Ethernet Switches
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Moxa Equipment: EDS-G508E, EDS-G512E, and EDS-G516E Series Ethernet Switches Vulnerability: Uncontrolled Resource Consumption 2. RISK EVALUATION Successful exploitation of this vulnerability could...
GE S2020/S2020G Fast Switch 61850
1. EXECUTIVE SUMMARY CVSS v3 4.6 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: GE Equipment: GE S2020/S2020G Fast Switch 61850 Vulnerability: Cross-site Scripting 2. RISK EVALUATION Successful exploitation of this vulnerability may allow an attacker to inject arbitrary code...
Advantech DiagAnywhere Server
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Advantech Equipment: DiagAnywhere Server Vulnerability: Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability may allow remote code execution. 3. TECHNICAL...
Omron PLC CJ, CS and NJ Series
1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION : Exploitable remotely/low skill level to exploit Vendor : Omron Equipment : PLC CJ, CS and NJ Series Vulnerability : Improper Restriction of Excessive Authentication Attempts 2. RISK EVALUATION Successful exploitation of this vulnerability could allow...
Omron PLC CJ and CS Series
1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION : Exploitable remotely/low skill level to exploit Vendor : Omron Equipment : PLC CJ and CS Series Vulnerabilities : Authentication Bypass by Spoofing, Authentication Bypass by Capture-replay, Unrestricted Externally Accessible Lock 2. UPDATE This updated...
Siemens SIMATIC CP 343-1/CP 443-1 Modules and SIMATIC S7-300/S7-400 CPUs Vulnerabilities (Update B)
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please seeSiemens' ProductCERT Security Advisories CERT Services | Services |...
Siemens SCALANCE Privilege Escalation Vulnerabilities (Update A)
1. EXECUTIVE SUMMARY CVSS v3 7.6 ATTENTION: Exploitable remotely; low skill level to exploit Vendor: Siemens Equipment: SCALANCE X-200 switch family and SCALANCE X-200IRT switch family Vulnerabilities: Privilege Escalation, Improper Authentication 2. UPDATE INFORMATION This updated advisory is a...
Siemens SIMATIC Products (Update C)
1. EXECUTIVE SUMMARY CVSS v3 3.7 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: SIMATIC CP 1626; HMI Panel incl. SIPLUS variants; NET PC software; STEP 7 TIA Portal; WinCC TIA Portal; WinCC OA; WinCC Runtime Pro and Advanced; TIM 1531 IRC incl. SIPLUS variant Vulnerability: Exposed...
Siemens XHQ Operations Intelligence
1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: XHQ Operations Intelligence Vulnerabilities: Cross-site Request Forgery, Improper Neutralization of Script-Related HTML Tags in a Web Page, Improper Input Validation 2. RISK...
Siemens RUGGEDCOM ROS (Update A)
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please seeSiemens' ProductCERT Security Advisories CERT Services | Services |...
Siemens SIMATIC S7-1200 and S7-1500 CPU Families (Update B)
1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIMATIC S7-1200 and S7-1500 CPU families Vulnerabilities: Use of a Broken or Risky Cryptographic Algorithm, Missing Support for Integrity Check 2. UPDATE INFORMATION This updated...
Siemens EN100 Ethernet Module (Update A)
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: EN100 Ethernet Module Vulnerabilities: Improper Restriction of Operations within the Bounds of a Memory Buffer, Cross-site Scripting, Relative Path Traversal 2. UPDATE...
Siemens SCALANCE W700 and W1700
1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Low skill level to exploit Vendor: Siemens Equipment: SCALANCE W700 and W1700 Vulnerability: Improper Enforcement of Message Integrity During Transmission in a Communication Channel 2. RISK EVALUATION Successful exploitation of this vulnerability could...
Siemens and PKE SiNVR, SiVMS Video Server (Update A)
1. EXECUTIVE SUMMARY --------- Begin Update A Part 1 of 6 --------- CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendors: Siemens and PKE Equipment: SiNVR, SiVMS Video Servers Vulnerabilities: Missing Authentication for Critical Function, Weak Cryptography for Passwords...
Siemens SPPA-T3000 (Update A)
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SPPA-T3000 Vulnerabilities: Improper Input Validation, Deserialization of Untrusted Data, Improper Authentication, Cleartext Transmission of Sensitive Information, Unrestricted...
Thales DIS SafeNet Sentinel LDK License Manager Runtime
1. EXECUTIVE SUMMARY CVSS v3 7.3 ATTENTION: Low skill level to exploit Vendor: Thales DIS Equipment: SafeNet Sentinel LDK License Manager Runtime Vulnerability: Link Following 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a local attacker to escalate privileges. 3...
Weidmueller Industrial Ethernet Switches
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Weidmueller Equipment: Industrial Ethernet Switches Vulnerabilities: Improper Restriction of Excessive Authentication Attempts, Uncontrolled Resource Consumption, Missing Encryption of Sensitive...
Reliable Controls LicenseManager
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: Reliable Controls Equipment: LicenseManager Vulnerability: Unquoted Search Path or Element 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to crash the system, view sensitive...
Moxa AWK-3121
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit/public exploits available Vendor: Moxa Equipment: AWK-3121 Vulnerabilities: Cleartext Transmission of Sensitive Information, Improper Access Control, Sensitive Cookie without ‘HTTPONLY’ Flag, Improper...
ABB Relion 670 Series
1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: ABB Equipment: Relion 670 Series Vulnerability: Path Traversal 2. RISK EVALUATION Successful exploitation of this vulnerability may allow an attacker to read and delete files on the device. 3...
ABB Relion 650 and 670 Series
1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: ABB Equipment: Relion 650 and 670 Series Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability may allow an attacker to reboot the device,...
Flexera FlexNet Publisher
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Flexera Equipment: FlexNet Publisher Vulnerabilities: Improper Input Validation, Memory Corruption 2. RISK EVALUATION These vulnerabilities could allow an attacker to deny the acquisition of a...
Philips IntelliBridge EC40/80 (Update A)
1. EXECUTIVE SUMMARY CVSS v3 6.3 ATTENTION: Low skill level to exploit Vendor: Philips Equipment: IntelliBridge EC40 and EC80 Vulnerability: Inadequate Encryption Strength 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSMA-19-318-01 Philips...
ABB Power Generation Information Manager (PGIM) and Plant Connect
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: ABB Equipment: Power Generation Information Manager PGIM and Plant Connect Vulnerability: Authentication Bypass Using an Alternate Path or Channel 2. RISK EVALUATION Successful exploitation of this...
Omron CX-Supervisor (Update A)
1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Omron Equipment: CX-Supervisor Vulnerability: Use of Obsolete Function 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-19-318-04 Omron CX-Supervisor...
Siemens Desigo PX Devices
1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION : Exploitable remotely/low skill level to exploit Vendor : Siemens Equipment : Desigo PX Devices Vulnerability : External Control of Assumed-Immutable Web Parameter 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker...
Siemens S7-1200 and S7-200 SMART CPUs (Update B)
1. EXECUTIVE SUMMARY CVSS v3 6.8 ATTENTION : Low skill level to exploit Vendor : Siemens Equipment: S7-1200 CPU family including SIPLUS variants; S7-200 SMART CPU family Vulnerability : Exposed Dangerous Method or Function 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory...
Siemens Mentor Nucleus Networking Module
1. EXECUTIVE SUMMARY CVSS v3 7.1 ATTENTION: Low skill level to exploit Vendor: Siemens Equipment: Mentor Nucleus Networking Module Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to affect the integrity and...
Mitsubishi Electric MELSEC-Q Series and MELSEC-L Series CPU Modules
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Mitsubishi Electric Equipment: MELSEC-Q Series and MELSEC-L Series CPU Modules Vulnerability: Uncontrolled Resource Consumption 2. RISK EVALUATION Successful exploitation of this vulnerability may...
Medtronic Valleylab FT10 and LS10
1. EXECUTIVE SUMMARY CVSS v3 4.8 ATTENTION: Low skill level to exploit Vendor: Medtronic Equipment: Valleylab FT10, Valleylab LS10 Vulnerabilities: Improper Authentication, Protection Mechanism Failure 2. RISK EVALUATION Successful exploitation of these vulnerabilities may allow an attacker to...
Medtronic Valleylab FT10 and FX8
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Medtronic Equipment: Valleylab FT10, Valleylab FX8 Vulnerabilities: Use of Hard-coded Credentials, Reversible One-way Hash, Improper Input Validation 2. RISK EVALUATION Successful exploitation of...
Fuji Electric V-Server
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: Fuji Electric Equipment: V-Server Vulnerability: Heap-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could crash the device being accessed; several heap-based buffer overflows...
Omron CX-Supervisor
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Omron Equipment: CX-Supervisor Vulnerability: Use of Obsolete Function 2. RISK EVALUATION Successful exploitation of this vulnerability could result in information disclosure, total compromise of...
Honeywell equIP and Performance Series IP Cameras
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Honeywell Equipment: equIP series and Performance series IP cameras Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability...
Honeywell equIP and Performance Series IP Cameras and Recorders
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely Vendor: Honeywell Equipment: equIP series and Performance series IP cameras and recorders Vulnerability: Authentication Bypass by Capture-Replay 2. RISK EVALUATION Successful exploitation of this vulnerability could result in...