Varex Imaging Panoramic Dental Imaging Software

RISK EVALUATION Successful exploitation of this vulnerability could allow a standard user to obtain NT Authority/SYSTEM privileges. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network...

Johnson Controls iSTAR Ultra

RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to modify firmware and gain full access to the device. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as: Minimize...

Grassroots DICOM (GDCM)

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to craft a malicious DICOM file and, if opened, could crash the application resulting in a denial-of-service condition. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the...

AzeoTech DAQFactory (Update A)

RISK EVALUATION Successful exploitation of these vulnerabilities requires an attacker to upload a malicious .ctl file. This could lead to information disclosure or arbitrary code execution. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of...

Johnson Controls iSTAR

RISK EVALUATION Successful exploitation of these vulnerabilities could result in unauthorized access to the device. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as: Minimize network exposure for all...

Windscribe for Linux 'changeMTU' local privilege escalation

RISK EVALUATION A command injection vulnerability exists in Windscribe for Linux Desktop App that allows a local user who is a member of the windscribe group to execute arbitrary commands as root via the 'adapterName' parameter of the 'changeMTU' function. Fixed in Windscribe v2.18.3-alpha and...

Schneider Electric EcoStruxure Foxboro DCS (Update A)

GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install physical controls so no unauthorized personnel can access...

Schneider Electric EcoStruxure Foxboro DCS Advisor

GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install physical controls so no unauthorized personnel can access...

Universal Boot Loader (U-Boot) (Update A)

RISK EVALUATION Successful exploitation of this vulnerability could result in arbitrary code execution. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network exposure for all control system...

Multiple India-based CCTV Cameras (Update A)**

RISK EVALUATION Successful exploitation of this vulnerability could result in information disclosure including capture of camera account credentials. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:...

Siemens COMOS

SUMMARY COMOS is affected by multiple vulnerabilities that could allow an attacker to execute arbitrary code or cause denial of service condition, data infiltration or perform access control violations. Siemens has released new versions for several affected products and recommends to update to...

Siemens RUGGEDCOM ROX II

SUMMARY Devices based on RUGGEDCOM ROX before V2.17 contain multiple high severity vulnerabilities. Siemens has released a new version for RUGGEDCOM ROX II family and recommends to update to the latest version. 2. GENERAL RECOMMENDATIONS As a general security measure, Siemens strongly recommends...

Siemens Gridscale X Prepay

SUMMARY Gridscale X Prepay contains multiple vulnerabilities that could allow an attacker to enumerate valid user names and to bypass locked-out user sessions. Siemens has released a new version for Gridscale X Prepay and recommends to update to the latest version. 2. GENERAL RECOMMENDATIONS...

Siemens SINEC Security Monitor

SUMMARY SINEC Security Monitor before V4.10.0 contains multiple vulnerabilities. Siemens has released a new version for SINEC Security Monitor and recommends to update to the latest version. 2. GENERAL RECOMMENDATIONS As a general security measure, Siemens strongly recommends to protect network...

Siemens Interniche IP-Stack

SUMMARY Multiple Industrial products are affected by a vulnerability in the Interniche IP-Stack. The affected products do not properly enforce TCP sequence number validation in specific scenarios but accept values within a broad range. This could allow an unauthenticated remote attacker e.g. to...

Siemens Advanced Licensing (SALT) Toolkit

SUMMARY Multiple Siemens products are affected by improper certificate validation in Siemens Advanced Licensing SALT Toolkit. This could allow an unauthenticated remote attacker to perform man in the middle attacks. Siemens has released new versions for several affected products and recommends...

Siemens IAM Client

SUMMARY Multiple Siemens products are affected by improper certificate validation in IAM Client. This could allow an unauthenticated remote attacker to perform man in the middle attacks. Siemens is preparing fix versions and recommends countermeasures for products where fixes are not, or not yet...

Siemens SIMATIC CN 4100

SUMMARY SIMATIC CN 4100 contains multiple vulnerabilities which could potentially lead to a compromise in availability, integrity and confidentiality. Siemens has released a new version for SIMATIC CN 4100 and recommends to update to the latest version. 2. GENERAL RECOMMENDATIONS As a general...

Siemens RUGGEDCOM ROS

SUMMARY Ruggedcom ROS devices contain a temporary denial of service vulnerability that could allow an attacker to crash and restart the device. Siemens has released new versions for the affected products and recommends to update to the latest versions. 2. GENERAL RECOMMENDATIONS As a general...

Hitachi Energy Asset Suite

SUMMARY Hitachi Energy is aware of a Jasper Report vulnerability that affects the Asset Suite product versions mentioned in this document below. This vulnerability can be exploited to carry out remote code execution RCE attack on the product. Please refer to the Recommended Immediate Actions for...

Siemens Energy Services

SUMMARY Energy Services from Siemens previously known as Managed Applications and Services, sell solutions using Elspec G5 devices that allows a person with physical access to the device to reset the Admin password by inserting a USB drive containing a publicly documented reset string into a USB...

Siemens Building X - Security Manager Edge Controller

SUMMARY Building X - Security Manager Edge Controller ACC-AP devices do not properly check the integrity of firmware updates. This could allow an attacker to upload a maliciously modified firmware onto the device. Siemens is preparing fix versions and recommends specific countermeasures for...

Siemens SINEMA Remote Connect Server

SUMMARY SINEMA Remote Connect Server Before V3.2 SP4 is affected by multiple vulnerabilities. Siemens has released a new version for SINEMA Remote Connect Server and recommends to update to the latest version. 2. GENERAL RECOMMENDATIONS As a general security measure, Siemens strongly recommends...

Johnson Controls OpenBlue Mobile Web Application for OpenBlue Workplace

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to gain unauthorized access to sensitive information. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network...

Mitsubishi Electric GX Works2

RISK EVALUATION Successful exploitation of this vulnerability could open project files protected by user authentication using disclosed credential information, and obtain or modify project information. 2. RECOMMENDED PRACTICES CISA reminds organizations to perform proper impact analysis and risk...

Sunbird DCIM dcTrack and Power IQ

RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to gain unauthorized access or steal credentials. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as: Minimize...

Advantech iView

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to disclose sensitive information, modify, or delete data. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize...

Johnson Controls iSTAR

RISK EVALUATION Successful exploitation of this vulnerability could result in the product failing to re-establish communication once the certificate expires. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such...

MAXHUB Pivot

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to request a password reset and gain unauthorized access to the account. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such...

SolisCloud Monitoring Platform

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to access sensitive information by manipulating API requests. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize...

Iskra iHUB and iHUB Lite

RISK EVALUATION Successful exploitation of this vulnerability could allow a remote attacker to reconfigure devices, update firmware, and manipulate connected systems without any credentials. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of...

Mirion Medical EC2 Software NMIS BioDose

RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to modify program executables, gain access to sensitive information, gain unauthorized access to the application, and execute arbitrary code. 2. RECOMMENDED PRACTICES CISA recommends users take defensive...

Industrial Video & Control Longwatch

RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated attacker to gain remote code execution with elevated privileges. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such...

ABB Ability Camera Connect

SUMMARY ABB is aware of public reports of vulnerabilities in a 3rd party component VLC media player Version 2.2.4 which was delivered together with the installation package of Camera Connect Version 1.5.0.14 and below. An update is available that resolves a privately reported outdated 3rd party...

SiRcom SMART Alert (SiSA)

RISK EVALUATION Successful exploitation of this vulnerability could enable an attacker to remotely activate or manipulate emergency sirens. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network...

Zenitel TCIV-3+

RISK EVALUATION Successful exploitation of these vulnerabilities could result in arbitrary code execution or cause a denial-of-service condition. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:...

Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, Cobalt Share (Update A)

RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to disclose information or execute arbitrary code. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as: Minimize...

Festo Compact Vision System, Control Block, Controller, and Operator Unit products

RISK EVALUATION Successful exploitation of these vulnerabilities could result in an attacker accessing devices without authentication or modifying configuration files. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these...

Rockwell Automation Arena Simulation

RISK EVALUATION Successful exploitation of this vulnerability could allow local attackers to execute arbitrary code on affected installations of Arena. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:...

Opto 22 groov View

RISK EVALUATION Successful exploitation of this vulnerability could result in credential exposure, key exposure, and privilege escalation. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network...

Emerson Appleton UPSMON-PRO

RISK EVALUATION Successful exploitation of this vulnerability could allow remote attackers to execute arbitrary code on affected installations of Appleton UPSMON-PRO. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this...

Automated Logic WebCTRL Premium Server

RISK EVALUATION Successful exploitation of these vulnerabilities could allow a remote attacker to deceive a legitimate user into running malicious scripts or redirecting them to malicious websites. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of...

ICAM365 CCTV Camera Multiple Models

RISK EVALUATION Successful exploitation of these vulnerabilities could result in unauthorized exposure of camera video streams and camera configuration data. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such...

Opto 22 GRV-EPIC and groov RIO

RISK EVALUATION Successful exploitation of this vulnerability could result in the execution of arbitrary shell commands with root privileges. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize...

ABB Edgenius Management Portal

SUMMARY ABB identified a critical vulnerability present in ABB Ability Edgenius starting from version 3.2.0.0. We have not received any reports of this vulnerability being exploited. An unauthenticated attacker could exploit this vulnerability to: → install and run arbitrary code, → uninstall...

METZ CONNECT EWIO2

SUMMARY A critical authentication bypass in EWIO-2 allows unauthenticated attackers with network access to gain administrative control over the device. Once compromised, an attacker can change configurations, manipulate data, disrupt services, and potentially render the device non-functional. 2...

Shelly Pro 4PM

RISK EVALUATION Successful exploitation of this vulnerability could result in a denial-of-service condition. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network exposure for all control...

Shelly Pro 3EM

RISK EVALUATION Successful exploitation of this vulnerability could result in a denial-of-service condition. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network exposure for all control...

Siemens Spectrum Power 4

RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to remotely execute code as application administrator or locally execute code as operating system administrator. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of...

General Industrial Controls Lynx+ Gateway

RISK EVALUATION Successful exploitation of these vulnerabilities could result in obtaining sensitive device information, unauthorized access, or create a denial-of-service condition. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of...