4255 matches found
ICSA-19-225-03_Siemens SCALANCE X Switches (Update D)
1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SCALANCE X switches Vulnerability: Insufficient Resource Pool 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled ICSA-19-225-03 Siemens SCALANCE...
Siemens SCALANCE Products (Update A)
1. EXECUTIVE SUMMARY CVSS v3 6.6 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SCALANCE Products Vulnerabilities: Improper Adherence to Coding Standards 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled...
Delta Industrial Automation DOPSoft
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Delta Electronics Equipment: Delta Industrial Automation DOPSoft Vulnerabilities: Out-of-bounds read, Use after free 2. RISK EVALUATION Successful exploitation of these vulnerabilities may allow...
3S-Smart Software Solutions GmbH CODESYS V3 (Update A)
1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Low skill level to exploit Vendor: 3S-Smart Software Solutions GmbH Equipment: CODESYS V3 Vulnerability: Insufficiently Protected Credentials 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-19-213-04...
LCDS LAquis SCADA LQS File Parsing
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: LCDS—Leão Consultoria e Desenvolvimento de Sistemas LTDA ME Equipment: LAquis SCADA Vulnerabilities: Out-of-bounds Read, Type Confusion 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an...
3S-Smart Software Solutions GmbH CODESYS V3
1. EXECUTIVE SUMMARY CVSS v3 9.0 ATTENTION : Exploitable remotely/low skill level to exploit Vendor : 3S-Smart Software Solutions GmbH Equipment : CODESYS V3 Vulnerabilities : Unverified Ownership, Uncontrolled Memory Allocation 2. RISK EVALUATION Successful exploitation of these vulnerabilities...
Fuji Electric FRENIC Loader
1. EXECUTIVE SUMMARY CVSS v3 4.4 ATTENTION: Low skill level to exploit Vendor: Fuji Electric Equipment: FRENIC Loader Vulnerability: Out-of-Bounds Read 2. RISK EVALUATION Successful exploitation of this vulnerability could allow information disclosure. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS...
Rockwell Automation Arena Simulation Software (Update B)
1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION: Low skill level to exploit Vendor: Rockwell Automation Equipment: Arena Simulation Software --------- Begin Update B Part 1 of 2 --------- Vulnerabilities: Use After Free, Information Exposure, Type Confusion, Insufficient UI Warning of Dangerous...
Advantech WebAccess HMI Designer
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION : Low skill level to exploit Vendor : Advantech Equipment : Advantech WebAccess HMI Designer Vulnerability : Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of this vulnerability may allow an attacker to remotely execute arbitrary code...
Wind River VxWorks (Update A)
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Wind River Equipment: VxWorks Vulnerabilities: Stack-based Buffer Overflow, Heap-based Buffer Overflow, Integer Underflow, Improper Restriction of Operations within the Bounds of a Memory Buffer,...
Prima Systems FlexAir
1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Prima Systems Equipment: FlexAir Vulnerabilities : OS Command Injection, Unrestricted Upload of File with Dangerous Type, Cross-site Request Forgery, Small Space of Random Values, Cross-site...
NREL EnergyPlus
1. EXECUTIVE SUMMARY CVSS v3 6.1 ATTENTION: Low skill level to exploit Vendor: National Renewable Energy Laboratory NREL Equipment: EnergyPlus Vulnerability: Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute arbitrary...
Mitsubishi Electric FR Configurator2
1. EXECUTIVE SUMMARY CVSS v3 7.1 ATTENTION: Low skill level to exploit Vendor: Mitsubishi Electric Equipment: Mitsubishi Electric FR Configurator2 Vulnerabilities: Improper Restriction of XML External Entity Reference, Uncontrolled Resource Consumption 2. RISK EVALUATION Successful exploitation...
Johnson Controls exacqVision Server
1. EXECUTIVE SUMMARY CVSS v3 6.7 Vendor : Exacq Technologies, Inc., a subsidiary of Johnson Controls Equipment : exacqVision Server Vulnerability : Unquoted Search Path or Element 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated user to elevate their...
Delta Industrial Automation CNCSoft ScreenEditor
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Delta Electronics Equipment: CNCSoft ScreenEditor Vulnerabilities: Heap-based Buffer Overflow, Out-of-Bounds Read 2. RISK EVALUATION Successful exploitation of these vulnerabilities could cause...
Schneider Electric Interactive Graphical SCADA System
1. EXECUTIVE SUMMARY CVSS v3 7.0 Vendor: Schneider Electric Equipment: Interactive Graphical SCADA System IGSS Vulnerability: Out-of-Bounds Write 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to achieve arbitrary code execution or crash the software. 3...
Schneider Electric Floating License Manager
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Schneider Electric Equipment: Floating License Manager Vulnerabilities: Improper Input Validation, Memory Corruption 2. RISK EVALUATION These vulnerabilities could allow an attacker to deny the...
AVEVA Vijeo Citect and Citect SCADA Floating License Manager
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION : Exploitable remotely/low skill level to exploit Vendor : AVEVA Equipment : Vijeo Citect and Citect SCADA Floating License Manager Vulnerabilities : Improper Input Validation, Memory Corruption 2. RISK EVALUATION These vulnerabilities could allow an...
Philips Holter 2010 Plus
1. EXECUTIVE SUMMARY CVSS v3 1.9 Vendor : Philips Equipment : Philips Holter 2010 Vulnerability : Use of Obsolete Function 2. RISK EVALUATION Successful exploitation of this vulnerability under certain conditions can lead to a product feature escalation. 3. TECHNICAL DETAILS 3.1 AFFECTED...
ICSA-19-192-03 Siemens TIA Administrator (TIA Portal)
1. EXECUTIVE SUMMARY CVSS v3 8.0 ATTENTION : Low skill level to exploit Vendor : Siemens Equipment : TIA Administrator TIA Portal Vulnerability : Improper Access Control 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an execution of some commands without proper...
ICSA-19-192-04 Siemens SIMATIC RF6XXR
1. EXECUTIVE SUMMARY CVSS v3 5.9 ATTENTION : Exploitable remotely/public exploits are available Vendor : Siemens Equipment : SIMATIC RF6XXR Vulnerabilities : Improper Input Validation, Cryptographic Issues 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow access to...
ICSA-19-190-04 Siemens Spectrum Power (Update A)
1. EXECUTIVE SUMMARY CVSS v3 4.7 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: Spectrum Power Vulnerability: Cross-site Scripting 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-19-190-04 Siemens Spectrum...
Schneider Electric Zelio Soft 2
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Schneider Electric Equipment: Zelio Soft 2 Vulnerability: Use After Free 2. RISK EVALUATION Successful exploitation of this vulnerability could allow remote code execution through the opening of a...
Siemens SIPROTEC 5 and DIGSI 5 (Update C)
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely; low skill level to exploit Vendor: Siemens Equipment: SIPROTEC 5 and DIGSI 5 Vulnerabilities: Improper Input Validation 2 UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-19-190-05 Siemen...
ICSA-19-192-02 Siemens SIMATIC WinCC and PCS7 (Update C)
1. EXECUTIVE SUMMARY CVSS v3 7.2 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIMATIC WinCC and SIMATIC PCS7 Vulnerability: Unrestricted Upload of File with Dangerous Type 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update...
Rockwell Automation PanelView 5510
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely Vendor: Rockwell Automation Equipment: PanelView 5510 Vulnerability: Improper Access Control 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote unauthenticated user to gain root privileges on the...
Emerson DeltaV Distributed Control System
1. EXECUTIVE SUMMARY CVSS v3 6.1 ATTENTION: Low skill level to exploit Vendor: Emerson Equipment: DeltaV Distributed Control System DCS Vulnerability: Use of Hard-coded Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to gain administrative...
GE Aestiva and Aespire Anesthesia (Update A)
1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: GE Equipment: Aestiva and Aespire Anesthesia Vulnerability: Improper Authentication 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSMA-19-190-01 GE...
Quest KACE Systems Management Appliance
1. EXECUTIVE SUMMARY CVSS v3 2.7 ATTENTION : Exploitable remotely/low skill level to exploit Vendor : Quest Equipment : KACE Systems Management Appliance SMA Vulnerability : Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an administrative...
Schneider Electric Modicon Controllers
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Schneider Electric Equipment: Modicon Controllers Vulnerability: Improper Check for Unusual or Exceptional Conditions 2. RISK EVALUATION Successful exploitation of this vulnerability could result...
ABB CP635 HMI
1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable from adjacent network/low skill level to exploit Vendor: ABB Equipment: CP635 HMI Vulnerability: Use of Hard-coded Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to prevent legitimate...
Advantech WebAccess/SCADA
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Advantech Equipment: WebAccess/SCADA Vulnerabilities: Path Traversal, Stack-based Buffer Overflow, Heap-based Buffer Overflow, Out-of-bounds Read, Out-of-bounds Write, Untrusted Pointer Dereference...
ABB PB610 Panel Builder 600
1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Low skill level to exploit Vendor: ABB Equipment: PB610 Panel Builder 600 Vulnerabilities: Use of Hard-coded Credentials, Improper Authentication, Relative Path Traversal, Improper Input Validation, Stack-based Buffer Overflow 2. RISK EVALUATION An...
SICK MSC800
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: SICK Equipment: MSC800 Vulnerability: Use of Hard-coded Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a low-skilled remote attacker to reconfigure...
ABB CP651 HMI
1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable from adjacent network/low skill level to exploit Vendor: ABB Equipment: CP651 HMI Vulnerability: Use of Hard-coded Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to prevent legitimate...
Medtronic MiniMed 508 and Paradigm Series Insulin Pumps
1. EXECUTIVE SUMMARY CVSS v3 7.1 Vendor: Medtronic Equipment: MiniMed 508 and Paradigm Series Insulin Pumps Vulnerability: Improper Access Control 2. RISK EVALUATION Successful exploitation of this vulnerability may allow an attacker with adjacent access to one of the affected products to...
PHOENIX CONTACT Automation Worx Software Suite
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Phoenix Contact Equipment: Automation Worx Software Suite Vulnerabilities: Access of Uninitialized Pointer, Out-of-bounds Read, Use After Free 2. RISK EVALUATION Successful exploitation of these...
Microsoft Operating Systems BlueKeep Vulnerability
Summary The Cybersecurity and Infrastructure Security Agency CISA is issuing this Activity Alert to provide information on a vulnerability, known as “BlueKeep,” that exists in the following Microsoft Windows Operating Systems OSs, including both 32- and 64-bit versions, as well as all Service Pac...
WAGO Industrial Managed Switches 852-303, 852-1305, and 852-1505
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION : Exploitable remotely/low skill level to exploit Vendor : WAGO Equipment : Industrial Managed Switches 852-303, 852-1305, and 852-1505 Vulnerabilities : Use of Hard-coded Credentials, Use of Hard-coded Cryptographic Key, Using Components with Known...
Johnson Controls exacqVision Enterprise System Manager
1. EXECUTIVE SUMMARY CVSS v3 6.7 Vendor: Johnson Controls Equipment: exacqVision Enterprise System Manager ESM Vulnerability: Improper Authorization 2. RISK EVALUATION Successful exploitation of this vulnerability could allow malicious code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS...
BD Alaris Gateway Workstation
1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Remotely exploitable/low skill level to exploit Vendor: BD Becton, Dickinson and Company Equipment: Alaris Gateway Workstation Vulnerabilities: Improper Access Control, Unrestricted Upload of File with Dangerous Type 2. RISK EVALUATION Exploitation of...
Siemens SCALANCE X (Update B)
1. EXECUTIVE SUMMARY CVSS v3 7.1 ATTENTION: Low skill level to exploit Vendor: Siemens Equipment: SCALANCE X Switches Vulnerability: Storing Passwords in a Recoverable Format 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled ICSA-19-162-04 Siemens SCALANCE X...
Siemens LOGO!8 Devices
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: LOGO!8 devices Vulnerabilities: Improper Restriction of Operations within the Bounds of a Memory Buffer, Session Fixation 2. RISK EVALUATION Successful exploitation of these...
Siemens SIMATIC Ident MV440 Family (Update A)
1. EXECUTIVE SUMMARY CVSS v3 7.1 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIMATIC Ident MV440 Familiy Vulnerabilities: Improper Privilege Management, Cleartext Transmission of Sensitive Information 2. UPDATE INFORMATION This updated advisory is a...
ICSA-19-162-01 Siemens Siveillance VMS
1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: Siveillance VMS Vulnerabilities: Improper Authorization, Incorrect User Management, Missing Authorization 2. RISK EVALUATION Successful exploitation of these vulnerabilities...
Optergy Proton Enterprise Building Management System
1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Optergy Equipment: Proton/Enterprise Building Management System Vulnerabilities: Information Exposure, Cross-site Request Forgery, Unrestricted Upload of File with Dangerous Type, Open Redirect,...
Panasonic Control FPWIN Pro
1. EXECUTIVE SUMMARY CVSS v3 7.3 ATTENTION: Low skill level to exploit Vendor: Panasonic Equipment: Control FPWIN Pro Vulnerabilities: Heap-based Buffer Overflow, Type Confusion 2. RISK EVALUATION Successful exploitation of these vulnerabilities could crash the device and allow remote code...
PHOENIX CONTACT PLCNext AXC F 2152
1. EXECUTIVE SUMMARY CVSS v3 7.6 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Phoenix Contact Equipment: PLCNext AXC F 2152 Vulnerabilities: Key Management Errors, Improper Access Control, Man-in-the-Middle, Using Component with Known Vulnerabilities 2. RISK EVALUATION...
PHOENIX CONTACT FL NAT SMx
1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Phoenix Contact Equipment: FL NAT SMx Vulnerability: Improper Access Control 2. RISK EVALUATION Successful exploitation of this vulnerability could allow unauthorized users full access to the...
Geutebrück G-Cam and G-Code
1. EXECUTIVE SUMMARY CVSS v3 7.2 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Geutebrück Equipment: G-Cam and G-Code Vulnerabilities: Cross-site Scripting, OS Command Injection 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow remote code...