ICSA-19-043-06 Siemens CP1604 and CP1616 (Update A)

1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION : Exploitable remotely/low skill level to exploit Vendor : Siemens Equipment : CP1604 and CP1616 Vulnerabilities : Cleartext Transmission of Sensitive Information, Cross-site Scripting, Cross-site Request Forgery 2. UPDATE INFORMATION This updated...

Schneider Electric Zelio Soft 2

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: Schneider Electric Equipment: Zelio Soft 2 Vulnerability: Use After Free 2. RISK EVALUATION Successful exploitation of this vulnerability could allow for remote code execution when opening a specially crafted project...

ICSA-19-038-01 Siemens SICAM A8000 RTU Series

1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SICAM A8000 RTU Vulnerability: Uncaught Exception 2. RISK EVALUATION The SICAM A8000 RTU series is affected by a security vulnerability that could allow unauthenticated remote...

ICSA-19-038-02 Siemens EN100 Ethernet Module

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION : Exploitable remotely/low skill level to exploit Vendor : Siemens Equipment : EN100 Ethernet module Vulnerabilities : Improper Input Validation 2. RISK EVALUATION The EN100 Ethernet module for the SWT 3000 management platform is affected by security...

Siemens SIMATIC S7-1500 CPU

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIMATIC S7-1500 CPU Vulnerabilities: Improper Input Validation 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow a denial of service condition of...

Yokogawa Vnet/IP Open Communication Driver

1. EXECUTIVE SUMMARY CVSS v7.5 ATTENTION: Exploitable remotely/Low skill level to exploit Vendor: Yokogawa Equipment: Vnet/IP Open Communication Driver Vulnerability: Resource Management Error 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause...

Schneider Electric Pro-face GP-Pro EX

1. EXECUTIVE SUMMARY CVSS v3 9.0 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Schneider Electric Equipment: Pro-face GP-Pro EX Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to modify code to...

Hetronic Nova-M

1. EXECUTIVE SUMMARY CVSS v3 7.6 ATTENTION: Low skill level to exploit Vendor: Hetronic Equipment: Nova-M Vulnerability: Authentication Bypass by Capture-Replay 2. RISK EVALUATION Successful exploitation of this vulnerability could allow unauthorized users to view commands, replay commands,...

Schneider Electric EcoStruxure

1. EXECUTIVE SUMMARY CVSS v3 7.4 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Schneider Electric Equipment: EcoStruxure Vulnerability: Open Redirect 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to use this device as a platform to...

Horner Automation Cscape

1. EXECUTIVE SUMMARY CVSS v3 6.6 ATTENTION: Low skill level to exploit Vendor: Horner Automation Equipment: Cscape Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could crash the device being accessed, allow the attacker to read...

3S-Smart Software Solutions GmbH CODESYS V3 Products

1. EXECUTIVE SUMMARY CVSS v3 9.4 ATTENTION : Exploitable remotely/low skill level to exploit Vendor : 3S-Smart Software Solutions GmbH Equipment : CODESYS V3 products Vulnerabilities : Use of Insufficiently Random Values, Improper Restriction of Communication Channel to Intended Endpoints 2. RISK...

ABB M2M ETHERNET

1. EXECUTIVE SUMMARY CVSS v3 6.3 ATTENTION: Exploitable from an adjacent network/low skill level to exploit Vendor: ABB Equipment: M2M ETHERNET Vulnerability: Improper Authentication 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to upload a malicious...

ABB CMS-770

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable from an adjacent network/low skill level to exploit Vendor: ABB Equipment: CMS-770 Vulnerabilities: Improper Authentication 2. RISK EVALUATION Successful exploitation of this vulnerability may allow an attacker to read sensitive...

3S-Smart Software Solutions GmbH CODESYS Control V3 Products

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION : Exploitable remotely/low skill level to exploit Vendor : 3S-Smart Software Solutions GmbH Equipment : CODESYS Control V3 products Vulnerability : Improper Access Control 2. RISK EVALUATION Successful exploitation of this vulnerability could allow...

Advantech WebAccess/SCADA

1. EXECUTIVE SUMMARY CVSS v3 7.3 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Advantech Equipment: WebAccess/SCADA Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could cause a stack buffer overflow condition. 3...

ABB GATE-E2

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: ABB Equipment: GATE-E2 Vulnerabilities: Missing Authentication for Critical Function, Cross-site Scripting 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow...

GE Mark VIe, EX2100e, EX2100e

1. EXECUTIVE SUMMARY CVSS v3 7.4 ATTENTION: Low skill level to exploit Vendor: GE Equipment: Mark VIe, EX2100e, EX2100eReg, and LS2100e Vulnerability: Path Traversal 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to access system data, which could result...

Geutebrück GmbH E2 Series IP Cameras

1. EXECUTIVE SUMMARY CVSS v3 7.2 ATTENTION : Exploitable remotely/low skill level to exploit Vendor : Geutebrück GmbH Equipment : E2 Camera Series Vulnerability : OS Command Injection 2. RISK EVALUATION Successful exploitation of this vulnerability may allow a remote attacker to inject OS...

Medtronic 9790, 2090 CareLink, and 29901 Encore Programmers

1. EXECUTIVE SUMMARY CVSS v3 4.6 ATTENTION: Low skill level to exploit Vendor: Medtronic Equipment: 9790 CareLink Programmer, 2090 CareLink Programmer, 29901 Encore Programmer Vulnerability: Missing Encryption of Sensitive Data 2. RISK EVALUATION As part of the intended functionality of this...

Schneider Electric GUIcon Eurotherm

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION : Low skill level to exploit Vendor : Schneider Electric Equipment : Eurotherm by Schneider Electric GUIcon Vulnerabilities : Type Confusion, Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of these vulnerabilities may allow an...

ICSA-18-345-02 Siemens SINUMERIK Controllers (Update A)

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SINUMERIK Controllers Vulnerabilities: Heap-based Buffer Overflow, Integer Overflow or Wraparound, Protection Mechanism Failure, Permissions, Privileges, and Access Controls,...

Siemens TIM 1531 IRC Modules

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: TIM 1531 IRC Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to perform...

ICSA-18-345-01 McAfee SINAMICS PERFECT HARMONY GH180

1. EXECUTIVE SUMMARY CVSS v3 7.1 ATTENTION: Low skill level to exploit Vendor: McAfee Equipment: SINAMICS PERFECT HARMONY GH180 Vulnerability: Improper Access Control 2. RISK EVALUATION These files can be executed to compromise the HMI, and by extension, the drive system. 3. TECHNICAL DETAILS...

GE Proficy GDS

1. EXECUTIVE SUMMARY CVSS v3 8.2 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: General Electric GE Equipment: Proficy GDS Vulnerability: XXE 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to initiate an OPC UA session and retrieve an...

Philips HealthSuite Health Android App

1. EXECUTIVE SUMMARY CVSS v3 3.5 ATTENTION: Low skill level to exploit Vendor: Philips Equipment: Philips HealthSuite Health Android App Vulnerability: Inadequate Encryption Strength 2. RISK EVALUATION Successful exploitation of this vulnerability may allow an attacker with physical access to...

Omron CX-One

1. EXECUTIVE SUMMARY CVSS v3 6.6 ATTENTION: Low skill level to exploit Vendor: Omron Equipment: CX-One Vulnerabilities: Stack-based Buffer Overflow, Use After Free 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute code under the privileges of...

SpiderControl SCADA WebServer

1. EXECUTIVE SUMMARY CVSS v3 6.1 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: SpiderControl Equipment: SCADA WebServer Vulnerability: Reflected Cross-site Scripting 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute JavaScript...

SamSam Ransomware

Summary The Department of Homeland Security DHS National Cybersecurity and Communications Integration Center NCCIC and the Federal Bureau of Investigation FBI are issuing this activity alert to inform computer network defenders about SamSam ransomware, also known as MSIL/Samas.A. Specifically, th...

ICSA-18-333-02_Tridium Niagara Enterprise Security, Niagara AX, and Niagara 4

1. EXECUTIVE SUMMARY CVSS v3 5.7 ATTENTION : Exploitable remotely/low skill level Vendor : Tridium Equipment : Niagara Enterprise Security, Niagara AX, and Niagara 4 Vulnerability : Cross-site Scripting 2. REPOSTED INFORMATION This advisory was originally posted to the HSIN ICS-CERT library on...

INVT Electric VT-Designer

1. EXECUTIVE SUMMARY CVSS v3 6.3 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: INVT Electric Equipment: VT-Designer Vulnerabilities: Deserialization of Untrusted Data, Heap-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of these vulnerabilities could cause...

Rockwell Automation FactoryTalk Services Platform

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Rockwell Automation Equipment: FactoryTalk Services Platform Vulnerability: Heap-based Buffer Overflow 2. REPOSTED INFORMATION This advisory was originally posted to the HSIN ICS-CERT library on...

AVEVA Vijeo Citect and Citect SCADA

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: AVEVA Software, LLC AVEVA Equipment: Vijeo Citect, Citect SCADA Vulnerability: Uncontrolled Search Path Element 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute...

Teledyne DALSA Sherlock

1. EXECUTIVE SUMMARY CVSS v3 7.3 ATTENTION: Low skill level to exploit Vendor: Teledyne DALSA Equipment: Sherlock Vulnerability: Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could crash the device being accessed; a buffer overflow condition may...

Schneider Electric Modicon M221

1. EXECUTIVE SUMMARY CVSS v3 8.2 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Schneider Electric Equipment: Modicon M221 Vulnerability: Insufficient Verification of Data Authenticity 2. RISK EVALUATION Successful exploitation of this vulnerability could cause a change of...

Siemens SIMATIC Panels and SIMATIC WinCC (TIA Portal)

1. EXECUTIVE SUMMARY CVSS v3 4.3 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIMATIC Panels and SIMATIC WinCC TIA Portal Vulnerability: Code Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker with network...

Siemens S7-400 CPUs (Update B)

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please seeSiemens' ProductCERT Security Advisories CERT Services | Services |...

Siemens SIMATIC Panels

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIMATIC Panels Vulnerabilities: Path Traversal, Open Redirect 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow download of arbitrary files from the...

ICSA-18-317-07 Siemens SIMATIC IT Production Suite

1. EXECUTIVE SUMMARY CVSS v3 7.7 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: SIMATIC IT Production Suite Vulnerability: Improper Authentication 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to compromise confidentiality, integrity and...

ICSA-18-317-06 Siemens SIMATIC STEP 7 (TIA Portal)

1. EXECUTIVE SUMMARY CVSS v3 4.0 ATTENTION: Low skill level to exploit Vendor: Siemens Equipment: SIMATIC STEP 7 TIA Portal Vulnerability: Unprotected Storage of Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to reconstruct passwords. 3...

Siemens SIMATIC S7 (Update A)

1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIMATIC S7 Vulnerability: Resource Exhaustion 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-18-317-05 Siemens SIMATIC S7 that...

ICSA-18-317-04 Siemens SCALANCE S

1. EXECUTIVE SUMMARY CVSS v3 4.7 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: SCALANCE S Vulnerability: Cross-site Scripting 2. RISK EVALUATION If an attacker tricks a user into clicking a malicious link, the device could allow arbitrary script injection XSS. 3. TECHNICAL DETAILS...

Philips iSite and IntelliSpace PACS

1. EXECUTIVE SUMMARY CVSS v3 6.3 ATTENTION: Low skill level to exploit Vendor: Philips Equipment: iSite and IntelliSpace PACS Vulnerability: Weak Password Requirements 2. RISK EVALUATION Successful exploitation of this vulnerability may allow an attacker with local network access to impact...

Roche Diagnostics Point of Care Handheld Medical Devices (Update A)

1. EXECUTIVE SUMMARY CVSS v3 8.3 ATTENTION: Exploitable with adjacent access/low skill level to exploit --------- Begin Update A Part 1 of 3 -------- Vendor: Roche Diagnostics Equipment: Accu-Chek Inform II, CoaguChek Pro II/XS Plus/XS Pro, cobas h 232 POC handheld medical devices --------- End...

gpsd Open Source Project

1. EXECUTIVE SUMMARY CVSS v3 8.3 Vendor: gpsd Open Source Project Equipment: gpsd, microjson Vulnerability: Stack-based Buffer Overflow 2. REPOSTED INFORMATION This advisory was originally posted to the HSIN ICS-CERT library on November 6, 2018, and is being released to the NCCIC/ICS-CERT...

Rockwell Automation MicroLogix 1400 Controllers and 1756 ControlLogix Communications Modules

1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Rockwell Automation Equipment: MicroLogix 1400 Controllers and 1756 ControlLogix Communications Modules Vulnerability: Missing Authentication for Critical Function 2. REPOSTED INFORMATION This...

Schneider Electric Software Update (SESU) (Update A)

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: Schneider Electric Equipment: Software Update SESU Vulnerability: DLL hijacking 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-18-305-02 Schneider Electric Software...

Fr. Sauter AG CASE Suite

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Fr. Sauter AG Equipment: CASE Suite Vulnerability: Improper Restriction of XML External Entity Reference 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to...

Circontrol CirCarLife

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Circontrol Equipment: CirCarLife Vulnerabilities: Authentication Bypass Using an Alternate Path or Channel, Insufficiently Protected Credentials 2. RISK EVALUATION Successful exploitation of these...

AVEVA InduSoft Web Studio and InTouch Edge HMI (formerly InTouch Machine Edition)

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: AVEVA Software, LLC. AVEVA Equipment: InduSoft Web Studio and InTouch Edge HMI formerly InTouch Machine Edition Vulnerabilities: Stack-based Buffer Overflow, Empty Password in Configuration File 2...

PEPPERL+FUCHS CT50-Ex

1. EXECUTIVE SUMMARY CVSS v3 7.6 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: PEPPERL+FUCHS Equipment: CT50-Ex Vulnerability: Improper Privilege Management 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a malicious third-party application to...