4251 matches found
Rockwell Automation RSLinx Classic
1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Rockwell Automation Equipment: RSLinx Classic Vulnerability: Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote attacker to execute...
PSI GridConnect Telecontrol
1. EXECUTIVE SUMMARY CVSS v3 8.5 ATTENTION: Remotely exploitable/low skill level to exploit Vendor: PSI GridConnect GmbH formerly known as PSI Nentec GmbH Equipment: Telecontrol Gateway and Smart Telecontrol Unit family, IEC104 Security Proxy Vulnerability: Cross-site Scripting 2. RISK EVALUATION...
Moxa IKS, EDS (Update A)
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION : Exploitable remotely/low skill level to exploit Vendor: Moxa Equipment: IKS, EDS Vulnerabilities: Classic Buffer Overflow, Cross-site Request Forgery, Cross-site Scripting, Improper Access Controls, Improper Restriction of Excessive Authentication...
Horner Automation Cscape
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: Horner Automation Equipment: Cscape Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could crash the device being accessed, which may allow the attacker to read...
Intel Data Center Manager SDK
1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor : Intel Equipment: Data Center Manager SDK Vulnerabilities: Improper Authentication, Protection Mechanism Failure, Permission Issues, Key Management Errors, Insufficient Control Flow Management 2...
Rockwell Automation Allen-Bradley PowerMonitor 1000 (Update A)
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit/public exploits are available Vendor: Rockwell Automation Equipment: Allen-Bradley PowerMonitor 1000 Vulnerabilities: Cross-site Scripting and Authentication Bypass 2. UPDATE INFORMATION This updated...
Delta Industrial Automation CNCSoft
1. EXECUTIVE SUMMARY CVSS v3 4.4 ATTENTION: Low skill level to exploit Vendor: Delta Electronics Delta Equipment: Delta Industrial Automation CNCSoft Vulnerability: Out-of-bounds Read 2. RISK EVALUATION Successful exploitation of this vulnerability could cause a buffer overflow condition that may...
Pangea Communications Internet FAX ATA
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit/public exploits are available Vendor: Pangea Communications Equipment: Internet FAX Analog Telephone Adapter ATA Vulnerability: Authentication Bypass Using an Alternate Path or Channel 2. RISK EVALUATION...
DNS Infrastructure Hijacking Campaign
Summary The National Cybersecurity and Communications Integration Center NCCIC, part of the Cybersecurity and Infrastructure Security Agency CISA, is aware of a global Domain Name System DNS infrastructure hijacking campaign. Using compromised credentials, an attacker can modify the location to...
OSIsoft PI Vision
1. EXECUTIVE SUMMARY CVSS v4.8 ATTENTION: Low skill level to exploit Vendor: OSIsoft Equipment: PI Vision Vulnerability: Cross-site Scripting 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to read and modify the contents of the PI Vision web page and data...
Siemens Intel Active Management Technology of SIMATIC IPCs
1. EXECUTIVE SUMMARY CVSS v3 6.7 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: Intel Active Management Technology AMT of SIMATIC IPCs Vulnerabilities: Cryptographic Issues, Improper Restriction of Operations within the Bounds of a Memory Buffer, Resource...
WIBU SYSTEMS AG WibuKey Digital Rights Management (Update D)
1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit/public exploits available Vendor: WIBU-SYSTEMS AG Equipment: WibuKey Digital Rights Management DRM Vulnerabilities: Information Exposure, Out-of-bounds Write, Heap-based Buffer Overflow 2. UPDATE...
ICSA-19-043-02 Siemens EN100 Ethernet Communication Module and SIPROTEC 5 Relays
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: EN100 Ethernet Communication Module and SIPROTEC 5 Relays Vulnerability: Improper Input Validation 2. RISK EVALUATION The EN100 Ethernet communication module and SIPROTEC 5...
Rockwell Automation EtherNet/IP Web Server Modules
1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Rockwell Automation Equipment: EtherNet/IP Web Server Modules Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote attacker...
AVEVA InduSoft Web Studio and InTouch Edge HMI
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION : Exploitable remotely/low skill level to exploit Vendor : AVEVA Software, LLC AVEVA Equipment : InduSoft Web Studio and InTouch Edge HMI formerly InTouch Machine Edition Vulnerabilities : Missing Authentication for Critical Function, Resource Injection...
Kunbus PR100088 Modbus Gateway (Update B)
1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Kunbus Equipment: PR100088 Modbus gateway Vulnerabilities: Improper Authentication, Information Exposure Through Query Strings in GET Request, Missing Authentication for Critical Function, Imprope...
WECON LeviStudioU (Update A)
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: WECON Technology Co., Ltd WECON Equipment: LeviStudioU Vulnerabilities: Stack-based Buffer Overflow, Heap-based Buffer Overflow, Memory Corruption 2. UPDATE INFORMATION This updated advisory is a follow-up to the...
IDenticard PremiSys (Update A)
1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low skill level to exploit/vulnerability details have been publicly disclosed Vendor: IDenticard Equipment: PremiSys Vulnerabilities: Use of Hard-coded Credentials, Use of Hard-coded Password, Inadequate Encryption Strength 2...
Schneider Electric EVLink Parking
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Schneider Electric Equipment: EVLink Parking Vulnerabilities: Use of Hard-coded Credentials, Code Injection, SQL Injection 2. RISK EVALUATION Successful exploitation of these vulnerabilities could...
Mitsubishi Electric MELSEC-Q Series PLCs
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Mitsubishi Electric Equipment: MELSEC-Q series PLCs Vulnerability: Resource Exhaustion 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote attacker to send...
Stryker Medical Beds
1. EXECUTIVE SUMMARY CVSS v3 6.8 ATTENTION: Public exploits are available Vendor: Stryker Equipment: Secure II MedSurg Bed, S3 MedSurg Bed, and InTouch ICU Bed Vulnerability: Reusing a Nonce 2. RISK EVALUATION Successful exploitation of this vulnerability could allow data traffic manipulation,...
BD FACSLyric (Update A)
1. EXECUTIVE SUMMARY CVSS v3 6.8 ATTENTION: Low skill level to exploit Vendor: Becton, Dickinson and Company BD Equipment: FACSLyric Vulnerability: Improper Access Control 2. UPDATE INFORMATION This updated medical device advisory is a follow-up to the original advisory titled ICSMA-19-029-02 BD...
AVEVA Wonderware System Platform
1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Low skill level to exploit Vendor: AVEVA Equipment: Wonderware System Platform Vulnerability: Insufficiently Protected Credentials 2. RISK EVALUATION This vulnerability could allow unauthorized access to the credentials for the ArchestrA Network User...
Yokogawa License Manager Service
1. EXECUTIVE SUMMARY CVSS v8.1 ATTENTION : Exploitable remotely Vendor : Yokogawa Equipment : License Manager Service Vulnerability : Unrestricted Upload of Files with Dangerous Type 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to remotely upload files,...
PHOENIX CONTACT FL SWITCH
1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: PHOENIX CONTACT Equipment: FL SWITCH Vulnerabilities: Cross-site Request Forgery, Improper Restriction of Excessive Authentication Attempts, Cleartext Transmission of Sensitive Information, Resourc...
Advantech WebAccess/SCADA
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Advantech Equipment: WebAccess/SCADA Vulnerabilities: Improper Authentication, Authentication Bypass, SQL Injection 2. RISK EVALUATION Successful exploitation of these vulnerabilities may allow an...
Dräger Infinity Delta
1. EXECUTIVE SUMMARY CVSS v3 8.4 ATTENTION: Low skill level to exploit Vendor: Dräger Equipment: Infinity Delta Vulnerabilities: Improper Input Validation, Information Exposure Through Log Files, Improper Privilege Management 2. RISK EVALUATION Successful exploitation of these vulnerabilities...
Johnson Controls Facility Explorer
1. EXECUTIVE SUMMARY CVSS v3 7.4 ATTENTION: Exploitable remotely Vendor: Johnson Controls Equipment: Facility Explorer Vulnerabilities: Path Traversal, Improper Authentication 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to read, write, and delete...
ABB CP400 Panel Builder TextEditor 2.0
1. EXECUTIVE SUMMARY CVSS v7.0 Vendor: ABB Equipment: CP400 Panel Builder TextEditor 2.0 Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability may allow an attacker to execute arbitrary code, and cause a denial-of-service condition within the...
ControlByWeb X-320M
1. EXECUTIVE SUMMARY CVSS v3 7.6 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: ControlByWeb Equipment: X-320M Vulnerabilities: Improper Authentication, Cross-site Scripting 2. RISK EVALUATION Successful exploitation of these vulnerabilities may allow arbitrary code execution...
Omron CX-Supervisor (Update A)
1. EXECUTIVE SUMMARY CVSS v3 7.3 ATTENTION : Low skill level to exploit Vendor: Omron Equipment: CX-Supervisor --------- Begin Update A Part 1 of 3 -------- Vulnerabilities: Code Injection, Command Injection, Use After Free, Type Confusion, Access of Uninitialized Pointer, Out-of-bounds Read...
LCDS - Leão Consultoria e Desenvolvimento de Sistemas Ltda ME LAquis SCADA
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: LCDS - Leão Consultoria e Desenvolvimento de Sistemas Ltda ME Equipment: LAquis SCADA Vulnerabilities: Improper Input Validation, Out-of-Bounds Read, Code Injection, Untrusted Pointer Dereference,...
Pilz PNOZmulti Configurator
1. EXECUTIVE SUMMARY CVSS v3 3.3 ATTENTION: Low skill level to exploit Vendor: Pilz GmbH & Co. KG Pilz Equipment: PNOZmulti Configurator Vulnerability: Clear-text Storage of Sensitive Information 2. RISK EVALUATION Successful exploitation of this vulnerability could allow sensitive data to be...
Emerson DeltaV
1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Low skill level to exploit Vendor: Emerson Equipment: DeltaV Distributed Control System Workstations Vulnerability: Authentication Bypass 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to shut down a service,...
Omron CX-One CX-Protocol
1. EXECUTIVE SUMMARY CVSS v3 6.6 ATTENTION: Low skill level to exploit Vendor: Omron Equipment: CX-Protocol within CX-One Vulnerabilities: Type Confusion 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute code under the privileges of the...
Schneider Electric IIoT Monitor (Update A)
1. EXECUTIVE SUMMARY CVSS v3 9.3 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Schneider Electric Equipment: IIoT Monitor --------- Begin Update A Part 1 of 2 -------- Vulnerabilities: Path Traversal, Unrestricted Upload of File with Dangerous Type, XXE, Cryptographic Issues...
ICSA-19-038-01 Siemens SICAM A8000 RTU Series
1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SICAM A8000 RTU Vulnerability: Uncaught Exception 2. RISK EVALUATION The SICAM A8000 RTU series is affected by a security vulnerability that could allow unauthenticated remote...
Schneider Electric Zelio Soft 2
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: Schneider Electric Equipment: Zelio Soft 2 Vulnerability: Use After Free 2. RISK EVALUATION Successful exploitation of this vulnerability could allow for remote code execution when opening a specially crafted project...
ICSA-19-043-06 Siemens CP1604 and CP1616 (Update A)
1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION : Exploitable remotely/low skill level to exploit Vendor : Siemens Equipment : CP1604 and CP1616 Vulnerabilities : Cleartext Transmission of Sensitive Information, Cross-site Scripting, Cross-site Request Forgery 2. UPDATE INFORMATION This updated...
ICSA-19-038-02 Siemens EN100 Ethernet Module
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION : Exploitable remotely/low skill level to exploit Vendor : Siemens Equipment : EN100 Ethernet module Vulnerabilities : Improper Input Validation 2. RISK EVALUATION The EN100 Ethernet module for the SWT 3000 management platform is affected by security...
Siemens SIMATIC S7-1500 CPU
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIMATIC S7-1500 CPU Vulnerabilities: Improper Input Validation 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow a denial of service condition of...
Siemens SIMATIC S7-300 CPU
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION : Exploitable remotely/low skill level to exploit Vendor : Siemens Equipment : SIMATIC S7-300 CPU Vulnerability : Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could crash the device being accessed, resulting...
Hetronic Nova-M
1. EXECUTIVE SUMMARY CVSS v3 7.6 ATTENTION: Low skill level to exploit Vendor: Hetronic Equipment: Nova-M Vulnerability: Authentication Bypass by Capture-Replay 2. RISK EVALUATION Successful exploitation of this vulnerability could allow unauthorized users to view commands, replay commands,...
Yokogawa Vnet/IP Open Communication Driver
1. EXECUTIVE SUMMARY CVSS v7.5 ATTENTION: Exploitable remotely/Low skill level to exploit Vendor: Yokogawa Equipment: Vnet/IP Open Communication Driver Vulnerability: Resource Management Error 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause...
Schneider Electric Pro-face GP-Pro EX
1. EXECUTIVE SUMMARY CVSS v3 9.0 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Schneider Electric Equipment: Pro-face GP-Pro EX Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to modify code to...
Schneider Electric EcoStruxure
1. EXECUTIVE SUMMARY CVSS v3 7.4 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Schneider Electric Equipment: EcoStruxure Vulnerability: Open Redirect 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to use this device as a platform to...
Horner Automation Cscape
1. EXECUTIVE SUMMARY CVSS v3 6.6 ATTENTION: Low skill level to exploit Vendor: Horner Automation Equipment: Cscape Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could crash the device being accessed, allow the attacker to read...
ABB GATE-E2
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: ABB Equipment: GATE-E2 Vulnerabilities: Missing Authentication for Critical Function, Cross-site Scripting 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow...
ABB M2M ETHERNET
1. EXECUTIVE SUMMARY CVSS v3 6.3 ATTENTION: Exploitable from an adjacent network/low skill level to exploit Vendor: ABB Equipment: M2M ETHERNET Vulnerability: Improper Authentication 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to upload a malicious...
Advantech WebAccess/SCADA
1. EXECUTIVE SUMMARY CVSS v3 7.3 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Advantech Equipment: WebAccess/SCADA Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could cause a stack buffer overflow condition. 3...