4255 matches found
Horner Automation Cscape
1. EXECUTIVE SUMMARY CVSS v3 6.6 ATTENTION: Low skill level to exploit Vendor: Horner Automation Equipment: Cscape Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could crash the device being accessed, allow the attacker to read...
3S-Smart Software Solutions GmbH CODESYS Control V3 Products
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION : Exploitable remotely/low skill level to exploit Vendor : 3S-Smart Software Solutions GmbH Equipment : CODESYS Control V3 products Vulnerability : Improper Access Control 2. RISK EVALUATION Successful exploitation of this vulnerability could allow...
ABB GATE-E2
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: ABB Equipment: GATE-E2 Vulnerabilities: Missing Authentication for Critical Function, Cross-site Scripting 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow...
ABB M2M ETHERNET
1. EXECUTIVE SUMMARY CVSS v3 6.3 ATTENTION: Exploitable from an adjacent network/low skill level to exploit Vendor: ABB Equipment: M2M ETHERNET Vulnerability: Improper Authentication 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to upload a malicious...
ABB CMS-770
1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable from an adjacent network/low skill level to exploit Vendor: ABB Equipment: CMS-770 Vulnerabilities: Improper Authentication 2. RISK EVALUATION Successful exploitation of this vulnerability may allow an attacker to read sensitive...
Advantech WebAccess/SCADA
1. EXECUTIVE SUMMARY CVSS v3 7.3 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Advantech Equipment: WebAccess/SCADA Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could cause a stack buffer overflow condition. 3...
3S-Smart Software Solutions GmbH CODESYS V3 Products
1. EXECUTIVE SUMMARY CVSS v3 9.4 ATTENTION : Exploitable remotely/low skill level to exploit Vendor : 3S-Smart Software Solutions GmbH Equipment : CODESYS V3 products Vulnerabilities : Use of Insufficiently Random Values, Improper Restriction of Communication Channel to Intended Endpoints 2. RISK...
GE Mark VIe, EX2100e, EX2100e
1. EXECUTIVE SUMMARY CVSS v3 7.4 ATTENTION: Low skill level to exploit Vendor: GE Equipment: Mark VIe, EX2100e, EX2100eReg, and LS2100e Vulnerability: Path Traversal 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to access system data, which could result...
Medtronic 9790, 2090 CareLink, and 29901 Encore Programmers
1. EXECUTIVE SUMMARY CVSS v3 4.6 ATTENTION: Low skill level to exploit Vendor: Medtronic Equipment: 9790 CareLink Programmer, 2090 CareLink Programmer, 29901 Encore Programmer Vulnerability: Missing Encryption of Sensitive Data 2. RISK EVALUATION As part of the intended functionality of this...
Geutebrück GmbH E2 Series IP Cameras
1. EXECUTIVE SUMMARY CVSS v3 7.2 ATTENTION : Exploitable remotely/low skill level to exploit Vendor : Geutebrück GmbH Equipment : E2 Camera Series Vulnerability : OS Command Injection 2. RISK EVALUATION Successful exploitation of this vulnerability may allow a remote attacker to inject OS...
Schneider Electric GUIcon Eurotherm
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION : Low skill level to exploit Vendor : Schneider Electric Equipment : Eurotherm by Schneider Electric GUIcon Vulnerabilities : Type Confusion, Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of these vulnerabilities may allow an...
ICSA-18-345-01 McAfee SINAMICS PERFECT HARMONY GH180
1. EXECUTIVE SUMMARY CVSS v3 7.1 ATTENTION: Low skill level to exploit Vendor: McAfee Equipment: SINAMICS PERFECT HARMONY GH180 Vulnerability: Improper Access Control 2. RISK EVALUATION These files can be executed to compromise the HMI, and by extension, the drive system. 3. TECHNICAL DETAILS...
Siemens TIM 1531 IRC Modules
1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: TIM 1531 IRC Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to perform...
ICSA-18-345-02 Siemens SINUMERIK Controllers (Update A)
1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SINUMERIK Controllers Vulnerabilities: Heap-based Buffer Overflow, Integer Overflow or Wraparound, Protection Mechanism Failure, Permissions, Privileges, and Access Controls,...
GE Proficy GDS
1. EXECUTIVE SUMMARY CVSS v3 8.2 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: General Electric GE Equipment: Proficy GDS Vulnerability: XXE 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to initiate an OPC UA session and retrieve an...
Philips HealthSuite Health Android App
1. EXECUTIVE SUMMARY CVSS v3 3.5 ATTENTION: Low skill level to exploit Vendor: Philips Equipment: Philips HealthSuite Health Android App Vulnerability: Inadequate Encryption Strength 2. RISK EVALUATION Successful exploitation of this vulnerability may allow an attacker with physical access to...
Omron CX-One
1. EXECUTIVE SUMMARY CVSS v3 6.6 ATTENTION: Low skill level to exploit Vendor: Omron Equipment: CX-One Vulnerabilities: Stack-based Buffer Overflow, Use After Free 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute code under the privileges of...
SpiderControl SCADA WebServer
1. EXECUTIVE SUMMARY CVSS v3 6.1 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: SpiderControl Equipment: SCADA WebServer Vulnerability: Reflected Cross-site Scripting 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute JavaScript...
SamSam Ransomware
Summary The Department of Homeland Security DHS National Cybersecurity and Communications Integration Center NCCIC and the Federal Bureau of Investigation FBI are issuing this activity alert to inform computer network defenders about SamSam ransomware, also known as MSIL/Samas.A. Specifically, th...
INVT Electric VT-Designer
1. EXECUTIVE SUMMARY CVSS v3 6.3 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: INVT Electric Equipment: VT-Designer Vulnerabilities: Deserialization of Untrusted Data, Heap-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of these vulnerabilities could cause...
ICSA-18-333-02_Tridium Niagara Enterprise Security, Niagara AX, and Niagara 4
1. EXECUTIVE SUMMARY CVSS v3 5.7 ATTENTION : Exploitable remotely/low skill level Vendor : Tridium Equipment : Niagara Enterprise Security, Niagara AX, and Niagara 4 Vulnerability : Cross-site Scripting 2. REPOSTED INFORMATION This advisory was originally posted to the HSIN ICS-CERT library on...
AVEVA Vijeo Citect and Citect SCADA
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: AVEVA Software, LLC AVEVA Equipment: Vijeo Citect, Citect SCADA Vulnerability: Uncontrolled Search Path Element 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute...
Rockwell Automation FactoryTalk Services Platform
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Rockwell Automation Equipment: FactoryTalk Services Platform Vulnerability: Heap-based Buffer Overflow 2. REPOSTED INFORMATION This advisory was originally posted to the HSIN ICS-CERT library on...
Teledyne DALSA Sherlock
1. EXECUTIVE SUMMARY CVSS v3 7.3 ATTENTION: Low skill level to exploit Vendor: Teledyne DALSA Equipment: Sherlock Vulnerability: Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could crash the device being accessed; a buffer overflow condition may...
Schneider Electric Modicon M221
1. EXECUTIVE SUMMARY CVSS v3 8.2 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Schneider Electric Equipment: Modicon M221 Vulnerability: Insufficient Verification of Data Authenticity 2. RISK EVALUATION Successful exploitation of this vulnerability could cause a change of...
ICSA-18-317-07 Siemens SIMATIC IT Production Suite
1. EXECUTIVE SUMMARY CVSS v3 7.7 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: SIMATIC IT Production Suite Vulnerability: Improper Authentication 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to compromise confidentiality, integrity and...
ICSA-18-317-06 Siemens SIMATIC STEP 7 (TIA Portal)
1. EXECUTIVE SUMMARY CVSS v3 4.0 ATTENTION: Low skill level to exploit Vendor: Siemens Equipment: SIMATIC STEP 7 TIA Portal Vulnerability: Unprotected Storage of Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to reconstruct passwords. 3...
Siemens SIMATIC S7 (Update A)
1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIMATIC S7 Vulnerability: Resource Exhaustion 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-18-317-05 Siemens SIMATIC S7 that...
ICSA-18-317-04 Siemens SCALANCE S
1. EXECUTIVE SUMMARY CVSS v3 4.7 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: SCALANCE S Vulnerability: Cross-site Scripting 2. RISK EVALUATION If an attacker tricks a user into clicking a malicious link, the device could allow arbitrary script injection XSS. 3. TECHNICAL DETAILS...
Siemens SIMATIC Panels and SIMATIC WinCC (TIA Portal)
1. EXECUTIVE SUMMARY CVSS v3 4.3 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIMATIC Panels and SIMATIC WinCC TIA Portal Vulnerability: Code Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker with network...
Siemens S7-400 CPUs (Update B)
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please seeSiemens' ProductCERT Security Advisories CERT Services | Services |...
Siemens SIMATIC Panels
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIMATIC Panels Vulnerabilities: Path Traversal, Open Redirect 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow download of arbitrary files from the...
Philips iSite and IntelliSpace PACS
1. EXECUTIVE SUMMARY CVSS v3 6.3 ATTENTION: Low skill level to exploit Vendor: Philips Equipment: iSite and IntelliSpace PACS Vulnerability: Weak Password Requirements 2. RISK EVALUATION Successful exploitation of this vulnerability may allow an attacker with local network access to impact...
Roche Diagnostics Point of Care Handheld Medical Devices (Update A)
1. EXECUTIVE SUMMARY CVSS v3 8.3 ATTENTION: Exploitable with adjacent access/low skill level to exploit --------- Begin Update A Part 1 of 3 -------- Vendor: Roche Diagnostics Equipment: Accu-Chek Inform II, CoaguChek Pro II/XS Plus/XS Pro, cobas h 232 POC handheld medical devices --------- End...
gpsd Open Source Project
1. EXECUTIVE SUMMARY CVSS v3 8.3 Vendor: gpsd Open Source Project Equipment: gpsd, microjson Vulnerability: Stack-based Buffer Overflow 2. REPOSTED INFORMATION This advisory was originally posted to the HSIN ICS-CERT library on November 6, 2018, and is being released to the NCCIC/ICS-CERT...
Rockwell Automation MicroLogix 1400 Controllers and 1756 ControlLogix Communications Modules
1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Rockwell Automation Equipment: MicroLogix 1400 Controllers and 1756 ControlLogix Communications Modules Vulnerability: Missing Authentication for Critical Function 2. REPOSTED INFORMATION This...
Fr. Sauter AG CASE Suite
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Fr. Sauter AG Equipment: CASE Suite Vulnerability: Improper Restriction of XML External Entity Reference 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to...
AVEVA InduSoft Web Studio and InTouch Edge HMI (formerly InTouch Machine Edition)
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: AVEVA Software, LLC. AVEVA Equipment: InduSoft Web Studio and InTouch Edge HMI formerly InTouch Machine Edition Vulnerabilities: Stack-based Buffer Overflow, Empty Password in Configuration File 2...
Schneider Electric Software Update (SESU) (Update A)
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: Schneider Electric Equipment: Software Update SESU Vulnerability: DLL hijacking 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-18-305-02 Schneider Electric Software...
Circontrol CirCarLife
1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Circontrol Equipment: CirCarLife Vulnerabilities: Authentication Bypass Using an Alternate Path or Channel, Insufficiently Protected Credentials 2. RISK EVALUATION Successful exploitation of these...
PEPPERL+FUCHS CT50-Ex
1. EXECUTIVE SUMMARY CVSS v3 7.6 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: PEPPERL+FUCHS Equipment: CT50-Ex Vulnerability: Improper Privilege Management 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a malicious third-party application to...
GEOVAP Reliance 4 SCADA/HMI
1. EXECUTIVE SUMMARY CVSS v3 6.1 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: GEOVAP Equipment: Reliance 4 SCADA/HMI Vulnerability: Cross-site Scripting 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated attacker to use HTTP proxy...
Advantech WebAccess
1. EXECUTIVE SUMMARY CVSS v3 8.4 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Advantech Equipment: WebAccess Vulnerabilities: Improper Access Control, Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow for arbitrary...
GAIN Electronic Co. Ltd SAGA1-L Series
1. EXECUTIVE SUMMARY CVSS v3 8.3 ATTENTION: Exploitable from an adjacent network/low skill level to exploit Vendor: GAIN Electronic Co. Ltd Equipment: SAGA1-L series Vulnerabilities: Authentication Bypass by Capture-replay, Improper Access Control, Improper Authentication 2. RISK EVALUATION...
Advantech WebAccess
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Advantech Equipment: WebAccess Vulnerabilities: Stack-based Buffer Overflow, External Control of File Name or Path, Improper Privilege Management, Path Traversal 2. RISK EVALUATION Successful...
Telecrane F25 Series
1. EXECUTIVE SUMMARY CVSS v3 7.6 ATTENTION: Low skill level to exploit Vendor: Telecrane Equipment: F25 Series Vulnerability: Authentication Bypass by Capture-Replay 2. RISK EVALUATION Successful exploitation of this vulnerability could allow unauthorized users to view commands, replay commands,...
Omron CX-Supervisor (Update A)
1. EXECUTIVE SUMMARY CVSS v3 7.0 Vendor: Omron Equipment: CX-Supervisor Vulnerabilities: Improper Restriction of Operations within the Bounds of a Memory Buffer, Out-Of-Bounds Read, Use-After-Free, Incorrect Type Conversion or Cast 2. UPDATE INFORMATION This updated advisory is a follow-up to the...
LCDS - Leão Consultoria e Desenvolvimento de Sistemas Ltda ME LAquis SCADA
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: LCDS – Leão Consultoria e Desenvolvimento de Sistemas LTDA ME Equipment: LAquis SCADA Vulnerabilities: Untrusted Pointer Dereference, Out-of-Bounds Read, Integer Overflow to Buffer Overflow, Path...
NUUO CMS
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: NUUO Equipment: CMS Vulnerabilities: Use of Insufficiently Random Values, Use of Obsolete Function, Incorrect Permission Assignment for Critical Resource, Use of Hard-coded Credentials 2. RISK...
NUUO CMS (Update A)
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: NUUO Equipment: CMS --------- Begin Update A Part 1 of 3 -------- Vulnerabilities: Use of Insufficiently Random Values, Use of Obsolete Function, Incorrect Permission Assignment for Critical...