GEOVAP Reliance 4 SCADA/HMI

1. EXECUTIVE SUMMARY CVSS v3 6.1 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: GEOVAP Equipment: Reliance 4 SCADA/HMI Vulnerability: Cross-site Scripting 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated attacker to use HTTP proxy...

Advantech WebAccess

1. EXECUTIVE SUMMARY CVSS v3 8.4 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Advantech Equipment: WebAccess Vulnerabilities: Improper Access Control, Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow for arbitrary...

GAIN Electronic Co. Ltd SAGA1-L Series

1. EXECUTIVE SUMMARY CVSS v3 8.3 ATTENTION: Exploitable from an adjacent network/low skill level to exploit Vendor: GAIN Electronic Co. Ltd Equipment: SAGA1-L series Vulnerabilities: Authentication Bypass by Capture-replay, Improper Access Control, Improper Authentication 2. RISK EVALUATION...

Advantech WebAccess

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Advantech Equipment: WebAccess Vulnerabilities: Stack-based Buffer Overflow, External Control of File Name or Path, Improper Privilege Management, Path Traversal 2. RISK EVALUATION Successful...

Telecrane F25 Series

1. EXECUTIVE SUMMARY CVSS v3 7.6 ATTENTION: Low skill level to exploit Vendor: Telecrane Equipment: F25 Series Vulnerability: Authentication Bypass by Capture-Replay 2. RISK EVALUATION Successful exploitation of this vulnerability could allow unauthorized users to view commands, replay commands,...

Omron CX-Supervisor (Update A)

1. EXECUTIVE SUMMARY CVSS v3 7.0 Vendor: Omron Equipment: CX-Supervisor Vulnerabilities: Improper Restriction of Operations within the Bounds of a Memory Buffer, Out-Of-Bounds Read, Use-After-Free, Incorrect Type Conversion or Cast 2. UPDATE INFORMATION This updated advisory is a follow-up to the...

LCDS - Leão Consultoria e Desenvolvimento de Sistemas Ltda ME LAquis SCADA

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: LCDS – Leão Consultoria e Desenvolvimento de Sistemas LTDA ME Equipment: LAquis SCADA Vulnerabilities: Untrusted Pointer Dereference, Out-of-Bounds Read, Integer Overflow to Buffer Overflow, Path...

NUUO CMS

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: NUUO Equipment: CMS Vulnerabilities: Use of Insufficiently Random Values, Use of Obsolete Function, Incorrect Permission Assignment for Critical Resource, Use of Hard-coded Credentials 2. RISK...

NUUO CMS (Update A)

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: NUUO Equipment: CMS --------- Begin Update A Part 1 of 3 -------- Vulnerabilities: Use of Insufficiently Random Values, Use of Obsolete Function, Incorrect Permission Assignment for Critical...

NUUO NVRmini2 and NVRsolo

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit/public exploits are available Vendor: NUUO Equipment: NVRmini2, NVRsolo Vulnerabilities: Stack-based Buffer Overflow, Leftover Debug Code 2. RISK EVALUATION Successful exploitation of these...

Delta Industrial Automation TPEditor

1. EXECUTIVE SUMMARY CVSS v3 6.6 ATTENTION: Low skill level to exploit Vendor: Delta Electronics Equipment: Delta Industrial Automation TPEditor Vulnerabilities: Out-of-bounds Write, Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of these vulnerabilities could crash the...

Siemens SIMATIC S7-1500, SIMATIC S7-1500 Software Controller and SIMATIC ET 200SP OpenController (Update A)

1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIMATIC S7-1500, SIMATIC S7-1500 Software Controller and SIMATIC ET 200SP Open Controller Vulnerability: Improper Input Validation 2. UPDATE INFORMATION This updated advisory is...

GE iFix

1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: GE Equipment: Gigasoft component of iFix Vulnerability: Unsafe ActiveX Control Marked Safe For Scripting 2. RISK EVALUATION Successful exploitation of this vulnerability could cause a buffer...

Fuji Electric Energy Savings Estimator

1. EXECUTIVE SUMMARY CVSS v3 7.3 Vendor: Fuji Electric Equipment: Fuji Electric Energy Savings Estimator Vulnerability: Uncontrolled Search Path Element 2. RISK EVALUATION Successful exploitation of this vulnerability may allow an attacker to load a malicious DLL and execute code on the affected...

Siemens SIMATIC S7-1200 CPU Family Version 4

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: SIMATIC S7-1200 CPU Family Version 4 Vulnerability: Cross-Site Request Forgery CSRF 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a CSRF attack if an unsuspecting user is...

ICSA-18-282-02 Siemens SCALANCE W1750D

1. EXECUTIVE SUMMARY CVSS v3 5.9 ATTENTION: Exploitable remotely/public exploits are available Vendor: Siemens Equipment: SCALANCE W1750D Vulnerability: Cryptographic issues 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to decrypt TLS traffic. 3...

Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud Server

1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely/low skill level to exploit/information related to these vulnerabilities is publicly available Vendor: Hangzhou Xiongmai Technology Co., Ltd Equipment: XMeye P2P Cloud Server Vulnerabilities: Predictable From Observable State, Hidden...

ICSA-18-282-03 Siemens ROX II

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: ROX II Vulnerabilities: Improper Privilege Management 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow valid users to escalate their privileges and...

WECON PI Studio (Update A)

1. EXECUTIVE SUMMARY --------- Begin Update A Part 1 of 4 --------- CVSS v3 7.8 ATTENTION: Low attack complexity --------- End Update A Part 1 of 4 --------- Vendor: WECON Technology Co., Ltd. WECON Equipment: PI Studio Vulnerabilities: Stack-based Buffer Overflow, Out-of-bounds Write,...

Change Healthcare PeerVue Web Server

1. EXECUTIVE SUMMARY CVSS v3 4.3 ATTENTION: Exploitable on an adjacent network/low skill level to exploit Vendor: Change Healthcare Equipment: PeerVue Web Server Vulnerability: Information Exposure Through an Error Message 2. RISK EVALUATION Successful exploitation of this vulnerability could...

Carestream Vue RIS

1. EXECUTIVE SUMMARY CVSS v3 3.7 ATTENTION: Exploitable remotely Vendor: Carestream Equipment: Carestream Vue RIS Vulnerability: Information Exposure Through an Error Message 2. RISK EVALUATION An attacker with access to the network of the affected system can passively read traffic. 3. TECHNICAL...

Philips iSite/IntelliSpace PACS Vulnerabilities (Update A)

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit/public exploits are available Vendor: Philips Equipment: iSite and IntelliSpace PACS Vulnerabilities: Improper Restriction of Operations within the Bounds of a Memory Buffer, Code/Source Code...

GE Communicator

1. EXECUTIVE SUMMARY CVSS v3 7.6 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: GE Equipment: Communicator Vulnerability: Heap-based Buffer Overflow 2. RISK EVALUATION Exploitation could allow attackers to execute arbitrary code or create a denial-of-service condition. 3...

Entes EMG 12

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Entes Equipment: EMG 12 Vulnerabilities: Improper Authentication, Information Exposure Through Query Strings in GET Request 2. RISK EVALUATION Successful exploitation of these vulnerabilities may...

Delta Electronics ISPSoft

1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/Low skill level to exploit Vendor: Delta Electronics Equipment: ISPSoft Vulnerability: Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute code under the...

Delta Electronics Delta Industrial Automation PMSoft

1. EXECUTIVE SUMMARY CVSS v3 4.3 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Delta Electronics Equipment: Delta Industrial Automation PMSoft Vulnerability: Out-of-Bounds Read 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to read...

Fuji Electric Alpha5 Smart Loader (Update A)

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit/public exploits are available Vendor: Fuji Electric Equipment: Alpha5 Smart Loader Vulnerabilities: Classic Buffer Overflow, Heap-based Buffer Overflow 2. UPDATE INFORMATION This updated advisory is a...

Fuji Electric FRENIC Devices (Update A)

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION : Exploitable remotely/low skill level to exploit/public exploits are available Vendor : Fuji Electric Equipment : FRENIC Loader, FRENIC-Mini C1, FRENIC-Mini C2, FRENIC-Eco, FRENIC-Multi, FRENIC-MEGA, FRENIC-Ace Vulnerabilities : Buffer Over-read,...

Emerson AMS Device Manager

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Emerson Equipment: AMS Device Manager Vulnerabilities: Improper Access Control, Improper Privilege Management 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow...

Rockwell Automation RSLinx Classic

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Rockwell Automation Equipment: RSLinx Classic Vulnerabilities: Stack-based Buffer Overflow, Heap-based Buffer Overflow, Resource Exhaustion 2. RISK EVALUATION Successful exploitation of these...

Tec4Data SmartCooler

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Tec4Data Equipment: SmartCooler Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability could cause the device to shut down by...

Rockwell Automation Logix5000 Programmable Automation Controller Buffer Overflow Vulnerability (Update B)

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Rockwell Automation Equipment: Logix5000 Vulnerability: Stack-based Buffer Overflow 2. UPDATE INFORMATION This updated advisory is a follow-up to the previously updated advisory titled...

WECON PLC Editor

1. EXECUTIVE SUMMARY CVSS v3 6.3 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: WECON Equipment: PLC Editor Vulnerability: Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could result in unauthorized code execution within the...

Rockwell Automation MicroLogix

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION : Exploitable remotely/low skill level to exploit. Vendor : Rockwell Equipment : MicroLogix Controller Vulnerabilities : Improper Authentication 2. RISK EVALUATION Successful exploitation of these vulnerabilities could cause denial of service,...

Honeywell Mobile Computers with Android Operating Systems

1. EXECUTIVE SUMMARY CVSS v3 7.6 ATTENTION: Exploitable remotely Vendor: Honeywell Equipment: Mobile Computers Vulnerability: Improper Privilege Management 2. RISK EVALUATION A vulnerability in a system service on CT60, CN80, CT40, CK75, CN75, CT50, D75e, CN51, and EDA series mobile computers...

ICSA-18-254-03 Siemens TD Keypad Designer

1. EXECUTIVE SUMMARY CVSS v3 7.3 ATTENTION: Low skill level to exploit Vendor: Siemens Equipment: TD Keypad Designer Vulnerability: Uncontrolled Search Path Element 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a local low-privileged attacker to escalate their...

Siemens SCALANCE X Switches

1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION: Exploitable remotely/low skill level to exploit/public exploits are available Vendor: Siemens Equipment: SCALANCE X Switches Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an...

ICSA-18-254-04 Siemens SIMATIC WinCC OA

1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIMATIC WinCC OA Vulnerability: Improper Access Control 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated remote user to escalate...

Fuji Electric V-Server Lite

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Fuji Electric Equipment: V-Server Lite Vulnerability: Classic Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote attacker to view sensitive...

Fuji Electric V-Server

1. EXECUTIVE SUMMARY CVSS v3 7.3 ATTENTION: Exploitable remotely/low skill level to exploit/public exploits are available Vendor: Fuji Electric Equipment: V-Server Vulnerabilities: Use-After Free, Untrusted Pointer Dereference, Heap-based Buffer Overflow, Out-of-Bounds Write, Integer Underflow,...

Schneider Electric StruxureWare Building Expert Plaintext Credentials Vulnerability

OVERVIEW Independent researcher Artyom Kurbatov has identified a cleartext transmission vulnerability in Schneider Electric’s StruxureWare Building Expert product. Schneider Electric has produced a new firmware version that mitigates this vulnerability. Artyom Kurbatov has tested the new firmware...

Siemens SIMATIC HMI Devices Vulnerabilities

OVERVIEW Siemens has identified three vulnerabilities in its SIMATIC HMI devices. These vulnerabilities were reported directly to Siemens by the Quarkslab team and Ilya Karpov from Positive Technologies. Siemens has produced updates that mitigate these vulnerabilities in most of the affected...

Siemens SIMATIC WinCC, PCS7, and TIA Portal Vulnerabilities

OVERVIEW Siemens has identified two vulnerabilities within products utilizing the Siemens WinCC application. Siemens has produced a patch that mitigates this vulnerability in the WinCC application and is working on updates for the remaining affected products to address the other vulnerability in...

Siemens SIMATIC WinCC, PCS7, and TIA Portal Vulnerabilities (Update A)

OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-14-329-02 Siemens SIMATIC WinCC, PCS7, and TIA Portal Vulnerabilities that was published November 25, 2014, on the NCCIC/ICS-CERT web site. Siemens has identified two vulnerabilities within products utilizing the...

Siemens SIMATIC WinCC, PCS7, and TIA Portal Vulnerabilities (Update B)

OVERVIEW This updated advisory is a follow-up to the updated advisory titled ICSA-14-329-02A Siemens SIMATIC WinCC, PCS7, and TIA Portal Vulnerabilities that was published December 2, 2014, on the NCCIC/ICS-CERT web site. Siemens has identified two vulnerabilities within products using the Siemen...

Network Time Protocol Vulnerabilities (Update B)

OVERVIEW This updated advisory is a follow-up to the updated advisory titled ICSA-14-353-01A Network Time Protocol Vulnerabilities that was published December 23, 2014, on the NCCIC/ICS-CERT web site. Google Security Team researchers Neel Mehta and Stephen Roettger have coordinated multiple...

7-Technologies IGSS Vulnerabilities

Overview This advisory is a follow-up to ICS-ALERT-11-080-03 7-Technologies IGSS Vulnerabilities, published on the ICS-CERT Web site on March 20, 2011. An independent researcher has identified eight vulnerabilities in 7-Technologies 7T IGSS SCADA human-machine interface HMI application. Each of t...

Siemens SIMATIC PLCs Reported Issues Summary (Update A)

Overview ICS-CERT has been coordinating multiple reports of issues affecting various models within the Siemens SIMATIC Step 7 S7 programmable logic controller PLC product line. ICS-CERT has coordinated the issues with both Siemens and the researcher and continues to work with both entities. A...

Schneider Electric Serial Modbus Driver Buffer Overflow

OVERVIEW Carsten Eiram of Risk-Based Security has identified a stack-based buffer overflow vulnerability in Schneider Electric’s Serial Modbus Driver that affects 11 Schneider Electric products. Schneider Electric has produced patches that mitigate this vulnerability. This vulnerability can be...

Siemens Tecnomatix FactoryLink Vulnerabilities (Update A)

Overview This ICS-CERT Advisory is a follow-up to ICS-ALERT-11-080-01. An independent researcher has identified six vulnerabilities in the Siemens Tecnomatix FactoryLink supervisory control and data acquisition SCADA product. The researcher has also publicly released exploit code. The researcher...