AVEVA Wonderware License Server

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/Low skill level to exploit Vendor: AVEVA Software, LLC AVEVA Equipment: Wonderware License Server Vulnerability: Improper Restriction of Operations within the Bounds of a Memory Buffer 2. RISK EVALUATION Successful exploitation of...

Davolink DVW-3200N

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Davolink Equipment: DVW-3200N Vulnerability: Use of Password Hash With Insufficient Computational Effort 2. RISK EVALUATION Successful exploitation of this vulnerability may result in a remote...

WECON LeviStudioU (Update A)

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: WECON Technology Co., Ltd Equipment: LeviStudioU --------- Begin Update A Part 1 of 3 --------- Vulnerabilities: Stack-based Buffer Overflow, Heap-based Buffer Overflow, Out-of-Bounds Write,...

AVEVA InTouch Access Anywhere

1. EXECUTIVE SUMMARY CVSS v3 6.1 ATTENTION: Exploitable remotely/Low skill level to exploit Vendor: AVEVA Software, LLC AVEVA Equipment: InTouch Access Anywhere Vulnerability: Cross-site Scripting 2. RISK EVALUATION Successful exploitation of this vulnerability may allow attackers to obtain...

Johnson Controls Metasys and BCPro

1. EXECUTIVE SUMMARY CVSS v3 4.3 ATTENTION : Exploitable on an adjacent network/low skill level to exploit Vendor : Johnson Controls Equipment : Metasys and BCPro Vulnerability : Information Exposure Through an Error Message 2. RISK EVALUATION Successful exploitation of this vulnerability could...

Echelon SmartServer 1, SmartServer 2, SmartServer 3, i.LON 100, i.LON 600 (Update A)

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Echelon Equipment: SmartServer 1, SmartServer 2, i.LON 100, i.LON 600 Vulnerabilities: Information Exposure, Authentication Bypass Using an Alternate Path or Channel, Unprotected Storage of...

Moxa NPort 5210 5230 5232

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Moxa Equipment: NPort 5210, 5230, 5232 Vulnerability: Resource Exhaustion 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote attacker to send TCP SYN packages,...

AVEVA InduSoft Web Studio and InTouch Machine Edition

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit. Vendor: AVEVA Software, LLC AVEVA Equipment: InduSoft Web Studio and InTouch Machine Edition Vulnerabilities: Stack-based buffer overflow 2. RISK EVALUATION The listed products are vulnerable only if the...

AVEVA InTouch

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: AVEVA Software, LLC. AVEVA Equipment: InTouch Vulnerability: Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated user to...

WAGO e!DISPLAY Web-Based-Management

1. EXECUTIVE SUMMARY CVSS v3 8.0 ATTENTION: Exploitable remotely/Low skill level to exploit/Public exploits are available Vendor: WAGO Equipment: e!DISPLAY Web-Based-Management WBM Vulnerabilities: Cross-site Scripting, Unrestricted Upload of File with Dangerous Type, and Incorrect Permissions fo...

PEPPERL+FUCHS VisuNet RM, VisuNet PC, and Box Thin Client

1. EXECUTIVE SUMMARY CVSS v3 7.5 Vendor: PEPPERL+FUCHS Equipment: VisuNet RM, VisuNet PC, Box Thin Client BTC Vulnerability: Improper Authentication 2. RISK EVALUATION Successful exploitation of this vulnerability could allow attackers to intercept sensitive communications, establish a...

ABB Panel Builder 800

1. EXECUTIVE SUMMARY CVSS v3 7.0 Vendor: ABB Equipment: Panel Builder 800 Vulnerability: Improper Input Validation 2. RISK EVALUATION An attacker could exploit the vulnerability by tricking a user to open a specially crafted file, allowing the attacker to insert and run arbitrary code. This...

Eaton 9000X Drive

1. EXECUTIVE SUMMARY CVSS v3 5.6 ATTENTION: Exploitable remotely Vendor: Eaton Equipment: 9000X Drive Vulnerability: Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability may allow remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The...

ICSA-18-347-02 Siemens EN100 Ethernet Communication Module and SIPROTEC 5 Relays (Update A)

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: EN100 Ethernet Communication Module and SIPROTEC 5 relays Vulnerabilities: Improper Input Validation 2. UPDATE INFORMATION This updated advisory is a follow-up to the original...

Tridium Niagara

1. EXECUTIVE SUMMARY CVSS v3 7.4 ATTENTION: Exploitable remotely Vendor: Tridium Equipment: Niagara Vulnerabilities: Path Traversal, Improper Authentication 2. REPOSTED INFORMATION This advisory was originally posted to the HSIN ICS-CERT library on July 10, 2018, and is being released to the...

Schweitzer Engineering Laboratories, Inc. Compass and AcSELerator Architect

1. EXECUTIVE SUMMARY CVSS v3 8.2 ATTENTION: Exploitable remotely/Low skill level to exploit/Public exploits are available for these vulnerabilities Vendor: Schweitzer Engineering Laboratories, Inc. SEL Equipment: Compass and AcSELerator Architect Vulnerabilities: Incorrect Default Permissions,...

Universal Robots Robot Controllers

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Universal Robots Equipment: Robot Controllers Vulnerabilities: Use of Hard-coded Credentials, Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of these...

Rockwell Automation Allen-Bradley Stratix 5950

1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Rockwell Automation Equipment: Allen-Bradley Stratix 5950 Vulnerabilities: Improper Input Validation, Improper Certificate Validation, Resource Management Errors 2. RISK EVALUATION Successful...

Medtronic MyCareLink Patient Monitor

1. EXECUTIVE SUMMARY CVSS v3 6.4 Vendor: Medtronic Equipment: MyCareLink Patient Monitor Vulnerabilities: Use of Hard-coded Password, Exposed Dangerous Method or Function 2. RISK EVALUATION If exploited, these vulnerabilities may allow privileged access to the monitor’s operating system. However,...

ICSA-18-317-01 Siemens IEC 61850 System Configurator, DIGSI 5, DIGSI 4, SICAM PAS/PQS, SICAM PQ Analyzer, and SICAM SCC

1. EXECUTIVE SUMMARY CVSS v3 4.2 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: IEC 61850 system configurator, DIGSI 5, DIGSI 4, SICAM PAS/PQS, SICAM PQ Analyzer, and SICAM SCC Vulnerability: Improper Access Control 2. RISK EVALUATION Successful exploitation of this vulnerability...

Delta Electronics Delta Industrial Automation COMMGR

1. EXECUTIVE SUMMARY CVSS v3 7.3 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Delta Electronics Equipment: Delta Industrial Automation COMMGR Vulnerability: Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability may allow remote code...

Rockwell Automation Allen-Bradley CompactLogix and Compact GuardLogix (Update A)

1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Rockwell Automation Equipment: Allen-Bradley CompactLogix and Compact GuardLogix Vulnerability: Improper Input Validation 2 UPDATE INFORMATION This updated advisory is a follow-up to the original...

Natus Xltek NeuroWorks

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Natus Medical, Inc. Natus Equipment: Natus Xltek NeuroWorks software Vulnerabilities: Stack-Based Buffer Overflow, Out-of-Bounds Read 2. RISK EVALUATION Successful exploitation of these...

Schneider Electric U.motion Builder

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Schneider Electric Equipment: U.motion Builder Vulnerabilities: Command Injection, Cross-site Scripting, and Improper Input Validation 2. RISK EVALUATION Successful exploitation of these...

Siemens SCALANCE X Switches, RUGGEDCOM WiMAX, RFID 181-EIP, and SIMATIC RF182C (Update D)

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable from the same local network segment OSI Layer 2 Vendor: Siemens Equipment: SCALANCE X switches, RUGGEDCOM Win, RFID 181-EIP, and SIMATIC RF182C Vulnerability: Heap-based Buffer Overflow 2. UPDATE INFORMATION This updated advisory is a...

Siemens SCALANCE X Switches (Update A)

1. EXECUTIVE SUMMARY CVSS v3 5.8 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: SCALANCE X switches Vulnerabilities: Cross-site Scripting 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-18-163-02 Siemens SCALANCE X Switches that was...

Rockwell Automation RSLinx Classic and FactoryTalk Linx Gateway

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Low skill level to exploit Vendor: Rockwell Automation Equipment: RSLinx Classic and FactoryTalk Linx Gateway Vulnerability: Unquoted Search Path or Element 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an authorized, but...

ABB IP Gateway

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: ABB Equipment: IP Gateway Vulnerabilities: Improper Authentication, Cross-site Request Forgery, Unprotected Storage of Credentials 2. RISK EVALUATION Successful exploitation of these...

Philips' IntelliVue Patient and Avalon Fetal Monitors

1. EXECUTIVE SUMMARY CVSS v3 8.3 Vendor: Philips Equipment: IntelliVue Patient Monitors, Avalon Fetal/Maternal Monitors Vulnerabilities: Improper Authentication, Information Exposure, Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation may allow an attacker to read/write...

GE MDS PulseNET and MDS PulseNET Enterprise

1. EXECUTIVE SUMMARY CVSS v3 7.3 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: GE Equipment: MDS PulseNET and MDS PulseNET Enterprise Vulnerabilities: Improper Authentication, Improper Restriction of XML External Entity Reference, Relative Path Traversal 2. RISK EVALUATION...

ICSA-18-151-01_Delta Industrial Automation DOPSoft

1. EXECUTIVE SUMMARY CVSS v3 7.3 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Delta Electronics Equipment: Delta Industrial Automation DOPSoft Vulnerabilities: Out-of-bounds Read, Heap-based Buffer Overflow, Stack-based Buffer Overflow 2. RISK EVALUATION Successful...

Yokogawa STARDOM Controllers (Update A)

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Yokogawa Equipment: STARDOM Controllers --------- Begin Update A Part 1 of 5 -------- Vulnerabilities: Use of Hard-coded Credentials, Session Fixation, Insufficiently Protected Credentials,...

Schneider Electric Floating License Manager

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION : Remotely exploitable/low skill level to exploit Vendor : Schneider Electric Equipment : Floating License Manager Vulnerabilities : Heap-based Buffer Overflow, Improper Restriction of Operations within the Bounds of a Memory Buffer, Open Redirect 2...

BeaconMedaes TotalAlert Scroll Medical Air Systems

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: BeaconMedaes Equipment: TotalAlert Scroll Medical Air Systems web application Vulnerabilities: Improper Access Control, Insufficiently Protected Credentials, Unprotected Storage of Credentials 2...

Martem TELEM-GW6/GWM (Update B)

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION : Exploitable remotely/low skill level to exploit Vendor : Martem Equipment : TELEM-GW6/GWM --------- Begin Update B Part 1 of 5 -------- Vulnerabilities : Missing Authentication for Critical Function, Incorrect Default Permissions, Resource Exhaustion,...

BD Kiestra and InoquIA Systems (Update A)

1. EXECUTIVE SUMMARY CVSS v3 6.3 ATTENTION : Exploitable from adjacent network Vendor : Becton, Dickinson and Company BD Equipment : BD Kiestra and InoqulA systems Vulnerabilities : Product UI does not Warn User of Unsafe Actions 2. UPDATE INFORMATION This updated advisory is a follow-up to the...

Philips EncoreAnywhere

1. EXECUTIVE SUMMARY CVSS v3 5.9 ATTENTION : Exploitable remotely/public exploits are available Vendor : Philips Equipment : EncoreAnywhere product used in the Asia-Pacific APAC Region Vulnerability : Information Exposure 2. RISK EVALUATION Successful exploitation of this vulnerability can result...

Delta Electronics Delta Industrial Automation TPEditor (Update A)

1. EXECUTIVE SUMMARY CVSS v3 7.3 ATTENTION : Exploitable remotely/low skill level to exploit Vendor : Delta Electronics Equipment : Delta Industrial Automation TPEditor Vulnerability : Heap-based Buffer Overflow 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory...

GE PACSystems CPE305/310, CPE330, CPE400, RSTi-EP CPE 100, CPU320/CRU320, RXi

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION : Exploitable remotely/low skill level to exploit Vendor : GE Equipment : PACSystems CPE305/310, CPE330, CPE400, RSTi-EP CPE 100, CPU320/CRU320, RXi Vulnerability : Improper Input Validation 2. RISK EVALUATION Successful exploitation of this...

PHOENIX CONTACT FL SWITCH 3xxx/4xxx/48xx Series

1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION : Exploitable remotely/low skill level to exploit Vendor : PHOENIX CONTACT Equipment : FL SWITCH 3xxx/4xxx/48xx Series Vulnerabilities : Command Injection, Information Exposure, Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of...

Medtronic N'Vision Clinician Programmer (Update A)

1. EXECUTIVE SUMMARY --------- Begin Update A Part 1 of 5 -------- CVSS v3 6.3 --------- End Update A Part 1 of 5 ----------- ATTENTION: Low skill level to exploit Vendor: Medtronic Equipment: N’Vision Clinician Programmer --------- Begin Update A Part 2 of 5 ----------- Vulnerabilities:...

Advantech WebAccess

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION : Remotely exploitable/low skill level to exploit Vendor : Advantech Equipment : WebAccess Vulnerabilities : SQL Injection, Improper Authorization, Path Traversal, Heap-based Buffer Overflow, Stack-based Buffer Overflow, Untrusted Pointer Dereference,...

Siemens SIMATIC S7-400 CPU (Update A)

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION : Exploitable remotely/low skill level to exploit Vendor : Siemens Equipment : SINAMIC S7-400 CPU Vulnerability : Improper Input Validation 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-18-137-03 Siemens...

MatrikonOPC Explorer

1. EXECUTIVE SUMMARY CVSS v3 6.7 ATTENTION : Low skill level to exploit Vendor : MatrikonOPC Equipment : MatrikonOPC Explorer Vulnerability : Files or Directories Accessible to External Parties 2. RISK EVALUATION If the attacker has local access to the system, an attacker could exploit this...

Rockwell Automation Arena

1. EXECUTIVE SUMMARY CVSS v3 5.5 Vendor : Rockwell Automation Equipment : Arena Vulnerability : Use After Free 2. RISK EVALUATION Successful exploitation of this vulnerability could cause the software application to crash. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of...

Silex Technology SX-500/SD-320AN or GE Healthcare MobileLink (Update B)

1. EXECUTIVE SUMMARY CVSS v3 7.4 ATTENTION : Exploitable Remotely / Low skill level to exploit / Public exploits are available Vendors : Silex Technology, GE Healthcare Equipment : SX-500, SD-320AN, MobileLink Vulnerabilities : Improper Authentication, OS Command Injection 2. UPDATE INFORMATION...

Siemens Medium Voltage SINAMICS Products (Update A)

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION : Exploitable remotely/low skill level to exploit Vendor : Siemens Equipment : Medium Voltage SINAMICS Products Vulnerabilities : Improper Input Validation 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled...

ICSA-18-128-03 Siemens Siveillance VMS Video Mobile App

1. EXECUTIVE SUMMARY CVSS v3 4.8 ATTENTION : Exploitable remotely Vendor : Siemens Equipment : Siveillance VMS Video Mobile App Vulnerability : Improper Certificate Validation 2. RISK EVALUATION Successful exploitation of this vulnerability may allow an attacker in a privileged network position...

ICSA-18-128-02 Siemens Siveillance VMS (Update A)

1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION : Exploitable remotely Vendor : Siemens Equipment : Siveillance Video Management Software VMS Vulnerability : Deserialization of Untrusted Data 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-18-128-02...

Lantech IDS 2102

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION : Exploitable remotely/low skill level to exploit. Vendor : Lantech Equipment : IDS 2102 Vulnerabilities : Improper Input Validation, Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker...