4207 matches found
Siemens SIMATIC WinCC OA Operator IOS App (Update A)
1. EXECUTIVE SUMMARY CVSS v3 4.0 Vendor : Siemens Equipment : SIMATIC WinCC OA iOS App Vulnerability : File and Directory Information Exposure. 2 UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-18-109-01 Siemens SIMATIC WinCC OA Operator iOS App that...
Biosense Webster Carto 3 System Vulnerabilities
1. EXECUTIVE SUMMARY Biosense Webster Inc. BWI, a Johnson & Johnson company, has produced a software update that applies operating system patches and anti-virus signature updates to close known vulnerabilities in the operating system of the CARTO 3 System, a 3D cardiovascular mapping platform...
Schneider Electric Triconex Tricon
1. EXECUTIVE SUMMARY CVSS v3 9.0 ATTENTION : Exploitable remotely/HatMan malware specifically targets these vulnerabilities. Vendor : Schneider Electric Equipment : Triconex Tricon, Model 3008 Vulnerabilities : Improper Restriction of Operations within the Bounds of a Memory Buffer 2. UPDATE...
ICSA-18-107-03_Rockwell Automation Stratix Services Router
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION : Exploitable remotely/low skill level to exploit. Vendor : Rockwell Automation Equipment : Allen-Bradley Stratix 5900 Services Router Vulnerabilities : Improper Input Validation, Improper Restriction of Operations within the Bounds of a Memory Buffer,...
Abbott Laboratories Defibrillator
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION : Exploitable remotely Vendor : Abbott Laboratories Equipment : Implantable Cardioverter Defibrillator and Cardiac Synchronization Therapy Defibrillator Vulnerabilities : Improper Authentication and Improper Restriction of Power Consumption MedSec...
ICSA-18-107-05_Rockwell Automation Stratix Industrial Managed Ethernet Switch
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION : Exploitable remotely/low skill level to exploit. Vendor : Rockwell Automation Equipment : Allen-Bradley Stratix Industrial Managed Ethernet Switch Vulnerabilities : Improper Input Validation, Resource Management Errors, 7PK – Errors, Improper...
Schneider Electric InduSoft Web Studio and InTouch Machine Edition
1. EXECUTIVE SUMMARY CVSS v3 9.8 Attention : Exploitable remotely/low skill level to exploit. Vendor : Schneider Electric Software, LLC Equipment : InduSoft Web Studio, InTouch Machine Edition Vulnerability : Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this...
Rockwell Automation Stratix and ArmorStratix Switches
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION : Exploitable remotely/low skill level to exploit. Vendor : Rockwell Automation Equipment : Allen-Bradley Stratix and ArmorStratix Switches Vulnerabilities : Improper Input Validation, Resource Management Errors, Improper Restriction of Operations within...
Rockwell Automation FactoryTalk Activation Manager (Update B)
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION : Exploitable remotely/low skill level to exploit Vendor : Rockwell Automation Equipment : Factory Talk Activation Manager Vulnerabilities : Cross-site Scripting, Improper Restriction of Operations within the Bounds of a Memory Buffer 2. UPDATE...
Yokogawa CENTUM and Exaopc
1. EXECUTIVE SUMMARY CVSS v3 6.5 Vendor : Yokogawa Equipment : CENTUM series and Exaopc Vulnerability : Permissions, Privileges, and Access Controls 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a local attacker to generate false system or process alarms, or block...
ATI Systems Emergency Mass Notification Systems
1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION : Exploitable remotely. Vendor : Acoustic Technology, Inc. ATI Systems Equipment : ATI Emergency Mass Notification Systems Vulnerabilities : Improper Authentication, Missing Encryption of Sensitive Data. 2. RISK EVALUATION Successful exploitation of...
Omron CX-One
1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION : Low skill level to exploit. Vendor : Omron Equipment : CX-One Vulnerabilities: Stack-based Buffer Overflow, Heap-based Buffer Overflow, Type Confusion . 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow remote code...
Moxa MXview
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION : Exploitable remotely/low skill level to exploit. Vendor : Moxa Equipment : MXview Vulnerabilities : Information Exposure 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote attacker to access and read cryptographic...
LCDS - Leão Consultoria e Desenvolvimento de Sistemas Ltda ME LAquis SCADA
1. EXECUTIVE SUMMARY CVSS v3 7.0 Vendor : LCDS - Leão Consultoria e Desenvolvimento de Sistemas LTDA ME Equipment : LAquis SCADA Vulnerability : Improper Check or Handling of Exceptional Conditions 2. RISK EVALUATION Successful exploitation of this vulnerability could cause the device an attacker...
WAGO 750 Series
CVSS v3 5.3 ATTENTION: Exploitable remotely/low skill level to exploit. Vendor: WAGO Equipment: 750 Series Vulnerability: Improper Resource Shutdown or Release AFFECTED PRODUCTS The following versions of 750 series PLC are affected: 750-880 firmware version 10 and prior, 750-881 firmware version ...
ICSA-18-093-01 Siemens Building Technologies Products (Update A)
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION : Exploitable remotely/low skill level to exploit. Vendor : Siemens Equipment : Building Technologies Products Vulnerabilities : Stack-based Buffer Overflows, Security Features, Improper Restriction of Operations within the Bounds of a Memory Buffer, NUL...
Philips Alice 6 Vulnerabilities (Update B)
1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low skill level to exploit/public exploits are available Vendor: Philips Equipment: Philips Alice 6 System product Vulnerabilities: Improper Authentication, Missing Encryption of Sensitive Data 2. UPDATE INFORMATION This updated...
Siemens TIM 1531 IRC
CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit. Vendor: Siemens Equipment: TIM 1531 IRC Vulnerability: Missing Authentication for Critical Function AFFECTED PRODUCTS Siemens reports that the vulnerability affects the following TIM 1531 IRC communications modules: TIM 1531...
Siemens SIMATIC PCS 7, SIMATIC WinCC, SIMATIC WinCC Runtime Professional, and SIMATIC NET PC Software (Update G)
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION : Exploitable remotely/low skill level to exploit. Vendor : Siemens Equipment : SIMATIC PCS 7, SIMATIC WinCC, SIMATIC WinCC Runtime Professional, and SIMATIC NET PC Software Vulnerability : Improper Input Validation 2. UPDATE INFORMATION This updated...
Schneider Electric Modicon Premium, Modicon Quantum, Modicon M340, and Modicon BMXNOR0200
CVSS v3 5.9 ATTENTION: Exploitable remotely/low skill level to exploit. Vendor: Schneider Electric Equipment: Modicon Premium, Modicon Quantum, Modicon M340, and Modicon BMXNOR0200 Vulnerabilities: Stack-based Buffer Overflow, Use of Hard-coded Credentials, Use of a Broken or Risky Cryptographic...
Beckhoff TwinCAT
CVSS v3 7.8 ATTENTION: Low skill level to exploit. Vendor: Beckhoff Equipment: TwinCAT Vulnerability: Untrusted Pointer Dereference AFFECTED PRODUCTS Beckhoff reports that the vulnerability affects the following TwinCAT PLC products: TwinCAT 3.1 Build 4022.4 or prior, TwinCAT 2.11 R3 2259 or prio...
ICSA-18-081-01 Siemens SIMATIC WinCC OA UI Mobile App
CVSS v3 5.1 ATTENTION: Exploitable from an adjacent network. Vendor: Siemens Equipment: SIMATIC WinCC OA UI mobile app Vulnerability: Improper Access Control AFFECTED PRODUCTS Siemens reports that this vulnerability affects the following products: SIMATIC WinCC OA UI for Android: All versions pri...
Siemens SIMATIC, SINUMERIK, and PROFINET IO (Update D)
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
Geutebruck IP Cameras
CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit. Vendor: Geutebrück Equipment: IP Cameras Vulnerabilities: Improper Authentication, SQL Injection, Cross-Site Request Forgery, Improper Access Control, Server-Side Request Forgery, Cross-site Scripting AFFECTED PRODUCTS...
OSIsoft PI Vision
CVSS v3 6.1 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: OSIsoft Equipment: PI Vision Vulnerabilities: Protection Mechanism Failure, Information Exposure AFFECTED PRODUCTS The following versions of PI Vision, a data visualization framework, are affected: PI Vision versions...
OSIsoft PI Data Archive
CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit. Vendor: OSIsoft Equipment: PI Data Archive Vulnerabilities: Deserialization of Untrusted Data, Improper Input Validation, Incorrect Default Permissions AFFECTED PRODUCTS The following versions of PI Data Archive, a data stora...
OSIsoft PI Web API
CVSS v3 9.3 ATTENTION: Exploitable remotely/low skill level to exploit. Vendor: OSIsoft Equipment: PI Web API Vulnerabilities: Permissions, Privileges, and Access Controls; Cross-site Scripting AFFECTED PRODUCTS OSIsoft reports that the vulnerabilities affect the following PI Web API products: PI...
Omron CX-Supervisor (Update A)
1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION : Low skill level to exploit Vendor : Omron Equipment : CX-Supervisor Vulnerabilities : Stack-based Buffer Overflow, Use After Free, Access of Uninitialized Pointer, Double Free, Out-of-bounds Write, Untrusted Pointer Dereference, Heap-based Buffer...
ICSA-18-067-02_Siemens SIPROTEC 4, SIPROTEC Compact, and Reyrolle Devices using the EN100 Ethernet Communication Module Extension (Update B)
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIPROTEC 4, SIPROTEC Compact, and Reyrolle devices using the EN100 Ethernet communication module extension Vulnerability: Missing Authentication for Critical Function 2. UPDATE...
Siemens SIPROTEC 4, SIPROTEC Compact, DIGSI 4, and EN100 Ethernet Module (Update D)
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION : Exploitable remotely/low attack complexity Vendor : Siemens Equipment : SIPROTEC 4, SIPROTEC Compact, DIGSI 4, and EN100 Ethernet module Vulnerabilities : Missing Authentication for Critical Function, Inadequate Encryption Strength 2. UPDATE...
Hirschmann Automation and Control GmbH Classic Platform Switches
CVSS v3 7.5 ATTENTION: Exploitable remotely/high skill level is needed to exploit. Vendor: Hirschmann Automation and Control GmbH, a division of Belden Inc. Equipment: Classic Platform Switches Vulnerabilities: Session Fixation, Information Exposure Through Query Strings in GET Request, Cleartext...
Eaton ELCSoft
CVSS v3 6.3 ATTENTION: Exploitable remotely/low skill level to exploit. Vendor: Eaton Equipment: ELCSoft Vulnerability: Improper Input Validation AFFECTED PRODUCTS ELCSoft is programming software for all Eaton ELC programmable logic controllers. The ELC programmable logic controllers are not...
Schneider Electric SoMove Software and DTM Software Components
CVSS v3 7.8 Vendor: Schneider Electric Equipment: SoMove software and DTM software components Vulnerability: Uncontrolled Search Path Element AFFECTED PRODUCTS Schneider Electric reports the vulnerability affects the following SoMove software and DTM software components: SoMove software, versions...
ICSA-18-060-01_Siemens SIMATIC, SIMOTION, and SINUMERIK (Update A)
1. EXECUTIVE SUMMARY CVSS v3 8.2 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-18-060-01 Siemens SIMATIC, SIMOTION, and SINUMERIK that was published March 01, 2018, on the NCCIC/ICS-CERT website. 3. RISK EVALUATION Successful exploitation of...
Moxa OnCell G3100-HSPA Series
CVSS v3 9.8 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Moxa Equipment: OnCell G3100-HSPA Series Vulnerabilities: Reliance on Cookies without Validation and Integrity Checking, Improper Handling of Length Parameter Inconsistency, NULL Pointer Dereference AFFECTED PRODUCTS...
Delta Electronics Delta Industrial Automation DOPSoft
CVSS v3 6.3 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Delta Electronics Equipment: Delta Industrial Automation DOPSoft Vulnerability: Stack-based Buffer Overflow AFFECTED PRODUCTS The following version of Delta Industrial Automation DOPSoft, a human machine interface HMI...
Siemens SIMATIC Industrial PCs
CVSS v3 5.9 ATTENTION: Remotely exploitable Vendor: Siemens Equipment: SIMATIC Industrial PCs Vulnerability: Cryptographic Issues AFFECTED PRODUCTS Siemens reports that the vulnerability affects the following versions of SIMATIC Industrial PCs using a version of Infineon’s Trusted Platform Module...
Emerson ControlWave Micro Process Automation Controller
CVSS v3 7.5 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Emerson Process Management LLLP Equipment: ControlWave Micro Process Automation Controller Vulnerability: Stack-based Buffer Overflow AFFECTED PRODUCTS The following versions of ControlWave Micro firmware, a family of...
Philips Intellispace Portal ISP Vulnerabilities
OVERVIEW Philips reported vulnerabilities in the Philips’ IntelliSpace Portal ISP, an advanced visualization and image analysis system. Philips is creating a software update to mitigate these vulnerabilities in the affected products. Additionally, they are issuing mitigating controls for some...
Medtronic 2090 Carelink Programmer Vulnerabilities (Update C)
1. EXECUTIVE SUMMARY CVSS v3 7.1 Vendor: Medtronic Equipment: 2090 CareLink Programmer, 29901 Encore Programmer Vulnerabilities: Storing Passwords in a Recoverable Format, Relative Path Traversal, Improper Restriction of Communication Channel to Intended Endpoints 2. UPDATE INFORMATION This...
Delta Electronics WPLSoft
CVSS v3 8.3 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Delta Electronics Equipment: WPLSoft Vulnerabilities: Stack-based Buffer Overflow, Heap-based Buffer Overflow, Out-of-bounds Write. AFFECTED PRODUCTS The following versions of WPLSoft, a PLC programming software, are...
Siemens SIMATIC Industrial PCs (Update A)
CVSS v3 5.9 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: SIMATIC Industrial PCs Vulnerability: Cryptographic Issues UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-18-058-01 Siemens SIMATIC Industrial PCs that was published February 27,...
ABB netCADOPS Web Application
CVSS v3 5.8 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: ABB Equipment: netCADOPS Web Application Vulnerability: Information Exposure AFFECTED PRODUCTS The following versions of netCADOPS Web Application, a web interface, are affected: netCADOPS Web Application Version 3.4...
Nortek Linear eMerge E3 Series
CVSS v3 9.8 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Nortek Equipment: Linear eMerge E3 Series Vulnerability: Command Injection AFFECTED PRODUCTS The following Linear eMerge, an access control interface, versions are affected: Linear eMerge E3 series Versions V0.32-07e...
GE D60 Line Distance Relay
CVSS v3 9.8 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: GE Equipment: D60 Line Distance Relay Vulnerabilities: Stack-based Buffer Overflow, Improper Restriction of Operations within the Bounds of a Memory Buffer AFFECTED PRODUCTS The following versions of the D60 Line...
Schneider Electric StruxureOn Gateway
CVSS v3 7.2 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Schneider Electric Equipment: StruxureOn Gateway Vulnerability: Unrestricted Upload of File with Dangerous Type AFFECTED PRODUCTS Schneider Electric reports that the vulnerability affects the following versions of...
Schneider Electric IGSS Mobile
CVSS v3 6.4 ATTENTION: Locally exploitable/low skill level to exploit. Vendor: Schneider Electric Equipment: IGSS Mobile Vulnerabilities: Improper Certificate Validation, Plaintext Storage of a Password AFFECTED PRODUCTS Schneider Electric reports that the vulnerabilities affect the following IGS...
Schneider Electric IGSS SCADA Software
CVSS v3 7.0 ATTENTION: Locally exploitable/high skill level to exploit. Vendor: Schneider Electric Equipment: IGSS SCADA Software Vulnerability: Security Misconfiguration AFFECTED PRODUCTS Schneider Electric reports that the vulnerability affects the following IGSS SCADA Software products: IGSS...
WAGO PFC200 Series
CVSS v3 9.8 ATTENTION: Remotely exploitable/low skill level to exploit. Public exploits are available. Vendor: WAGO Equipment: PFC200 Series Vulnerability: Improper Authentication UPDATE INFORMATION This advisory is a follow-up to the alert titled ICS-ALERT-17-341-01 WAGO PFC200 that was publishe...
GE Medical Devices Vulnerability
OVERVIEW This advisory was originally posted to the HSIN ICS-CERT library on February 6, 2018, and is being released to the NCCIC/ICS-CERT website. Independent researcher Scott Erven submitted information regarding the potential use of default or hard-coded credentials in multiple GE Healthcare...