4251 matches found
ICSA-18-347-02 Siemens EN100 Ethernet Communication Module and SIPROTEC 5 Relays (Update A)
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: EN100 Ethernet Communication Module and SIPROTEC 5 relays Vulnerabilities: Improper Input Validation 2. UPDATE INFORMATION This updated advisory is a follow-up to the original...
Schweitzer Engineering Laboratories, Inc. Compass and AcSELerator Architect
1. EXECUTIVE SUMMARY CVSS v3 8.2 ATTENTION: Exploitable remotely/Low skill level to exploit/Public exploits are available for these vulnerabilities Vendor: Schweitzer Engineering Laboratories, Inc. SEL Equipment: Compass and AcSELerator Architect Vulnerabilities: Incorrect Default Permissions,...
Universal Robots Robot Controllers
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Universal Robots Equipment: Robot Controllers Vulnerabilities: Use of Hard-coded Credentials, Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of these...
Tridium Niagara
1. EXECUTIVE SUMMARY CVSS v3 7.4 ATTENTION: Exploitable remotely Vendor: Tridium Equipment: Niagara Vulnerabilities: Path Traversal, Improper Authentication 2. REPOSTED INFORMATION This advisory was originally posted to the HSIN ICS-CERT library on July 10, 2018, and is being released to the...
Rockwell Automation Allen-Bradley Stratix 5950
1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Rockwell Automation Equipment: Allen-Bradley Stratix 5950 Vulnerabilities: Improper Input Validation, Improper Certificate Validation, Resource Management Errors 2. RISK EVALUATION Successful...
Medtronic MyCareLink Patient Monitor
1. EXECUTIVE SUMMARY CVSS v3 6.4 Vendor: Medtronic Equipment: MyCareLink Patient Monitor Vulnerabilities: Use of Hard-coded Password, Exposed Dangerous Method or Function 2. RISK EVALUATION If exploited, these vulnerabilities may allow privileged access to the monitor’s operating system. However,...
ICSA-18-317-01 Siemens IEC 61850 System Configurator, DIGSI 5, DIGSI 4, SICAM PAS/PQS, SICAM PQ Analyzer, and SICAM SCC
1. EXECUTIVE SUMMARY CVSS v3 4.2 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: IEC 61850 system configurator, DIGSI 5, DIGSI 4, SICAM PAS/PQS, SICAM PQ Analyzer, and SICAM SCC Vulnerability: Improper Access Control 2. RISK EVALUATION Successful exploitation of this vulnerability...
Rockwell Automation Allen-Bradley CompactLogix and Compact GuardLogix (Update A)
1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Rockwell Automation Equipment: Allen-Bradley CompactLogix and Compact GuardLogix Vulnerability: Improper Input Validation 2 UPDATE INFORMATION This updated advisory is a follow-up to the original...
Delta Electronics Delta Industrial Automation COMMGR
1. EXECUTIVE SUMMARY CVSS v3 7.3 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Delta Electronics Equipment: Delta Industrial Automation COMMGR Vulnerability: Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability may allow remote code...
Natus Xltek NeuroWorks
1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Natus Medical, Inc. Natus Equipment: Natus Xltek NeuroWorks software Vulnerabilities: Stack-Based Buffer Overflow, Out-of-Bounds Read 2. RISK EVALUATION Successful exploitation of these...
Schneider Electric U.motion Builder
1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Schneider Electric Equipment: U.motion Builder Vulnerabilities: Command Injection, Cross-site Scripting, and Improper Input Validation 2. RISK EVALUATION Successful exploitation of these...
Siemens SCALANCE X Switches (Update A)
1. EXECUTIVE SUMMARY CVSS v3 5.8 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: SCALANCE X switches Vulnerabilities: Cross-site Scripting 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-18-163-02 Siemens SCALANCE X Switches that was...
Siemens SCALANCE X Switches, RUGGEDCOM WiMAX, RFID 181-EIP, and SIMATIC RF182C (Update D)
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable from the same local network segment OSI Layer 2 Vendor: Siemens Equipment: SCALANCE X switches, RUGGEDCOM Win, RFID 181-EIP, and SIMATIC RF182C Vulnerability: Heap-based Buffer Overflow 2. UPDATE INFORMATION This updated advisory is a...
Rockwell Automation RSLinx Classic and FactoryTalk Linx Gateway
1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Low skill level to exploit Vendor: Rockwell Automation Equipment: RSLinx Classic and FactoryTalk Linx Gateway Vulnerability: Unquoted Search Path or Element 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an authorized, but...
ABB IP Gateway
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: ABB Equipment: IP Gateway Vulnerabilities: Improper Authentication, Cross-site Request Forgery, Unprotected Storage of Credentials 2. RISK EVALUATION Successful exploitation of these...
Philips' IntelliVue Patient and Avalon Fetal Monitors
1. EXECUTIVE SUMMARY CVSS v3 8.3 Vendor: Philips Equipment: IntelliVue Patient Monitors, Avalon Fetal/Maternal Monitors Vulnerabilities: Improper Authentication, Information Exposure, Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation may allow an attacker to read/write...
GE MDS PulseNET and MDS PulseNET Enterprise
1. EXECUTIVE SUMMARY CVSS v3 7.3 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: GE Equipment: MDS PulseNET and MDS PulseNET Enterprise Vulnerabilities: Improper Authentication, Improper Restriction of XML External Entity Reference, Relative Path Traversal 2. RISK EVALUATION...
ICSA-18-151-01_Delta Industrial Automation DOPSoft
1. EXECUTIVE SUMMARY CVSS v3 7.3 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Delta Electronics Equipment: Delta Industrial Automation DOPSoft Vulnerabilities: Out-of-bounds Read, Heap-based Buffer Overflow, Stack-based Buffer Overflow 2. RISK EVALUATION Successful...
Yokogawa STARDOM Controllers (Update A)
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Yokogawa Equipment: STARDOM Controllers --------- Begin Update A Part 1 of 5 -------- Vulnerabilities: Use of Hard-coded Credentials, Session Fixation, Insufficiently Protected Credentials,...
BeaconMedaes TotalAlert Scroll Medical Air Systems
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: BeaconMedaes Equipment: TotalAlert Scroll Medical Air Systems web application Vulnerabilities: Improper Access Control, Insufficiently Protected Credentials, Unprotected Storage of Credentials 2...
Schneider Electric Floating License Manager
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION : Remotely exploitable/low skill level to exploit Vendor : Schneider Electric Equipment : Floating License Manager Vulnerabilities : Heap-based Buffer Overflow, Improper Restriction of Operations within the Bounds of a Memory Buffer, Open Redirect 2...
BD Kiestra and InoquIA Systems (Update A)
1. EXECUTIVE SUMMARY CVSS v3 6.3 ATTENTION : Exploitable from adjacent network Vendor : Becton, Dickinson and Company BD Equipment : BD Kiestra and InoqulA systems Vulnerabilities : Product UI does not Warn User of Unsafe Actions 2. UPDATE INFORMATION This updated advisory is a follow-up to the...
Martem TELEM-GW6/GWM (Update B)
1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION : Exploitable remotely/low skill level to exploit Vendor : Martem Equipment : TELEM-GW6/GWM --------- Begin Update B Part 1 of 5 -------- Vulnerabilities : Missing Authentication for Critical Function, Incorrect Default Permissions, Resource Exhaustion,...
Philips EncoreAnywhere
1. EXECUTIVE SUMMARY CVSS v3 5.9 ATTENTION : Exploitable remotely/public exploits are available Vendor : Philips Equipment : EncoreAnywhere product used in the Asia-Pacific APAC Region Vulnerability : Information Exposure 2. RISK EVALUATION Successful exploitation of this vulnerability can result...
GE PACSystems CPE305/310, CPE330, CPE400, RSTi-EP CPE 100, CPU320/CRU320, RXi
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION : Exploitable remotely/low skill level to exploit Vendor : GE Equipment : PACSystems CPE305/310, CPE330, CPE400, RSTi-EP CPE 100, CPU320/CRU320, RXi Vulnerability : Improper Input Validation 2. RISK EVALUATION Successful exploitation of this...
PHOENIX CONTACT FL SWITCH 3xxx/4xxx/48xx Series
1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION : Exploitable remotely/low skill level to exploit Vendor : PHOENIX CONTACT Equipment : FL SWITCH 3xxx/4xxx/48xx Series Vulnerabilities : Command Injection, Information Exposure, Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of...
Delta Electronics Delta Industrial Automation TPEditor (Update A)
1. EXECUTIVE SUMMARY CVSS v3 7.3 ATTENTION : Exploitable remotely/low skill level to exploit Vendor : Delta Electronics Equipment : Delta Industrial Automation TPEditor Vulnerability : Heap-based Buffer Overflow 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory...
Medtronic N'Vision Clinician Programmer (Update A)
1. EXECUTIVE SUMMARY --------- Begin Update A Part 1 of 5 -------- CVSS v3 6.3 --------- End Update A Part 1 of 5 ----------- ATTENTION: Low skill level to exploit Vendor: Medtronic Equipment: N’Vision Clinician Programmer --------- Begin Update A Part 2 of 5 ----------- Vulnerabilities:...
Advantech WebAccess
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION : Remotely exploitable/low skill level to exploit Vendor : Advantech Equipment : WebAccess Vulnerabilities : SQL Injection, Improper Authorization, Path Traversal, Heap-based Buffer Overflow, Stack-based Buffer Overflow, Untrusted Pointer Dereference,...
Siemens SIMATIC S7-400 CPU (Update A)
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION : Exploitable remotely/low skill level to exploit Vendor : Siemens Equipment : SINAMIC S7-400 CPU Vulnerability : Improper Input Validation 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-18-137-03 Siemens...
MatrikonOPC Explorer
1. EXECUTIVE SUMMARY CVSS v3 6.7 ATTENTION : Low skill level to exploit Vendor : MatrikonOPC Equipment : MatrikonOPC Explorer Vulnerability : Files or Directories Accessible to External Parties 2. RISK EVALUATION If the attacker has local access to the system, an attacker could exploit this...
Rockwell Automation Arena
1. EXECUTIVE SUMMARY CVSS v3 5.5 Vendor : Rockwell Automation Equipment : Arena Vulnerability : Use After Free 2. RISK EVALUATION Successful exploitation of this vulnerability could cause the software application to crash. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of...
Silex Technology SX-500/SD-320AN or GE Healthcare MobileLink (Update B)
1. EXECUTIVE SUMMARY CVSS v3 7.4 ATTENTION : Exploitable Remotely / Low skill level to exploit / Public exploits are available Vendors : Silex Technology, GE Healthcare Equipment : SX-500, SD-320AN, MobileLink Vulnerabilities : Improper Authentication, OS Command Injection 2. UPDATE INFORMATION...
Philips Brilliance Computed Tomography (CT) System (Update A)
1. EXECUTIVE SUMMARY CVSS v3 8.4 ATTENTION: Low skill level to exploit Vendor: Philips --------- Begin Update A Part 1 of 3 ---------- Equipment: Brilliance CT Scanners and MX8000 Dual EXP --------- End Update A Part 1 of 3 ---------- Vulnerabilities: Execution with Unnecessary Privileges,...
ICSA-18-128-02 Siemens Siveillance VMS (Update A)
1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION : Exploitable remotely Vendor : Siemens Equipment : Siveillance Video Management Software VMS Vulnerability : Deserialization of Untrusted Data 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-18-128-02...
Siemens Medium Voltage SINAMICS Products (Update A)
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION : Exploitable remotely/low skill level to exploit Vendor : Siemens Equipment : Medium Voltage SINAMICS Products Vulnerabilities : Improper Input Validation 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled...
Lantech IDS 2102
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION : Exploitable remotely/low skill level to exploit. Vendor : Lantech Equipment : IDS 2102 Vulnerabilities : Improper Input Validation, Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker...
ICSA-18-128-03 Siemens Siveillance VMS Video Mobile App
1. EXECUTIVE SUMMARY CVSS v3 4.8 ATTENTION : Exploitable remotely Vendor : Siemens Equipment : Siveillance VMS Video Mobile App Vulnerability : Improper Certificate Validation 2. RISK EVALUATION Successful exploitation of this vulnerability may allow an attacker in a privileged network position...
Delta Electronics PMSoft
1. EXECUTIVE SUMMARY CVSS v3 7.1 ATTENTION : Low skill level to exploit. Vendor : Delta Electronics Equipment : PMSoft Vulnerabilities : Multiple Stack-Based Buffer Overflow vulnerabilities 2. RISK EVALUATION Successful exploitation of these vulnerabilities could cause the application to crash;...
WECON Technology Co., Ltd. LeviStudio HMI Editor and PI Studio HMI Project Programmer
1. EXECUTIVE SUMMARY CVSS v3 5.9 ATTENTION : Low skill level to exploit. Vendor : WECON Technology Co., Ltd. WECON Equipment : LeviStudio HMI Editor, and PI Studio HMI Project Programmer Vulnerabilities : Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of these...
Advantech WebAccess HMI Designer
1. EXECUTIVE SUMMARY CVSS v3 6.3 ATTENTION : Exploitable remotely/low skill level to exploit. Vendor : Advantech Equipment : Advantech WebAccess HMI Designer Vulnerabilities : Heap-based Buffer Overflow, Double Free, Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of these...
Intel 2G Modem
1. EXECUTIVE SUMMARY CVSS v3 8.2 ATTENTION : Exploitable remotely Vendor : Intel Equipment : Intel 2G Modem Vulnerability : Buffer Overflow 2. RISK EVALUATION Successful exploitation of this buffer overflow vulnerability may allow remote code execution. The vulnerability affects Intel 2G modem...
BD Pyxis
1. EXECUTIVE SUMMARY CVSS v3 6.8 ATTENTION : Public exploits are available. Vendor : Becton, Dickinson and Company BD Equipment : Certain BD Pyxis Products Vulnerability : Reusing a Nonce 2. RISK EVALUATION Successful exploitation of this vulnerability could allow data traffic manipulation,...
Vecna VGo Robot (Update A)
1. EXECUTIVE SUMMARY CVSS v3 8.8 --------- Begin Update A Part 1 of 6 --------- ATTENTION: Exploitable remotely/low skill level to exploit --------- End Update A Part 1 of 6 --------- Vendor: Vecna Technologies, Inc. Vecna Equipment: VGo Robot --------- Begin Update A Part 2 of 6 ---------...
Siemens SIMATIC WinCC OA Operator IOS App (Update A)
1. EXECUTIVE SUMMARY CVSS v3 4.0 Vendor : Siemens Equipment : SIMATIC WinCC OA iOS App Vulnerability : File and Directory Information Exposure. 2 UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-18-109-01 Siemens SIMATIC WinCC OA Operator iOS App that...
Biosense Webster Carto 3 System Vulnerabilities
1. EXECUTIVE SUMMARY Biosense Webster Inc. BWI, a Johnson & Johnson company, has produced a software update that applies operating system patches and anti-virus signature updates to close known vulnerabilities in the operating system of the CARTO 3 System, a 3D cardiovascular mapping platform...
Schneider Electric Triconex Tricon
1. EXECUTIVE SUMMARY CVSS v3 9.0 ATTENTION : Exploitable remotely/HatMan malware specifically targets these vulnerabilities. Vendor : Schneider Electric Equipment : Triconex Tricon, Model 3008 Vulnerabilities : Improper Restriction of Operations within the Bounds of a Memory Buffer 2. UPDATE...
Abbott Laboratories Defibrillator
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION : Exploitable remotely Vendor : Abbott Laboratories Equipment : Implantable Cardioverter Defibrillator and Cardiac Synchronization Therapy Defibrillator Vulnerabilities : Improper Authentication and Improper Restriction of Power Consumption MedSec...
Schneider Electric InduSoft Web Studio and InTouch Machine Edition
1. EXECUTIVE SUMMARY CVSS v3 9.8 Attention : Exploitable remotely/low skill level to exploit. Vendor : Schneider Electric Software, LLC Equipment : InduSoft Web Studio, InTouch Machine Edition Vulnerability : Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this...
ICSA-18-107-03_Rockwell Automation Stratix Services Router
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION : Exploitable remotely/low skill level to exploit. Vendor : Rockwell Automation Equipment : Allen-Bradley Stratix 5900 Services Router Vulnerabilities : Improper Input Validation, Improper Restriction of Operations within the Bounds of a Memory Buffer,...