4207 matches found
Vyaire Medical CareFusion Upgrade Utility Vulnerability
OVERVIEW Independent researcher Mark Cross @xerubus has identified an uncontrolled search path element vulnerability in Vyaire Medical’s CareFusion Upgrade Utility application. Vyaire Medical has produced an update that mitigates this vulnerability. AFFECTED PRODUCTS The following versions of...
Gemalto Sentinel License Manager
CVSS v3 9.9 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Gemalto Equipment: Sentinel License Manager Vulnerability: Null Pointer Dereference, Buffer Overflows, Improper Access Control AFFECTED PRODUCTS The following Sentinel License Manger services are affected: All HASP SR...
3S-Smart Software Solutions GmbH CODESYS Web Server
CVSS v3 9.8 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: 3S-Smart Software Solutions GmbH Equipment: CODESYS Web Server Vulnerability: Stack-based Buffer Overflow AFFECTED PRODUCTS All Microsoft Windows also WinCE based CODESYS web servers running stand-alone Version 2.3, o...
Fuji Electric V-Server VPR
CVSS v3 8.6 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Fuji Electric Equipment: V-Server VPR Vulnerability: Stack-based Buffer Overflow AFFECTED PRODUCTS The following versions of V-Server VPR, a data collection and management service, are affected: V-Server VPR 4.0.1.0 a...
PHOENIX CONTACT mGuard
CVSS v3 7.8 ATTENTION: Low skill level to exploit. Vendor: PHOENIX CONTACT Equipment: mGuard Vulnerability: Improper Validation of Integrity Check Value AFFECTED PRODUCTS The following versions of mGuard, a network device, are affected: mGuard firmware versions 7.2 to 8.6.0 IMPACT Successful...
Siemens TeleControl Server Basic
CVSS v3 8.8 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Siemens Equipment: TeleControl Server Basic Vulnerabilities: Authentication Bypass Using an Alternate Path or Channel, Permissions, Privileges, and Access Controls, Resource Exhaustion AFFECTED PRODUCTS The following...
Siemens Desigo PXC
CVSS v3 9.8 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Siemens Equipment: Desigo PXC Vulnerability: Improper Authentication AFFECTED PRODUCTS Siemens reports that the vulnerability affects the following versions of Desigo PXC: Desigo Automation Controllers Compact...
Siemens Desigo PXC (Update A)
CVSS v3 9.8 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Siemens Equipment: Desigo PXC Vulnerability: Improper Authentication UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-18-025-02 Siemens Desigo PXC that was published January...
Philips IntelliSpace Cardiovascular System Vulnerability
OVERVIEW Philips reported an insufficient session expiration vulnerability in the Philips’ IntelliSpace Cardiovascular cardiac image and information management systems. Philips is creating a software update to mitigate this vulnerability in the affected products. AFFECTED PRODUCTS Philips reports...
Nari PCS-9611 (Update A)
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION : Exploitable remotely/low skill level to exploit. Vendor : Nari Equipment : PCS-9611 Vulnerability : Improper Input Validation 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-18-025-01 Nari PCS-9611 that...
Siemens Desigo PXC (Update C)
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
Advantech WebAccess/SCADA
CVSS v3 5.3 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Advantech Equipment: WebAccess/SCADA Vulnerabilities: Path Traversal, SQL Injection AFFECTED PRODUCTS The following versions of WebAccess/SCADA, a SCADA software platform, are affected: WebAccess/SCADA versions prior ...
Siemens SIMATIC WinCC Add-On (Update A)
CVSS v3 9.8 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Siemens Equipment: SIMATIC WinCC Add-On Vulnerabilities: Stack-based Buffer Overflow, Improper Input Validation, Improper Restriction of Operations within the Bounds of a Memory Buffer, Security Features, Improper...
ICSA-18-018-01A Siemens SIMATIC WinCC Add-On (Update A)
CVSS v3 9.8 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Siemens Equipment: SIMATIC WinCC Add-On Vulnerabilities: Stack-based Buffer Overflow, Improper Input Validation, Improper Restriction of Operations within the Bounds of a Memory Buffer, Security Features, Improper...
ICSA-18-023-02 Siemens Industrial Products (Update A)
1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable from an adjacent network/low skill level to exploit Vendor: Siemens Equipment: Industrial Products Vulnerabilities: Improper Input Validation 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled...
WECON Technology Co., Ltd. LeviStudio HMI Editor
CVSS v3 5.3 ATTENTION: Locally exploitable/low skill level to exploit. Vendor: WECON Technology Co., Ltd. WECON Equipment: LeviStudio HMI Editor Vulnerabilities: Buffer Overflows AFFECTED PRODUCTS The following versions of LEVI Studio HMI Editor, an HMI programming software product, are affected:...
Moxa MXview
CVSS v3 7.8 ATTENTION: Low skill level to exploit. Vendor: Moxa Equipment: MXview Vulnerability: Unquoted Search Path or Element. AFFECTED PRODUCTS The following versions of MXview, network management software, are affected: MXview v2.8 and prior. IMPACT Successful exploitation of this...
PHOENIX CONTACT FL SWITCH
CVSS v3 9.8 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: PHOENIX CONTACT Equipment: FL SWITCH Vulnerabilities: Improper Authorization, Information Exposure AFFECTED PRODUCTS All FL SWITCH 3xxx, 4xxx, and 48xxx Series products running firmware Version 1.0 to 1.32 are affecte...
Rockwell Automation Allen-Bradley MicroLogix 1400 Controllers
CVSS v3 8.6 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Rockwell Automation Equipment: Allen-Bradley MicroLogix 1400 Controllers Vulnerability: Buffer Overflow AFFECTED PRODUCTS The following versions of MicroLogix 1400 Controllers, a PLC, are affected: MicroLogix 1400...
Advantech WebAccess
CVSS v3 8.2 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Advantech Equipment: WebAccess Vulnerabilities: Untrusted Pointer Dereference, Stack-based Buffer Overflow, Path Traversal, SQL Injection, Improper Input Validation. AFFECTED PRODUCTS Advantech reports that the...
Delta Electronics Delta Industrial Automation Screen Editor
CVSS v3 5.5 ATTENTION: Low skill level to exploit. Vendor: Delta Electronics, Incorporated Delta Electronics Equipment: Delta Industrial Automation Screen Editor Vulnerabilities: Stack-based Buffer Overflow, Use-after-Free, Out-of-bounds Write, Type Confusion AFFECTED PRODUCTS The following...
Advantech WebAccess (Update A)
CVSS v3 8.2 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Advantech Equipment: WebAccess Vulnerabilities: Untrusted Pointer Dereference, Stack-based Buffer Overflow, Path Traversal, SQL Injection, Improper Input Validation. UPDATE INFORMATION This updated advisory is a...
ICSA-17-355-01_Moxa NPort W2150A and W2250A
CVSS v3 6.5 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Moxa Equipment: NPort W2150A and W2250A Vulnerability: Credentials Management AFFECTED PRODUCTS The following versions of NPort, a serial network interface, are affected: NPort W2150A Versions prior to 1.11, and NPort...
Schneider Electric Pelco VideoXpert Enterprise
CVSS v3 7.1 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Schneider Electric Equipment: Pelco VideoXpert Enterprise Vulnerabilities: Path Traversal, Improper Access Control AFFECTED PRODUCTS Schneider Electric reports that the vulnerabilities affect the following Pelco...
PEPPERL+FUCHS/ecom instruments WLAN Capable Devices using the WPA2 Protocol
CVSS v3 8.1 ATTENTION: Low skill level is needed to exploit. Public exploits are available. Vendor: PEPPERL+FUCHS/ecom instruments Equipment: WLAN capable devices using the WPA2 Protocol Vulnerabilities: Reusing a Nonce AFFECTED PRODUCTS PEPPERL+FUCHS/ecom instruments reports that these...
WECON Technology Co., Ltd. LeviStudio HMI Editor
CVSS v3 7.3 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: WECON Technology Co., Ltd. WECON Equipment: LeviStudio HMI editor Vulnerability: Heap-based Buffer Overflow AFFECTED PRODUCTS All versions of LeviStudio HMI, an HMI editor, are affected. IMPACT Successful exploitation...
Siemens LOGO! Soft Comfort
CVSS v3 5.9 ATTENTION: Remotely exploitable. Vendor: Siemens Equipment: LOGO! Soft Comfort Vulnerability: Download of Code without Integrity Check AFFECTED PRODUCTS Siemens reports that the vulnerability affects the following LOGO! Soft Comfort engineering software products: LOGO! Soft Comfort: A...
Ecava IntegraXor
CVSS v3 5.3 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Ecava Equipment: IntegraXor Vulnerabilities: SQL Injection AFFECTED PRODUCTS The following version of IntegraXor, a web SCADA/HMI solution, is affected: Ecava IntegraXor v 6.1.1030.1 and prior. IMPACT Successful...
ABB Ellipse
CVSS v3 6.5 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: ABB Equipment: Ellipse Vulnerability: Unprotected Transport of Credentials AFFECTED PRODUCTS ABB reports that the vulnerability affects Ellipse 8.3 through Ellipse 8.9 released prior to December 2017 including Ellipse...
Rockwell Automation FactoryTalk Alarms and Events
CVSS v3 7.5 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Rockwell Automation Equipment: FactoryTalk Alarms and Events Vulnerability: Improper Input Validation AFFECTED PRODUCTS The following versions of FactoryTalk Alarms and Events, a component of the Factory Talk Services...
PHOENIX CONTACT FL COMSERVER, FL COM SERVER, and PSI-MODEM/ETH
CVSS v3 8.2 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: PHOENIX CONTACT Equipment: FL COMSERVER, FL COM SERVER, and PSI-MODEM/ETH Vulnerability: Cross-site Scripting AFFECTED PRODUCTS The following models running firmware versions prior to 1.99, 2.20, or 2.40 of FL...
Xiongmai Technology IP Cameras and DVRs
CVSS v3 9.8 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Xiongmai Technology Equipment: IP Cameras and DVRs Vulnerability: Stack-based Buffer Overflow AFFECTED PRODUCTS The following versions of Xiongmai Technology IP cameras and DVRs are affected: All IP Cameras and DVRs...
Siemens Industrial Products (Update B)
CVSS v3 7.5 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Siemens Equipment: Industrial products Vulnerability: Improper Input Validation UPDATE INFORMATION This updated advisory is a follow-up to the updated advisory titled ICSA-17-339-01A Siemens Industrial Products that w...
Siemens Industrial Products (Update D)
CVSS v3 7.5 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Siemens Equipment: Industrial products Vulnerability: Improper Input Validation UPDATE INFORMATION This updated advisory is a follow-up to the updated advisory titled ICSA-17-339-01C Siemens Industrial Products that w...
Siemens Industrial Products (Update C)
CVSS v3 7.5 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Siemens Equipment: Industrial products Vulnerability: Improper Input Validation UPDATE INFORMATION This updated advisory is a follow-up to the updated advisory titled ICSA-17-339-01B Siemens Industrial Products that w...
Siemens Industrial Products (Update A)
CVSS v3 7.5 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Siemens Equipment: Industrial products Vulnerability: Improper Input Validation UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-17-339-01 Siemens Industrial Products that w...
GEOVAP Reliance SCADA
CVSS v3 6.1 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: GEOVAP Equipment: Reliance SCADA Vulnerability: Cross-site Scripting AFFECTED PRODUCTS The following versions of Reliance SCADA, a software management platform, are affected: Reliance SCADA Version 4.7.3 Update 2 and...
Siemens SWT3000
CVSS v3 5.3 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Siemens Equipment: SWT3000 Vulnerabilities: Improper Authentication, Authentication Bypass, Improper Input Validation. AFFECTED PRODUCTS Siemens reports that the vulnerabilities affect the following SWT 3000...
Ethicon Endo-Surgery Generator G11 Vulnerability
OVERVIEW Johnson & Johnson, the parent company of Ethicon Endo-Surgery, LLC, reported an improper authentication vulnerability in the Ethicon Endo-Surgery Generator Gen11. EthiconEndo-Surgery, LLC has produced updates that mitigate this vulnerability in the affected product. AFFECTED PRODUCTS The...
Siemens Industrial Products (Update S)
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION : Remotely exploitable/low attack complexity Vendor : Siemens Equipment : Industrial Products Vulnerability : Improper Input Validation 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled ICSA-17-339-01 Siemens...
PHOENIX CONTACT WLAN Capable Devices using the WPA2 Protocol
CVSS v3 6.8 ATTENTION: Public exploits are available. Vendor: PHOENIX CONTACT Equipment: WLAN capable devices using the WPA2 Protocol Vulnerabilities: Reusing a Nonce AFFECTED PRODUCTS PHOENIX CONTACT reports that these vulnerabilities affect all versions of the following WLAN capable devices usi...
Siemens SCALANCE W1750D, M800, S615, and RUGGEDCOM RM1224 (Update C)
1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely/low skill level to exploit. Vendor: Siemens --------- Begin Update C Part 1 of 3 -------- Equipment: SCALANCE W1750D, M800, S615, and RUGGEDCOM RM1224 --------- End Update C Part 1 of 3 -------- Vulnerabilities: Resource...
Moxa NPort 5110, 5130, and 5150
CVSS v3 8.6 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Moxa Equipment: NPort 5110, 5130, 5150 Vulnerabilities: Injection, Information Exposure, Resource Exhaustion AFFECTED PRODUCTS The following versions of NPort, a serial network interface, are affected: NPort 5110...
Siemens SICAM
CVSS v3 9.8 ATTENTION: Remotely exploitable/low skill level to exploit. Public exploits are available. Vendor: Siemens Equipment: SICAM Vulnerabilities: Missing Authentication for Critical Function, Cross-site Scripting, Code Injection AFFECTED PRODUCTS Siemens reports that the vulnerabilities...
ABB TropOS
CVSS v3 6.8 Vendor: ABB Equipment: TropOS Vulnerabilities: Security Features AFFECTED PRODUCTS ABB reports that the key reinstallation attacks KRACK potentially affect all TropOS broadband mesh routers and bridges operating on Mesh OS release 8.5.2 or prior. IMPACT Successful exploitation of thes...
Siemens SCALANCE, SIMATIC, RUGGEDCOM, and SINAMICS Products (Update A)
CVSS v3 6.8 Vendor: Siemens Equipment: SCALANCE, SIMATIC, RUGGEDCOM, and SINAMICS Products Vulnerabilities: Security Features UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-17-318-01 Siemens SCALANCE, SIMATIC, RUGGEDCOM, and SINAMICS Products that was...
Siemens SCALANCE, SIMATIC, RUGGEDCOM, and SINAMICS Products (Update B)
CVSS v3 6.8 Vendor: Siemens Equipment: SCALANCE, SIMATIC, RUGGEDCOM, and SINAMICS Products Vulnerabilities: Security Features UPDATE INFORMATION This updated advisory is a follow-up to the updated advisory titled ICSA-17-318-01A Siemens SCALANCE, SIMATIC, RUGGEDCOM, and SINAMICS Products that was...
ICSA-17-318-01_Siemens SCALANCE, SIMATIC, RUGGEDCOM, and SINAMICS Products (Update F)
1. EXECUTIVE SUMMARY CVSS v3 6.8 ATTENTION : Exploitable remotely/low skill level to exploit/public exploits are available. Vendor : Siemens Equipment : SCALANCE, SIMATIC, RUGGEDCOM, and SINAMICS Products Vulnerabilities : Security Features 2. UPDATE INFORMATION This updated advisory is a...
Philips IntelliSpace Cardiovascular System and Xcelera System Vulnerability
OVERVIEW Philips reported a vulnerability in the Philips’ IntelliSpace Cardiovascular and Xcelera cardiac image and information management systems. Philips has produced updates that mitigate this vulnerability in the affected products. This vulnerability could be exploited remotely. AFFECTED...
ABB TropOS (Update A)
CVSS v3 6.8 Vendor: ABB Equipment: TropOS Vulnerabilities: Security Features UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-17-318-02 ABB TropOS that was published November 14, 2017, on the NCCIC/ICS-CERT website. AFFECTED PRODUCTS ABB reports that th...