4251 matches found
ABB FOX515T
CVSS v3 6.2 ATTENTION: Low skill level to exploit. Vendor: ABB Equipment: FOX515T Vulnerability: Improper Input Validation AFFECTED PRODUCTS The following versions of FOX515T, a communication interface, are affected: FOX515T release 1.0 IMPACT Successful exploitation of this vulnerability could...
Korenix JetNet
CVSS v3 9.8 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Korenix Equipment: JetNet Vulnerabilities: Use of Hard-coded Cryptographic Key, Use of Hard-coded Credentials AFFECTED PRODUCTS The following versions of JetNet, an Ethernet switch, are affected: JetNet5018G version...
Rockwell Automation Stratix 5100 (Update A)
1. EXECUTIVE SUMMARY CVSS v3 6.9 ATTENTION: Exploitable remotely/public exploits are available Vendor: Rockwell Automation Equipment: Stratix 5100 Wireless Access Point/Workgroup Bridge Vulnerability: Reusing a Nonce 2. UPDATE INFORMATION This updated advisory is a follow-up to the original...
ICSMA-17-292-01_Boston Scientific ZOOM LATITUDE PRM Vulnerabilities
OVERVIEW Researchers Jonathan Butts and Billy Rios of Whitescope have identified two vulnerabilities in Boston Scientific’s ZOOM LATITUDE Programmer/Recorder/Monitor PRM – Model 3120. Boston Scientific has provided compensating controls to reduce the risk of exploitation. AFFECTED PRODUCTS The...
SpiderControl MicroBrowser
CVSS v3 8.8 ATTENTION: Remotely exploitable/low skill level to exploit Vendor: SpiderControl Equipment: MicroBrowser Vulnerability: Uncontrolled Search Path Element AFFECTED PRODUCTS The following versions of SpiderControl MicroBrowser, a touch panel operating system, are affected: MicroBrowser...
ICSA-17-306-01 Siemens SIMATIC PCS 7 (Update A)
1. EXECUTIVE SUMMARY CVSS v3 4.9 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIMATIC PCS 7 Vulnerabilities: Improper Input Validation 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-17-306-01 Siemens SIMATIC...
Progea Movicon SCADA/HMI
CVSS v3 6.8 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Progea Equipment: Movicon SCADA/HMI Vulnerability: Uncontrolled Search Path Element, Unquoted Search Path or Element AFFECTED PRODUCTS The following versions of Movicon HMI, an HMI software platform, are affected:...
NXP Semiconductors MQX RTOS
CVSS v3 8.1 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: NXP Semiconductors Equipment: MQX RTOS Vulnerabilities: Classic Buffer Overflow, Out-of-Bounds Read AFFECTED PRODUCTS The following versions of MQX Real-Time Operating System RTOS are used in NXP’s ColdFire...
Siemens BACnet Field Panels (Update A)
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: BACnet Field Panels Vulnerabilities: Authentication Bypass Using an Alternate Path or Channel, Path Traversal 2. UPDATE INFORMATION This updated advisory is a follow-up to the...
NXP Semiconductors MQX RTOS (Update A)
CVSS v3 8.1 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: NXP Semiconductors Equipment: MQX RTOS Vulnerabilities: Classic Buffer Overflow, Out-of-Bounds Read UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-17-285-04 NXP...
Envitech Ltd. EnviDAS Ultimate
CVSS v3 8.2 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Envitech Ltd. Equipment: EnviDAS Ultimate Vulnerability: Improper Authentication AFFECTED PRODUCTS The following versions of EnviDAS Ultimate, a web application for environmental monitoring, are affected: EnviDAS...
WECON Technology Co., Ltd. LeviStudio HMI Editor
CVSS v3 7.5 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: WECON Technology Co., Ltd. WECON Equipment: LeviStudio HMI Editor Vulnerabilities: Stack-based Buffer Overflow AFFECTED PRODUCTS The following versions of LEVI Studio HMI Editor, an HMI programming software product, a...
ProMinent MultiFLEX M10a Controller
CVSS v3 8.8 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: ProMinent Equipment: MultiFLEX M10a Controller Vulnerabilities: Client-Side Enforcement of Server-Side Security, Insufficient Session Expiration, Cross-Site Request Forgery, Information Exposure, and Unverified Passwo...
LAVA Computer MFG Inc. Ether-Serial Link
CVSS v3 8.1 ATTENTION: Low skill level to exploit. Vendor: LAVA Computer MFG Inc. Equipment: Ether-Serial Link Vulnerability: Authentication Bypass by Spoofing AFFECTED PRODUCTS The following versions of LAVA Computer MFG Inc.’s Ether-Serial Links ESL are affected: All ESLs running firmware...
JanTek JTC-200
CVSS v3 9.8 ATTENTION: Remotely exploitable/low skill level to exploit. Public exploits are available. Vendor: JanTek Equipment: JTC-200 Vulnerabilities: Cross-site Request Forgery, Improper Authentication AFFECTED PRODUCTS The following versions of JTC-200, a TCP/IP converter, are affected:...
GE CIMPLICITY
CVSS v3 8.8 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: GE Equipment: CIMPLICITY Vulnerability: Stack-based Buffer Overflow AFFECTED PRODUCTS The following versions of CIMPLICITY, an HMI/SCADA management platform, are affected: CIMPLICITY Versions 9.0 and prior. IMPACT...
GE CIMPLICITY (Update A)
CVSS v3 6.8 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: GE Equipment: CIMPLICITY Vulnerability: Stack-based Buffer Overflow UPDATED INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-17-278-01 GE CIMPLICITY that was published October 5,...
Siemens 7KT PAC1200 Data Manager
CVSS v3 9.8 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Siemens Equipment: 7KT PAC1200 data manager Vulnerability: Authentication Bypass Using an Alternate Path or Channel AFFECTED PRODUCTS Siemens reports that the vulnerability affects the following versions of the 7KT...
Siemens industrial products using the Discovery Service of the OPC UA protocol stack by the OPC foundation (Update B)
CVSS v3 8.2 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Siemens Equipment: Industrial products using the Discovery Service of the OPC UA protocol stack by the OPC foundation Vulnerability: Improper Restriction of XML External Entity Reference UPDATE INFORMATION This update...
Siemens Industrial products using the Discovery Service of the OPC UA protocol stack by the OPC foundation
CVSS v3 8.2 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Siemens Equipment: Industrial products using the Discovery Service of the OPC UA protocol stack by the OPC foundation Vulnerability: Improper Restriction of XML External Entity Reference UPDATE INFORMATION This update...
Siemens Ruggedcom ROS, SCALANCE (Update A)
CVSS v3 8.8 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Siemens Equipment: Ruggedcom ROS, SCALANCE Vulnerability: Improper Access Control UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-17-271-01 Siemens Ruggedcom ROS and SCALAN...
Siemens Ruggedcom ROS, SCALANCE
CVSS v3 8.8 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Siemens Equipment: Ruggedcom ROS, SCALANCE Vulnerability: Improper Access Control UPDATE INFORMATION This updated advisory is a follow-up to the updated advisory titled ICSA-17-271-01A Siemens Ruggedcom ROS, SCALANCE...
Siemens Ruggedcom ROS, SCALANCE
CVSS v3 8.8 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Siemens Equipment: Ruggedcom ROS, SCALANCE Vulnerability: Improper Access Control AFFECTED PRODUCTS Siemens reports that the vulnerability affects the following devices which use the Ruggedcom Discovery Protocol RCDP:...
Ctek, Inc. SkyRouter
CVSS v3 8.6 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Ctek, Inc. Equipment: SkyRouter Vulnerability: Improper Authentication AFFECTED PRODUCTS The following versions of SkyRouter, a wireless and automation solution, are affected: SkyRouter Series 4200 and 4400 all versio...
Digium Asterisk GUI
CVSS v3 8.8 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Digium Equipment: Asterisk GUI Vulnerability: Improper Neutralization of Special Elements used in an OS Command AFFECTED PRODUCTS The following versions of Asterisk GUI, a framework for configuring graphical user...
Saia Burgess Controls PCD Controllers
CVSS v3 5.3 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Saia Burgess Controls Equipment: PCD Controllers Vulnerability: Information Exposure REPOSTED INFORMATION This advisory was originally posted to the NCCIC Portal on August 22, 2017, and is being released to the...
iniNet Solutions GmbH SCADA Webserver
CVSS v3 10.0 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: iniNet Solutions GmbH Equipment: SCADA Webserver Vulnerability: Improper Authentication AFFECTED PRODUCTS The following versions of iniNet Solutions GmbH’s SCADA Webserver, a third-party web-based server software, ar...
Schneider Electric InduSoft Web Studio, InTouch Machine Edition
CVSS v3 9.8 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Schneider Electric Equipment: InduSoft Web Studio, InTouch Machine Edition Vulnerability: Missing Authentication for Critical Function AFFECTED PRODUCTS Schneider Electric reports that the vulnerability affects the...
PHOENIX CONTACT mGuard Device Manager
CVSS v3 9.0 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: PHOENIX CONTACT Equipment: mGuard Device Manager Vulnerabilities: Improper Access Control vulnerabilities for Oracle Java SE AFFECTED PRODUCTS The following versions of mGuard Device Manager, a device management...
LOYTEC LVIS-3ME
CVSS v3 8.1 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: LOYTEC Equipment: LVIS-3ME Vulnerabilities: Relative Path Traversal, Insufficient Entropy, Cross-site Scripting, Insufficiently Protected Credentials AFFECTED PRODUCTS The following versions of LVIS-3ME, an HMI Touch...
mySCADA myPRO
CVSS v3 7.8 ATTENTION: Low skill level to exploit. Public exploits are available. Vendor: mySCADA Equipment: myPRO Vulnerability: Unquoted Search Path AFFECTED PRODUCTS The following versions of myPRO, an HMI/SCADA management platform, are affected: myPRO Versions 7.0.26 and prior. IMPACT...
ICSMA-17-255-01_Philips' IntelliView MX40 Patient Worn Monitor (WLAN) Vulnerabilities
OVERVIEW Philips has identified two vulnerabilities in Philips’ IntelliView MX40 Patient Worn Monitor for use with wireless local area networks WLANs. Philips has produced a software update that fixes one of the identified vulnerabilities and provides mitigations for the other vulnerability...
Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump Vulnerabilities (Update A)
OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSMA-17-250-02 Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump Vulnerabilities that was published September 7, 2017, on the NCCIC/ICS-CERT web site. Independent researcher Scott Gayou has identified eight...
i-SENS, Inc. SmartLog Diabetes Management Software
OVERVIEW Independent researcher Mark Cross has identified an uncontrolled search path element vulnerability in i-SENS, Inc. SmartLog Diabetes Management Software. i-SENS has produced an update that mitigates this vulnerability. Mark Cross has tested the update to validate that it resolves the...
PHOENIX CONTACT, Innominate Security Technologies mGuard Firmware
CVSS v3 7.5 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: PHOENIX CONTACT, Innominate Security Technologies Equipment: mGuard firmware Vulnerability: Null Pointer Dereference AFFECTED PRODUCTS The following versions of mGuard firmware versions 8.0.0 to 8.5.1, running on thes...
SpiderControl SCADA Web Server
CVSS v3 5.3 ATTENTION: Low skill level to exploit Vendor: SpiderControl Equipment: SCADA Web Server Vulnerability: Improper Privilege Management AFFECTED PRODUCTS The following versions of SCADA Web Server, a software management platform, are affected: SCADA Web Server Version 2.02.0007 and prior...
OPW Fuel Management Systems SiteSentinel Integra and SiteSentinel iSite
CVSS v3 9.8 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: OPW Fuel Management Systems Equipment: SiteSentinel Integra and SiteSentinel iSite Vulnerabilities: Missing Authentication for Critical Function, SQL Injection AFFECTED PRODUCTS OPW Fuel Management Systems OPW reports...
Siemens 7KM PAC Switched Ethernet
CVSS v3 4.3 ATTENTION: Low skill level to exploit. Vendor: Siemens Equipment: 7KM PAC Switched Ethernet Vulnerability: Resource Exhaustion AFFECTED PRODUCTS Siemens reports that the vulnerability affects the following 7KM PAC Switched Ethernet PROFINET expansion modules: 7KM PAC Switched Ethernet...
Moxa SoftCMS Live Viewer
CVSS v3 9.8 AFFECTED PRODUCTS The following versions of SoftCMS Live Viewer, a video surveillance software designed for industrial automation systems, are affected: SoftCMS Live Viewer, Version 1.6 and prior versions. IMPACT Successful exploitation of this vulnerability could allow an...
Siemens OPC UA Protocol Stack Discovery Service (Update E)
CVSS v3 8.2 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Siemens Equipment: Industrial products using the Discovery Service of the OPC UA protocol stack by the OPC foundation Vulnerability: Improper Restriction of XML External Entity Reference AFFECTED PRODUCTS Siemens...
Siemens LOGO! (Update A)
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: LOGO! Vulnerabilities: Insufficiently Protected Credentials, Man-in-the-Middle 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled...
AzeoTech DAQFactory
CVSS v3 7.1 ATTENTION: Local access and user-level privileges are required to exploit these vulnerabilities Vendor: AzeoTech Equipment: DAQFactory Vulnerabilities: Incorrect Default Permissions, Uncontrolled Search Path Element AFFECTED PRODUCTS AzeoTech reports that the vulnerabilities affect th...
Advantech WebAccess
CVSS v3 7.8 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Advantech Equipment: WebAccess Vulnerabilities: SQL Injection, Out-of-Bounds Access, Multiple Buffer Overflows, Externally Controlled Format String, Improper Authentication, Incorrect Permission Assignment for Critica...
ICSMA-17-241-01_Abbott Laboratories ' Accent/Anthem, Accent MRI, Assurity/Allure, and Assurity MRI Pacemaker Vulnerabilities
OVERVIEW MedSec Holdings Ltd has identified vulnerabilities in Abbott Laboratories’ formerly St. Jude Medical pacemakers. Abbott has produced a firmware patch to help mitigate the identified vulnerabilities in their pacemakers that utilize radio frequency RF communications. A third-party security...
ICSA-17-236-01_Westermo MRD-305-DIN, MRD-315, MRD-355, and MRD-455
CVSS v3 10.0 ATTENTION: Remotely exploitable/low skill level to exploit Vendor: Westermo Equipment: MRD-305-DIN, MRD-315, MRD-355, and MRD-455 Vulnerabilities: Cross-Site Request Forgery CSRF, Use of Hard-Coded Credentials, and Use of Hard-Coded Cryptographic Key AFFECTED PRODUCTS The following...
SpiderControl SCADA MicroBrowser
CVSS v3 7.3 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: SpiderControl Equipment: SCADA MicroBrowser Vulnerability: Stack-based Buffer Overflow AFFECTED PRODUCTS The following versions of SCADA MicroBrowser, a software management platform, are affected: SCADA MicroBrowser...
Automated Logic Corporation WebCTRL, i-VU, SiteScan
CVSS v3 8.3 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Automated Logic Corporation ALC Equipment: WebCTRL, i-VU, SiteScan Vulnerabilities: Unquoted Search Path or Element; Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal'; Unrestricted Upload of...
SpiderControl SCADA Web Server
CVSS v3 5.3 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: SpiderControl Equipment: SCADA Web Server Vulnerability: Directory Traversal AFFECTED PRODUCTS The following versions of SpiderControl SCADA Web Server, a software management platform, are affected: SCADA Web Server...
General Motors and Shanghai OnStar (SOS) iOS Client
CVSS v3 9.8 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: General Motors GM, Shanghai OnStar SOS Equipment: SOS iOS Client Vulnerabilities: Cleartext Storage of Sensitive Information, Man-in-the-Middle, Improper Authentication REPOSTED INFORMATION This advisory was originall...
ICSMA-17-229-01_Philips' DoseWise Portal Vulnerabilities
OVERVIEW Philips has identified Hard-coded Credentials and Cleartext Storage of Sensitive Information vulnerabilities in Philips’ DoseWise Portal DWP web application. Philips has updated product documentation and produced a new version that mitigates these vulnerabilities. These vulnerabilities...