Moxa SoftCMS Live Viewer

CVSS v3 9.8 AFFECTED PRODUCTS The following versions of SoftCMS Live Viewer, a video surveillance software designed for industrial automation systems, are affected: SoftCMS Live Viewer, Version 1.6 and prior versions. IMPACT Successful exploitation of this vulnerability could allow an...

OPW Fuel Management Systems SiteSentinel Integra and SiteSentinel iSite

CVSS v3 9.8 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: OPW Fuel Management Systems Equipment: SiteSentinel Integra and SiteSentinel iSite Vulnerabilities: Missing Authentication for Critical Function, SQL Injection AFFECTED PRODUCTS OPW Fuel Management Systems OPW reports...

Siemens OPC UA Protocol Stack Discovery Service (Update E)

CVSS v3 8.2 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Siemens Equipment: Industrial products using the Discovery Service of the OPC UA protocol stack by the OPC foundation Vulnerability: Improper Restriction of XML External Entity Reference AFFECTED PRODUCTS Siemens...

Siemens LOGO! (Update A)

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: LOGO! Vulnerabilities: Insufficiently Protected Credentials, Man-in-the-Middle 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled...

AzeoTech DAQFactory

CVSS v3 7.1 ATTENTION: Local access and user-level privileges are required to exploit these vulnerabilities Vendor: AzeoTech Equipment: DAQFactory Vulnerabilities: Incorrect Default Permissions, Uncontrolled Search Path Element AFFECTED PRODUCTS AzeoTech reports that the vulnerabilities affect th...

ICSMA-17-241-01_Abbott Laboratories ' Accent/Anthem, Accent MRI, Assurity/Allure, and Assurity MRI Pacemaker Vulnerabilities

OVERVIEW MedSec Holdings Ltd has identified vulnerabilities in Abbott Laboratories’ formerly St. Jude Medical pacemakers. Abbott has produced a firmware patch to help mitigate the identified vulnerabilities in their pacemakers that utilize radio frequency RF communications. A third-party security...

Advantech WebAccess

CVSS v3 7.8 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Advantech Equipment: WebAccess Vulnerabilities: SQL Injection, Out-of-Bounds Access, Multiple Buffer Overflows, Externally Controlled Format String, Improper Authentication, Incorrect Permission Assignment for Critica...

ICSA-17-236-01_Westermo MRD-305-DIN, MRD-315, MRD-355, and MRD-455

CVSS v3 10.0 ATTENTION: Remotely exploitable/low skill level to exploit Vendor: Westermo Equipment: MRD-305-DIN, MRD-315, MRD-355, and MRD-455 Vulnerabilities: Cross-Site Request Forgery CSRF, Use of Hard-Coded Credentials, and Use of Hard-Coded Cryptographic Key AFFECTED PRODUCTS The following...

SpiderControl SCADA Web Server

CVSS v3 5.3 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: SpiderControl Equipment: SCADA Web Server Vulnerability: Directory Traversal AFFECTED PRODUCTS The following versions of SpiderControl SCADA Web Server, a software management platform, are affected: SCADA Web Server...

SpiderControl SCADA MicroBrowser

CVSS v3 7.3 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: SpiderControl Equipment: SCADA MicroBrowser Vulnerability: Stack-based Buffer Overflow AFFECTED PRODUCTS The following versions of SCADA MicroBrowser, a software management platform, are affected: SCADA MicroBrowser...

General Motors and Shanghai OnStar (SOS) iOS Client

CVSS v3 9.8 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: General Motors GM, Shanghai OnStar SOS Equipment: SOS iOS Client Vulnerabilities: Cleartext Storage of Sensitive Information, Man-in-the-Middle, Improper Authentication REPOSTED INFORMATION This advisory was originall...

Automated Logic Corporation WebCTRL, i-VU, SiteScan

CVSS v3 8.3 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Automated Logic Corporation ALC Equipment: WebCTRL, i-VU, SiteScan Vulnerabilities: Unquoted Search Path or Element; Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal'; Unrestricted Upload of...

ICSMA-17-229-01_Philips' DoseWise Portal Vulnerabilities

OVERVIEW Philips has identified Hard-coded Credentials and Cleartext Storage of Sensitive Information vulnerabilities in Philips’ DoseWise Portal DWP web application. Philips has updated product documentation and produced a new version that mitigates these vulnerabilities. These vulnerabilities...

Advantech WebOP

CVSS v3 4.8 ATTENTION: Low skill level to exploit. Public exploits are available. Vendor: Advantech Equipment: WebOP Vulnerability: Heap-Based Buffer Overflow AFFECTED PRODUCTS Researchers report that all versions of Advantech WebOP operator panels are affected. IMPACT Successful exploitation of...

ICSMA-17-227-01_BMC Medical and 3B Medical Luna CPAP Machine

OVERVIEW MedSec has identified an improper input validation vulnerability in BMC Medical’s and 3B Medical’s Luna continuous positive airway pressure CPAP therapy machine. For devices released after July 1, 2017, this vulnerability has been addressed. For devices released prior to July 1, 2017, BM...

ABB SREA-01 and SREA-50

CVSS v3 9.8 ATTENTION: Remotely exploitable/low skill level to exploit. Public exploits are available. Vendor: ABB Equipment: SREA-01 and SREA-50 Vulnerability: Relative Path Traversal AFFECTED PRODUCTS ABB reports that the vulnerability affects the following SREA-01 and SREA-50 legacy remote...

Solar Controls WATTConfig M Software

CVSS v3 7.8 ATTENTION: Low skill level to exploit. Vendor: Solar Controls Equipment: WATTConfig M Software Vulnerability: Uncontrolled Search Path Element AFFECTED PRODUCTS The following versions of Solar Controls’ WATTConfig M Software for Windows 2.5.10 for M SSR/MAX PLCs are affected: WATTConf...

Solar Controls Heating Control Downloader (HCDownloader)

CVSS v3 7.8 ATTENTION: Low skill level to exploit. Vendor: Solar Controls Equipment: Heating Control Downloader HCDownloader Vulnerability: Uncontrolled Search Path Element AFFECTED PRODUCTS The following versions of Solar Controls’ Heating Control Downloader HCDownloader are affected:...

SIMPlight SCADA Software

CVSS v3 7.0 ATTENTION: Low skill level to exploit. Vendor: SIMPlight Equipment: SCADA Software Vulnerability: Uncontrolled Search Path Element AFFECTED PRODUCTS The following versions of SIMPlight SCADA software, software for building management systems and automated facilities, are affected: SCA...

Fuji Electric Monitouch V-SFT

CVSS v3 7.3 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Fuji Electric Equipment: Monitouch V-SFT Vulnerabilities: Stack-Based Buffer Overflow, Heap-Based Buffer Overflow, Improper Privilege Management AFFECTED PRODUCTS The following versions of Monitouch V-SFT, a screen...

Moxa SoftNVR-IA Live Viewer

CVSS v3 7.2 Vendor: Moxa Equipment: SoftNVR-IA Live Viewer Vulnerability: Uncontrolled Search Path Element AFFECTED PRODUCTS The following versions of SoftNVR-IA Live Viewer, a video surveillance software designed for industrial automation systems, are affected: SoftNVR-IA Live Viewer, Version...

OSIsoft PI Integrator

CVSS v3 9.8 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: OSIsoft Equipment: PI Integrator Vulnerabilities: Cross-Site Scripting, Improper Authorization AFFECTED PRODUCTS The following versions of PI Integrator, a data management platform, are affected: PI Integrator for SAP...

ICSMA-17-215-01_Siemens Molecular Imaging Vulnerabilities

OVERVIEW Siemens has identified two vulnerabilities in Siemens’ Molecular Imaging products running on Windows XP. Siemens is preparing updates for the affected products. These vulnerabilities could be exploited remotely. AFFECTED PRODUCTS Siemens reports that the vulnerability affects the followi...

ICSMA-17-215-02_Siemens Molecular Imaging Vulnerabilities

OVERVIEW Siemens has identified four vulnerabilities in Siemens’ Molecular Imaging products running on Windows 7. Siemens is preparing updates for the affected products. These vulnerabilities could be exploited remotely. Exploits that target these vulnerabilities are known to be publicly availabl...

Schneider Electric Pro-face GP-Pro EX

CVSS v3 7.2 ATTENTION: Public exploits are available. Vendor: Schneider Electric Equipment: Pro-face GP-Pro EX Vulnerability: Uncontrolled Search Path Element AFFECTED PRODUCTS The following versions of Pro-face GP-Pro EX software, an HMI management platform, are affected: GP Pro EX version...

Schneider Electric Trio TView

CVSS v3 10.0 ATTENTION: Remotely exploitable/low skill level to exploit. Public exploits are available. Vendor: Schneider Electric Equipment: Trio TView Vulnerabilities: Multiple Vulnerabilities for Java Runtime Environment AFFECTED PRODUCTS The following versions of Schneider Electric Trio TView...

Mitsubishi Electric Europe B.V. E-Designer

CVSS v3 9.8 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Mitsubishi Electric Europe B.V. Equipment: E-Designer Vulnerabilities: Heap-Based Buffer Overflow, Stack-Based Buffer Overflow, Out-of-Bounds Write AFFECTED PRODUCTS The following version of E-Designer, a Mitsubishi...

Rockwell Automation Allen-Bradley Stratix and ArmorStratix

CVSS v3 8.8 ATTENTION: Remotely exploitable/low skill level to exploit Vendor: Rockwell Automation Equipment: Allen-Bradley Stratix and ArmorStratix Vulnerabilities: SNMP Remote Code Execution Vulnerabilities in Cisco IOS and IOS XE Software REPOSTED INFORMATION This advisory was originally poste...

Mirion Technologies Telemetry Enabled Devices

CVSS v3 5.0 Vendor: Mirion Technologies Equipment: Telemetry Enabled Devices Vulnerabilities: Use of Hard-Coded Cryptographic Key, Inadequate Encryption Strength AFFECTED PRODUCTS The following telemetry enabled devices are affected: DMC 3000 Transmitter Module, iPam Transmitter f/DMC 2000, RDS-3...

PDQ Manufacturing, Inc. LaserWash, Laser Jet and ProTouch

CVSS v3 9.4 ATTENTION: Remotely exploitable/low skill level to exploit. Public exploits are available Vendor: PDQ Manufacturing, Inc. Equipment: LaserWash, Laser Jet and ProTouch Vulnerabilities: Improper Authentication, Missing Encryption of Sensitive Data AFFECTED PRODUCTS The following version...

Continental AG Infineon S-Gold 2 (PMB 8876)

CVSS v3 8.8 ATTENTION: Remotely exploitable/low skill level to exploit. Public exploits are available. Vendor: Continental AG Equipment: Infineon S-Gold 2 PMB 8876 Vulnerabilities: Stack-Based Buffer Overflow, Improper Restriction of Operations within the Bounds of a Memory Buffer AFFECTED PRODUC...

Schneider Electric PowerSCADA Anywhere and Citect Anywhere

CVSS v3 8.1 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Schneider Electric Equipment: PowerSCADA Anywhere and Citect Anywhere Vulnerabilities: Information Exposure, Cross-Site Request Forgery, Improper Neutralization of Expression, Improper Validation of Certificate...

GE Communicator

CVSS v3 7.6 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: GE Equipment: Communicator Vulnerability: Heap-Based Buffer Overflow AFFECTED PRODUCTS The following versions of Communicator, an application for programming and monitoring supported metering devices, are affected:...

Siemens SIMATIC Sm@rtClient Android App

CVSS v3 7.4 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Siemens Equipment: SIMATIC Sm@rtClient Android App Vulnerabilities: Man-in-the-Middle, Authentication Bypass Using an Alternate Path or Channel AFFECTED PRODUCTS Siemens reports that the vulnerabilities affect the...

Siemens SiPass integrated

CVSS v3 9.8 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Siemens Equipment: SiPass integrated Vulnerabilities: Improper Authentication, Improper Privilege Management, Channel Accessible by Non-Endpoint, Storing Passwords in a Recoverable Format AFFECTED PRODUCTS Siemens...

OSIsoft PI ProcessBook and PI ActiveView

CVSS v3 High ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: OSIsoft Equipment: PI ProcessBook and PI ActiveView Vulnerability: Using components with known vulnerabilities AFFECTED PRODUCTS OSIsoft reports that the vulnerability affects the following PI products: PI ProcessBoo...

Fuji Electric V-Server

CVSS v3 7.3 ATTENTION: Remotely exploitable Vendor: Fuji Electric Equipment: V-Server Vulnerability: Improper Restriction of Operations within the Bounds of a Memory Buffer AFFECTED PRODUCTS The following versions of V-Server, a data collection and management service, are affected: V-Server Versi...

Siemens SIMATIC Logon

CVSS v3 5.3 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Siemens Equipment: SIMATIC Logon Vulnerability: Out-of-Bounds Write AFFECTED PRODUCTS Siemens reports that the vulnerability affects the following SIMATIC Logon products: SIMATIC Logon: All versions prior to V1.6 IMPA...

Schweitzer Engineering Laboratories, Inc. SEL-3620 and SEL-3622

CVSS v3 7.2 ATTENTION: Remotely exploitable/Low skill level to exploit. Vendor: Schweitzer Engineering Laboratories, Inc. SEL Equipment: SEL-3620, SEL-3622 Vulnerability: Improper Access Control AFFECTED PRODUCTS The following versions of SEL-3620 and SEL-3622, an Ethernet Security Gateway, are...

ABB VSN300 WiFi Logger Card

CVSS v3 7.5 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: ABB Equipment: VSN300 WiFi Logger Card Vulnerabilities: Improper Authentication; Permissions, Privileges, and Access Controls AFFECTED PRODUCTS The following versions of VSN300 WiFi Logger Card, a device for solar...

OSIsoft PI Coresight

CVSS v3 7.1 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: OSIsoft Equipment: PI Coresight Vulnerability: Cross-Site Request Forgery AFFECTED PRODUCTS OSIsoft reports that the vulnerability affects the following PI Coresight products: PI Coresight 2016 R2 and earlier versions...

Siemens SIPROTEC 4 and SIPROTEC Compact (Update A)

CVSS v3 8.6 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Siemens Equipment: SIPROTEC 4 and SIPROTEC Compact Vulnerabilities: Improper Input Validation, Missing Authorization, Improper Authentication UPDATE INFORMATION This updated advisory is a follow-up to the original...

Siemens SIPROTEC 4 and SIPROTEC Compact (Update D)

CVSS v3 8.6 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Siemens Equipment: SIPROTEC 4 and SIPROTEC Compact Vulnerabilities: Improper Input Validation, Missing Authorization, Improper Authentication UPDATE INFORMATION This updated advisory is a follow-up to the updated...

Siemens SIPROTEC 4 and SIPROTEC Compact (Update B)

CVSS v3 8.6 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Siemens Equipment: SIPROTEC 4 and SIPROTEC Compact Vulnerabilities: Improper Input Validation, Missing Authorization, Improper Authentication UPDATE INFORMATION This updated advisory is a follow-up to the updated...

Siemens SIPROTEC 4 and SIPROTEC Compact (Update C)

CVSS v3 8.6 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Siemens Equipment: SIPROTEC 4 and SIPROTEC Compact Vulnerabilities: Improper Input Validation, Missing Authorization, Improper Authentication UPDATE INFORMATION This updated advisory is a follow-up to the updated...

Siemens SIPROTEC 4 and SIPROTEC Compact (Update E)

CVSS v3 8.6 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Siemens Equipment: SIPROTEC 4 and SIPROTEC Compact Vulnerabilities: Improper Input Validation, Missing Authorization, Improper Authentication UPDATE INFORMATION This updated advisory is a follow-up to the updated...

Schneider Electric Wonderware ArchestrA Logger

CVSS v3 9.8 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Schneider Electric Equipment: Wonderware ArchestrA Logger Vulnerabilities: Stack-Based Buffer Overflow, Uncontrolled Resource Consumption, Null Pointer Deference AFFECTED PRODUCTS Schneider Electric reports that the...

Siemens SIPROTEC 4 and SIPROTEC Compact

CVSS v3 8.6 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Siemens Equipment: SIPROTEC 4 and SIPROTEC Compact Vulnerabilities: Improper Input Validation, Missing Authorization, Improper Authentication AFFECTED PRODUCTS Siemens reports that the vulnerabilities affect the...

Schneider Electric Ampla MES

CVSS v3 6.7 ATTENTION: Low skill level to exploit. Vendor: Schneider Electric Equipment: Ampla MES Vulnerabilities: Cleartext Transmission of Sensitive Information, Inadequate Encryption Strength AFFECTED PRODUCTS Schneider Electric reports that the vulnerability affects the following Ampla...

Siemens OZW672 and OZW772

CVSS v3 7.4 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Siemens Equipment: OZW672 and OZW772 Vulnerabilities: Missing Authentication AFFECTED PRODUCTS Siemens reports that the vulnerability affects the following OZW672 and OZW772 devices for monitoring building controller...