4251 matches found
Advantech WebOP
CVSS v3 4.8 ATTENTION: Low skill level to exploit. Public exploits are available. Vendor: Advantech Equipment: WebOP Vulnerability: Heap-Based Buffer Overflow AFFECTED PRODUCTS Researchers report that all versions of Advantech WebOP operator panels are affected. IMPACT Successful exploitation of...
ICSMA-17-227-01_BMC Medical and 3B Medical Luna CPAP Machine
OVERVIEW MedSec has identified an improper input validation vulnerability in BMC Medical’s and 3B Medical’s Luna continuous positive airway pressure CPAP therapy machine. For devices released after July 1, 2017, this vulnerability has been addressed. For devices released prior to July 1, 2017, BM...
Solar Controls Heating Control Downloader (HCDownloader)
CVSS v3 7.8 ATTENTION: Low skill level to exploit. Vendor: Solar Controls Equipment: Heating Control Downloader HCDownloader Vulnerability: Uncontrolled Search Path Element AFFECTED PRODUCTS The following versions of Solar Controls’ Heating Control Downloader HCDownloader are affected:...
SIMPlight SCADA Software
CVSS v3 7.0 ATTENTION: Low skill level to exploit. Vendor: SIMPlight Equipment: SCADA Software Vulnerability: Uncontrolled Search Path Element AFFECTED PRODUCTS The following versions of SIMPlight SCADA software, software for building management systems and automated facilities, are affected: SCA...
ABB SREA-01 and SREA-50
CVSS v3 9.8 ATTENTION: Remotely exploitable/low skill level to exploit. Public exploits are available. Vendor: ABB Equipment: SREA-01 and SREA-50 Vulnerability: Relative Path Traversal AFFECTED PRODUCTS ABB reports that the vulnerability affects the following SREA-01 and SREA-50 legacy remote...
Solar Controls WATTConfig M Software
CVSS v3 7.8 ATTENTION: Low skill level to exploit. Vendor: Solar Controls Equipment: WATTConfig M Software Vulnerability: Uncontrolled Search Path Element AFFECTED PRODUCTS The following versions of Solar Controls’ WATTConfig M Software for Windows 2.5.10 for M SSR/MAX PLCs are affected: WATTConf...
Fuji Electric Monitouch V-SFT
CVSS v3 7.3 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Fuji Electric Equipment: Monitouch V-SFT Vulnerabilities: Stack-Based Buffer Overflow, Heap-Based Buffer Overflow, Improper Privilege Management AFFECTED PRODUCTS The following versions of Monitouch V-SFT, a screen...
OSIsoft PI Integrator
CVSS v3 9.8 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: OSIsoft Equipment: PI Integrator Vulnerabilities: Cross-Site Scripting, Improper Authorization AFFECTED PRODUCTS The following versions of PI Integrator, a data management platform, are affected: PI Integrator for SAP...
Moxa SoftNVR-IA Live Viewer
CVSS v3 7.2 Vendor: Moxa Equipment: SoftNVR-IA Live Viewer Vulnerability: Uncontrolled Search Path Element AFFECTED PRODUCTS The following versions of SoftNVR-IA Live Viewer, a video surveillance software designed for industrial automation systems, are affected: SoftNVR-IA Live Viewer, Version...
ICSMA-17-215-01_Siemens Molecular Imaging Vulnerabilities
OVERVIEW Siemens has identified two vulnerabilities in Siemens’ Molecular Imaging products running on Windows XP. Siemens is preparing updates for the affected products. These vulnerabilities could be exploited remotely. AFFECTED PRODUCTS Siemens reports that the vulnerability affects the followi...
Schneider Electric Pro-face GP-Pro EX
CVSS v3 7.2 ATTENTION: Public exploits are available. Vendor: Schneider Electric Equipment: Pro-face GP-Pro EX Vulnerability: Uncontrolled Search Path Element AFFECTED PRODUCTS The following versions of Pro-face GP-Pro EX software, an HMI management platform, are affected: GP Pro EX version...
ICSMA-17-215-02_Siemens Molecular Imaging Vulnerabilities
OVERVIEW Siemens has identified four vulnerabilities in Siemens’ Molecular Imaging products running on Windows 7. Siemens is preparing updates for the affected products. These vulnerabilities could be exploited remotely. Exploits that target these vulnerabilities are known to be publicly availabl...
Schneider Electric Trio TView
CVSS v3 10.0 ATTENTION: Remotely exploitable/low skill level to exploit. Public exploits are available. Vendor: Schneider Electric Equipment: Trio TView Vulnerabilities: Multiple Vulnerabilities for Java Runtime Environment AFFECTED PRODUCTS The following versions of Schneider Electric Trio TView...
Mitsubishi Electric Europe B.V. E-Designer
CVSS v3 9.8 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Mitsubishi Electric Europe B.V. Equipment: E-Designer Vulnerabilities: Heap-Based Buffer Overflow, Stack-Based Buffer Overflow, Out-of-Bounds Write AFFECTED PRODUCTS The following version of E-Designer, a Mitsubishi...
Mirion Technologies Telemetry Enabled Devices
CVSS v3 5.0 Vendor: Mirion Technologies Equipment: Telemetry Enabled Devices Vulnerabilities: Use of Hard-Coded Cryptographic Key, Inadequate Encryption Strength AFFECTED PRODUCTS The following telemetry enabled devices are affected: DMC 3000 Transmitter Module, iPam Transmitter f/DMC 2000, RDS-3...
Rockwell Automation Allen-Bradley Stratix and ArmorStratix
CVSS v3 8.8 ATTENTION: Remotely exploitable/low skill level to exploit Vendor: Rockwell Automation Equipment: Allen-Bradley Stratix and ArmorStratix Vulnerabilities: SNMP Remote Code Execution Vulnerabilities in Cisco IOS and IOS XE Software REPOSTED INFORMATION This advisory was originally poste...
PDQ Manufacturing, Inc. LaserWash, Laser Jet and ProTouch
CVSS v3 9.4 ATTENTION: Remotely exploitable/low skill level to exploit. Public exploits are available Vendor: PDQ Manufacturing, Inc. Equipment: LaserWash, Laser Jet and ProTouch Vulnerabilities: Improper Authentication, Missing Encryption of Sensitive Data AFFECTED PRODUCTS The following version...
Continental AG Infineon S-Gold 2 (PMB 8876)
CVSS v3 8.8 ATTENTION: Remotely exploitable/low skill level to exploit. Public exploits are available. Vendor: Continental AG Equipment: Infineon S-Gold 2 PMB 8876 Vulnerabilities: Stack-Based Buffer Overflow, Improper Restriction of Operations within the Bounds of a Memory Buffer AFFECTED PRODUC...
Schneider Electric PowerSCADA Anywhere and Citect Anywhere
CVSS v3 8.1 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Schneider Electric Equipment: PowerSCADA Anywhere and Citect Anywhere Vulnerabilities: Information Exposure, Cross-Site Request Forgery, Improper Neutralization of Expression, Improper Validation of Certificate...
GE Communicator
CVSS v3 7.6 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: GE Equipment: Communicator Vulnerability: Heap-Based Buffer Overflow AFFECTED PRODUCTS The following versions of Communicator, an application for programming and monitoring supported metering devices, are affected:...
Siemens SiPass integrated
CVSS v3 9.8 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Siemens Equipment: SiPass integrated Vulnerabilities: Improper Authentication, Improper Privilege Management, Channel Accessible by Non-Endpoint, Storing Passwords in a Recoverable Format AFFECTED PRODUCTS Siemens...
Siemens SIMATIC Sm@rtClient Android App
CVSS v3 7.4 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Siemens Equipment: SIMATIC Sm@rtClient Android App Vulnerabilities: Man-in-the-Middle, Authentication Bypass Using an Alternate Path or Channel AFFECTED PRODUCTS Siemens reports that the vulnerabilities affect the...
OSIsoft PI ProcessBook and PI ActiveView
CVSS v3 High ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: OSIsoft Equipment: PI ProcessBook and PI ActiveView Vulnerability: Using components with known vulnerabilities AFFECTED PRODUCTS OSIsoft reports that the vulnerability affects the following PI products: PI ProcessBoo...
OSIsoft PI Coresight
CVSS v3 7.1 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: OSIsoft Equipment: PI Coresight Vulnerability: Cross-Site Request Forgery AFFECTED PRODUCTS OSIsoft reports that the vulnerability affects the following PI Coresight products: PI Coresight 2016 R2 and earlier versions...
ABB VSN300 WiFi Logger Card
CVSS v3 7.5 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: ABB Equipment: VSN300 WiFi Logger Card Vulnerabilities: Improper Authentication; Permissions, Privileges, and Access Controls AFFECTED PRODUCTS The following versions of VSN300 WiFi Logger Card, a device for solar...
Schweitzer Engineering Laboratories, Inc. SEL-3620 and SEL-3622
CVSS v3 7.2 ATTENTION: Remotely exploitable/Low skill level to exploit. Vendor: Schweitzer Engineering Laboratories, Inc. SEL Equipment: SEL-3620, SEL-3622 Vulnerability: Improper Access Control AFFECTED PRODUCTS The following versions of SEL-3620 and SEL-3622, an Ethernet Security Gateway, are...
Siemens SIMATIC Logon
CVSS v3 5.3 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Siemens Equipment: SIMATIC Logon Vulnerability: Out-of-Bounds Write AFFECTED PRODUCTS Siemens reports that the vulnerability affects the following SIMATIC Logon products: SIMATIC Logon: All versions prior to V1.6 IMPA...
Fuji Electric V-Server
CVSS v3 7.3 ATTENTION: Remotely exploitable Vendor: Fuji Electric Equipment: V-Server Vulnerability: Improper Restriction of Operations within the Bounds of a Memory Buffer AFFECTED PRODUCTS The following versions of V-Server, a data collection and management service, are affected: V-Server Versi...
Siemens SIPROTEC 4 and SIPROTEC Compact (Update E)
CVSS v3 8.6 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Siemens Equipment: SIPROTEC 4 and SIPROTEC Compact Vulnerabilities: Improper Input Validation, Missing Authorization, Improper Authentication UPDATE INFORMATION This updated advisory is a follow-up to the updated...
Siemens SIPROTEC 4 and SIPROTEC Compact (Update D)
CVSS v3 8.6 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Siemens Equipment: SIPROTEC 4 and SIPROTEC Compact Vulnerabilities: Improper Input Validation, Missing Authorization, Improper Authentication UPDATE INFORMATION This updated advisory is a follow-up to the updated...
Siemens SIPROTEC 4 and SIPROTEC Compact
CVSS v3 8.6 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Siemens Equipment: SIPROTEC 4 and SIPROTEC Compact Vulnerabilities: Improper Input Validation, Missing Authorization, Improper Authentication AFFECTED PRODUCTS Siemens reports that the vulnerabilities affect the...
Siemens SIPROTEC 4 and SIPROTEC Compact (Update C)
CVSS v3 8.6 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Siemens Equipment: SIPROTEC 4 and SIPROTEC Compact Vulnerabilities: Improper Input Validation, Missing Authorization, Improper Authentication UPDATE INFORMATION This updated advisory is a follow-up to the updated...
Siemens SIPROTEC 4 and SIPROTEC Compact (Update B)
CVSS v3 8.6 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Siemens Equipment: SIPROTEC 4 and SIPROTEC Compact Vulnerabilities: Improper Input Validation, Missing Authorization, Improper Authentication UPDATE INFORMATION This updated advisory is a follow-up to the updated...
Siemens SIPROTEC 4 and SIPROTEC Compact (Update A)
CVSS v3 8.6 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Siemens Equipment: SIPROTEC 4 and SIPROTEC Compact Vulnerabilities: Improper Input Validation, Missing Authorization, Improper Authentication UPDATE INFORMATION This updated advisory is a follow-up to the original...
Schneider Electric Ampla MES
CVSS v3 6.7 ATTENTION: Low skill level to exploit. Vendor: Schneider Electric Equipment: Ampla MES Vulnerabilities: Cleartext Transmission of Sensitive Information, Inadequate Encryption Strength AFFECTED PRODUCTS Schneider Electric reports that the vulnerability affects the following Ampla...
Siemens Reyrolle
CVSS v3 7.5 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Siemens Equipment: Reyrolle Vulnerabilities: Missing Authorization, Improper Input Validation, Improper Authentication AFFECTED PRODUCTS Siemens reports that the vulnerabilities affect the following Reyrolle...
Siemens OZW672 and OZW772
CVSS v3 7.4 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Siemens Equipment: OZW672 and OZW772 Vulnerabilities: Missing Authentication AFFECTED PRODUCTS Siemens reports that the vulnerability affects the following OZW672 and OZW772 devices for monitoring building controller...
Schneider Electric Wonderware ArchestrA Logger
CVSS v3 9.8 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Schneider Electric Equipment: Wonderware ArchestrA Logger Vulnerabilities: Stack-Based Buffer Overflow, Uncontrolled Resource Consumption, Null Pointer Deference AFFECTED PRODUCTS Schneider Electric reports that the...
ICSA-17-187-03F Siemens SIPROTEC 4 and SIPROTEC Compact (Update F)
CVSS v3 8.6 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Siemens Equipment: SIPROTEC 4 and SIPROTEC Compact Vulnerabilities: Improper Input Validation, Missing Authorization, Improper Authentication UPDATE INFORMATION This updated advisory is a follow-up to the updated...
Siemens Viewport for Web Office Portal
CVSS v3 9.8 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Siemens Equipment: Viewport for Web Office Portal Vulnerability: Improper Authentication AFFECTED PRODUCTS Siemens reports that the vulnerability affects the following ViewPort for Web Office Portal products: ViewPort...
ICSA-17-180-01A_Siemens SIMATIC Industrial PCs, SINUMERIK Panel Control Unit, and SIMOTION P320 (Update A)
CVSS v3 9.8 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Siemens Equipment: SIMATIC Industrial PCs, SINUMERIK Panel Control Unit PCU, SIMOTION P320 Vulnerability: Permissions, Privileges, and Access Controls UPDATED INFORMATION This updated advisory is a follow-up to the...
Schneider Electric U.motion Builder (Update A)
1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Remotely exploitable/low skill level to exploit. Public exploits are available. Vendor: Schneider Electric Equipment: U.motion Builder --------- Begin Update A Part 1 of 5 -------- Vulnerabilities: SQL Injection, Path Traversal, Improper...
Siemens SIMATIC Industrial PCs, SINUMERIK Panel Control Unit, and SIMOTION P320
CVSS v3 9.8 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Siemens Equipment: SIMATIC Industrial PCs, SINUMERIK Panel Control Unit PCU, SIMOTION P320 Vulnerability: Permissions, Privileges, and Access Controls AFFECTED PRODUCTS Siemens reports that the vulnerability affects...
Newport XPS-Cx, XPS-Qx
CVSS v3 7.5 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Newport Equipment: XPS-Cx, XPS-Qx Vulnerability: Improper Authentication AFFECTED PRODUCTS The following versions of XPS-Cx and XPS-Qx, a universal motion controller, are affected: XPS-Cx all versions, and XPS-Qx all...
Siemens SIMATIC CP 44x-1 Redundant Network Access Modules
CVSS v3 9.8 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Siemens Equipment: SIMATIC CP 44x-1 Redundant Network Access RNA modules Vulnerability: Improper Authentication AFFECTED PRODUCTS The following versions of the SIMATIC CP 44x-1 RNA, which connect SIMATIC S7-400 CPUs t...
Siemens XHQ
CVSS v3 6.5 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Siemens Equipment: XHQ Vulnerability: Improper Access Control AFFECTED PRODUCTS Siemens reports that the vulnerability affects the following versions of the XHQ operations intelligence product line: XHQ 4: All version...
Ecava IntegraXor
CVSS v3 7.3 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Ecava Equipment: IntegraXor Vulnerability: SQL Injection AFFECTED PRODUCTS The following versions of IntegraXor, a web SCADA/HMI solution, are affected: IntegraXor Versions 5.2.1231.0 and prior. IMPACT Successful...
Cambium Networks ePMP
CVSS v3 7.6 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Cambium Networks Equipment: ePMP Vulnerabilities: Improper Access Control, Improper Privilege Management AFFECTED PRODUCTS Cambium reports that the vulnerabilities affect the following ePMP Network Access Control...
Trihedral Engineering Limited VTScada
CVSS v3 7.5 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Trihedral Engineering Limited Equipment: VTScada Vulnerability: Resource Consumption, Cross-Site Scripting, Information Exposure AFFECTED PRODUCTS The following versions of VTScada, an HMI SCADA software, are affected...
OSIsoft PI Server 2017
CVSS v3 8.9 ATTENTION: Remotely exploitable. Vendor: OSIsoft Equipment: PI Server 2017 Vulnerabilities: Improper Authentication AFFECTED PRODUCTS OSIsoft reports that the vulnerabilities affect the following PI Server products: PI Data Archive versions prior to 2017. IMPACT Successful exploitatio...