Siemens XHQ

CVSS v3 6.5 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Siemens Equipment: XHQ Vulnerability: Improper Access Control AFFECTED PRODUCTS Siemens reports that the vulnerability affects the following versions of the XHQ operations intelligence product line: XHQ 4: All version...

Siemens SIMATIC CP 44x-1 Redundant Network Access Modules

CVSS v3 9.8 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Siemens Equipment: SIMATIC CP 44x-1 Redundant Network Access RNA modules Vulnerability: Improper Authentication AFFECTED PRODUCTS The following versions of the SIMATIC CP 44x-1 RNA, which connect SIMATIC S7-400 CPUs t...

Ecava IntegraXor

CVSS v3 7.3 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Ecava Equipment: IntegraXor Vulnerability: SQL Injection AFFECTED PRODUCTS The following versions of IntegraXor, a web SCADA/HMI solution, are affected: IntegraXor Versions 5.2.1231.0 and prior. IMPACT Successful...

Cambium Networks ePMP

CVSS v3 7.6 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Cambium Networks Equipment: ePMP Vulnerabilities: Improper Access Control, Improper Privilege Management AFFECTED PRODUCTS Cambium reports that the vulnerabilities affect the following ePMP Network Access Control...

OSIsoft PI Web API 2017

CVSS v3 7.1 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: OSIsoft Equipment: PI Web API 2017 Vulnerability: Cross-Site Request Forgery AFFECTED PRODUCTS OSIsoft reports that the vulnerability affects the following PI Web API products: PI Web API versions prior to 2017 1.9.0...

Trihedral Engineering Limited VTScada

CVSS v3 7.5 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Trihedral Engineering Limited Equipment: VTScada Vulnerability: Resource Consumption, Cross-Site Scripting, Information Exposure AFFECTED PRODUCTS The following versions of VTScada, an HMI SCADA software, are affected...

OSIsoft PI Server 2017

CVSS v3 8.9 ATTENTION: Remotely exploitable. Vendor: OSIsoft Equipment: PI Server 2017 Vulnerabilities: Improper Authentication AFFECTED PRODUCTS OSIsoft reports that the vulnerabilities affect the following PI Server products: PI Data Archive versions prior to 2017. IMPACT Successful exploitatio...

Digital Canal Structural Wind Analysis

CVSS v3 7.5 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Digital Canal Structural Equipment: Wind Analysis Vulnerability: Stack-Based Buffer Overflow AFFECTED PRODUCTS The following versions of Wind Analysis, a structural engineering software platform, are affected: Wind...

Rockwell Automation PanelView Plus 6 700-1500

CVSS v3 8.6 ATTENTION: Remotely exploitable/low skill level to exploit Vendor: Rockwell Automation Equipment: PanelView Plus 6 700-1500 Vulnerability: Missing Authorization AFFECTED PRODUCTS The following versions of PanelView Plus 6 700-1500, graphic terminals and logic module products, are...

Phoenix Broadband Technologies LLC PowerAgent SC3 Site Controller

CVSS v3 5.3 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Phoenix Broadband Technologies LLC Equipment: PowerAgent SC3 Site Controller Vulnerability: Use of Hard-Coded Password AFFECTED PRODUCTS Phoenix Broadband Technologies LLC reports that the following versions of...

NXP i.MX Product Family

CVSS v3 6.0 REPOSTED INFORMATION This advisory was originally posted to the NCCIC Portal on June 1, 2017, and is being released to the NCCIC/ICS-CERT web site. AFFECTED PRODUCTS The following i.MX Devices, used on logic boards, are affected: Devices affected by the Stack Buffer Overflow...

Automated Logic Corporation ALC WebCTRL, Liebert SiteScan, Carrier i-VU

CVSS v3 6.5 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Automated Logic Corporation ALC Equipment: ALC WebCTRL, Liebert SiteScan, Carrier i-VU Vulnerability: XML External Entity XXE REPOSTED INFORMATION This advisory was originally posted to the NCCIC Portal on May 30, 201...

Moxa OnCell

CVSS v3 9.8 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Moxa Equipment: OnCell Vulnerabilities: Improper Restriction of Excessive Authentication Attempts, Plaintext Storage of a Password, and Cross-Site Request Forgery AFFECTED PRODUCTS The following versions of OnCell, a...

GE Proficy HMI/SCADA iFIX, Proficy HMI/SCADA CIMPLICITY, and Proficy Historian Vulnerability (Update B)

OVERVIEW This updated advisory is a follow-up to the updated advisory titled ICSA-16-336-05A GE Proficy HMI/SCADA IFIX, Proficy HMI/SCADA CIMPLICITY, and Proficy Historian Vulnerability that was published January 24, 2017, on the NCCIC/ICS-CERT web site. GE has reported an insufficiently protecte...

ICSA-17-138-01_Miele Professional PG 85 Series

CVSS v3 7.3 ATTENTION: Remotely exploitable/low skill level to exploit. Public exploits are available. Vendor: Miele Professional Equipment: PG 85 Series Vulnerability: Path Traversal UPDATED INFORMATION This advisory is a follow-up to the original alert titled ICS-ALERT-17-089-01 Miele...

Rockwell Automation MicroLogix 1100 Controllers

CVSS v3 7.5 Vendor: Rockwell Automation Equipment: MicroLogix 1100 Controllers Vulnerability: Improper Input Validation REPOSTED INFORMATION This advisory was originally posted to the NCCIC Portal on May 18, 2017, and is being released to the NCCIC/ICS-CERT web site. AFFECTED PRODUCTS The followi...

Schneider Electric Wonderware InduSoft Web Studio

CVSS v3 7.3 ATTENTION: Low skill level to exploit. Vendor: Schneider Electric Equipment: Wonderware InduSoft Web Studio Vulnerability: Incorrect Default Permissions AFFECTED PRODUCTS The following versions of Schneider Electric’s Wondeware InduSoft Web Studio are affected: Wonderware InduSoft Web...

Schneider Electric VAMPSET

CVSS v3 5.6 ATTENTION: Low skill level to exploit. Vendor: Schneider Electric Equipment: VAMPSET Vulnerability: Memory Corruption AFFECTED PRODUCTS Schneider Electric reports that the vulnerability affects the following VAMPSET setting and configuration software products: VAMPSET, versions prior ...

Detcon SiteWatch Gateway

CVSS v3 9.1 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Detcon Equipment: SiteWatch Gateway Vulnerabilities: Improper Authentication, Plaintext Storage of a Password AFFECTED PRODUCTS The following versions of Detcon SiteWatch Gateway, an Ethernet Notification System, are...

Schneider Electric SoMachine HVAC

CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: Schneider Electric Equipment: SoMachine HVAC Vulnerabilities: Buffer Overflow, DLL Hijack AFFECTED PRODUCTS The following version of SoMachine HVAC, a PLC programming software, is affected: SoMachine HVAC Versions 2.1.0 and prior. IMPACT...

Hanwha Techwin SRN-4000

CVSS v3 9.8 ATTENTION: Remotely exploitable/low skill level to exploit Vendor: Hanwha Techwin Equipment: SRN-4000 Vulnerability: Unauthenticated Access AFFECTED PRODUCTS The following versions of SRN-4000, a network video management platform, are affected: SRN-4000 firmware versions prior to...

PHOENIX CONTACT mGuard

CVSS v3 8.6 ATTENTION: Remotely exploitable/low skill level to exploit Vendor: PHOENIX CONTACT Equipment: mGuard Vulnerabilities: Resource Exhaustion, Improper Authentication AFFECTED PRODUCTS The following versions of mGuard, a network device, are affected: mGuard firmware versions 8.3.0 to 8.4....

Satel Iberia SenNet Data Logger and Electricity Meters

CVSS v3 8.8 ATTENTION: Remotely exploitable/low skill level to exploit Vendor: Satel Iberia Equipment: SenNet Data Logger and Electricity Meters Vulnerability: Command Injection AFFECTED PRODUCTS The following versions of SenNet Data Logger and Electricity Meters, monitoring platforms, are...

Rockwell Automation Stratix 5900

CVSS v3 10.0 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Rockwell Automation Equipment: Stratix 5900 Vulnerabilities: Improper Input Validation, Resource Management Errors, Improper Authentication, Path Traversal . REPOSTED INFORMATION This advisory was originally posted t...

Siemens devices using the PROFINET Discovery and Configuration Protocol (Update E)

CVSS v3 6.5 ATTENTION: Exploitable from an adjacent network/low skill level to exploit. Vendor: Siemens Equipment: Devices using the PROFINET Discovery and Configuration Protocol DCP Vulnerability: Denial of Service UPDATE INFORMATION This updated advisory is a follow-up to the updated advisory...

Siemens devices using the PROFINET Discovery and Configuration Protocol (Update J)

CVSS v3 6.5 ATTENTION: Exploitable from an adjacent network/low skill level to exploit. Vendor: Siemens Equipment: Devices using the PROFINET Discovery and Configuration Protocol DCP Vulnerability: Improper Input Validation UPDATE INFORMATION This updated advisory is a follow-up to the updated...

Siemens devices using the PROFINET Discovery and Configuration Protocol (Update B)

CVSS v3 6.5 ATTENTION: Exploitable from an adjacent network/low skill level to exploit. Vendor: Siemens Equipment: Devices using the PROFINET Discovery and Configuration Protocol DCP Vulnerability: Denial of Service UPDATE INFORMATION This updated advisory is a follow-up to the updated advisory...

Siemens devices using the PROFINET Discovery and Configuration Protocol (Update H)

CVSS v3 6.5 ATTENTION: Exploitable from an adjacent network/low skill level to exploit. Vendor: Siemens Equipment: Devices using the PROFINET Discovery and Configuration Protocol DCP Vulnerability: Denial of Service UPDATE INFORMATION This updated advisory is a follow-up to the updated advisory...

Siemens devices using the PROFINET Discovery and Configuration Protocol (Update E)

CVSS v3 6.5 ATTENTION: Exploitable from an adjacent network/low skill level to exploit. Vendor: Siemens Equipment: Devices using the PROFINET Discovery and Configuration Protocol DCP Vulnerability: Denial of Service UPDATE INFORMATION This updated advisory is a follow-up to the updated advisory...

Siemens devices using the PROFINET Discovery and Configuration Protocol (Update K)

CVSS v3 6.5 ATTENTION: Exploitable from an adjacent network/low skill level to exploit. Vendor: Siemens Equipment: Devices using the PROFINET Discovery and Configuration Protocol DCP Vulnerabilities: Improper Input Validation UPDATE INFORMATION This updated advisory is a follow-up to the updated...

Siemens devices using the PROFINET Discovery and Configuration Protocol (Update B)

CVSS v3 6.5 ATTENTION: Exploitable from an adjacent network/low skill level to exploit. Vendor: Siemens Equipment: Devices using the PROFINET Discovery and Configuration Protocol DCP Vulnerability: Denial of Service UPDATE INFORMATION This updated advisory is a follow-up to the updated advisory...

Siemens devices using the PROFINET Discovery and Configuration Protocol (Update C)

CVSS v3 6.5 ATTENTION: Exploitable from an adjacent network/low skill level to exploit. Vendor: Siemens Equipment: Devices using the PROFINET Discovery and Configuration Protocol DCP Vulnerability: Denial of Service UPDATE INFORMATION This updated advisory is a follow-up to the updated advisory...

Siemens devices using the PROFINET Discovery and Configuration Protocol (Update H)

CVSS v3 6.5 ATTENTION: Exploitable from an adjacent network/low skill level to exploit. Vendor: Siemens Equipment: Devices using the PROFINET Discovery and Configuration Protocol DCP Vulnerability: Denial of Service UPDATE INFORMATION This updated advisory is a follow-up to the updated advisory...

Siemens devices using the PROFINET Discovery and Configuration Protocol (Update F)

CVSS v3 6.5 ATTENTION: Exploitable from an adjacent network/low skill level to exploit. Vendor: Siemens Equipment: Devices using the PROFINET Discovery and Configuration Protocol DCP Vulnerability: Denial of Service UPDATE INFORMATION This updated advisory is a follow-up to the updated advisory...

Siemens devices using the PROFINET Discovery and Configuration Protocol (Update C)

CVSS v3 6.5 ATTENTION: Exploitable from an adjacent network/low skill level to exploit. Vendor: Siemens Equipment: Devices using the PROFINET Discovery and Configuration Protocol DCP Vulnerability: Denial of Service UPDATE INFORMATION This updated advisory is a follow-up to the updated advisory...

Siemens devices using the PROFINET Discovery and Configuration Protocol (Update I)

CVSS v3 6.5 ATTENTION: Exploitable from an adjacent network/low skill level to exploit. Vendor: Siemens Equipment: Devices using the PROFINET Discovery and Configuration Protocol DCP Vulnerability: Improper Input Validation UPDATE INFORMATION This updated advisory is a follow-up to the updated...

Siemens devices using the PROFINET Discovery and Configuration Protocol (Update G)

CVSS v3 6.5 ATTENTION: Exploitable from an adjacent network/low skill level to exploit. Vendor: Siemens Equipment: Devices using the PROFINET Discovery and Configuration Protocol DCP Vulnerability: Denial of Service UPDATE INFORMATION This updated advisory is a follow-up to the updated advisory...

Siemens devices using the PROFINET Discovery and Configuration Protocol (Update A)

CVSS v3 6.5 ATTENTION: Exploitable from an adjacent network/low skill level to exploit. Vendor: Siemens Equipment: Devices using the PROFINET Discovery and Configuration Protocol DCP Vulnerability: Denial of Service UPDATE INFORMATION This updated advisory is a follow-up to the original advisory...

Siemens devices using the PROFINET Discovery and Configuration Protocol (Update D)

CVSS v3 6.5 ATTENTION: Exploitable from an adjacent network/low skill level to exploit. Vendor: Siemens Equipment: Devices using the PROFINET Discovery and Configuration Protocol DCP Vulnerability: Denial of Service UPDATE INFORMATION This updated advisory is a follow-up to the updated advisory...

Siemens devices using the PROFINET Discovery and Configuration Protocol (Update D)

CVSS v3 6.5 ATTENTION: Exploitable from an adjacent network/low skill level to exploit. Vendor: Siemens Equipment: Devices using the PROFINET Discovery and Configuration Protocol DCP Vulnerability: Denial of Service UPDATE INFORMATION This updated advisory is a follow-up to the updated advisory...

Siemens devices using the PROFINET Discovery and Configuration Protocol (Update F)

CVSS v3 6.5 ATTENTION: Exploitable from an adjacent network/low skill level to exploit. Vendor: Siemens Equipment: Devices using the PROFINET Discovery and Configuration Protocol DCP Vulnerability: Denial of Service UPDATE INFORMATION This updated advisory is a follow-up to the updated advisory...

Siemens devices using the PROFINET Discovery and Configuration Protocol (Update A)

CVSS v3 6.5 ATTENTION: Exploitable from an adjacent network/low skill level to exploit. Vendor: Siemens Equipment: Devices using the PROFINET Discovery and Configuration Protocol DCP Vulnerability: Denial of Service UPDATE INFORMATION This updated advisory is a follow-up to the original advisory...

Siemens devices using the PROFINET Discovery and Configuration Protocol (Update I)

CVSS v3 6.5 ATTENTION: Exploitable from an adjacent network/low skill level to exploit. Vendor: Siemens Equipment: Devices using the PROFINET Discovery and Configuration Protocol DCP Vulnerability: Denial of Service UPDATE INFORMATION This updated advisory is a follow-up to the updated advisory...

Siemens devices using the PROFINET Discovery and Configuration Protocol (Update G)

CVSS v3 6.5 ATTENTION: Exploitable from an adjacent network/low skill level to exploit. Vendor: Siemens Equipment: Devices using the PROFINET Discovery and Configuration Protocol DCP Vulnerability: Denial of Service UPDATE INFORMATION This updated advisory is a follow-up to the updated advisory...

Siemens SIMATIC WinCC and SIMATIC WinCC Runtime Professional

CVSS v3 4.9 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Siemens Equipment: SIMATIC WinCC and SIMATIC WinCC Runtime Professional Vulnerability: Denial of Service AFFECTED PRODUCTS Siemens reports that the vulnerability affects the following versions of SIMATIC WinCC, SIMATI...

ICSA-17-129-01 Siemens devices using the PROFINET Discovery and Configuration Protocol (Update K)

1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable from an adjacent network/low skill level to exploit Vendor: Siemens Equipment: Devices using the PROFINET Discovery and Configuration Protocol DCP Vulnerability: Improper Input Validation 2. UPDATE INFORMATION This updated advisory is a...

Siemens PROFINET DCP (Update V)

1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION : Exploitable from an adjacent network/low attack complexity Vendor : Siemens Equipment : Devices using the PROFINET Discovery and Configuration Protocol DCP Vulnerabilities : Uncontrolled Resource Consumption 2. UPDATE INFORMATION This updated advisory...

Advantech WebAccess

CVSS v3 7.1 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Advantech Equipment: WebAccess Vulnerability: Absolute Path Traversal AFFECTED PRODUCTS The following WebAccess versions are affected: WebAccess Version 8.1 and prior. IMPACT Successful exploitation of this...

Hikvision Cameras

CVSS v3 10.0 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Hikvision Equipment: Cameras Vulnerabilities: Improper Authentication, Password in Configuration File AFFECTED PRODUCTS Hikvision reports that the following cameras and versions are affected: DS-2CD2xx2F-I Series...

Dahua Technology Co., Ltd Digital Video Recorders and IP Cameras

CVSS v3 9.8 ATTENTION: Remotely exploitable/low skill level to exploit. Public exploits are available. Vendor: Dahua Technology Co., Ltd Equipment: Digital Video Recorders and IP Cameras Vulnerabilities: Use of Password Hash Instead of Password for Authentication, Password in Configuration File...