4251 matches found
OSIsoft PI Server 2017
CVSS v3 8.9 ATTENTION: Remotely exploitable. Vendor: OSIsoft Equipment: PI Server 2017 Vulnerabilities: Improper Authentication AFFECTED PRODUCTS OSIsoft reports that the vulnerabilities affect the following PI Server products: PI Data Archive versions prior to 2017. IMPACT Successful exploitatio...
Digital Canal Structural Wind Analysis
CVSS v3 7.5 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Digital Canal Structural Equipment: Wind Analysis Vulnerability: Stack-Based Buffer Overflow AFFECTED PRODUCTS The following versions of Wind Analysis, a structural engineering software platform, are affected: Wind...
Rockwell Automation PanelView Plus 6 700-1500
CVSS v3 8.6 ATTENTION: Remotely exploitable/low skill level to exploit Vendor: Rockwell Automation Equipment: PanelView Plus 6 700-1500 Vulnerability: Missing Authorization AFFECTED PRODUCTS The following versions of PanelView Plus 6 700-1500, graphic terminals and logic module products, are...
NXP i.MX Product Family
CVSS v3 6.0 REPOSTED INFORMATION This advisory was originally posted to the NCCIC Portal on June 1, 2017, and is being released to the NCCIC/ICS-CERT web site. AFFECTED PRODUCTS The following i.MX Devices, used on logic boards, are affected: Devices affected by the Stack Buffer Overflow...
Phoenix Broadband Technologies LLC PowerAgent SC3 Site Controller
CVSS v3 5.3 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Phoenix Broadband Technologies LLC Equipment: PowerAgent SC3 Site Controller Vulnerability: Use of Hard-Coded Password AFFECTED PRODUCTS Phoenix Broadband Technologies LLC reports that the following versions of...
Automated Logic Corporation ALC WebCTRL, Liebert SiteScan, Carrier i-VU
CVSS v3 6.5 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Automated Logic Corporation ALC Equipment: ALC WebCTRL, Liebert SiteScan, Carrier i-VU Vulnerability: XML External Entity XXE REPOSTED INFORMATION This advisory was originally posted to the NCCIC Portal on May 30, 201...
Moxa OnCell
CVSS v3 9.8 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Moxa Equipment: OnCell Vulnerabilities: Improper Restriction of Excessive Authentication Attempts, Plaintext Storage of a Password, and Cross-Site Request Forgery AFFECTED PRODUCTS The following versions of OnCell, a...
GE Proficy HMI/SCADA iFIX, Proficy HMI/SCADA CIMPLICITY, and Proficy Historian Vulnerability (Update B)
OVERVIEW This updated advisory is a follow-up to the updated advisory titled ICSA-16-336-05A GE Proficy HMI/SCADA IFIX, Proficy HMI/SCADA CIMPLICITY, and Proficy Historian Vulnerability that was published January 24, 2017, on the NCCIC/ICS-CERT web site. GE has reported an insufficiently protecte...
Schneider Electric Wonderware InduSoft Web Studio
CVSS v3 7.3 ATTENTION: Low skill level to exploit. Vendor: Schneider Electric Equipment: Wonderware InduSoft Web Studio Vulnerability: Incorrect Default Permissions AFFECTED PRODUCTS The following versions of Schneider Electric’s Wondeware InduSoft Web Studio are affected: Wonderware InduSoft Web...
Rockwell Automation MicroLogix 1100 Controllers
CVSS v3 7.5 Vendor: Rockwell Automation Equipment: MicroLogix 1100 Controllers Vulnerability: Improper Input Validation REPOSTED INFORMATION This advisory was originally posted to the NCCIC Portal on May 18, 2017, and is being released to the NCCIC/ICS-CERT web site. AFFECTED PRODUCTS The followi...
ICSA-17-138-01_Miele Professional PG 85 Series
CVSS v3 7.3 ATTENTION: Remotely exploitable/low skill level to exploit. Public exploits are available. Vendor: Miele Professional Equipment: PG 85 Series Vulnerability: Path Traversal UPDATED INFORMATION This advisory is a follow-up to the original alert titled ICS-ALERT-17-089-01 Miele...
Schneider Electric VAMPSET
CVSS v3 5.6 ATTENTION: Low skill level to exploit. Vendor: Schneider Electric Equipment: VAMPSET Vulnerability: Memory Corruption AFFECTED PRODUCTS Schneider Electric reports that the vulnerability affects the following VAMPSET setting and configuration software products: VAMPSET, versions prior ...
Detcon SiteWatch Gateway
CVSS v3 9.1 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Detcon Equipment: SiteWatch Gateway Vulnerabilities: Improper Authentication, Plaintext Storage of a Password AFFECTED PRODUCTS The following versions of Detcon SiteWatch Gateway, an Ethernet Notification System, are...
Schneider Electric SoMachine HVAC
CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: Schneider Electric Equipment: SoMachine HVAC Vulnerabilities: Buffer Overflow, DLL Hijack AFFECTED PRODUCTS The following version of SoMachine HVAC, a PLC programming software, is affected: SoMachine HVAC Versions 2.1.0 and prior. IMPACT...
Hanwha Techwin SRN-4000
CVSS v3 9.8 ATTENTION: Remotely exploitable/low skill level to exploit Vendor: Hanwha Techwin Equipment: SRN-4000 Vulnerability: Unauthenticated Access AFFECTED PRODUCTS The following versions of SRN-4000, a network video management platform, are affected: SRN-4000 firmware versions prior to...
Satel Iberia SenNet Data Logger and Electricity Meters
CVSS v3 8.8 ATTENTION: Remotely exploitable/low skill level to exploit Vendor: Satel Iberia Equipment: SenNet Data Logger and Electricity Meters Vulnerability: Command Injection AFFECTED PRODUCTS The following versions of SenNet Data Logger and Electricity Meters, monitoring platforms, are...
PHOENIX CONTACT mGuard
CVSS v3 8.6 ATTENTION: Remotely exploitable/low skill level to exploit Vendor: PHOENIX CONTACT Equipment: mGuard Vulnerabilities: Resource Exhaustion, Improper Authentication AFFECTED PRODUCTS The following versions of mGuard, a network device, are affected: mGuard firmware versions 8.3.0 to 8.4....
Rockwell Automation Stratix 5900
CVSS v3 10.0 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Rockwell Automation Equipment: Stratix 5900 Vulnerabilities: Improper Input Validation, Resource Management Errors, Improper Authentication, Path Traversal . REPOSTED INFORMATION This advisory was originally posted t...
Siemens devices using the PROFINET Discovery and Configuration Protocol (Update E)
CVSS v3 6.5 ATTENTION: Exploitable from an adjacent network/low skill level to exploit. Vendor: Siemens Equipment: Devices using the PROFINET Discovery and Configuration Protocol DCP Vulnerability: Denial of Service UPDATE INFORMATION This updated advisory is a follow-up to the updated advisory...
Siemens devices using the PROFINET Discovery and Configuration Protocol (Update F)
CVSS v3 6.5 ATTENTION: Exploitable from an adjacent network/low skill level to exploit. Vendor: Siemens Equipment: Devices using the PROFINET Discovery and Configuration Protocol DCP Vulnerability: Denial of Service UPDATE INFORMATION This updated advisory is a follow-up to the updated advisory...
Siemens devices using the PROFINET Discovery and Configuration Protocol (Update I)
CVSS v3 6.5 ATTENTION: Exploitable from an adjacent network/low skill level to exploit. Vendor: Siemens Equipment: Devices using the PROFINET Discovery and Configuration Protocol DCP Vulnerability: Denial of Service UPDATE INFORMATION This updated advisory is a follow-up to the updated advisory...
Siemens devices using the PROFINET Discovery and Configuration Protocol (Update A)
CVSS v3 6.5 ATTENTION: Exploitable from an adjacent network/low skill level to exploit. Vendor: Siemens Equipment: Devices using the PROFINET Discovery and Configuration Protocol DCP Vulnerability: Denial of Service UPDATE INFORMATION This updated advisory is a follow-up to the original advisory...
Siemens devices using the PROFINET Discovery and Configuration Protocol (Update C)
CVSS v3 6.5 ATTENTION: Exploitable from an adjacent network/low skill level to exploit. Vendor: Siemens Equipment: Devices using the PROFINET Discovery and Configuration Protocol DCP Vulnerability: Denial of Service UPDATE INFORMATION This updated advisory is a follow-up to the updated advisory...
Siemens devices using the PROFINET Discovery and Configuration Protocol (Update H)
CVSS v3 6.5 ATTENTION: Exploitable from an adjacent network/low skill level to exploit. Vendor: Siemens Equipment: Devices using the PROFINET Discovery and Configuration Protocol DCP Vulnerability: Denial of Service UPDATE INFORMATION This updated advisory is a follow-up to the updated advisory...
Siemens devices using the PROFINET Discovery and Configuration Protocol (Update G)
CVSS v3 6.5 ATTENTION: Exploitable from an adjacent network/low skill level to exploit. Vendor: Siemens Equipment: Devices using the PROFINET Discovery and Configuration Protocol DCP Vulnerability: Denial of Service UPDATE INFORMATION This updated advisory is a follow-up to the updated advisory...
Siemens devices using the PROFINET Discovery and Configuration Protocol (Update F)
CVSS v3 6.5 ATTENTION: Exploitable from an adjacent network/low skill level to exploit. Vendor: Siemens Equipment: Devices using the PROFINET Discovery and Configuration Protocol DCP Vulnerability: Denial of Service UPDATE INFORMATION This updated advisory is a follow-up to the updated advisory...
Siemens devices using the PROFINET Discovery and Configuration Protocol (Update D)
CVSS v3 6.5 ATTENTION: Exploitable from an adjacent network/low skill level to exploit. Vendor: Siemens Equipment: Devices using the PROFINET Discovery and Configuration Protocol DCP Vulnerability: Denial of Service UPDATE INFORMATION This updated advisory is a follow-up to the updated advisory...
Siemens devices using the PROFINET Discovery and Configuration Protocol (Update A)
CVSS v3 6.5 ATTENTION: Exploitable from an adjacent network/low skill level to exploit. Vendor: Siemens Equipment: Devices using the PROFINET Discovery and Configuration Protocol DCP Vulnerability: Denial of Service UPDATE INFORMATION This updated advisory is a follow-up to the original advisory...
Siemens devices using the PROFINET Discovery and Configuration Protocol (Update E)
CVSS v3 6.5 ATTENTION: Exploitable from an adjacent network/low skill level to exploit. Vendor: Siemens Equipment: Devices using the PROFINET Discovery and Configuration Protocol DCP Vulnerability: Denial of Service UPDATE INFORMATION This updated advisory is a follow-up to the updated advisory...
Siemens devices using the PROFINET Discovery and Configuration Protocol (Update B)
CVSS v3 6.5 ATTENTION: Exploitable from an adjacent network/low skill level to exploit. Vendor: Siemens Equipment: Devices using the PROFINET Discovery and Configuration Protocol DCP Vulnerability: Denial of Service UPDATE INFORMATION This updated advisory is a follow-up to the updated advisory...
Siemens devices using the PROFINET Discovery and Configuration Protocol (Update C)
CVSS v3 6.5 ATTENTION: Exploitable from an adjacent network/low skill level to exploit. Vendor: Siemens Equipment: Devices using the PROFINET Discovery and Configuration Protocol DCP Vulnerability: Denial of Service UPDATE INFORMATION This updated advisory is a follow-up to the updated advisory...
Siemens devices using the PROFINET Discovery and Configuration Protocol (Update I)
CVSS v3 6.5 ATTENTION: Exploitable from an adjacent network/low skill level to exploit. Vendor: Siemens Equipment: Devices using the PROFINET Discovery and Configuration Protocol DCP Vulnerability: Improper Input Validation UPDATE INFORMATION This updated advisory is a follow-up to the updated...
Siemens devices using the PROFINET Discovery and Configuration Protocol (Update H)
CVSS v3 6.5 ATTENTION: Exploitable from an adjacent network/low skill level to exploit. Vendor: Siemens Equipment: Devices using the PROFINET Discovery and Configuration Protocol DCP Vulnerability: Denial of Service UPDATE INFORMATION This updated advisory is a follow-up to the updated advisory...
Siemens devices using the PROFINET Discovery and Configuration Protocol (Update D)
CVSS v3 6.5 ATTENTION: Exploitable from an adjacent network/low skill level to exploit. Vendor: Siemens Equipment: Devices using the PROFINET Discovery and Configuration Protocol DCP Vulnerability: Denial of Service UPDATE INFORMATION This updated advisory is a follow-up to the updated advisory...
Siemens devices using the PROFINET Discovery and Configuration Protocol (Update B)
CVSS v3 6.5 ATTENTION: Exploitable from an adjacent network/low skill level to exploit. Vendor: Siemens Equipment: Devices using the PROFINET Discovery and Configuration Protocol DCP Vulnerability: Denial of Service UPDATE INFORMATION This updated advisory is a follow-up to the updated advisory...
Siemens devices using the PROFINET Discovery and Configuration Protocol (Update G)
CVSS v3 6.5 ATTENTION: Exploitable from an adjacent network/low skill level to exploit. Vendor: Siemens Equipment: Devices using the PROFINET Discovery and Configuration Protocol DCP Vulnerability: Denial of Service UPDATE INFORMATION This updated advisory is a follow-up to the updated advisory...
Siemens SIMATIC WinCC and SIMATIC WinCC Runtime Professional
CVSS v3 4.9 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Siemens Equipment: SIMATIC WinCC and SIMATIC WinCC Runtime Professional Vulnerability: Denial of Service AFFECTED PRODUCTS Siemens reports that the vulnerability affects the following versions of SIMATIC WinCC, SIMATI...
Siemens devices using the PROFINET Discovery and Configuration Protocol (Update J)
CVSS v3 6.5 ATTENTION: Exploitable from an adjacent network/low skill level to exploit. Vendor: Siemens Equipment: Devices using the PROFINET Discovery and Configuration Protocol DCP Vulnerability: Improper Input Validation UPDATE INFORMATION This updated advisory is a follow-up to the updated...
Siemens devices using the PROFINET Discovery and Configuration Protocol (Update K)
CVSS v3 6.5 ATTENTION: Exploitable from an adjacent network/low skill level to exploit. Vendor: Siemens Equipment: Devices using the PROFINET Discovery and Configuration Protocol DCP Vulnerabilities: Improper Input Validation UPDATE INFORMATION This updated advisory is a follow-up to the updated...
Siemens PROFINET DCP (Update V)
1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION : Exploitable from an adjacent network/low attack complexity Vendor : Siemens Equipment : Devices using the PROFINET Discovery and Configuration Protocol DCP Vulnerabilities : Uncontrolled Resource Consumption 2. UPDATE INFORMATION This updated advisory...
ICSA-17-129-01 Siemens devices using the PROFINET Discovery and Configuration Protocol (Update K)
1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable from an adjacent network/low skill level to exploit Vendor: Siemens Equipment: Devices using the PROFINET Discovery and Configuration Protocol DCP Vulnerability: Improper Input Validation 2. UPDATE INFORMATION This updated advisory is a...
Hikvision Cameras
CVSS v3 10.0 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Hikvision Equipment: Cameras Vulnerabilities: Improper Authentication, Password in Configuration File AFFECTED PRODUCTS Hikvision reports that the following cameras and versions are affected: DS-2CD2xx2F-I Series...
Dahua Technology Co., Ltd Digital Video Recorders and IP Cameras
CVSS v3 9.8 ATTENTION: Remotely exploitable/low skill level to exploit. Public exploits are available. Vendor: Dahua Technology Co., Ltd Equipment: Digital Video Recorders and IP Cameras Vulnerabilities: Use of Password Hash Instead of Password for Authentication, Password in Configuration File...
Advantech WebAccess
CVSS v3 7.1 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Advantech Equipment: WebAccess Vulnerability: Absolute Path Traversal AFFECTED PRODUCTS The following WebAccess versions are affected: WebAccess Version 8.1 and prior. IMPACT Successful exploitation of this...
Advantech B+B SmartWorx MESR901
CVSS v3 9.8 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Advantech B+B SmartWorx Equipment: MESR901 Vulnerability: Use of Client-Side Authentication AFFECTED PRODUCTS The following versions of MESR901, a Modbus gateway, are affected: MESR901 firmware versions 1.5.2 and prio...
Schneider Electric Wonderware Historian Client
CVSS v3 6.6 ATTENTION: Low skill level to exploit. Vendor: Schneider Electric Equipment: Wonderware Historian Client Vulnerability: Improper XML Parser Configuration AFFECTED PRODUCTS The following versions of Wonderware Historian Client, an analysis and reporting software, are affected: Wonderwa...
CyberVision Kaa IoT Platform
CVSS v3 6.3 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: CyberVision Equipment: Kaa IoT Platform Vulnerability: Code Injection AFFECTED PRODUCTS The following version of Kaa IoT Platform, a middleware platform, is affected: Kaa IoT Platform, Version 0.7.4, and possibly othe...
GE Multilin SR Protective Relays
CVSS v3 8.1 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: GE Equipment: Multilin SR Protective Relays Vulnerabilities: Weak Cryptography for Passwords AFFECTED PRODUCTS The following versions of Multilin SR protective relays are affected: 750 Feeder Protection Relay, firmwar...
GE Multilin SR, UR, and URplus Protective Relays (Update A)
CVSS v3 8.1 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: GE Equipment: Multilin SR, UR, and URplus Protective Relays Vulnerabilities: Weak Cryptography for Passwords UPDATED INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-17-117-01 GE...
GE Multilin SR, UR, and URplus Protective Relays (Update B)
CVSS v3 8.1 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: GE Equipment: Multilin SR, UR, and URplus Protective Relays Vulnerabilities: Weak Cryptography for Passwords UPDATED INFORMATION This updated advisory is a follow-up to the updated advisory titled ICSA-17-117-01A GE...