4251 matches found
Hyundai Motor America Blue Link
CVSS v3 7.5 ATTENTION: Remotely exploitable Vendor: Hyundai Motor America Equipment: Blue Link Vulnerability: Man-in-the-Middle, Use of Hard-Coded Cryptographic Key AFFECTED PRODUCTS The following versions of Blue Link, a mobile application for Hyundai vehicle management, are affected: Blue Link...
Rockwell Automation Allen-Bradley MicroLogix 1100 and 1400
CVSS v3 9.8 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Rockwell Automation Equipment: Allen-Bradley MicroLogix 1100 and 1400 Vulnerabilities: Predictable Value Range from Previous Values; Reusing a Nonce, Key Pair in Encryption; Information Exposure; Improper Restriction ...
Sierra Wireless AirLink Raven XE and XT
CVSS v3 10.0 ATTENTION: Remotely exploitable/low skill level to exploit. Public exploits are available. Vendor: Sierra Wireless Equipment: AirLink Raven XE and XT Vulnerabilities: Improper Authorization, Cross-Site Request Forgery, Insufficiently Protected Credentials REPOSTED INFORMATION This...
BLF-Tech LLC VisualView HMI
CVSS v3 7.0 ATTENTION: Low skill level to exploit Vendor: BLF-Tech LLC Equipment: VisualView HMI Vulnerability: Uncontrolled Search Path Element AFFECTED PRODUCTS The following VisualView HMI versions are affected: VisualView HMI Version 9.9.14.0 and prior. IMPACT Successful exploitation of this...
Schneider Electric Modicon M221 PLCs and SoMachine Basic
CVSS v3 10.0 ATTENTION: Remotely exploitable/low skill level to exploit. Public exploits are available. Vendor: Schneider Electric Equipment: Modicon M221 PLCs and SoMachine Basic Vulnerability: Use of Hard-Coded Cryptographic Key, Protection Mechanism Failure AFFECTED PRODUCTS Schneider Electric...
Schneider Electric Modicon M221 PLCs and SoMachine Basic (Update A)
CVSS v3 10.0 ATTENTION: Remotely exploitable/low skill level to exploit. Public exploits are available. Vendor: Schneider Electric Equipment: Modicon M221 PLCs and SoMachine Basic Vulnerability: Use of Hard-Coded Cryptographic Key, Protection Mechanism Failure UPDATE INFORMATION This updated...
Wecon Technologies LEVI Studio HMI Editor
CVSS v3 8.8 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Wecon Technologies Equipment: LEVI Studio HMI Editor Vulnerabilities: Heap-Based Buffer Overflow, Stack-Based Buffer Overflow AFFECTED PRODUCTS The following versions of LEVI Studio HMI Editor, a HMI programming...
Schneider Electric Modicon Modbus Protocol
CVSS v3 10.0 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Schneider Electric Equipment: Modicon Modbus Protocol Vulnerabilities: Authentication Bypass by Capture-Replay, Violation of Secure Design Principles AFFECTED PRODUCTS The following versions of Modicon Modbus protoco...
Certec EDV GmbH atvise scada (Update A)
CVSS v3 6.1 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Certec EDV GmbH Equipment: atvise scada Vulnerabilities: Cross-Site Scripting, Header Injection UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-17-096-01 Certec EDV GmbH...
Certec EDV GmbH atvise scada
CVSS v3 6.1 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Certec EDV GmbH Equipment: atvise scada Vulnerabilities: Cross-Site Scripting, Header Injection AFFECTED PRODUCTS The following versions of atvise scada, a HMI configuration platform, are affected: Atvise scada 3.0 an...
Marel Food Processing Systems
CVSS v3 9.8 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Marel Equipment: Food Processing Systems Vulnerabilities: Hard-Coded Passwords, Unrestricted Upload AFFECTED PRODUCTS The following Marel food processing products are affected: M3000 terminal associated with the...
Marel Food Processing Systems (Update A)
CVSS v3 9.8 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Marel Equipment: Food Processing Systems Vulnerabilities: Hard-Coded Passwords, Unrestricted Upload, Improper Access Control UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled...
Rockwell Automation Allen-Bradley Stratix and Allen-Bradley ArmorStratix
CVSS v3 9.8 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Rockwell Automation Equipment: Allen-Bradley Stratix, Allen-Bradley ArmorStratix Vulnerability: Improper Input Validation AFFECTED PRODUCTS The following versions of the Allen-Bradley Stratix and ArmorStratix Industri...
Schneider Electric Interactive Graphical SCADA System Software
CVSS v3 6.8 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Schneider Electric Equipment: Interactive Graphical SCADA System IGSS Software Vulnerability: DLL Hijacking AFFECTED PRODUCTS Schneider Electric reports that the vulnerability affects the following IGSS HMI desktop...
Marel Food Processing Systems (Update B)
CVSS v3 9.8 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Marel Equipment: Food Processing Systems Vulnerabilities: Hard-Coded Passwords, Unrestricted Upload, Improper Access Control UPDATE INFORMATION This updated advisory is a follow-up to the updated advisory titled...
Rockwell Automation ControlLogix 5580 and CompactLogix 5380
CVSS v3 6.8 ATTENTION: Remotely exploitable. Vendor: Rockwell Automation Equipment: ControlLogix 5580 and CompactLogix 5380 Vulnerability: Resource Exhaustion REPOSTED INFORMATION This advisory was originally posted to the NCCIC Portal on April 4, 2017, and is being released to the NCCIC/ICS-CERT...
Schneider Electric Wonderware InTouch Access Anywhere
CVSS v3 8.8 ATTENTION: Remotely Exploitable/low skill level to exploit Vendor: Schneider Electric Equipment: Wonderware InTouch Access Anywhere Vulnerabilities: Cross-Site Request Forgery, Information Exposure, Inadequate Encryption Strength AFFECTED PRODUCTS The following Wonderware InTouch Acce...
Schneider Electric Modicon PLCs
CVSS v3 7.5 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Schneider Electric Equipment: Modicon PLCs Vulnerability: Predictable Value Range from Previous Values, Use of Insufficiently Random Values, Insufficiently Protected Credentials AFFECTED PRODUCTS The following version...
Siemens RUGGEDCOM ROX I
CVSS v3 8.8 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Siemens Equipment: RUGGEDCOM ROX I Vulnerabilities: Improper Authorization, Cross-Site Scripting, and Cross-Site Request Forgery AFFECTED PRODUCTS Siemens reports that the vulnerability affects the following RUGGEDCOM...
3S-Smart Software Solutions GmbH CODESYS Web Server
CVSS v3 9.8 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: 3S-Smart Software Solutions GmbH Equipment: CODESYS Web Server Vulnerabilities: Arbitrary File Upload, Stack Buffer Overflow AFFECTED PRODUCTS The following versions of CODESYS Web Server, part of the CODESYS WebVisu...
CareFusion Pyxis SupplyStation System Vulnerabilities
OVERVIEW Independent researchers Billy Rios and Mike Ahmadi in collaboration with CareFusion have identified numerous third-party software vulnerabilities in end-of-life versions of CareFusion’s Pyxis SupplyStation system. The Pyxis SupplyStation was obtained through a third-party that resells...
ICSMA-17-082-01_BD Kiestra PerformA and KLA Journal Service Applications Hard-Coded Passwords Vulnerability
OVERVIEW Becton, Dickinson and Company BD has identified a hard-coded password vulnerability in BD’s Kiestra PerformA and KLA Journal Service applications that access the BD Kiestra Database. BD has produced compensating controls to reduce the risk of exploitation of the identified vulnerability ...
LCDS - Leão Consultoria e Desenvolvimento de Sistemas Ltda ME LAquis SCADA
CVSS v3 5.3 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: LCDS - Leão Consultoria e Desenvolvimento de Sistemas Ltda ME Equipment: LAquis SCADA Vulnerability: Path Traversal AFFECTED PRODUCTS The following versions of LAquis SCADA, an industrial automation software, are...
ICSMA-17-082-02_B. Braun Medical SpaceCom Open Redirect Vulnerability
OVERVIEW This advisory was originally posted to the NCCIC Portal on March 23, 2017, and is being released to the ICS-CERT web site. Marc Ruef and Rocco Gagliardi of scip AG have identified an open redirect vulnerability in B. Braun Medical’s SpaceCom module, which is integrated into the...
LCDS - Leão Consultoria e Desenvolvimento de Sistemas Ltda ME LAquis SCADA
CVSS v3 7.3 ATTENTION: Low skill level to exploit. Vendor: LCDS - Leão Consultoria e Desenvolvimento de Sistemas Ltda ME Equipment: LAquis SCADA Vulnerability: Improper Access Control AFFECTED PRODUCTS The following versions of LAquis SCADA, an industrial automation software, are affected: LAquis...
FATEK Automation PLC Ethernet Module
CVSS v3 7.3 ATTENTION: Remotely exploitable. Low skill level to exploit. Vendor: FATEK Automation Equipment: PLC Ethernet Module Vulnerability: Stack-based buffer overflow AFFECTED PRODUCTS The affected Ethercfg software configuration tool runs on the following Fatek PLCs: CBEH versions prior to...
Schneider Electric ClearSCADA
CVSS v3 7.5 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Schneider Electric Equipment: ClearSCADA Vulnerability: Improper Input Validation AFFECTED PRODUCTS The following versions of ClearSCADA, server and communications driver processes, are affected: All supported version...
ICSA-17-066-01_Schneider Electric Wonderware Intelligence
CVSS v3 9.8 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Schneider Electric Equipment: Wonderware Intelligence Vulnerability: Credentials Management AFFECTED PRODUCTS The following versions of Wonderware Intelligence, an operations management software, are affected: Tableau...
ICSA-17-061-01_Eaton xComfort Ethernet Communication Interface
CVSS v3 7.5 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Eaton Equipment: xComfort Ethernet Communication Interface Vulnerability: Improper Access Control AFFECTED PRODUCTS The following versions of xComfort Ethernet Communication Interface ECI, a building automation system...
Schneider Electric Conext ComBox
CVSS v3 7.5 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Schneider Electric Equipment: Conext ComBox Vulnerability: Resource Exhaustion AFFECTED PRODUCTS Schneider Electric reports that the vulnerability affects the following Conext ComBox solar battery monitor: Conext...
Siemens SINUMERIK Integrate and SINUMERIK Operate
CVSS v3 7.4 ATTENTION: Remotely exploitable. Vendor: Siemens Equipment: SINUMERIK Integrate, SINUMERIK Operate Vulnerability: Man-in-the-Middle AFFECTED PRODUCTS Siemens reports that the vulnerability affects the following SINUMERIK Integrate and Operate product suite versions: SINUMERIK Integrat...
Siemens RUGGEDCOM NMS
CVSS v3 8.8 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Siemens Equipment: RUGGEDCOM NMS Vulnerabilities: Cross-Site Request Forgery, Cross-Site Scripting. AFFECTED PRODUCTS Siemens reports that the vulnerability affects the following RUGGEDCOM monitoring products: RUGGEDC...
Schneider Electric Modicon M340 PLC (Update A)
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Remotely exploitable/low-skill level to exploit Vendor: Schneider Electric Equipment: Modicon M340 PLC Vulnerability: Resource Exhaustion 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-17-054-03 Schneider...
Red Lion Controls Sixnet-Managed Industrial Switches, AutomationDirect STRIDE-Managed Ethernet Switches Vulnerability
CVSS v3 10 ATTENTION: Remotely exploitable. Low skill level is needed to exploit. Vendor: Red Lion Controls, AutomationDirect Equipment: Sixnet-Managed Industrial Switches and STRIDE-Managed Ethernet Switches Vulnerability: Use of Hard-coded Cryptographic Keys AFFECTED PRODUCTS The following Red...
VIPA Controls WinPLC7
CVSS v3 7.5 ATTENTION: Remotely exploitable/low skill level to exploit Vendor: VIPA Controls Equipment: WinPLC7 Vulnerability: Stack Buffer Overflow AFFECTED PRODUCTS The following versions of WinPLC7, a PLC programming software, are affected: WinPLC Versions 5.0.45.5921 and prior. IMPACT...
Rockwell Automation Connected Components Workbench
CVSS v3 7.0 Vendor: Rockwell Automation Equipment: Connected Components Workbench Vulnerability: DLL Hijack REPOSTED INFORMATION This advisory was originally posted to the NCCIC Portal on February 16, 2017, and is being released to the ICS-CERT web site. AFFECTED PRODUCTS The following Connected...
Rockwell Automation FactoryTalk Activation
CVSS v3 8.8 REPOSTED INFORMATION This advisory was originally posted to the NCCIC Portal on February 16, 2017, and is being released to the ICS-CERT web site. AFFECTED PRODUCTS The following versions of FactoryTalk Activation, a component of FactoryTalk Services Platform, are affected: FactoryTal...
Siemens SIMATIC Authentication Bypass (Update A)
CVSS v3 9.0 ATTENTION: Remotely exploitable/low skill level to exploit Vendor: Siemens Equipment: SIMATIC Vulnerability: Authentication Bypass UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-17-045-03 Siemens SIMATIC Authentication Bypass that was...
Siemens SIMATIC Authentication Bypass (Update B)
CVSS v3 9.0 ATTENTION: Remotely exploitable/low skill level to exploit Vendor: Siemens Equipment: SIMATIC Vulnerability: Authentication Bypass UPDATE INFORMATION This updated advisory is a follow-up to the updated advisory titled ICSA-17-045-03A Siemens SIMATIC Authentication Bypass that was...
Siemens SIMATIC Authentication Bypass (Update C)
CVSS v3 9.0 ATTENTION: Remotely exploitable/low skill level to exploit Vendor: Siemens Equipment: SIMATIC Vulnerability: Improper Authentication UPDATE INFORMATION This updated advisory is a follow-up to the updated advisory titled ICSA-17-045-03B Siemens SIMATIC Authentication Bypass that was...
Advantech WebAccess
CVSS v3 7.1 ATTENTION: Low skill level to exploit Vendor: Advantech Equipment: WebAccess Vulnerability: DLL Hijacking AFFECTED PRODUCTS The following WebAccess, an HMI, versions are affected: Advantech WebAccess Versions 8.1 and prior. IMPACT Successful exploitation of this vulnerability could...
Geutebrück IP Cameras
CVSS v3 9.8 ATTENTION: Remotely exploitable/low skill level to exploit Vendor: Geutebrück Equipment: IP Cameras Vulnerabilities: Authentication Bypass and Improper Neutralization of Special Elements AFFECTED PRODUCTS The following Geutebrück G-Cam IP camera version is affected: G-Cam/EFD-2250...
ICSA-17-045-03 Siemens SIMATIC Authentication Bypass (Update D)
1. EXECUTIVE SUMMARY CVSS v3 9.0 ATTENTION: Remotely exploitable/low skill level to exploit Vendor: Siemens Equipment: SIMATIC Vulnerability: Improper Authentication 2. UPDATE INFORMATION This updated advisory is a follow-up to the updated advisory titled ICSA-17-045-03C Siemens SIMATIC...
Hanwha Techwin Smart Security Manager
CVSS v3 7.5 ATTENTION: Remotely exploitable Vendor: Hanwha Techwin Equipment: Smart Security Manager Vulnerabilities: Remote Code Execution AFFECTED PRODUCTS The following Smart Security Manager, a software management platform, versions are affected: Smart Security Manager Versions 1.5 and prior...
BD Alaris 8015 Insufficiently Protected Credentials Vulnerabilities (Update A)
OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSMA-17-017-02 BD Alaris 8015 Insufficiently Protected Credentials Vulnerabilities that was published February 7, 2017, on the NCCIC/ICS-CERT web site. --------- Begin Update A Part 1 of 4 -------- Researchers at...
ICSA-17-038-01_Sielco Sistemi Winlog SCADA Software
CVSS v3 7.2 Vendor: Sielco Sistemi Equipment: Winlog SCADA Software Vulnerability: Uncontrolled Search Path Element AFFECTED PRODUCTS The following Sielco Sistemi products are affected: Winlog Lite SCADA Software, versions prior to Version 3.02.01, and Winlog Pro SCADA Software, versions prior to...
Honeywell XL Web II Controller Vulnerabilities
OVERVIEW Independent researcher Maxim Rupp has identified vulnerabilities in Honeywell’s XL Web II controller application. Honeywell has produced a new version to mitigate these vulnerabilities. These vulnerabilities could be exploited remotely. AFFECTED PRODUCTS The following XL Web II controlle...
Moxa ioLogik E1200 Series Vulnerabilities (Update A)
OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-16-287-05 Moxa ioLogik E1200 Series Vulnerabilities that was published October 13, 2016, on the NCCIC/ICS-CERT web site. --------- Begin Update A Part 1 of 4 -------- Alexandru Ariciu of Applied Risk has identified...
BINOM3 Electric Power Quality Meter
CVSS v3 10 ATTENTION: Remotely exploitable/low skill level to exploit Vendor: BINOM3 Equipment: Electric Power Quality Meter Vulnerabilities: Cross-site scripting, access control issues, cross-site request forgery CSRF, sensitive information stored in clear-text, and weak credentials management...
Ecava IntegraXor
CVSS v3 7.3 ATTENTION: Remotely Exploitable/low skill level to exploit Vendor: Ecava Equipment: IntegraXor Vulnerability: SQL Injection AFFECTED PRODUCTS The following IntegraXor version is affected: IntegraXor Version 5.0.413.0 IMPACT A successful exploit of this vulnerability could lead to...