4207 matches found
Rockwell Automation 1715 EtherNet/IP Comms Module
RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to cause the web server to crash, requiring a restart to recover. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such...
Siemens SINEC NMS
SUMMARY SINEC NMS is affected by SQL injection vulnerability that could allow an authenticated low privileged attacker to exploit by inserting malicious data and achieve privilege escalation. Siemens has released a new version for SINEC NMS and recommends to update to the latest version. 2...
Siemens Solid Edge
SUMMARY Solid Edge is affected by multiple file parsing vulnerabilities that could be triggered when the application reads specially crafted PRT files format. This could allow an attacker to crash the application or execute arbitrary code. Siemens has released new versions for the affected...
Siemens HyperLynx and Industrial Edge App Publisher
SUMMARY Multiple Siemens products are affected by a type confusion vulnerability in Google Chrome prior to 138.0.7204.96. This could allow a remote attacker to perform arbitrary code execution via a crafted HTML page. Siemens has released a new version for Industrial Edge App Publisher and...
Siemens SIMATIC ET 200SP Communication Processors
SUMMARY SIMATIC ET 200SP communication processors CP 1542SP-1, CP 1542SP-1 IRC and CP 1543SP-1, incl. SIPLUS variants contain an authentication vulnerability that could allow an unauthenticated remote attacker to access the configuration data. Siemens has released new versions for the affected...
Siemens SiPass Integrated
SUMMARY SiPass integrated before V3.0 contains multiple vulnerabilities that could allow an unauthenticated remote attacker to exploit user accounts, manipulate data, impersonate users, or achieve arbitrary code execution on the SiPass integrated server. Siemens has released a new version for...
Siemens TeleControl Server Basic
SUMMARY TeleControl Server Basic V3.1 contains an information disclosure vulnerability that could allow an unauthenticated remote attacker to obtain password hashes of users and to login to and perform authenticated operations of the database service. Siemens has released a new version for...
Newforma Project Center multiple vulnerabilities
RISK EVALUATION Newforma Project Center contains multiple vulnerabilities. In the worst case, successful exploitation could allow unauthenticated, remote code execution. 2. RECOMMENDED PRACTICES Follow updated hardening guides and upgrade to most recent version of Newforma Project Center. 3...
Rockwell Automation Stratix
RISK EVALUATION Successful exploitation of this vulnerability could result in arbitrary code execution. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network exposure for all control system...
Rockwell Automation Lifecycle Services with Cisco
RISK EVALUATION Successful exploitation of this vulnerability could result in arbitrary code execution. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network exposure for all control system...
ABB LVS MConfig
SUMMARY ABB became aware of an internally discovered vulnerability in the MConfig product versions listed as affected in the advisory. An attacker with access to local networks who successfully exploits vulnerability could have access to application’s sensitive information. ABB strongly advises...
OPEXUS FOIAXpress stored XSS
RISK EVALUATION OPEXUS FOIAXpress before 11.13.3.0 contains multiple stored cross-site-scripting vulnerabilities. These vulnerabilities allow an authenticated administrative user to inject JavaScript or other content into various components of FOIAXpress. Successful exploitation allows the...
Delta Electronics DIAScreen
RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to write data outside of the allocated memory buffer. 2. RECOMMENDED PRACTICES CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. CISA...
ABB EIBPORT
SUMMARY ABB is aware of vulnerabilities in the product versions listed as affected in the advisory. A firmware update is available that resolves these privately reported vulnerabilities in the product versions listed as affected in the advisory. An attacker who successfully exploited these...
ABB B&R Automation Runtime
SUMMARY An update is available that resolves a vulnerability identified by B&Rs internal security analysis in the product versions listed as affected in this advisory. An attacker who successfully exploited these vulnerabilities could take over a remote session or execute code in the context of...
ABB B&R Automation Runtime DoS Vulnerability in System Diagnostics Manager (SDM)
SUMMARY An update is available that resolves a vulnerability identified by B&Rs internal security analysis in the product versions listed as affected in this advisory. An attacker who successfully exploited this vulnerability could cause the product to stop. 2. MITIGATING FACTORS Deactivate the...
Raise3D Pro2 Series 3D Printers**
RISK EVALUATION Successful exploitation of this vulnerability could result in data exfiltration and compromise of the target device. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network...
Hitachi Energy MACH GWS
SUMMARY Hitachi Energy is aware of these vulnerabilities that affect the MACH GWS product versions listed in this document. An attacker successfully exploiting these vulnerabilities can cause confidentiality, integrity and availability impacts. Please refer to the Recommended Immediate Actions...
Hitachi Energy MSM
SUMMARY Hitachi Energy is aware of open-source software vulnerabilities that affect MSM product versions listed below. If exploited, these vulnerabilities could result in XSS and DoS attacks, potentially causing confidentiality, integrity and availability impact to MSM. Please refer to the...
Hitachi Energy Asset Suite (Update A)
RISK EVALUATION Successful exploitation of this vulnerability could result in the manipulation of content or the injection of data with the potential of carrying out further malicious attacks. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of...
OpenPLC_V3
RISK EVALUATION Successful exploitation of this vulnerability could cause a denial of service, making the PLC runtime process crash. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network...
National Instruments Circuit Design Suite
RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to cause memory corruption, potentially leading to information disclosure and execution of arbitrary code. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of...
Festo Controller CECC-S,-LK,-D Family Firmware (Update A)
RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to crash services, escalate privileges, bypass authentication, or gain unauthorized access to sensitive systems and data. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize...
MegaSys Enterprises Telenium Online Web Application
RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated attacker to inject arbitrary operating system commands through a crafted HTTP request, leading to remote code execution on the server in the security context of the web application service account. 2...
LG Innotek Camera Multiple Models
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to gain administrative access to the device. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network exposure...
Microsoft Windows inconsistent driver blocking
RISK EVALUATION Microsoft Windows Defender Application Control WDAC and the Microsoft vulnerable driver blocklist do not adequately block known-vulnerable drivers. These unexpected behaviors can confuse users about whether or not driver blocking is working and which drivers are being blocked. 2...
Medical Informatics Engineering Enterprise Health multiple vulnerabilities
RISK EVALUATION Medical Informatics Engineering Enterprise Health is an OEHR Occupational Electronic Health Record platform. Enterprise Health contains multiple vulnerabilities that could allow an attacker to inject executable content, obtain session tokens, and upload arbitrary files. 2...
Dingtian DT-R002
RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to retrieve credentials without authentication. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as: Minimize network...
Mitsubishi Electric MELSEC-Q Series CPU Module
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a denial of service DoS. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network exposure for all...
AutomationDirect CLICK PLUS
RISK EVALUATION Successful exploitation of these vulnerabilities disclose sensitive information, modify device settings, escalate privileges, or cause a denial-of-service condition on the affected device. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk...
Viessmann Vitogate 300
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to modify an intended OS command when it is sent to a downstream component, or allow an attacker to cause unexpected interactions between the client and server. 2. RECOMMENDED PRACTICES CISA recommends users...
Airship AI MFA bypass and default credentials vulnerabilities
RISK EVALUATION Airship AI Acropolis is used for video and data management. In versions before 11.1.9, 11.0.21, and 10.2.35, a remote unauthenticated attacker with valid credentials can brute force the MFA code and authenticate without an additional authentication method. Improperly configured...
Westermo Network Technologies WeOS 5
RISK EVALUATION Successful exploitation of this vulnerability could cause the device to reboot. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network exposure for all control system devices...
Cognex In-Sight Explorer and In-Sight Camera Firmware
RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to disclose sensitive information, steal credentials, modify files, or cause a denial-of-service condition. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of...
Schneider Electric Saitel DR & Saitel DP Remote Terminal Unit
RISK EVALUATION Successful exploitation of these vulnerabilities could enable an attacker to execute arbitrary shell commands on the affected devices. 2. RECOMMENDED PRACTICES CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures...
Westermo Network Technologies WeOS 5
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker with administrative permissions to execute commands that would typically be inaccessible. This could allow the execution of commands with privileges beyond those normally granted to the attacker. 2. RECOMMENDED...
Dover Fueling Solutions ProGauge MagLink LX4 Devices
RISK EVALUATION Successful exploitation of these vulnerabilities could result in a remote attacker causing a denial-of-service condition or gaining administrative access to the device. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of...
Siemens SIMATIC NET CP, SINEMA and SCALANCE
RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to cause a denial-of-service DoS condition in the affected devices by exploiting integer overflow bugs. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of...
Hitachi Energy RTU500 series
RISK EVALUATION Successful exploitation of these vulnerabilities could cause a Denial-of-Service condition in RTU500 devices. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as: Minimize network exposure...
Delta Electronics DIALink
RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to bypass authentication. 2. RECOMMENDED PRACTICES CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. CISA also provides a section for...
ABB Terra AC Wallbox
SUMMARY ABB is aware of vulnerabilities in the product versions listed as affected in the advisory. An attacker who successfully exploited this vulnerability could cause the pollution of heap memory which potentially takes remote control of the product and performs a write operation to the flash...
CISA Thorium multiple vulnerabilities
RISK EVALUATION CISA Thorium is a framework used for malware analysis. Multiple vulnerabilities were reported in Thorium. Impacts include denial of service, authenticated arbitrary file read, and failure to expire previously issued user tokens. 2. RECOMMENDED PRACTICES These issues were...
psPAS does not enforce TLS 1.2 within Get-PASSAMLResponse
RISK EVALUATION psPAS is a PowerShell module for the CyberArk API. psPAS does not explicitly enforce TLS 1.2 when using the 'Get-PASSAMLResponse' function. An unauthenticated attacker in a 'Man-in-the-Middle' position could manipulate the TLS handshake and downgrade TLS to a deprecated protocol...
Daikin Europe N.V Security Gateway
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to gain unauthorized access to the system. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network exposure...
OPEXUS FOIAXpress Public Access Link (PAL) SQL injection
RISK EVALUATION Successful exploitation could allow a remote, unauthenticated attacker to read, write, or delete any content in the underlying database. 2. RECOMMENDED PRACTICES Upgrade to FOIAXpress PAL version 11.13.1.0. 3. DESCRIPTION OPEXUS FOIAXpress Public Access Link PAL before version...
Rockwell Automation Analytics LogixAI
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to access sensitive information. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network exposure for all...
Rockwell Automation Stratix IOS
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to run malicious configurations without authentication. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize...
Rockwell Automation FactoryTalk Activation Manager
RISK EVALUATION Successful exploitation of this vulnerability could result in in data exposure, session hijacking, or full communication compromise. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:...
Rockwell Automation ControlLogix 5580
RISK EVALUATION Successful exploitation of this vulnerability could result in a major nonrecoverable fault on the controller. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network exposure for...
Rockwell Automation CompactLogix® 5480
RISK EVALUATION Successful exploitation of this vulnerability could result in arbitrary code execution. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network exposure for all control system...