CISA (ICS)
09/30/2025
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION : Exploitable remotely/low attack complexity Vendor : Festo Equipment : Controller CECC-S,-LK,-D Family Firmware Vulnerabilities : Exposure of Resource to Wrong Sphere, Untrusted Pointer Dereference, NULL Pointer Dereference, Files or Directories Accessible to External Parties, Out-of-bounds Write, Improper Privilege Management, Incorrect Permission Assignment …
CISA (ICS)
09/30/2025
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION : Exploitable remotely/low attack complexity Vendor : Festo Equipment : CPX-CEC-C1 and CPX-CMXX Vulnerability : Improper Privilege Management 2. RISK EVALUATION Successful exploitation of this vulnerability could allow unauthenticated, remote access to critical webpage functions which may cause a denial of service. 3. …
CISA (ICS)
09/30/2025
1. EXECUTIVE SUMMARY CVSS v3 8.2 ATTENTION : Exploitable remotely/low attack complexity Vendor : Festo Equipment : SBRD-Q/SBOC-Q/SBOI-Q Vulnerabilities : Incorrect Conversion between Numeric Types, Out-of-bounds Read, Reachable Assertion 2. RISK EVALUATION Successful exploitation of these vulnerabilities may allow the attacker to read arbitrary data or cause a denial-of-service condition. …
CISA (ICS)
09/30/2025
1. EXECUTIVE SUMMARY CVSS v4 6.1 ATTENTION : Low attack complexity Vendor : OpenPLC_V3 Equipment : OpenPLC_V3 Vulnerability : Reliance on Undefined, Unspecified, or Implementation-Defined Behavior 2. RISK EVALUATION Successful exploitation of this vulnerability could cause a denial of service, making the PLC runtime process crash. 3. TECHNICAL DETAILS 3.1 …
CISA (ICS)
09/30/2025
1. EXECUTIVE SUMMARY CVSS v4 8.8 ATTENTION : Exploitable remotely/Low attack complexity Vendor : LG Innotek Equipment : Camera Models LND7210 and LNV7210R Vulnerability : Authentication Bypass Using an Alternate Path or Channel 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to gain administrative access to …
CISA (ICS)
09/25/2025
1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION : Exploitable remotely/low attack complexity Vendor : Dingtian Equipment : DT-R002 Vulnerabilities : Insufficiently Protected Credentials 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to retrieve credentials without authentication. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of …
CISA (ICS)
09/23/2025
1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION : Low attack complexity Vendor : Viessmann Equipment : Vitogate 300 Vulnerabilities : Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'), Client-Side Enforcement of Server-Side Security 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker …
CISA (ICS)
09/23/2025
1. EXECUTIVE SUMMARY CVSS v3.1 6.8 ATTENTION : Exploitable remotely Vendor : Mitsubishi Electric Equipment : MELSEC-Q Series CPU module Vulnerability : Improper Handling of Length Parameter Inconsistency 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a denial of service (DoS). 3. TECHNICAL DETAILS …