Februar 2025
06.02.2025
US CERT (ICS)
ABB Drive Composer
Titel
ABB Drive Composer
Veröffentlicht
6. Februar 2025 13:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-037-03
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: ABB Equipment: Drive Composer Vulnerability: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') 2. RISK EVALUATION Successful exploitation of this vulnerability could allow attackers unauthorized access to the file system on the host ...
06.02.2025
US CERT (ICS)
Trimble Cityworks
Titel
Trimble Cityworks
Veröffentlicht
6. Februar 2025 13:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-037-04
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.6 ATTENTION: Exploitable remotely/low attack complexity/known public exploitation Vendor: Trimble Equipment: Cityworks Vulnerability: Deserialization of Untrusted Data 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an authenticated user to perform a remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The ...
06.02.2025
US CERT (ICS)
Trimble Cityworks (Update A)
Titel
Trimble Cityworks (Update A)
Veröffentlicht
6. Februar 2025 13:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-037-04
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.6 ATTENTION: Exploitable remotely/low attack complexity/known public exploitation Vendor: Trimble Equipment: Cityworks Vulnerability: Deserialization of Untrusted Data 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an authenticated user to perform a remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The ...
06.02.2025
US CERT (ICS)
Schneider Electric EcoStruxure Power Monitoring Expert (PME)
Titel
Schneider Electric EcoStruxure Power Monitoring Expert (PME)
Veröffentlicht
6. Februar 2025 13:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-037-01
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.1 ATTENTION: Exploitable remotely Vendor: Schneider Electric Equipment: EcoStruxure Power Monitoring Expert (PME) Vulnerability: Deserialization of Untrusted Data 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to remotely execute code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Schneider Electric reports ...
04.02.2025
US CERT (ICS)
Elber Communications Equipment
Titel
Elber Communications Equipment
Veröffentlicht
4. Februar 2025 13:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-035-03
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: Elber Equipment: Communications Equipment Vulnerabilities: Authentication Bypass Using an Alternate Path or Channel, Hidden Functionality 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker unauthorized administrative access to the affected ...
04.02.2025
US CERT (ICS)
Schneider Electric Modicon M340 and BMXNOE0100/0110, BMXNOR0200H
Titel
Schneider Electric Modicon M340 and BMXNOE0100/0110, BMXNOR0200H
Veröffentlicht
4. Februar 2025 13:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-035-06
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: Modicon M340 and BMXNOE0100/0110, BMXNOR0200H Vulnerability: Exposure of Sensitive Information to an Unauthorized Actor 2. RISK EVALUATION Successful exploitation of this vulnerability could cause information disclosure of a restricted web page, modification of ...
04.02.2025
US CERT (ICS)
Schneider Electric Web Designer for Modicon
Titel
Schneider Electric Web Designer for Modicon
Veröffentlicht
4. Februar 2025 13:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-035-05
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Schneider Electric Equipment: Web Designer for Modicon Vulnerability: Improper Restriction of XML External Entity Reference 2. RISK EVALUATION Successful exploitation of this vulnerability could result in information disclosure, workstation integrity and potential remote code execution on the ...
04.02.2025
US CERT (ICS)
Rockwell Automation 1756-L8zS3 and 1756-L3zS3
Titel
Rockwell Automation 1756-L8zS3 and 1756-L3zS3
Veröffentlicht
4. Februar 2025 13:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-035-02
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: 1756-L8zS3, 1756-L3zS3 Vulnerability: Improper Handling of Exceptional Conditions 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote, non-privileged user to send malicious requests resulting in a major nonrecoverable fault causing ...
04.02.2025
US CERT (ICS)
Schneider Electric Pro-face GP-Pro EX and Remote HMI
Titel
Schneider Electric Pro-face GP-Pro EX and Remote HMI
Veröffentlicht
4. Februar 2025 13:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-035-07
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.1 ATTENTION: Exploitable remotely Vendor: Schneider Electric Equipment: Pro-face GP-Pro EX and Remote HMI Vulnerability: Improper Enforcement of Message Integrity During Transmission in a Communication Channel 2. RISK EVALUATION Successful exploitation of this vulnerability could allow man-in-the-middle attacks, resulting in information disclosure, integrity ...
04.02.2025
US CERT (ICS)
Rockwell Automation GuardLogix 5380 and 5580 (Update A)
Titel
Rockwell Automation GuardLogix 5380 and 5580 (Update A)
Veröffentlicht
4. Februar 2025 13:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-035-02
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: GuardLogix 5380 and 5580 Vulnerability: Improper Handling of Exceptional Conditions 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote, non-privileged user to send malicious requests resulting in a major nonrecoverable ...
04.02.2025
US CERT (ICS)
Schneider Electric Modicon M580 PLCs, BMENOR2200H and EVLink Pro AC
Titel
Schneider Electric Modicon M580 PLCs, BMENOR2200H and EVLink Pro AC
Veröffentlicht
4. Februar 2025 13:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-035-04
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: Modicon M580 PLCs, BMENOR2200H and EVLink Pro AC Vulnerability: Incorrect Calculation of Buffer Size 2. RISK EVALUATION Successful exploitation of this vulnerability could cause a denial-of-service of the product when an unauthenticated user ...
04.02.2025
US CERT (ICS)
Western Telematic Inc NPS Series, DSM Series, CPM Series
Titel
Western Telematic Inc NPS Series, DSM Series, CPM Series
Veröffentlicht
4. Februar 2025 13:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-035-01
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Western Telematic Inc Equipment: NPS Series, DSM Series, CPM Series Vulnerability: External Control of File Name or Path 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an authenticated attacker to gain privileged access to ...
04.02.2025
US CERT (ICS)
AutomationDirect C-more EA9 HMI
Titel
AutomationDirect C-more EA9 HMI
Veröffentlicht
4. Februar 2025 13:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-035-08
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: AutomationDirect Equipment: C-more EA9 HMI Vulnerability: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service condition or achieve remote ...
Januar 2025
30.01.2025
US CERT (ICS)
Rockwell Automation KEPServer
Titel
Rockwell Automation KEPServer
Veröffentlicht
30. Januar 2025 13:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-030-04
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: KEPServer Vulnerability: Uncontrolled Resource Consumption 2. RISK EVALUATION Successful exploitation of this vulnerability could cause the device to crash. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Rockwell Automation's KEPServer are ...
30.01.2025
US CERT (ICS)
Schneider Electric System Monitor Application in Harmony and Pro-face PS5000 Legacy Industrial PCs
Titel
Schneider Electric System Monitor Application in Harmony and Pro-face PS5000 Legacy Industrial PCs
Veröffentlicht
30. Januar 2025 13:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-030-03
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: Harmony Industrial PC, Pro-face Industrial PC Vulnerability: Exposure of Sensitive Information to an Unauthorized Actor 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to access sensitive information. 3. TECHNICAL ...
30.01.2025
US CERT (ICS)
Rockwell Automation FactoryTalk AssetCentre
Titel
Rockwell Automation FactoryTalk AssetCentre
Veröffentlicht
30. Januar 2025 13:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-030-05
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: FactoryTalk AssetCentre Vulnerabilities: Inadequate Encryption Strength, Insufficiently Protected Credentials 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to extract passwords, access, credentials, or impersonate other users. 3. TECHNICAL DETAILS ...
30.01.2025
US CERT (ICS)
New Rock Technologies Cloud Connected Devices
Titel
New Rock Technologies Cloud Connected Devices
Veröffentlicht
30. Januar 2025 13:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-030-02
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: New Rock Technologies Equipment: Cloud Connected Devices Vulnerabilities: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'), Improper Neutralization of Wildcards or Matching Symbols 2. RISK EVALUATION Successful exploitation of these vulnerabilities ...
28.01.2025
US CERT (ICS)
Schneider Electric RemoteConnect and SCADAPack x70 Utilities
Titel
Schneider Electric RemoteConnect and SCADAPack x70 Utilities
Veröffentlicht
28. Januar 2025 13:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-028-06
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Low Attack Complexity Vendor: Schneider Electric Equipment: Electric RemoteConnect and SCADAPack x70 Utilities Vulnerability: Deserialization of Untrusted Data 2. RISK EVALUATION Successful exploitation of this vulnerability could lead to loss of confidentiality, integrity, and potential remote code execution on workstation when ...
28.01.2025
US CERT (ICS)
B&R Automation Runtime
Titel
B&R Automation Runtime
Veröffentlicht
28. Januar 2025 13:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-028-01
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: B&R Equipment: Automation Runtime Vulnerability: Use of a Broken or Risky Cryptographic Algorithm 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to masquerade as legitimate services on impacted devices. 3. TECHNICAL DETAILS ...
28.01.2025
US CERT (ICS)
Schneider Electric Power Logic
Titel
Schneider Electric Power Logic
Veröffentlicht
28. Januar 2025 13:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-028-02
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: Power Logic Vulnerabilities: Authorization Bypass Through User-Controlled Key, Improper Restriction of Operations within the Bounds of a Memory Buffer 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to modify ...
23.01.2025
US CERT (ICS)
Schneider Electric EcoStruxure Power Build Rapsody
Titel
Schneider Electric EcoStruxure Power Build Rapsody
Veröffentlicht
23. Januar 2025 13:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-023-05
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 4.6 ATTENTION: Low attack complexity Vendor: Schneider Electric Equipment: EcoStruxure Power Build Rapsody Vulnerability: Improper Restriction of Operations within the Bounds of a Memory Buffer 2. RISK EVALUATION Successful exploitation of this vulnerability could allow local attackers to potentially execute arbitrary code when ...
23.01.2025
US CERT (ICS)
HMS Networks Ewon Flexy 202
Titel
HMS Networks Ewon Flexy 202
Veröffentlicht
23. Januar 2025 13:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-023-06
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.9 ATTENTION: Low attack complexity Vendor: HMS Networks Equipment: Ewon Flexy 202 Vulnerability: Cleartext Transmission of Sensitive Information 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to disclose sensitive user credentials. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following ...
23.01.2025
US CERT (ICS)
Hitachi Energy RTU500 Series Product
Titel
Hitachi Energy RTU500 Series Product
Veröffentlicht
23. Januar 2025 13:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-023-02
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.2 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: RTU500 series products Vulnerability: Improperly Implemented Security Check for Standard 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to to update the RTU500 with unsigned firmware. 3. TECHNICAL DETAILS ...
23.01.2025
US CERT (ICS)
Schneider Electric EVlink Home Smart and Schneider Charge
Titel
Schneider Electric EVlink Home Smart and Schneider Charge
Veröffentlicht
23. Januar 2025 13:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-023-03
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.5 ATTENTION: Low attack complexity Vendor: Schneider Electric Equipment: EVlink Home Smart and Schneider Charge Vulnerability: Cleartext Storage of Sensitive Information 2. RISK EVALUATION Successful exploitation of this vulnerability may expose test credentials in the firmware binary. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ...
21.01.2025
US CERT (ICS)
ZF Roll Stability Support Plus (RSSPlus)
Titel
ZF Roll Stability Support Plus (RSSPlus)
Veröffentlicht
21. Januar 2025 13:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-021-03
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.9 ATTENTION: Exploitable from an adjacent network/low attack complexity Vendor: ZF Equipment: RSSPlus Vulnerability: Authentication Bypass By Primary Weakness 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated attacker to remotely (proximal/adjacent with RF equipment) call diagnostic functions which could ...

Letzte Updates

BOSCH PSIRT
15.01.2025
SIEMENS CERT
14.04.2025
US CERT
01.04.2025
US CERT (ICS)
15.04.2025

Nach Quelle

Archiv

2025
2024
2023
2022
2021
2020
2019
2018
2017

Feeds