• 1 (current)
  • 2
  • 3
Donnerstag, 30.01.2025
Titel
Rockwell Automation KEPServer
Veröffentlicht
30. Januar 2025 13:00
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: KEPServer Vulnerability: Uncontrolled Resource Consumption 2. RISK EVALUATION Successful exploitation of this vulnerability could cause the device to crash. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Rockwell Automation's KEPServer are ...
Titel
Rockwell Automation FactoryTalk AssetCentre
Veröffentlicht
30. Januar 2025 13:00
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: FactoryTalk AssetCentre Vulnerabilities: Inadequate Encryption Strength, Insufficiently Protected Credentials 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to extract passwords, access, credentials, or impersonate other users. 3. TECHNICAL DETAILS ...
Titel
New Rock Technologies Cloud Connected Devices
Veröffentlicht
30. Januar 2025 13:00
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: New Rock Technologies Equipment: Cloud Connected Devices Vulnerabilities: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'), Improper Neutralization of Wildcards or Matching Symbols 2. RISK EVALUATION Successful exploitation of these vulnerabilities ...
Titel
Schneider Electric System Monitor Application in Harmony and Pro-face PS5000 Legacy Industrial PCs
Veröffentlicht
30. Januar 2025 13:00
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: Harmony Industrial PC, Pro-face Industrial PC Vulnerability: Exposure of Sensitive Information to an Unauthorized Actor 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to access sensitive information. 3. TECHNICAL ...
Dienstag, 28.01.2025
Titel
B&R Automation Runtime
Veröffentlicht
28. Januar 2025 13:00
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: B&R Equipment: Automation Runtime Vulnerability: Use of a Broken or Risky Cryptographic Algorithm 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to masquerade as legitimate services on impacted devices. 3. TECHNICAL DETAILS ...
Titel
Schneider Electric Power Logic
Veröffentlicht
28. Januar 2025 13:00
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: Power Logic Vulnerabilities: Authorization Bypass Through User-Controlled Key, Improper Restriction of Operations within the Bounds of a Memory Buffer 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to modify ...
Titel
Schneider Electric RemoteConnect and SCADAPack x70 Utilities
Veröffentlicht
28. Januar 2025 13:00
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Low Attack Complexity Vendor: Schneider Electric Equipment: Electric RemoteConnect and SCADAPack x70 Utilities Vulnerability: Deserialization of Untrusted Data 2. RISK EVALUATION Successful exploitation of this vulnerability could lead to loss of confidentiality, integrity, and potential remote code execution on workstation when ...
Donnerstag, 23.01.2025
Titel
Hitachi Energy RTU500 Series Product
Veröffentlicht
23. Januar 2025 13:00
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.2 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: RTU500 series products Vulnerability: Improperly Implemented Security Check for Standard 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to to update the RTU500 with unsigned firmware. 3. TECHNICAL DETAILS ...
Titel
HMS Networks Ewon Flexy 202
Veröffentlicht
23. Januar 2025 13:00
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.9 ATTENTION: Low attack complexity Vendor: HMS Networks Equipment: Ewon Flexy 202 Vulnerability: Cleartext Transmission of Sensitive Information 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to disclose sensitive user credentials. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following ...
Titel
Schneider Electric EVlink Home Smart and Schneider Charge
Veröffentlicht
23. Januar 2025 13:00
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.5 ATTENTION: Low attack complexity Vendor: Schneider Electric Equipment: EVlink Home Smart and Schneider Charge Vulnerability: Cleartext Storage of Sensitive Information 2. RISK EVALUATION Successful exploitation of this vulnerability may expose test credentials in the firmware binary. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ...
Titel
Schneider Electric EcoStruxure Power Build Rapsody
Veröffentlicht
23. Januar 2025 13:00
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 4.6 ATTENTION: Low attack complexity Vendor: Schneider Electric Equipment: EcoStruxure Power Build Rapsody Vulnerability: Improper Restriction of Operations within the Bounds of a Memory Buffer 2. RISK EVALUATION Successful exploitation of this vulnerability could allow local attackers to potentially execute arbitrary code when ...
Dienstag, 21.01.2025
Titel
ZF Roll Stability Support Plus (RSSPlus)
Veröffentlicht
21. Januar 2025 13:00
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.9 ATTENTION: Exploitable from an adjacent network/low attack complexity Vendor: ZF Equipment: RSSPlus Vulnerability: Authentication Bypass By Primary Weakness 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated attacker to remotely (proximal/adjacent with RF equipment) call diagnostic functions which could ...
Titel
Siemens SIMATIC S7-1200 CPUs
Veröffentlicht
21. Januar 2025 13:00
Text
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY ...
Titel
Traffic Alert and Collision Avoidance System (TCAS) II
Veröffentlicht
21. Januar 2025 13:00
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.1 ATTENTION: Exploitable from adjacent network Standard: Traffic Alert and Collision Avoidance System (TCAS) II Equipment: Collision Avoidance Systems Vulnerabilities: Reliance on Untrusted Inputs in a Security Decision, External Control of System or Configuration Setting 2. RISK EVALUATION Successful exploitation of these vulnerabilities ...
Donnerstag, 16.01.2025
Titel
Fuji Electric Alpha5 SMART
Veröffentlicht
16. Januar 2025 13:00
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Low attack complexity Vendor: Fuji Electric Equipment: Alpha5 SMART Vulnerability: Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Fuji Electric ...
Titel
Hitachi Energy FOX61x Products
Veröffentlicht
16. Januar 2025 13:00
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 4.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: FOX61x Products Vulnerability: Relative Path Traversal 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to traverse the file system to access files or directories that would otherwise be inaccessible. ...
Titel
Siemens SIPROTEC 5 Products
Veröffentlicht
16. Januar 2025 13:00
Text
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY ...
Titel
Siemens Mendix LDAP
Veröffentlicht
16. Januar 2025 13:00
Text
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY ...
Titel
Hitachi Energy FOX61x, FOXCST, and FOXMAN-UN Products
Veröffentlicht
16. Januar 2025 13:00
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 4.9 ATTENTION: Low attack complexity Vendor: Hitachi Energy Equipment: FOX61x, FOXCST, FOXMAN-UN Vulnerability: Improper Validation of Certificate with Host Mismatch 2. RISK EVALUATION Successful exploitation of this vulnerability could allow attackers to intercept or falsify data exchanges between the client and the server. ...
Mittwoch, 15.01.2025
Titel
Threat Actors Chained Vulnerabilities in Ivanti Cloud Service Applications
Veröffentlicht
15. Januar 2025 18:26
Text
Note: The CVEs in this advisory are unrelated to vulnerabilities (CVE-2025-0282 and CVE-2025-0283) in Ivanti’s Connect Secure, Policy Secure and ZTA Gateways. For more information on mitigating CVE -2025-0282 and CVE-2025-0283, see Ivanti Releases Security Updates for Connect Secure, Policy Secure, and ZTA Gateways. Summary The Cybersecurity and Infrastructure Security ...
Titel
SSA-404759 V1.1 (Last Update: 2025-01-15): Information Disclosure Vulnerability in Siveillance Video Camera Drivers
Veröffentlicht
15. Januar 2025 01:00
Text
Several camera device drivers in the Siveillance Video Device Pack store camera credentials in their log file when authentication fails. This could allow a local attacker to read camera credentials stored in the Recording Server under specific conditions. Siemens has released an update of the Device Pack and recommends to ...
Titel
Unquoted Service Path Enumeration on SMCWatchDog Agent
Veröffentlicht
15. Januar 2025 01:00
Text

BOSCH-SA-904062-BT: An unquoted service path enumeration vulnerability on SMCWatchDog agent has been found affecting the DIVAR IP all-in-one 7000 (DIP-72xx) devices. This vulnerability can allow a local attacker to gain elevated privileges.

Dienstag, 14.01.2025
Titel
Belledonne Communications Linphone-Desktop
Veröffentlicht
14. Januar 2025 13:00
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Belledonne Communications Equipment: Linphone-Desktop Vulnerability: NULL Pointer Dereference 2. RISK EVALUATION Successful exploitation of this vulnerability could could result in a remote attacker causing a denial-of-service condition on the affected devices. 3. TECHNICAL DETAILS 3.1 AFFECTED ...
Titel
Schneider Electric Vijeo Designer
Veröffentlicht
14. Januar 2025 13:00
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low Attack Complexity Vendor: Schneider Electric Equipment: Vijeo Designer Vulnerability: Improper Privilege Management 2. RISK EVALUATION Successful exploitation of these vulnerabilities could cause a non-admin authenticated user to perform privilege escalation by tampering with the binaries. 3. TECHNICAL DETAILS 3.1 AFFECTED ...
Titel
SSA-593272 V2.3 (Last Update: 2025-01-14): SegmentSmack in Interniche IP-Stack based Industrial Devices
Veröffentlicht
14. Januar 2025 01:00
Text
A vulnerability exists in affected products that could allow remote attackers to affect the availability of the devices under certain conditions. The underlying TCP stack can be forced to make very computation expensive calls for every incoming packet which can lead to a Denial-of-Service. Siemens has released new versions for ...
  • 1 (current)
  • 2
  • 3

Letzte Updates

BOSCH PSIRT
15.01.2025
SIEMENS CERT
11.02.2025
US CERT
15.01.2025
US CERT (ICS)
06.02.2025

Nach Quelle

Archiv

2025
2024
2023
2022
2021
2020
2019
2018
2017

Feeds