Bulletins | CERT@VDE

Optigo Networks Visual BACnet Capture Tool/Optigo Visual Networks Capture Tool

Titel

Optigo Networks Visual BACnet Capture Tool/Optigo Visual Networks Capture Tool

Veröffentlicht

11. März 2025 13:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-25-070-02

Text

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Optigo Networks Equipment: Visual BACnet Capture Tool, Optigo Visual Networks Capture Tool Vulnerabilities: Use of Hard-coded, Security-relevant Constants, Authentication Bypass Using an Alternate Path or Channel 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow ...

11.03.2025

Schneider Electric Uni-Telway Driver

Titel

Schneider Electric Uni-Telway Driver

Veröffentlicht

11. März 2025 13:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-25-070-01

Text

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.8 ATTENTION: Low attack complexity Vendor: Schneider Electric Equipment: Uni-Telway Driver Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to perform a denial of service. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Schneider Electric reports the ...

Edimax IC-7100 IP Camera

Titel

Edimax IC-7100 IP Camera

Veröffentlicht

4. März 2025 13:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-25-063-08

Text

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: Edimax Equipment: IC-7100 IP Camera Vulnerability: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to send ...

https://www.cisa.gov/news-events/ics-advisories/icsa-25-063-07

GMOD Apollo

Titel

GMOD Apollo

Veröffentlicht

4. März 2025 13:00

URL

Text

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: GMOD Equipment: Apollo Vulnerabilities: Incorrect Privilege Assignment, Relative Path Traversal, Missing Authentication for Critical Function, Generation of Error Message Containing Sensitive Information 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to escalate ...

Keysight Ixia Vision Product Family

Titel

Keysight Ixia Vision Product Family

Veröffentlicht

4. März 2025 13:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-25-063-02

Text

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Keysight Equipment: Ixia Vision Product Family Vulnerabilities: Path Traversal, Improper Restriction of XML External Entity Reference 2. RISK EVALUATION Successful exploitation of these vulnerabilities could crash the device being accessed; a buffer overflow condition may allow ...

https://www.cisa.gov/news-events/ics-advisories/icsa-25-063-04

Hitachi Energy XMC20

Titel

Hitachi Energy XMC20

Veröffentlicht

4. März 2025 13:00

URL

Text

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: XMC20 Vulnerability: Relative Path Traversal 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to access files or directories outside the authorized scope. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Hitachi ...

Hitachi Energy UNEM/ECST

Titel

Hitachi Energy UNEM/ECST

Veröffentlicht

4. März 2025 13:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-25-063-05

Text

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.8 ATTENTION: Low Attack Complexity Vendor: Hitachi Energy Equipment: XMC20, ECST, UNEM Vulnerability: Improper Validation of Certificate with Host Mismatch 2. RISK EVALUATION Successful exploitation of this vulnerability could allow attackers to intercept or falsify data exchanges between the client and the server. ...

Hitachi Energy MACH PS700

Titel

Hitachi Energy MACH PS700

Veröffentlicht

4. März 2025 13:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-25-063-03

Text

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.7 ATTENTION: Vendor: Hitachi Energy Equipment: MACH PS700 Vulnerability: Uncontrolled Search Path Element 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to escalate privileges and gain control over the software. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Hitachi Energy reports ...

Februar 2025

27.02.2025

Schneider Electric Communication Modules for Modicon M580 and Quantum Controllers

Titel

Schneider Electric Communication Modules for Modicon M580 and Quantum Controllers

Veröffentlicht

27. Februar 2025 13:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-25-058-01

Text

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: Communication modules for Modicon M580 and Quantum controllers Vulnerability: Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a stack overflow attack, which could result in loss of confidentiality, integrity, ...

25.02.2025

Rockwell Automation PowerFlex 755

Titel

Rockwell Automation PowerFlex 755

Veröffentlicht

25. Februar 2025 13:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-25-056-01

Text

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Rockwell Automation Equipment: PowerFlex 755 Vulnerability: Cleartext Transmission of Sensitive Information 2. RISK EVALUATION Successful exploitation of this vulnerability could result in exposure of sensitive data. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following version of ...

ABB ASPECT-Enterprise, NEXUS, and MATRIX Series

Titel

ABB ASPECT-Enterprise, NEXUS, and MATRIX Series

Veröffentlicht

20. Februar 2025 13:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-25-051-01

Text

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: ABB Equipment: ASPECT-Enterprise, NEXUS, and MATRIX series Vulnerability: Use of Hard-coded Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to obtain access to devices without proper authentication. 3. TECHNICAL DETAILS 3.1 ...

ABB FLXEON Controllers

Titel

ABB FLXEON Controllers

Veröffentlicht

20. Februar 2025 13:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-25-051-02

Text

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: ABB Equipment: FLXEON Controllers Vulnerabilities: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion'), Missing Origin Validation in WebSockets, Insertion of Sensitive Information into Log File 2. RISK EVALUATION Successful exploitation ...

Elseta Vinci Protocol Analyzer

Titel

Elseta Vinci Protocol Analyzer

Veröffentlicht

20. Februar 2025 13:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-25-051-06

Text

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.4 ATTENTION: Exploitable remotely/low attack complexity Vendor: Elseta Equipment: Vinci Protocol Analyzer Vulnerability: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to escalate privileges and perform ...

https://www.cisa.gov/news-events/ics-advisories/icsa-25-051-03

Carrier Block Load

Titel

Carrier Block Load

Veröffentlicht

20. Februar 2025 13:00

URL

Text

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Carrier Equipment: Block Load Vulnerability: Uncontrolled Search Path Element 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a malicious actor to execute arbitrary code with escalated privileges . 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ...

Rapid Response Monitoring My Security Account App

Titel

Rapid Response Monitoring My Security Account App

Veröffentlicht

20. Februar 2025 13:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-25-051-05

Text

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rapid Response Monitoring Equipment: My Security Account App Vulnerability: Authorization Bypass Through User-Controlled Key 2. RISK EVALUATION Successful exploitation of this vulnerability could allow attacker to access sensitive information of other users. 3. TECHNICAL DETAILS 3.1 ...

https://www.cisa.gov/news-events/ics-advisories/icsa-25-044-08

Siemens OpenV2G

Titel

Siemens OpenV2G

Veröffentlicht

13. Februar 2025 13:00

URL

Text

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY ...

https://www.cisa.gov/news-events/ics-advisories/icsa-25-044-03

Siemens SIPROTEC 5

Titel

Siemens SIPROTEC 5

Veröffentlicht

13. Februar 2025 13:00

URL

Text

Siemens SIMATIC S7-1200 CPU Family

Titel

Siemens SIMATIC S7-1200 CPU Family

Veröffentlicht

13. Februar 2025 13:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-25-044-01

Text

Siemens SCALANCE W700

Titel

Siemens SCALANCE W700

Veröffentlicht

13. Februar 2025 13:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-25-044-09

Text

Outback Power Mojave Inverter

Titel

Outback Power Mojave Inverter

Veröffentlicht

13. Februar 2025 13:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-25-044-17

Text

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Outback Power Equipment: Mojave Inverter Vulnerabilities: Use of GET Request Method With Sensitive Query Strings, Exposure of Sensitive Information to an Unauthorized Actor, Command Injection 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an ...

Siemens SIMATIC IPC DiagBase and SIMATIC IPC DiagMonitor

Titel

Siemens SIMATIC IPC DiagBase and SIMATIC IPC DiagMonitor

Veröffentlicht

13. Februar 2025 13:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-25-044-12

Text

https://www.cisa.gov/news-events/ics-advisories/icsa-25-044-15

ORing IAP-420

Titel

ORing IAP-420

Veröffentlicht

13. Februar 2025 13:00

URL

Text

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.6 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: ORing Equipment: IAP-20 Vulnerabilities: Cross-site Scripting, Command Injection 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to invoke commands to compromise the device via the management interface. 3. TECHNICAL ...

Siemens SIMATIC PCS neo and TIA Administrator

Titel

Siemens SIMATIC PCS neo and TIA Administrator

Veröffentlicht

13. Februar 2025 13:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-25-044-13

Text

Siemens Opcenter Intelligence

Titel

Siemens Opcenter Intelligence

Veröffentlicht

13. Februar 2025 13:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-25-044-14

Text