Bulletins | CERT@VDE

Johnson Controls Illustra Essentials Gen 4

Titel

Johnson Controls Illustra Essentials Gen 4

Veröffentlicht

27. Juni 2024 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-24-179-04

Text

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Johnson Controls Equipment: Illustra Essentials Gen 4 Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to inject commands. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Johnson Controls reports that ...

Yokogawa FAST/TOOLS and CI Server

Titel

Yokogawa FAST/TOOLS and CI Server

Veröffentlicht

27. Juni 2024 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-24-179-03

Text

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Yokogawa Equipment: FAST/TOOLS and CI Server Vulnerabilities: Cross-site Scripting, Empty Password in Configuration File 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to launch a malicious script and take control of affected ...

TELSAT marKoni FM Transmitter

Titel

TELSAT marKoni FM Transmitter

Veröffentlicht

27. Juni 2024 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-24-179-01

Text

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: marKoni Equipment: Markoni-D (Compact) FM Transmitters, Markoni-DH (Exciter+Amplifiers) FM Transmitters Vulnerabilities: Command Injection, Use of Hard-coded Credentials, Use of Client-Side Authentication, Improper Access Control 2. RISK EVALUATION Successful exploitation of these vulnerabilities could ...

SDG Technologies PnPSCADA

Titel

SDG Technologies PnPSCADA

Veröffentlicht

27. Juni 2024 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-24-179-02

Text

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: SDG Technologies Equipment: PnPSCADA Vulnerability: Missing Authorization 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to attach various entities without requiring system authentication. This breach could potentially lead to unauthorized control, data ...

Johnson Controls Illustra Essentials Gen 4 (Update A)

Titel

Johnson Controls Illustra Essentials Gen 4 (Update A)

Veröffentlicht

27. Juni 2024 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-24-179-04

Text

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Johnson Controls, Inc. Equipment: Illustra Essentials Gen 4 Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to inject commands. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Johnson Controls reports ...

25.06.2024

PTC Creo Elements/Direct License Server

Titel

PTC Creo Elements/Direct License Server

Veröffentlicht

25. Juni 2024 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-24-177-02

Text

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: PTC Equipment: Creo Elements/Direct License Server Vulnerability: Missing Authorization 2. RISK EVALUATION Successful exploitation of this vulnerability could allow unauthenticated remote attackers to execute arbitrary OS commands. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS PTC reports that ...

25.06.2024

ABB Ability System 800xA

Titel

ABB Ability System 800xA

Veröffentlicht

25. Juni 2024 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-24-177-01

Text

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.9 ATTENTION: Low attack complexity Vendor: ABB Equipment: 800xA Base Vulnerabilities: Improper Input Validation 2. RISK EVALUATION Successful exploitation of these vulnerabilities could cause services to crash and restart. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ABB reports that the vulnerability only affects 800xA ...

20.06.2024

https://www.cisa.gov/news-events/ics-advisories/icsa-24-172-03

Westermo L210-F2G

Titel

Westermo L210-F2G

Veröffentlicht

20. Juni 2024 14:00

URL

Text

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Westermo Equipment: L210-F2G Lynx Vulnerabilities: Cleartext Transmission of Sensitive Information, Improper Control of Interaction Frequency 2. RISK EVALUATION Successful exploitation of these vulnerabilities could crash the device being accessed or may allow remote code execution. 3. ...

20.06.2024

https://www.cisa.gov/news-events/ics-advisories/icsa-24-172-02

CAREL Boss-Mini

Titel

CAREL Boss-Mini

Veröffentlicht

20. Juni 2024 14:00

URL

Text

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: CAREL Equipment: Boss-Mini Vulnerability: Path Traversal 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to manipulate an argument path, which would lead to information disclosure. 3. TECHNICAL DETAILS 3.1 ...

20.06.2024

https://www.cisa.gov/news-events/ics-advisories/icsa-24-172-01

Yokogawa CENTUM

Titel

Yokogawa CENTUM

Veröffentlicht

20. Juni 2024 14:00

URL

Text

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.7 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Yokogawa Equipment: CENTUM Vulnerability: Uncontrolled Search Path Element 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute arbitrary programs. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Yokogawa CENTUM, ...

18.06.2024

RAD Data Communications SecFlow-2

Titel

RAD Data Communications SecFlow-2

Veröffentlicht

18. Juni 2024 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-24-170-01

Text

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: RAD Data Communications Equipment: SecFlow-2 Vulnerability: Path Traversal 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to obtain files from the operating system by crafting a special request. 3. ...

Siemens SCALANCE XM-400, XR-500

Titel

Siemens SCALANCE XM-400, XR-500

Veröffentlicht

13. Juni 2024 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-24-165-11

Text

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY ...

Siemens SITOP UPS1600

Titel

Siemens SITOP UPS1600

Veröffentlicht

13. Juni 2024 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-24-165-05

Text

Siemens ST7 ScadaConnect

Titel

Siemens ST7 ScadaConnect

Veröffentlicht

13. Juni 2024 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-24-165-04

Text

Siemens SINEC Traffic Analyzer

Titel

Siemens SINEC Traffic Analyzer

Veröffentlicht

13. Juni 2024 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-24-165-13

Text

Siemens SIMATIC and SIPLUS

Titel

Siemens SIMATIC and SIPLUS

Veröffentlicht

13. Juni 2024 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-24-165-10

Text

https://www.cisa.gov/news-events/ics-advisories/icsa-24-165-07

Siemens PowerSys

Titel

Siemens PowerSys

Veröffentlicht

13. Juni 2024 14:00

URL

Text

Siemens SIMATIC S7-200 SMART Devices

Titel

Siemens SIMATIC S7-200 SMART Devices

Veröffentlicht

13. Juni 2024 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-24-165-02

Text

Intrado 911 Emergency Gateway

Titel

Intrado 911 Emergency Gateway

Veröffentlicht

11. Juni 2024 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-24-163-04

Text

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Intrado Equipment: 911 Emergency Gateway (EGW) Vulnerability: SQL Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute malicious code, exfiltrate data, or manipulate the database. 3. TECHNICAL DETAILS 3.1 AFFECTED ...

AVEVA PI Asset Framework Client

Titel

AVEVA PI Asset Framework Client

Veröffentlicht

11. Juni 2024 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-24-163-03

Text

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.0 ATTENTION: Low attack complexity Vendor: AVEVA Equipment: PI Asset Framework Client Vulnerability: Deserialization of Untrusted Data 2. RISK EVALUATION Successful exploitation of this vulnerability could allow malicious code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of AVEVA PI Asset ...

https://www.cisa.gov/news-events/ics-advisories/icsa-24-163-02

AVEVA PI Web API

Titel

AVEVA PI Web API

Veröffentlicht

11. Juni 2024 14:00

URL

Text

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION: Exploitable remotely/low attack complexity Vendor: AVEVA Equipment: PI Web API Vulnerability: Deserialization of Untrusted Data 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to perform remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions ...

Rockwell Automation ControlLogix, GuardLogix, and CompactLogix

Titel

Rockwell Automation ControlLogix, GuardLogix, and CompactLogix

Veröffentlicht

11. Juni 2024 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-24-163-01

Text

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.3 ATTENTION: Low attack complexity Vendor: Rockwell Automation Equipment: ControlLogix, GuardLogix, CompactLogix Vulnerability: Always-Incorrect Control Flow Implementation 2. RISK EVALUATION Successful exploitation of this vulnerability could compromise the availability of the device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Rockwell Automation reports that the ...

06.06.2024

Johnson Controls Software House iStar Pro Door Controller

Titel

Johnson Controls Software House iStar Pro Door Controller

Veröffentlicht

6. Juni 2024 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-24-158-04

Text

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Johnson Controls Inc. Equipment: Software House iStar Pro Door Controller, ICU Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability may allow an attacker to perform a machine-in-the-middle attack to inject ...

06.06.2024

Emerson PACSystem and Fanuc

Titel

Emerson PACSystem and Fanuc

Veröffentlicht

6. Juni 2024 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-24-158-01

Text

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.6 ATTENTION: Low attack complexity Vendor: Emerson Equipment: PACSystem, Fanuc Vulnerabilities: Cleartext Transmission of Sensitive Information, Insufficient Verification of Data Authenticity Insufficiently Protected Credentials, Download of Code Without Integrity Check CISA is aware of a public report, known as "OT:ICEFALL", detailing vulnerabilities found ...

06.06.2024