Juli 2023
27.07.2023
US CERT (ICS)
Mitsubishi Electric CNC Series
Titel
Mitsubishi Electric CNC Series
Veröffentlicht
27. Juli 2023 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-208-03
Text
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: CNC Series devices Vulnerability: Classic Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a malicious remote attacker to cause a denial-of-service condition and execute malicious code on the product by sending ...
27.07.2023
US CERT (ICS)
PTC KEPServerEX
Titel
PTC KEPServerEX
Veröffentlicht
27. Juli 2023 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-208-02
Text
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: PTC Equipment: KEPServerEX Vulnerability: Uncontrolled Resource Consumption 2. RISK EVALUATION Successful exploitation of this vulnerability could result in the affected device crashing. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of KEPServerEX, an industrial automation data concentrator ...
25.07.2023
US CERT (ICS)
AXIS A1001
Titel
AXIS A1001
Veröffentlicht
25. Juli 2023 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-206-01
Text
1. EXECUTIVE SUMMARY CVSS v3 7.1 ATTENTION: Exploitable from adjacent network Vendor: Axis Communications Equipment: AXIS A1001 Vulnerability: Heap-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of AXIS A1001, a ...
25.07.2023
US CERT (ICS)
Emerson ROC800 Series RTU and DL8000 Preset Controller
Titel
Emerson ROC800 Series RTU and DL8000 Preset Controller
Veröffentlicht
25. Juli 2023 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-206-03
Text
1. EXECUTIVE SUMMARY CVSS v3 9.4 ATTENTION: Exploitable remotely/low attack complexity Vendor: Emerson Equipment: ROC800-Series RTU; including ROC800, ROC800L, and DL8000 Preset Controllers Vulnerability: Authentication Bypass 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service condition or gain unauthorized access to data or ...
25.07.2023
US CERT (ICS)
Johnson Controls IQ Wifi 6
Titel
Johnson Controls IQ Wifi 6
Veröffentlicht
25. Juli 2023 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-206-04
Text
1. EXECUTIVE SUMMARY CVSS v3 8.3 ATTENTION: Low attack complexity Vendor: Johnson Controls Inc. Equipment: IQ Wifi 6 Vulnerability: Improper Restriction of Excessive Authentication Attempts 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthorized user to gain account access by conducting a brute force authentication attack. 3. ...
20.07.2023
US CERT (ICS)
Schneider Electric EcoStruxure Products, Modicon PLCs, and Programmable Automation Controllers
Titel
Schneider Electric EcoStruxure Products, Modicon PLCs, and Programmable Automation Controllers
Veröffentlicht
20. Juli 2023 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-201-01
Text
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: EcoStruxure Products, Modicon PLCs, and Programmable Automation Controllers Vulnerabilities: Improper Check for Unusual or Exceptional Conditions 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker unauthorized access to components, ability to execute ...
18.07.2023
US CERT (ICS)
​GeoVision GV-ADR2701
Titel
​GeoVision GV-ADR2701
Veröffentlicht
18. Juli 2023 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-199-05
Text
1. EXECUTIVE SUMMARY ​CVSS v3 9.8 ​ATTENTION: Exploitable remotely/low attack complexity/public exploits are available ​Vendor: GeoVision ​Equipment: GV-ADR2701 ​Vulnerabilities: Improper Authentication 2. RISK EVALUATION ​Successful exploitation of this vulnerability could allow an attacker to log in to the camera’s web application. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ​GeoVision reports this ...
18.07.2023
US CERT (ICS)
Rockwell Automation Kinetix 5700 DC Bus Power Supply
Titel
Rockwell Automation Kinetix 5700 DC Bus Power Supply
Veröffentlicht
18. Juli 2023 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-199-01
Text
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: Kinetix 5700 Vulnerability: Uncontrolled Resource Consumption 2. RISK EVALUATION Successful exploitation of this vulnerability could result in a denial-of-service attack. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following version of Rockwell Automation Kinetix 5700 DC ...
18.07.2023
US CERT (ICS)
WellinTech KingHistorian
Titel
WellinTech KingHistorian
Veröffentlicht
18. Juli 2023 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-199-07
Text
1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: WellinTech Equipment: KingHistorian Vulnerabilities: Exposure of Sensitive Information to an Unauthorized Actor, Signed to Unsigned Conversion Error 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to disclose sensitive information or send ...
18.07.2023
US CERT (ICS)
Iagona ScrutisWeb
Titel
Iagona ScrutisWeb
Veröffentlicht
18. Juli 2023 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-199-03
Text
1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Iagona Equipment: ScrutisWeb Vulnerabilities: Absolute Path Traversal, Authorization Bypass Through User-Controlled Key, Use of Hard-coded Cryptographic Key, Unrestricted Upload of File with Dangerous Type 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to upload ...
18.07.2023
US CERT (ICS)
​Keysight N6845A Geolocation Server
Titel
​Keysight N6845A Geolocation Server
Veröffentlicht
18. Juli 2023 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-199-02
Text
1. EXECUTIVE SUMMARY ​CVSS v3 7.8 ​ATTENTION: Low attack complexity ​Vendor: Keysight Technologies ​Equipment: N6854A Geolocation Server ​Vulnerabilities: Exposed Dangerous Method or Function, Relative Path Traversal 2. RISK EVALUATION ​Successful exploitation of these vulnerabilities could allow an attacker to escalate privileges, execute arbitrary code, or cause a denial-of-service condition. 3. ...
18.07.2023
US CERT (ICS)
​Weintek Weincloud
Titel
​Weintek Weincloud
Veröffentlicht
18. Juli 2023 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-199-04
Text
1. EXECUTIVE SUMMARY ​CVSS v3 9.8 ​ATTENTION: Exploitable remotely/low attack complexity ​Vendor: Weintek ​Equipment: Weincloud ​Vulnerabilities: Weak Password Recovery Mechanism for Forgotten Password, Improper Authentication, Improper Restriction of Excessive Authentication Attempts, Improper Handling of Structural Elements 2. RISK EVALUATION ​Successful exploitation of these vulnerabilities could allow an attacker to utilize ...
13.07.2023
US CERT (ICS)
​Siemens SIMATIC MV500 Devices
Titel
​Siemens SIMATIC MV500 Devices
Veröffentlicht
13. Juli 2023 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-194-04
Text
1. EXECUTIVE SUMMARY ​CVSS v3 8.2 ​ATTENTION: Exploitable remotely/low attack complexity ​Vendor: Siemens ​Equipment: SIMATIC MV500 series devices ​Vulnerabilities: Exposure of Sensitive Information to an Unauthorized Actor, Missing Release of Memory after Effective Lifetime, Injection, Inadequate Encryption Strength, Double Free, Incomplete Cleanup, Observable Discrepancy, Improper Locking, Use After Free, Improper ...
13.07.2023
US CERT (ICS)
Rockwell Automation PowerMonitor 1000
Titel
Rockwell Automation PowerMonitor 1000
Veröffentlicht
13. Juli 2023 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-194-05
Text
1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: PowerMonitor 1000 Vulnerability: Cross-site Scripting 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to achieve remote code execution and potentially the complete loss of confidentiality, integrity, and availability of the product. ...
13.07.2023
US CERT (ICS)
Honeywell Experion PKS, LX and PlantCruise
Titel
Honeywell Experion PKS, LX and PlantCruise
Veröffentlicht
13. Juli 2023 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-194-06
Text
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Honeywell Equipment: Experion PKS, LX, and PlantCruise Vulnerabilities: Heap-based Buffer Overflow, Stack-based Buffer Overflow, Out-of-bounds Write, Uncontrolled Resource Consumption, Improper Encoding or Escaping of Output, Deserialization of Untrusted Data, Improper Input Validation, Incorrect Comparison 2. RISK EVALUATION Successful ...
13.07.2023
US CERT (ICS)
​Siemens RUGGEDCOM ROX
Titel
​Siemens RUGGEDCOM ROX
Veröffentlicht
13. Juli 2023 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-194-01
Text
1. EXECUTIVE SUMMARY ​CVSS v3 9.8 ​ATTENTION: Exploitable remotely / low attack complexity ​Vendor: Siemens ​Equipment: RUGGEDCOM ROX ​Vulnerabilities: Cleartext Transmission of Sensitive Information, Command Injection, Improper Authentication, Classic Buffer Overflow, Uncontrolled Resource Consumption, Improper Certificate Validation, Cross-Site Request Forgery (CSRF), Improper Input Validation, Incorrect Default Permissions, Cross-site Scripting, Inadequate ...
13.07.2023
US CERT (ICS)
Siemens SiPass Integrated
Titel
Siemens SiPass Integrated
Veröffentlicht
13. Juli 2023 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-194-02
Text
1. EXECUTIVE SUMMARY ​CVSS v3 7.5 ​ATTENTION: Exploitable remotely / low attack complexity ​Vendor: Siemens ​Equipment: SiPass Integrated ​Vulnerability: Improper Input Validation 2. RISK EVALUATION ​Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to crash the server application, creating a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED ...
13.07.2023
US CERT (ICS)
Siemens SIMATIC CN 4100
Titel
Siemens SIMATIC CN 4100
Veröffentlicht
13. Juli 2023 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-22-194-03
Text
1. EXECUTIVE SUMMARY CVSS v3 9.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIMATIC CN 4100 Vulnerabilities: Improper Access Control, Incorrect Default Permissions 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to gain privilege escalation and bypass network isolation. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ...
12.07.2023
US CERT (ICS)
Rockwell Automation Select Communication Modules
Titel
Rockwell Automation Select Communication Modules
Veröffentlicht
12. Juli 2023 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-193-01
Text
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: 1756-EN2T, 1756-EN2TK, 1756-EN2TXT, 1756-EN2TP, 1756-EN2TPK, 1756-EN2TPXT, 1756-EN2TR, 1756-EN2TRK, 1756-EN2TRXT, 1756-EN2F, 1756-EN2FK, 1756-EN3TR, 1756-EN3TRK, 1756-EN4TR, 1756-EN4TRK, 1756-EN4TRXT Vulnerabilities: Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow malicious actors to gain remote access ...
11.07.2023
US CERT (ICS)
Rockwell Automation Enhanced HIM
Titel
Rockwell Automation Enhanced HIM
Veröffentlicht
11. Juli 2023 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-192-01
Text
1. EXECUTIVE SUMMARY CVSS v3 9.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: Enhanced HIM Vulnerability: Cross-site Request Forgery 2. RISK EVALUATION Successful exploitation of this vulnerability could lead to sensitive information disclosure and full remote access to the affected products. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The ...
11.07.2023
US CERT (ICS)
​Sensormatic Electronics iSTAR
Titel
​Sensormatic Electronics iSTAR
Veröffentlicht
11. Juli 2023 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-192-02
Text
1. EXECUTIVE SUMMARY ​CVSS v3 7.5 ​ATTENTION: Exploitable via adjacent network/Low attack complexity ​Vendor: Sensormatic Electronics, LLC, a subsidiary of Johnson Controls Inc. ​Equipment: iSTAR ​Vulnerability: Improper Authentication 2. RISK EVALUATION ​Successful exploitation of this vulnerability could allow an unauthenticated user to login to iSTAR devices with administrator rights. 3. ...
11.07.2023
US CERT (ICS)
Panasonic Control FPWin Pro7
Titel
Panasonic Control FPWin Pro7
Veröffentlicht
11. Juli 2023 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-192-03
Text
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Panasonic Equipment: Control FPWIN Pro7 Vulnerabilities: Type Confusion, Stack-based Buffer Overflow, Improper Restriction of Operations within the Bounds of a Memory Buffer 2. RISK EVALUATION Successful exploitation of these vulnerabilities could result in information disclosure or remote code execution ...
06.07.2023
US CERT (ICS)
ABUS TVIP
Titel
ABUS TVIP
Veröffentlicht
6. Juli 2023 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-187-02
Text
1. EXECUTIVE SUMMARY CVSS v3 7.2 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: ABUS Equipment: ABUS Security Camera Vulnerability: Command injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow arbitrary file reads or remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of ...
06.07.2023
US CERT (ICS)
PiiGAB M-Bus
Titel
PiiGAB M-Bus
Veröffentlicht
6. Juli 2023 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-187-01
Text
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: PiiGAB, Processinformation i Göteborg Aktiebolag Equipment: M-Bus SoftwarePack 900S Vulnerabilities: Code Injection, Improper Restriction of Excessive Authentication Attempts, Unprotected Transport of Credentials, Use of Hard-coded Credentials, Plaintext Storage of a Password, Cross-site Scripting, Weak Password Requirements, Use of ...
Juni 2023
29.06.2023
US CERT (ICS)
​Ovarro TBox RTUs
Titel
​Ovarro TBox RTUs
Veröffentlicht
29. Juni 2023 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-180-03
Text
1. EXECUTIVE SUMMARY ​CVSS v3 7.2 ​ATTENTION: Exploitable remotely/low attack complexity ​Vendor: Ovarro ​Equipment: TBox RTUs ​Vulnerabilities: Missing Authorization, Use of Broken or Risky Cryptographic Algorithm, Inclusion of Functionality from Untrusted Control Sphere, Insufficient Entropy, Improper Authorization, Plaintext Storage of a Password 2. RISK EVALUATION ​Successful exploitation of these vulnerabilities ...

Letzte Updates

BOSCH PSIRT
15.01.2025
SIEMENS CERT
17.04.2025
US CERT
01.04.2025
US CERT (ICS)
17.04.2025

Nach Quelle

Archiv

2025
2024
2023
2022
2021
2020
2019
2018
2017

Feeds