Februar 2025
20.02.2025
US CERT (ICS)
ABB ASPECT-Enterprise, NEXUS, and MATRIX Series
Titel
ABB ASPECT-Enterprise, NEXUS, and MATRIX Series
Veröffentlicht
20. Februar 2025 13:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-051-01
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: ABB Equipment: ASPECT-Enterprise, NEXUS, and MATRIX series Vulnerability: Use of Hard-coded Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to obtain access to devices without proper authentication. 3. TECHNICAL DETAILS 3.1 ...
20.02.2025
US CERT (ICS)
Elseta Vinci Protocol Analyzer
Titel
Elseta Vinci Protocol Analyzer
Veröffentlicht
20. Februar 2025 13:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-051-06
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.4 ATTENTION: Exploitable remotely/low attack complexity Vendor: Elseta Equipment: Vinci Protocol Analyzer Vulnerability: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to escalate privileges and perform ...
20.02.2025
US CERT (ICS)
ABB FLXEON Controllers
Titel
ABB FLXEON Controllers
Veröffentlicht
20. Februar 2025 13:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-051-02
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: ABB Equipment: FLXEON Controllers Vulnerabilities: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion'), Missing Origin Validation in WebSockets, Insertion of Sensitive Information into Log File 2. RISK EVALUATION Successful exploitation ...
13.02.2025
US CERT (ICS)
ORing IAP-420
Titel
ORing IAP-420
Veröffentlicht
13. Februar 2025 13:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-044-15
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.6 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: ORing Equipment: IAP-20 Vulnerabilities: Cross-site Scripting, Command Injection 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to invoke commands to compromise the device via the management interface. 3. TECHNICAL ...
13.02.2025
US CERT (ICS)
Siemens SIMATIC S7-1200 CPU Family
Titel
Siemens SIMATIC S7-1200 CPU Family
Veröffentlicht
13. Februar 2025 13:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-044-01
Text
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY ...
13.02.2025
US CERT (ICS)
Siemens SIMATIC IPC DiagBase and SIMATIC IPC DiagMonitor
Titel
Siemens SIMATIC IPC DiagBase and SIMATIC IPC DiagMonitor
Veröffentlicht
13. Februar 2025 13:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-044-12
Text
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY ...
13.02.2025
US CERT (ICS)
Siemens SIMATIC PCS neo and TIA Administrator
Titel
Siemens SIMATIC PCS neo and TIA Administrator
Veröffentlicht
13. Februar 2025 13:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-044-13
Text
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY ...
13.02.2025
US CERT (ICS)
Siemens Opcenter Intelligence
Titel
Siemens Opcenter Intelligence
Veröffentlicht
13. Februar 2025 13:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-044-14
Text
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY ...
13.02.2025
US CERT (ICS)
Siemens APOGEE PXC and TALON TC Series
Titel
Siemens APOGEE PXC and TALON TC Series
Veröffentlicht
13. Februar 2025 13:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-044-11
Text
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY ...
13.02.2025
US CERT (ICS)
Dingtian DT-R0 Series
Titel
Dingtian DT-R0 Series
Veröffentlicht
13. Februar 2025 13:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-044-18
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Dingtian Equipment: DT-R0 Series Vulnerability: Authentication Bypass Using an Alternate Path or Channel 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated attacker to modify the device settings and gain administrator access. 3. ...
13.02.2025
US CERT (ICS)
Siemens SCALANCE W700
Titel
Siemens SCALANCE W700
Veröffentlicht
13. Februar 2025 13:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-044-09
Text
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY ...
13.02.2025
US CERT (ICS)
Outback Power Mojave Inverter
Titel
Outback Power Mojave Inverter
Veröffentlicht
13. Februar 2025 13:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-044-17
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Outback Power Equipment: Mojave Inverter Vulnerabilities: Use of GET Request Method With Sensitive Query Strings, Exposure of Sensitive Information to an Unauthorized Actor, Command Injection 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an ...
13.02.2025
US CERT (ICS)
Siemens OpenV2G
Titel
Siemens OpenV2G
Veröffentlicht
13. Februar 2025 13:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-044-08
Text
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY ...
13.02.2025
US CERT (ICS)
Siemens SIPROTEC 5
Titel
Siemens SIPROTEC 5
Veröffentlicht
13. Februar 2025 13:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-044-03
Text
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY ...
06.02.2025
US CERT (ICS)
Trimble Cityworks (Update A)
Titel
Trimble Cityworks (Update A)
Veröffentlicht
6. Februar 2025 13:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-037-04
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.6 ATTENTION: Exploitable remotely/low attack complexity/known public exploitation Vendor: Trimble Equipment: Cityworks Vulnerability: Deserialization of Untrusted Data 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an authenticated user to perform a remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The ...
06.02.2025
US CERT (ICS)
Trimble Cityworks
Titel
Trimble Cityworks
Veröffentlicht
6. Februar 2025 13:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-037-04
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.6 ATTENTION: Exploitable remotely/low attack complexity/known public exploitation Vendor: Trimble Equipment: Cityworks Vulnerability: Deserialization of Untrusted Data 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an authenticated user to perform a remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The ...
06.02.2025
US CERT (ICS)
Schneider Electric EcoStruxure Power Monitoring Expert (PME)
Titel
Schneider Electric EcoStruxure Power Monitoring Expert (PME)
Veröffentlicht
6. Februar 2025 13:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-037-01
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.1 ATTENTION: Exploitable remotely Vendor: Schneider Electric Equipment: EcoStruxure Power Monitoring Expert (PME) Vulnerability: Deserialization of Untrusted Data 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to remotely execute code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Schneider Electric reports ...
06.02.2025
US CERT (ICS)
ABB Drive Composer
Titel
ABB Drive Composer
Veröffentlicht
6. Februar 2025 13:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-037-03
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: ABB Equipment: Drive Composer Vulnerability: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') 2. RISK EVALUATION Successful exploitation of this vulnerability could allow attackers unauthorized access to the file system on the host ...
04.02.2025
US CERT (ICS)
Elber Communications Equipment
Titel
Elber Communications Equipment
Veröffentlicht
4. Februar 2025 13:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-035-03
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: Elber Equipment: Communications Equipment Vulnerabilities: Authentication Bypass Using an Alternate Path or Channel, Hidden Functionality 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker unauthorized administrative access to the affected ...
04.02.2025
US CERT (ICS)
Schneider Electric Web Designer for Modicon
Titel
Schneider Electric Web Designer for Modicon
Veröffentlicht
4. Februar 2025 13:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-035-05
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Schneider Electric Equipment: Web Designer for Modicon Vulnerability: Improper Restriction of XML External Entity Reference 2. RISK EVALUATION Successful exploitation of this vulnerability could result in information disclosure, workstation integrity and potential remote code execution on the ...
04.02.2025
US CERT (ICS)
Schneider Electric Pro-face GP-Pro EX and Remote HMI
Titel
Schneider Electric Pro-face GP-Pro EX and Remote HMI
Veröffentlicht
4. Februar 2025 13:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-035-07
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.1 ATTENTION: Exploitable remotely Vendor: Schneider Electric Equipment: Pro-face GP-Pro EX and Remote HMI Vulnerability: Improper Enforcement of Message Integrity During Transmission in a Communication Channel 2. RISK EVALUATION Successful exploitation of this vulnerability could allow man-in-the-middle attacks, resulting in information disclosure, integrity ...
04.02.2025
US CERT (ICS)
Schneider Electric Modicon M580 PLCs, BMENOR2200H and EVLink Pro AC
Titel
Schneider Electric Modicon M580 PLCs, BMENOR2200H and EVLink Pro AC
Veröffentlicht
4. Februar 2025 13:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-035-04
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: Modicon M580 PLCs, BMENOR2200H and EVLink Pro AC Vulnerability: Incorrect Calculation of Buffer Size 2. RISK EVALUATION Successful exploitation of this vulnerability could cause a denial-of-service of the product when an unauthenticated user ...
04.02.2025
US CERT (ICS)
Rockwell Automation GuardLogix 5380 and 5580 (Update A)
Titel
Rockwell Automation GuardLogix 5380 and 5580 (Update A)
Veröffentlicht
4. Februar 2025 13:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-035-02
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: GuardLogix 5380 and 5580 Vulnerability: Improper Handling of Exceptional Conditions 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote, non-privileged user to send malicious requests resulting in a major nonrecoverable ...
04.02.2025
US CERT (ICS)
Western Telematic Inc NPS Series, DSM Series, CPM Series
Titel
Western Telematic Inc NPS Series, DSM Series, CPM Series
Veröffentlicht
4. Februar 2025 13:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-035-01
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Western Telematic Inc Equipment: NPS Series, DSM Series, CPM Series Vulnerability: External Control of File Name or Path 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an authenticated attacker to gain privileged access to ...
04.02.2025
US CERT (ICS)
Rockwell Automation 1756-L8zS3 and 1756-L3zS3
Titel
Rockwell Automation 1756-L8zS3 and 1756-L3zS3
Veröffentlicht
4. Februar 2025 13:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-035-02
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: 1756-L8zS3, 1756-L3zS3 Vulnerability: Improper Handling of Exceptional Conditions 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote, non-privileged user to send malicious requests resulting in a major nonrecoverable fault causing ...

Letzte Updates

BOSCH PSIRT
15.01.2025
SIEMENS CERT
14.04.2025
US CERT
01.04.2025
US CERT (ICS)
15.04.2025

Nach Quelle

Archiv

2025
2024
2023
2022
2021
2020
2019
2018
2017

Feeds