Februar 2025
04.02.2025
US CERT (ICS)
Schneider Electric Pro-face GP-Pro EX and Remote HMI
Titel
Schneider Electric Pro-face GP-Pro EX and Remote HMI
Veröffentlicht
4. Februar 2025 13:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-035-07
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.1 ATTENTION: Exploitable remotely Vendor: Schneider Electric Equipment: Pro-face GP-Pro EX and Remote HMI Vulnerability: Improper Enforcement of Message Integrity During Transmission in a Communication Channel 2. RISK EVALUATION Successful exploitation of this vulnerability could allow man-in-the-middle attacks, resulting in information disclosure, integrity ...
04.02.2025
US CERT (ICS)
Rockwell Automation GuardLogix 5380 and 5580 (Update A)
Titel
Rockwell Automation GuardLogix 5380 and 5580 (Update A)
Veröffentlicht
4. Februar 2025 13:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-035-02
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: GuardLogix 5380 and 5580 Vulnerability: Improper Handling of Exceptional Conditions 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote, non-privileged user to send malicious requests resulting in a major nonrecoverable ...
Januar 2025
30.01.2025
US CERT (ICS)
Rockwell Automation KEPServer
Titel
Rockwell Automation KEPServer
Veröffentlicht
30. Januar 2025 13:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-030-04
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: KEPServer Vulnerability: Uncontrolled Resource Consumption 2. RISK EVALUATION Successful exploitation of this vulnerability could cause the device to crash. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Rockwell Automation's KEPServer are ...
30.01.2025
US CERT (ICS)
Schneider Electric System Monitor Application in Harmony and Pro-face PS5000 Legacy Industrial PCs
Titel
Schneider Electric System Monitor Application in Harmony and Pro-face PS5000 Legacy Industrial PCs
Veröffentlicht
30. Januar 2025 13:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-030-03
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: Harmony Industrial PC, Pro-face Industrial PC Vulnerability: Exposure of Sensitive Information to an Unauthorized Actor 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to access sensitive information. 3. TECHNICAL ...
30.01.2025
US CERT (ICS)
New Rock Technologies Cloud Connected Devices
Titel
New Rock Technologies Cloud Connected Devices
Veröffentlicht
30. Januar 2025 13:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-030-02
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: New Rock Technologies Equipment: Cloud Connected Devices Vulnerabilities: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'), Improper Neutralization of Wildcards or Matching Symbols 2. RISK EVALUATION Successful exploitation of these vulnerabilities ...
30.01.2025
US CERT (ICS)
Rockwell Automation FactoryTalk AssetCentre
Titel
Rockwell Automation FactoryTalk AssetCentre
Veröffentlicht
30. Januar 2025 13:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-030-05
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: FactoryTalk AssetCentre Vulnerabilities: Inadequate Encryption Strength, Insufficiently Protected Credentials 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to extract passwords, access, credentials, or impersonate other users. 3. TECHNICAL DETAILS ...
28.01.2025
US CERT (ICS)
B&R Automation Runtime
Titel
B&R Automation Runtime
Veröffentlicht
28. Januar 2025 13:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-028-01
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: B&R Equipment: Automation Runtime Vulnerability: Use of a Broken or Risky Cryptographic Algorithm 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to masquerade as legitimate services on impacted devices. 3. TECHNICAL DETAILS ...
28.01.2025
US CERT (ICS)
Schneider Electric RemoteConnect and SCADAPack x70 Utilities
Titel
Schneider Electric RemoteConnect and SCADAPack x70 Utilities
Veröffentlicht
28. Januar 2025 13:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-028-06
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Low Attack Complexity Vendor: Schneider Electric Equipment: Electric RemoteConnect and SCADAPack x70 Utilities Vulnerability: Deserialization of Untrusted Data 2. RISK EVALUATION Successful exploitation of this vulnerability could lead to loss of confidentiality, integrity, and potential remote code execution on workstation when ...
28.01.2025
US CERT (ICS)
Schneider Electric Power Logic
Titel
Schneider Electric Power Logic
Veröffentlicht
28. Januar 2025 13:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-028-02
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: Power Logic Vulnerabilities: Authorization Bypass Through User-Controlled Key, Improper Restriction of Operations within the Bounds of a Memory Buffer 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to modify ...
23.01.2025
US CERT (ICS)
HMS Networks Ewon Flexy 202
Titel
HMS Networks Ewon Flexy 202
Veröffentlicht
23. Januar 2025 13:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-023-06
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.9 ATTENTION: Low attack complexity Vendor: HMS Networks Equipment: Ewon Flexy 202 Vulnerability: Cleartext Transmission of Sensitive Information 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to disclose sensitive user credentials. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following ...
23.01.2025
US CERT (ICS)
Schneider Electric EVlink Home Smart and Schneider Charge
Titel
Schneider Electric EVlink Home Smart and Schneider Charge
Veröffentlicht
23. Januar 2025 13:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-023-03
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.5 ATTENTION: Low attack complexity Vendor: Schneider Electric Equipment: EVlink Home Smart and Schneider Charge Vulnerability: Cleartext Storage of Sensitive Information 2. RISK EVALUATION Successful exploitation of this vulnerability may expose test credentials in the firmware binary. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ...
23.01.2025
US CERT (ICS)
Hitachi Energy RTU500 Series Product
Titel
Hitachi Energy RTU500 Series Product
Veröffentlicht
23. Januar 2025 13:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-023-02
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.2 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: RTU500 series products Vulnerability: Improperly Implemented Security Check for Standard 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to to update the RTU500 with unsigned firmware. 3. TECHNICAL DETAILS ...
23.01.2025
US CERT (ICS)
Schneider Electric EcoStruxure Power Build Rapsody
Titel
Schneider Electric EcoStruxure Power Build Rapsody
Veröffentlicht
23. Januar 2025 13:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-023-05
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 4.6 ATTENTION: Low attack complexity Vendor: Schneider Electric Equipment: EcoStruxure Power Build Rapsody Vulnerability: Improper Restriction of Operations within the Bounds of a Memory Buffer 2. RISK EVALUATION Successful exploitation of this vulnerability could allow local attackers to potentially execute arbitrary code when ...
21.01.2025
US CERT (ICS)
Traffic Alert and Collision Avoidance System (TCAS) II
Titel
Traffic Alert and Collision Avoidance System (TCAS) II
Veröffentlicht
21. Januar 2025 13:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-021-01
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.1 ATTENTION: Exploitable from adjacent network Standard: Traffic Alert and Collision Avoidance System (TCAS) II Equipment: Collision Avoidance Systems Vulnerabilities: Reliance on Untrusted Inputs in a Security Decision, External Control of System or Configuration Setting 2. RISK EVALUATION Successful exploitation of these vulnerabilities ...
21.01.2025
US CERT (ICS)
ZF Roll Stability Support Plus (RSSPlus)
Titel
ZF Roll Stability Support Plus (RSSPlus)
Veröffentlicht
21. Januar 2025 13:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-021-03
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.9 ATTENTION: Exploitable from an adjacent network/low attack complexity Vendor: ZF Equipment: RSSPlus Vulnerability: Authentication Bypass By Primary Weakness 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated attacker to remotely (proximal/adjacent with RF equipment) call diagnostic functions which could ...
21.01.2025
US CERT (ICS)
Siemens SIMATIC S7-1200 CPUs
Titel
Siemens SIMATIC S7-1200 CPUs
Veröffentlicht
21. Januar 2025 13:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-021-02
Text
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY ...
16.01.2025
US CERT (ICS)
Hitachi Energy FOX61x, FOXCST, and FOXMAN-UN Products
Titel
Hitachi Energy FOX61x, FOXCST, and FOXMAN-UN Products
Veröffentlicht
16. Januar 2025 13:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-016-06
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 4.9 ATTENTION: Low attack complexity Vendor: Hitachi Energy Equipment: FOX61x, FOXCST, FOXMAN-UN Vulnerability: Improper Validation of Certificate with Host Mismatch 2. RISK EVALUATION Successful exploitation of this vulnerability could allow attackers to intercept or falsify data exchanges between the client and the server. ...
16.01.2025
US CERT (ICS)
Siemens SIPROTEC 5 Products
Titel
Siemens SIPROTEC 5 Products
Veröffentlicht
16. Januar 2025 13:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-016-04
Text
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY ...
16.01.2025
US CERT (ICS)
Fuji Electric Alpha5 SMART
Titel
Fuji Electric Alpha5 SMART
Veröffentlicht
16. Januar 2025 13:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-016-05
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Low attack complexity Vendor: Fuji Electric Equipment: Alpha5 SMART Vulnerability: Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Fuji Electric ...
16.01.2025
US CERT (ICS)
Siemens Mendix LDAP
Titel
Siemens Mendix LDAP
Veröffentlicht
16. Januar 2025 13:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-016-01
Text
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY ...
16.01.2025
US CERT (ICS)
Hitachi Energy FOX61x Products
Titel
Hitachi Energy FOX61x Products
Veröffentlicht
16. Januar 2025 13:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-016-07
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 4.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: FOX61x Products Vulnerability: Relative Path Traversal 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to traverse the file system to access files or directories that would otherwise be inaccessible. ...
14.01.2025
US CERT (ICS)
Belledonne Communications Linphone-Desktop
Titel
Belledonne Communications Linphone-Desktop
Veröffentlicht
14. Januar 2025 13:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-014-04
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Belledonne Communications Equipment: Linphone-Desktop Vulnerability: NULL Pointer Dereference 2. RISK EVALUATION Successful exploitation of this vulnerability could could result in a remote attacker causing a denial-of-service condition on the affected devices. 3. TECHNICAL DETAILS 3.1 AFFECTED ...
14.01.2025
US CERT (ICS)
Schneider Electric Vijeo Designer
Titel
Schneider Electric Vijeo Designer
Veröffentlicht
14. Januar 2025 13:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-014-02
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low Attack Complexity Vendor: Schneider Electric Equipment: Vijeo Designer Vulnerability: Improper Privilege Management 2. RISK EVALUATION Successful exploitation of these vulnerabilities could cause a non-admin authenticated user to perform privilege escalation by tampering with the binaries. 3. TECHNICAL DETAILS 3.1 AFFECTED ...
10.01.2025
US CERT (ICS)
Schneider Electric PowerChute Serial Shutdown
Titel
Schneider Electric PowerChute Serial Shutdown
Veröffentlicht
10. Januar 2025 13:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-010-01
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: PowerChute Serial Shutdown Vulnerability: Improper Authentication 2. RISK EVALUATION Successful exploitation of this vulnerability could cause a denial of access to the web interface when someone on the local network repeatedly requests the ...
10.01.2025
US CERT (ICS)
Delta Electronics DRASimuCAD (Update A)
Titel
Delta Electronics DRASimuCAD (Update A)
Veröffentlicht
10. Januar 2025 13:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-010-03
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION: Low attack complexity Vendor: Delta Electronics Equipment: DRASimuCAD Vulnerabilities: Out-of-bounds Write, Type Confusion 2. RISK EVALUATION Successful exploitation of these vulnerabilities could crash the device or potentially allow remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of ...

Letzte Updates

BOSCH PSIRT
15.01.2025
SIEMENS CERT
14.04.2025
US CERT
01.04.2025
US CERT (ICS)
15.04.2025

Nach Quelle

Archiv

2025
2024
2023
2022
2021
2020
2019
2018
2017

Feeds