Bulletins

CISA (ICS)
11/06/2025

Advantech DeviceOn/iEdge

1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Advantech Equipment: DeviceOn/iEdge Vulnerabilities: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') 2. RISK EVALUATION Successful exploitation of these vulnerabilities could result in a denial-of-service …
CISA (ICS)
11/06/2025

Ubia Ubox

1. EXECUTIVE SUMMARY CVSS v4 7.1 ATTENTION : Exploitable remotely/low attack complexity Vendor : Ubia Equipment : Ubox Vulnerability : Insufficiently Protected Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to remotely view camera feeds or modify settings. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The …
CISA (ICS)
11/06/2025

ABB FLXeon Controllers

1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION : Exploitable remotely/low attack complexity Vendor : ABB Equipment : FBXi, FBVi, FBTi, CBXi Vulnerabilities : Use of Hard-coded Credentials, Improper Validation of Specified Type of Input, Use of a One-Way Hash without a Salt 2. RISK EVALUATION Successful exploitation of these vulnerabilities …
CISA (ICS)
11/04/2025

IDIS ICM Viewer

1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: IDIS Equipment: ICM Viewer Vulnerability: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') 2. RISK EVALUATION Successful exploitation of this vulnerability could result in an attacker executing arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The …
CISA (ICS)
11/04/2025

Radiometrics VizAir

1. EXECUTIVE SUMMARY CVSS v4 10.0 ATTENTION : Exploitable remotely/low attack complexity Vendor : Radiometrics Equipment : VizAir Vulnerabilities : Missing Authentication for Critical Function, Insufficiently Protected Credentials 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow attackers to manipulate critical weather parameters and runway settings, mislead air traffic …
CISA (ICS)
11/04/2025

Fuji Electric Monitouch V-SFT-6

1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION : Low attack complexity Vendor : Fuji Electric Equipment : Monitouch V-SFT-6 Vulnerabilities : Heap-based Buffer Overflow, Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of these vulnerabilities could crash the accessed device; a buffer overflow condition may allow remote code execution. 3. …
CISA (ICS)
11/04/2025

Survision License Plate Recognition Camera

1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION : Exploitable remotely/low attack complexity Vendor : Survision Equipment : License Plate Recognition (LPR) Camera Vulnerability : Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to fully access the system without requiring authentication. 3. …
CISA (ICS)
10/30/2025

International Standards Organization ISO 15118-2

1. EXECUTIVE SUMMARY CVSS v4 7.2 ATTENTION: Low Attack Complexity Standard: ISO 15118-2 Network and Application Protocol Requirements Equipment: EV Car Chargers Vulnerability: Improper Restriction of Communication Channel to Intended Endpoints 2. RISK EVALUATION Successful exploitation of this vulnerability could result in man-in-the-middle attacks. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS …