LOGO! 8 BM (incl. SIPLUS variants) contains multiple web-related vulnerabilities. These could allow an attacker to execute code remotely, put the device into a denial of service state or retrieve parts of the memory. The vulnerabilities are related to the hardware of the product. Siemens has released new hardware versions ...
SINEMA Remote Connect Server before V3.2 SP2 is affected by multiple vulnerabilities. Siemens has released a new version for SINEMA Remote Connect Client and recommends to update to the latest version.
LOGO! V8.3 BM (incl. SIPLUS variants) devices contain a vulnerability that could allow an electromagnetic fault injection. This could allow an attacker to dump and debug the firmware, including the manipulation of memory. Further actions could allow to inject public keys of custom created key pairs which are then signed ...
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.1 ATTENTION: Low attack complexity Vendor: Hughes Network Systems Equipment: WL3000 Fusion Software Vulnerabilities: Insufficiently Protected Credentials, Missing Encryption of Sensitive Data 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to obtain read-only access to network configuration information and ...
Summary The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and National Security Agency (NSA) assess that cyber actors affiliated with the Russian General Staff Main Intelligence Directorate (GRU) 161st Specialist Training Center (Unit 29155) are responsible for computer network operations against global targets for the purposes ...
Summary Note: This joint Cybersecurity Advisory is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect ...
Summary The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Defense Cyber Crime Center (DC3) are releasing this joint Cybersecurity Advisory (CSA) to warn network defenders that, as of August 2024, a group of Iran-based cyber actors continues to exploit U.S. and foreign ...
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Avtec Equipment: Outpost 0810, Outpost Uploader Utility Vulnerability: Storage of File with Sensitive Data Under Web Root, Use of Hard-coded Cryptographic Key 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to gain ...
BOSCH-SA-659648: A vulnerability was discovered in internal testing of Bosch IP cameras of families CPP13 and CPP14, that allows an unauthenticated attacker to retrieve video analytics event data. No video data is leaked through this vulnerability.
Executive Summary This publication defines a baseline for event logging best practices to mitigate cyber threats. It was developed by the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) in cooperation with the following international partners: United States (US) Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of ...
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY ...
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: AVEVA Equipment: Historian Server Vulnerability: SQL Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an authenticated user to get read and write access to the database. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The ...
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY ...
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY ...
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY ...
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: AVEVA Equipment: SuiteLink Server Vulnerability: Allocation of Resources Without Limits or Throttling 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause the server to consume excessive system resources, preventing processing of ...
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: DataMosaix Private Cloud Vulnerability: Improper Authentication 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to generate cookies for a user ID without the use of a username or password, ...