CISA (ICS)
07/03/2025
1. EXECUTIVE SUMMARY CVSS v4 6.9 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Mitsubishi Electric Corporation Equipment: MELSEC iQ-F Series Vulnerability: Overly Restrictive Account Lockout Mechanism 2. RISK EVALUATION Successful exploitation of this vulnerability could result in a denial-of-service condition for legitimate users for a certain period by repeatedly attempting to …
CISA (ICS)
07/03/2025
1. EXECUTIVE SUMMARY CVSS v4 7.1 ATTENTION : Exploitable remotely/low attack complexity Vendor : Hitachi Energy Equipment : MicroSCADA X SYS600 Vulnerabilities : Incorrect Default Permissions, External Control of File Name or Path, Improper Validation of Integrity Check Value, Exposure of Sensitive Information Through Data Queries, Improper Certificate Validation 2. …
CISA (ICS)
07/03/2025
1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION : Exploitable remotely/low attack complexity Vendor : Mitsubishi Electric Equipment : MELSOFT Update Manager Vulnerabilities : Integer Underflow (Wrap or Wraparound), Protection Mechanism Failure 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code, disclose information, alter …
CISA (ICS)
07/03/2025
1. EXECUTIVE SUMMARY CVSS v4 7.1 ATTENTION : Exploitable remotely/low attack complexity Vendor : Hitachi Energy Equipment : Relion 670/650 and SAM600-IO series Vulnerability : Improper Check for Unusual or Exceptional Conditions 2. RISK EVALUATION An authenticated user with file access privilege via FTP access can cause the Relion 670/650 …
CISA (ICS)
07/01/2025
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION : Exploitable remotely/low attack complexity Vendor : FESTO, FESTO Didactic Equipment : CIROS Studio / Education, Automation Suite, FluidDraw, FluidSIM, MES-PC Vulnerability : Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to gain full control of the …
SIEMENS CERT
06/17/2025
Questa and ModelSim (incl. OEM Editions) are affected by multiple vulnerabilities that could allow a local attacker to inject arbitrary code and escalate privileges. Siemens has released new versions for the affected products and recommends to update to the latest versions.
SIEMENS CERT
06/16/2025
SSA-345750 V1.1 (Last Update: 2025-06-16): Default Credentials in Energy Services Using Elspec G5DFR
Energy Services from Siemens (previously known as Managed Applications and Services), sell solutions using Elspec G5 Digital Fault Recorder which contains default credentials with admin privileges. A client configuration with remote access could allow an attacker to gain remote control of the G5DFR component and tamper outputs from the device.