CISA (ICS)
12/04/2025
1. EXECUTIVE SUMMARY CVSS v4 8.3 ATTENTION : Exploitable remotely/low attack complexity Vendor : SolisCloud Equipment : Monitoring Platform (Cloud API & Device Control API) Vulnerability : Authorization Bypass Through User-Controlled Key 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to access sensitive information by manipulating …
CISA (ICS)
12/04/2025
1. EXECUTIVE SUMMARY CVSS v4 7.1 ATTENTION : Low attack complexity Vendor : Johnson Controls Inc. Equipment : iSTAR eX, iSTAR Edge, iSTAR Ultra LT, iSTAR Ultra, iSTAR Ultra SE Vulnerability : Improper Validation of Certificate Expiration 2. RISK EVALUATION Successful exploitation of this vulnerability could result in the product …
CISA (ICS)
12/04/2025
1. EXECUTIVE SUMMARY CVSS v4 6.8 ATTENTION : Low attack complexity Vendor : Mitsubishi Electric Equipment : GX Works2 Vulnerability : Cleartext Storage of Sensitive Information 2. RISK EVALUATION Successful exploitation of this vulnerability could open project files protected by user authentication using disclosed credential information, and obtain or modify …
CISA (ICS)
12/04/2025
1. EXECUTIVE SUMMARY CVSS v4 6.5 ATTENTION : Exploitable remotely/low attack complexity Vendor : Johnson Controls Inc. Equipment : OpenBlue Mobile Web Application for OpenBlue Workplace Vulnerability : Direct Request ('Forced Browsing') 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to gain unauthorized access to sensitive …
CISA (ICS)
12/02/2025
1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION : Exploitable remotely/low attack complexity Vendor : Iskra Equipment : iHUB and iHUB Lite Vulnerability : Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote attacker to reconfigure devices, update firmware, and manipulate connected systems …
CISA (ICS)
12/02/2025
1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION : Exploitable remotely/low attack complexity Vendor : Industrial Video & Control Equipment : Longwatch Vulnerability : IMPROPER CONTROL OF GENERATION OF CODE ('CODE INJECTION') 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated attacker to gain remote code execution with …
CISA (ICS)
11/25/2025
1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION : Low attack complexity Vendor : Ashlar-Vellum Equipment : Cobalt, Xenon, Argon, Lithium, Cobalt Share Vulnerabilities : Out-of-Bounds Write, Heap-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to disclose information or execute arbitrary code. 3. TECHNICAL …
CISA (ICS)
11/25/2025
1. EXECUTIVE SUMMARY CVSS v4 7.1 ATTENTION : Exploitable from a local network Vendor : Rockwell Automation Equipment : Arena Simulation Vulnerability : Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could allow local attackers to execute arbitrary code on affected installations of Arena. 3. TECHNICAL DETAILS …