CISA (ICS)
10/16/2025
1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION : Low attack complexity Vendor : Rockwell Automation Equipment : FactoryTalk Linx Vulnerabilities : Privilege Chaining 2. RISK EVALUATION Successful exploitation of these vulnerabilities may allow full access to all files, processes, and system resources. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Rockwell Automation …
CISA (ICS)
10/16/2025
1. EXECUTIVE SUMMARY CVSS v4 7.1 ATTENTION : Exploitable remotely/low attack complexity Vendor : Hitachi Energy Equipment : MACH GWS Vulnerabilities : Incorrect Default Permissions, Improper Validation of Integrity Check Value, Improper Certificate Validation 2. RISK EVALUATION Exploiting these vulnerabilities could allow an attacker to tamper with system files, cause …
CISA (ICS)
10/16/2025
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). 1. EXECUTIVE SUMMARY CVSS v4 …
CISA (ICS)
10/16/2025
1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION : Exploitable remotely/low attack complexity Vendor : Rockwell Automation Equipment : ArmorStart AOP Vulnerability : Uncaught Exception 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service condition on the affected product. 3. TECHNICAL DETAILS 3.1 AFFECTED …
CISA (ICS)
10/14/2025
1. EXECUTIVE SUMMARY CVSS v4 7.7 ATTENTION : Exploitable remotely/low attack complexity Vendor : Rockwell Automation Equipment : 1715 EtherNet/IP Vulnerabilities : Allocation of Resources Without Limits or Throttling, Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to cause the web server to crash, …
SIEMENS CERT
10/14/2025
SIMATIC S7-1200 CPU V1/V2 controllers contain two vulnerabilities that could allow an unauthenticated remote attacker to trigger functions by record and playback of legitimate network communication, or to place the controller in stop/defect state by causing a communications error. Siemens has released new versions for the affected products and recommends …
SIEMENS CERT
10/14/2025
SINEC NMS is affected by SQL injection vulnerability that could allow an authenticated low privileged attacker to exploit by inserting malicious data and achieve privilege escalation. Siemens has released a new version for SINEC NMS and recommends to update to the latest version.
SIEMENS CERT
10/14/2025
Siemens User Management Component (UMC) is affected by three vulnerabilities which could allow an unauthenticated remote attacker to cause a denial of service condition. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends specific …