August 2023
03.08.2023
US CERT (ICS)
​Sensormatic Electronics VideoEdge
Title
​Sensormatic Electronics VideoEdge
Published
Aug. 3, 2023, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-215-04
Summary
1. EXECUTIVE SUMMARY ​CVSS v3 7.1 ​ATTENTION: Low attack complexity ​Vendor: Sensormatic Electronics, LLC, a subsidiary of Johnson Controls Inc. ​Equipment: VideoEdge ​Vulnerability: Acceptance of Extraneous Untrusted Data with Trusted Data 2. RISK EVALUATION ​Successful exploitation of this vulnerability could allow a local user to edit the VideoEdge configuration file ...
02.08.2023
US CERT
2022 Top Routinely Exploited Vulnerabilities
Title
2022 Top Routinely Exploited Vulnerabilities
Published
Aug. 2, 2023, 8:57 p.m.
URL
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-215a
Summary
SUMMARY The following cybersecurity agencies coauthored this joint Cybersecurity Advisory (CSA): United States: The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Federal Bureau of Investigation (FBI) Australia: Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) Canada: Canadian Centre for Cyber Security (CCCS) New Zealand: New Zealand ...
01.08.2023
US CERT
Threat Actors Exploiting Ivanti EPMM Vulnerabilities
Title
Threat Actors Exploiting Ivanti EPMM Vulnerabilities
Published
Aug. 1, 2023, 4:42 p.m.
URL
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-213a
Summary
SUMMARY The Cybersecurity and Infrastructure Security Agency (CISA) and the Norwegian National Cyber Security Centre (NCSC-NO) are releasing this joint Cybersecurity Advisory (CSA) in response to active exploitation of CVE-2023-35078 and CVE-2023-35081. Advanced persistent threat (APT) actors exploited CVE-2023-35078 as a zero day from at least April 2023 through July ...
01.08.2023
US CERT (ICS)
​APSystems Altenergy Power Control
Title
​APSystems Altenergy Power Control
Published
Aug. 1, 2023, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-213-01
Summary
1. EXECUTIVE SUMMARY ​CVSS v3 9.8 ​ATTENTION: Exploitable remotely / low attack complexity / public exploits available ​Vendor: APSystems ​Equipment: Altenergy Power Control ​Vulnerability: OS Command Injection 2. RISK EVALUATION ​Successful exploitation of this vulnerability may allow remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ​The following versions of ...
July 2023
27.07.2023
US CERT (ICS)
PTC KEPServerEX
Title
PTC KEPServerEX
Published
July 27, 2023, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-208-02
Summary
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: PTC Equipment: KEPServerEX Vulnerability: Uncontrolled Resource Consumption 2. RISK EVALUATION Successful exploitation of this vulnerability could result in the affected device crashing. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of KEPServerEX, an industrial automation data concentrator ...
27.07.2023
US CERT (ICS)
ETIC Telecom RAS Authentication
Title
ETIC Telecom RAS Authentication
Published
July 27, 2023, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-208-01
Summary
1. EXECUTIVE SUMMARY CVSS v3 7.1 ATTENTION: Exploitable with adjacent access/low attack complexity Vendor: ETIC Telecom Equipment: Remote Access Server (RAS) Vulnerability: Insecure Default Initialization of Resource 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to reconfigure the device or cause a denial-of-service condition. 3. TECHNICAL ...
27.07.2023
US CERT (ICS)
Mitsubishi Electric CNC Series
Title
Mitsubishi Electric CNC Series
Published
July 27, 2023, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-208-03
Summary
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: CNC Series devices Vulnerability: Classic Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a malicious remote attacker to cause a denial-of-service condition and execute malicious code on the product by sending ...
27.07.2023
US CERT (ICS)
Mitsubishi Electric CNC Series (Update A)
Title
Mitsubishi Electric CNC Series (Update A)
Published
July 27, 2023, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-208-03
Summary
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: CNC Series devices Vulnerability: Classic Buffer Overflow 2. UPDATE OR REPOSTED INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-23-208-03 Mitsubishi Electric CNC Series that was published July 27, 2023, on ...
26.07.2023
US CERT
Preventing Web Application Access Control Abuse
Title
Preventing Web Application Access Control Abuse
Published
July 26, 2023, 11:10 p.m.
URL
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-208a
Summary
SUMMARY The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC), U.S. Cybersecurity and Infrastructure Security Agency (CISA), and U.S. National Security Agency (NSA) are releasing this joint Cybersecurity Advisory to warn vendors, designers, and developers of web applications and organizations using web applications about insecure direct object reference (IDOR) vulnerabilities. ...
25.07.2023
US CERT (ICS)
Johnson Controls IQ Wifi 6
Title
Johnson Controls IQ Wifi 6
Published
July 25, 2023, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-206-04
Summary
1. EXECUTIVE SUMMARY CVSS v3 8.3 ATTENTION: Low attack complexity Vendor: Johnson Controls Inc. Equipment: IQ Wifi 6 Vulnerability: Improper Restriction of Excessive Authentication Attempts 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthorized user to gain account access by conducting a brute force authentication attack. 3. ...
25.07.2023
US CERT (ICS)
Emerson ROC800 Series RTU and DL8000 Preset Controller
Title
Emerson ROC800 Series RTU and DL8000 Preset Controller
Published
July 25, 2023, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-206-03
Summary
1. EXECUTIVE SUMMARY CVSS v3 9.4 ATTENTION: Exploitable remotely/low attack complexity Vendor: Emerson Equipment: ROC800-Series RTU; including ROC800, ROC800L, and DL8000 Preset Controllers Vulnerability: Authentication Bypass 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service condition or gain unauthorized access to data or ...
25.07.2023
US CERT (ICS)
AXIS A1001
Title
AXIS A1001
Published
July 25, 2023, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-206-01
Summary
1. EXECUTIVE SUMMARY CVSS v3 7.1 ATTENTION: Exploitable from adjacent network Vendor: Axis Communications Equipment: AXIS A1001 Vulnerability: Heap-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of AXIS A1001, a ...
20.07.2023
US CERT
Threat Actors Exploiting Citrix CVE-2023-3519 to Implant Webshells
Title
Threat Actors Exploiting Citrix CVE-2023-3519 to Implant Webshells
Published
July 20, 2023, 9:28 p.m.
URL
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-201a
Summary
SUMMARY The Cybersecurity and Infrastructure Security Agency (CISA) is releasing this Cybersecurity Advisory to warn network defenders about exploitation of CVE-2023-3519, an unauthenticated remote code execution (RCE) vulnerability affecting NetScaler (formerly Citrix) Application Delivery Controller (ADC) and NetScaler Gateway. In June 2023, threat actors exploited this vulnerability as a zero-day ...
20.07.2023
US CERT (ICS)
Schneider Electric EcoStruxure Products, Modicon PLCs, and Programmable Automation Controllers
Title
Schneider Electric EcoStruxure Products, Modicon PLCs, and Programmable Automation Controllers
Published
July 20, 2023, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-201-01
Summary
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: EcoStruxure Products, Modicon PLCs, and Programmable Automation Controllers Vulnerabilities: Improper Check for Unusual or Exceptional Conditions 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker unauthorized access to components, ability to execute ...
18.07.2023
US CERT (ICS)
​GeoVision GV-ADR2701
Title
​GeoVision GV-ADR2701
Published
July 18, 2023, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-199-05
Summary
1. EXECUTIVE SUMMARY ​CVSS v3 9.8 ​ATTENTION: Exploitable remotely/low attack complexity/public exploits are available ​Vendor: GeoVision ​Equipment: GV-ADR2701 ​Vulnerabilities: Improper Authentication 2. RISK EVALUATION ​Successful exploitation of this vulnerability could allow an attacker to log in to the camera’s web application. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ​GeoVision reports this ...
18.07.2023
US CERT (ICS)
Rockwell Automation Kinetix 5700 DC Bus Power Supply
Title
Rockwell Automation Kinetix 5700 DC Bus Power Supply
Published
July 18, 2023, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-199-01
Summary
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: Kinetix 5700 Vulnerability: Uncontrolled Resource Consumption 2. RISK EVALUATION Successful exploitation of this vulnerability could result in a denial-of-service attack. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following version of Rockwell Automation Kinetix 5700 DC ...
18.07.2023
US CERT (ICS)
​Weintek Weincloud
Title
​Weintek Weincloud
Published
July 18, 2023, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-199-04
Summary
1. EXECUTIVE SUMMARY ​CVSS v3 9.8 ​ATTENTION: Exploitable remotely/low attack complexity ​Vendor: Weintek ​Equipment: Weincloud ​Vulnerabilities: Weak Password Recovery Mechanism for Forgotten Password, Improper Authentication, Improper Restriction of Excessive Authentication Attempts, Improper Handling of Structural Elements 2. RISK EVALUATION ​Successful exploitation of these vulnerabilities could allow an attacker to utilize ...
18.07.2023
US CERT (ICS)
Iagona ScrutisWeb
Title
Iagona ScrutisWeb
Published
July 18, 2023, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-199-03
Summary
1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Iagona Equipment: ScrutisWeb Vulnerabilities: Absolute Path Traversal, Authorization Bypass Through User-Controlled Key, Use of Hard-coded Cryptographic Key, Unrestricted Upload of File with Dangerous Type 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to upload ...
18.07.2023
US CERT (ICS)
​Keysight N6845A Geolocation Server
Title
​Keysight N6845A Geolocation Server
Published
July 18, 2023, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-199-02
Summary
1. EXECUTIVE SUMMARY ​CVSS v3 7.8 ​ATTENTION: Low attack complexity ​Vendor: Keysight Technologies ​Equipment: N6854A Geolocation Server ​Vulnerabilities: Exposed Dangerous Method or Function, Relative Path Traversal 2. RISK EVALUATION ​Successful exploitation of these vulnerabilities could allow an attacker to escalate privileges, execute arbitrary code, or cause a denial-of-service condition. 3. ...
18.07.2023
US CERT (ICS)
WellinTech KingHistorian
Title
WellinTech KingHistorian
Published
July 18, 2023, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-199-07
Summary
1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: WellinTech Equipment: KingHistorian Vulnerabilities: Exposure of Sensitive Information to an Unauthorized Actor, Signed to Unsigned Conversion Error 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to disclose sensitive information or send ...
13.07.2023
US CERT (ICS)
Siemens SIMATIC CN 4100
Title
Siemens SIMATIC CN 4100
Published
July 13, 2023, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-22-194-03
Summary
1. EXECUTIVE SUMMARY CVSS v3 9.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIMATIC CN 4100 Vulnerabilities: Improper Access Control, Incorrect Default Permissions 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to gain privilege escalation and bypass network isolation. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ...
13.07.2023
US CERT (ICS)
Rockwell Automation PowerMonitor 1000
Title
Rockwell Automation PowerMonitor 1000
Published
July 13, 2023, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-194-05
Summary
1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: PowerMonitor 1000 Vulnerability: Cross-site Scripting 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to achieve remote code execution and potentially the complete loss of confidentiality, integrity, and availability of the product. ...
13.07.2023
US CERT (ICS)
Siemens SiPass Integrated
Title
Siemens SiPass Integrated
Published
July 13, 2023, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-194-02
Summary
1. EXECUTIVE SUMMARY ​CVSS v3 7.5 ​ATTENTION: Exploitable remotely / low attack complexity ​Vendor: Siemens ​Equipment: SiPass Integrated ​Vulnerability: Improper Input Validation 2. RISK EVALUATION ​Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to crash the server application, creating a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED ...
13.07.2023
US CERT (ICS)
​Siemens RUGGEDCOM ROX
Title
​Siemens RUGGEDCOM ROX
Published
July 13, 2023, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-194-01
Summary
1. EXECUTIVE SUMMARY ​CVSS v3 9.8 ​ATTENTION: Exploitable remotely / low attack complexity ​Vendor: Siemens ​Equipment: RUGGEDCOM ROX ​Vulnerabilities: Cleartext Transmission of Sensitive Information, Command Injection, Improper Authentication, Classic Buffer Overflow, Uncontrolled Resource Consumption, Improper Certificate Validation, Cross-Site Request Forgery (CSRF), Improper Input Validation, Incorrect Default Permissions, Cross-site Scripting, Inadequate ...
13.07.2023
US CERT (ICS)
Honeywell Experion PKS, LX and PlantCruise
Title
Honeywell Experion PKS, LX and PlantCruise
Published
July 13, 2023, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-194-06
Summary
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Honeywell Equipment: Experion PKS, LX, and PlantCruise Vulnerabilities: Heap-based Buffer Overflow, Stack-based Buffer Overflow, Out-of-bounds Write, Uncontrolled Resource Consumption, Improper Encoding or Escaping of Output, Deserialization of Untrusted Data, Improper Input Validation, Incorrect Comparison 2. RISK EVALUATION Successful ...

Last Updates

BOSCH PSIRT
15.01.2025
SIEMENS CERT
17.04.2025
US CERT
01.04.2025
US CERT (ICS)
17.04.2025

By Source

Archive

2025
2024
2023
2022
2021
2020
2019
2018
2017

Feeds