August 2023
08.08.2023
SIEMENS CERT
SSA-407785 V1.0: Multiple X_T File Parsing Vulnerabilities in Parasolid and Teamcenter Visualization
Title
SSA-407785 V1.0: Multiple X_T File Parsing Vulnerabilities in Parasolid and Teamcenter Visualization
Published
Aug. 8, 2023, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-407785.html
Summary
Parasolid and Teamcenter Visualization are affected by memory corruption vulnerabilities that could be triggered when the application reads files in X_T format. If a user is tricked to open a malicious file with the affected applications, an attacker could leverage the vulnerability to perform remote code execution or denial of ...
08.08.2023
SIEMENS CERT
SSA-116172 V1.0: Nullsoft Scriptable Install System (NSIS) Vulnerability (CVE-2023-37378) in Parasolid Installer
Title
SSA-116172 V1.0: Nullsoft Scriptable Install System (NSIS) Vulnerability (CVE-2023-37378) in Parasolid Installer
Published
Aug. 8, 2023, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-116172.html
Summary
A vulnerability in Nullsoft Scriptable Installer System (NSIS) software (CVE-2023-37378) used in Parasolid installers before V36 creates an “uninstall directory” with insufficient access control. This could allow an attacker to misuse the vulnerability, and potentially escalate privileges. Only systems where Parasolid is installed with a Parasolid installer is impacted. Siemens ...
03.08.2023
US CERT (ICS)
​Mitsubishi Electric GOT2000 and GOT SIMPLE
Title
​Mitsubishi Electric GOT2000 and GOT SIMPLE
Published
Aug. 3, 2023, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-215-01
Summary
1. EXECUTIVE SUMMARY ​CVSS v3 5.9 ​ATTENTION: Exploitable remotely ​Vendor: Mitsubishi Electric ​Equipment: GOT2000 Series and GOT SIMPLE Series ​Vulnerability: Predictable Exact Value from Previous Values 2. RISK EVALUATION ​Successful exploitation of this vulnerability could allow an attacker to hijack data connections or prevent legitimate users from establishing data connections. ...
03.08.2023
US CERT (ICS)
TEL-STER TelWin SCADA WebInterface
Title
TEL-STER TelWin SCADA WebInterface
Published
Aug. 3, 2023, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-215-03
Summary
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: TEL-STER Sp. z o. o. Equipment: TelWin SCADA WebInterface Vulnerability: Path Traversal 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated attacker to read files on the system. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS TEL-STER ...
03.08.2023
US CERT (ICS)
​Sensormatic Electronics VideoEdge
Title
​Sensormatic Electronics VideoEdge
Published
Aug. 3, 2023, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-215-04
Summary
1. EXECUTIVE SUMMARY ​CVSS v3 7.1 ​ATTENTION: Low attack complexity ​Vendor: Sensormatic Electronics, LLC, a subsidiary of Johnson Controls Inc. ​Equipment: VideoEdge ​Vulnerability: Acceptance of Extraneous Untrusted Data with Trusted Data 2. RISK EVALUATION ​Successful exploitation of this vulnerability could allow a local user to edit the VideoEdge configuration file ...
03.08.2023
US CERT (ICS)
​Mitsubishi Electric GT and GOT Series Products
Title
​Mitsubishi Electric GT and GOT Series Products
Published
Aug. 3, 2023, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-215-02
Summary
1. EXECUTIVE SUMMARY ​CVSS v3 7.5 ​ATTENTION: Exploitable remotely/low attack complexity ​Vendor: Mitsubishi Electric ​Equipment: GT Designer3, GOT2000 Series, GOT SIMPLE Series, and GT SoftGOT2000 ​Vulnerability: Weak Encoding for Password 2. RISK EVALUATION ​Successful exploitation of this vulnerability could allow an attacker to obtain plaintext passwords by sniffing packets containing ...
02.08.2023
US CERT
2022 Top Routinely Exploited Vulnerabilities
Title
2022 Top Routinely Exploited Vulnerabilities
Published
Aug. 2, 2023, 8:57 p.m.
URL
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-215a
Summary
SUMMARY The following cybersecurity agencies coauthored this joint Cybersecurity Advisory (CSA): United States: The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Federal Bureau of Investigation (FBI) Australia: Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) Canada: Canadian Centre for Cyber Security (CCCS) New Zealand: New Zealand ...
01.08.2023
US CERT
Threat Actors Exploiting Ivanti EPMM Vulnerabilities
Title
Threat Actors Exploiting Ivanti EPMM Vulnerabilities
Published
Aug. 1, 2023, 4:42 p.m.
URL
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-213a
Summary
SUMMARY The Cybersecurity and Infrastructure Security Agency (CISA) and the Norwegian National Cyber Security Centre (NCSC-NO) are releasing this joint Cybersecurity Advisory (CSA) in response to active exploitation of CVE-2023-35078 and CVE-2023-35081. Advanced persistent threat (APT) actors exploited CVE-2023-35078 as a zero day from at least April 2023 through July ...
01.08.2023
US CERT (ICS)
​APSystems Altenergy Power Control
Title
​APSystems Altenergy Power Control
Published
Aug. 1, 2023, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-213-01
Summary
1. EXECUTIVE SUMMARY ​CVSS v3 9.8 ​ATTENTION: Exploitable remotely / low attack complexity / public exploits available ​Vendor: APSystems ​Equipment: Altenergy Power Control ​Vulnerability: OS Command Injection 2. RISK EVALUATION ​Successful exploitation of this vulnerability may allow remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ​The following versions of ...
July 2023
27.07.2023
US CERT (ICS)
PTC KEPServerEX
Title
PTC KEPServerEX
Published
July 27, 2023, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-208-02
Summary
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: PTC Equipment: KEPServerEX Vulnerability: Uncontrolled Resource Consumption 2. RISK EVALUATION Successful exploitation of this vulnerability could result in the affected device crashing. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of KEPServerEX, an industrial automation data concentrator ...
27.07.2023
US CERT (ICS)
Mitsubishi Electric CNC Series (Update A)
Title
Mitsubishi Electric CNC Series (Update A)
Published
July 27, 2023, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-208-03
Summary
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: CNC Series devices Vulnerability: Classic Buffer Overflow 2. UPDATE OR REPOSTED INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-23-208-03 Mitsubishi Electric CNC Series that was published July 27, 2023, on ...
27.07.2023
US CERT (ICS)
Mitsubishi Electric CNC Series
Title
Mitsubishi Electric CNC Series
Published
July 27, 2023, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-208-03
Summary
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: CNC Series devices Vulnerability: Classic Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a malicious remote attacker to cause a denial-of-service condition and execute malicious code on the product by sending ...
27.07.2023
US CERT (ICS)
ETIC Telecom RAS Authentication
Title
ETIC Telecom RAS Authentication
Published
July 27, 2023, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-208-01
Summary
1. EXECUTIVE SUMMARY CVSS v3 7.1 ATTENTION: Exploitable with adjacent access/low attack complexity Vendor: ETIC Telecom Equipment: Remote Access Server (RAS) Vulnerability: Insecure Default Initialization of Resource 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to reconfigure the device or cause a denial-of-service condition. 3. TECHNICAL ...
26.07.2023
US CERT
Preventing Web Application Access Control Abuse
Title
Preventing Web Application Access Control Abuse
Published
July 26, 2023, 11:10 p.m.
URL
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-208a
Summary
SUMMARY The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC), U.S. Cybersecurity and Infrastructure Security Agency (CISA), and U.S. National Security Agency (NSA) are releasing this joint Cybersecurity Advisory to warn vendors, designers, and developers of web applications and organizations using web applications about insecure direct object reference (IDOR) vulnerabilities. ...
25.07.2023
US CERT (ICS)
Johnson Controls IQ Wifi 6
Title
Johnson Controls IQ Wifi 6
Published
July 25, 2023, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-206-04
Summary
1. EXECUTIVE SUMMARY CVSS v3 8.3 ATTENTION: Low attack complexity Vendor: Johnson Controls Inc. Equipment: IQ Wifi 6 Vulnerability: Improper Restriction of Excessive Authentication Attempts 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthorized user to gain account access by conducting a brute force authentication attack. 3. ...
25.07.2023
US CERT (ICS)
Emerson ROC800 Series RTU and DL8000 Preset Controller
Title
Emerson ROC800 Series RTU and DL8000 Preset Controller
Published
July 25, 2023, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-206-03
Summary
1. EXECUTIVE SUMMARY CVSS v3 9.4 ATTENTION: Exploitable remotely/low attack complexity Vendor: Emerson Equipment: ROC800-Series RTU; including ROC800, ROC800L, and DL8000 Preset Controllers Vulnerability: Authentication Bypass 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service condition or gain unauthorized access to data or ...
25.07.2023
US CERT (ICS)
AXIS A1001
Title
AXIS A1001
Published
July 25, 2023, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-206-01
Summary
1. EXECUTIVE SUMMARY CVSS v3 7.1 ATTENTION: Exploitable from adjacent network Vendor: Axis Communications Equipment: AXIS A1001 Vulnerability: Heap-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of AXIS A1001, a ...
20.07.2023
US CERT
Threat Actors Exploiting Citrix CVE-2023-3519 to Implant Webshells
Title
Threat Actors Exploiting Citrix CVE-2023-3519 to Implant Webshells
Published
July 20, 2023, 9:28 p.m.
URL
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-201a
Summary
SUMMARY The Cybersecurity and Infrastructure Security Agency (CISA) is releasing this Cybersecurity Advisory to warn network defenders about exploitation of CVE-2023-3519, an unauthenticated remote code execution (RCE) vulnerability affecting NetScaler (formerly Citrix) Application Delivery Controller (ADC) and NetScaler Gateway. In June 2023, threat actors exploited this vulnerability as a zero-day ...
20.07.2023
US CERT (ICS)
Schneider Electric EcoStruxure Products, Modicon PLCs, and Programmable Automation Controllers
Title
Schneider Electric EcoStruxure Products, Modicon PLCs, and Programmable Automation Controllers
Published
July 20, 2023, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-201-01
Summary
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: EcoStruxure Products, Modicon PLCs, and Programmable Automation Controllers Vulnerabilities: Improper Check for Unusual or Exceptional Conditions 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker unauthorized access to components, ability to execute ...
18.07.2023
US CERT (ICS)
Iagona ScrutisWeb
Title
Iagona ScrutisWeb
Published
July 18, 2023, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-199-03
Summary
1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Iagona Equipment: ScrutisWeb Vulnerabilities: Absolute Path Traversal, Authorization Bypass Through User-Controlled Key, Use of Hard-coded Cryptographic Key, Unrestricted Upload of File with Dangerous Type 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to upload ...
18.07.2023
US CERT (ICS)
WellinTech KingHistorian
Title
WellinTech KingHistorian
Published
July 18, 2023, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-199-07
Summary
1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: WellinTech Equipment: KingHistorian Vulnerabilities: Exposure of Sensitive Information to an Unauthorized Actor, Signed to Unsigned Conversion Error 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to disclose sensitive information or send ...
18.07.2023
US CERT (ICS)
Rockwell Automation Kinetix 5700 DC Bus Power Supply
Title
Rockwell Automation Kinetix 5700 DC Bus Power Supply
Published
July 18, 2023, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-199-01
Summary
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: Kinetix 5700 Vulnerability: Uncontrolled Resource Consumption 2. RISK EVALUATION Successful exploitation of this vulnerability could result in a denial-of-service attack. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following version of Rockwell Automation Kinetix 5700 DC ...
18.07.2023
US CERT (ICS)
​GeoVision GV-ADR2701
Title
​GeoVision GV-ADR2701
Published
July 18, 2023, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-199-05
Summary
1. EXECUTIVE SUMMARY ​CVSS v3 9.8 ​ATTENTION: Exploitable remotely/low attack complexity/public exploits are available ​Vendor: GeoVision ​Equipment: GV-ADR2701 ​Vulnerabilities: Improper Authentication 2. RISK EVALUATION ​Successful exploitation of this vulnerability could allow an attacker to log in to the camera’s web application. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ​GeoVision reports this ...
18.07.2023
US CERT (ICS)
​Keysight N6845A Geolocation Server
Title
​Keysight N6845A Geolocation Server
Published
July 18, 2023, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-199-02
Summary
1. EXECUTIVE SUMMARY ​CVSS v3 7.8 ​ATTENTION: Low attack complexity ​Vendor: Keysight Technologies ​Equipment: N6854A Geolocation Server ​Vulnerabilities: Exposed Dangerous Method or Function, Relative Path Traversal 2. RISK EVALUATION ​Successful exploitation of these vulnerabilities could allow an attacker to escalate privileges, execute arbitrary code, or cause a denial-of-service condition. 3. ...
18.07.2023
US CERT (ICS)
​Weintek Weincloud
Title
​Weintek Weincloud
Published
July 18, 2023, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-199-04
Summary
1. EXECUTIVE SUMMARY ​CVSS v3 9.8 ​ATTENTION: Exploitable remotely/low attack complexity ​Vendor: Weintek ​Equipment: Weincloud ​Vulnerabilities: Weak Password Recovery Mechanism for Forgotten Password, Improper Authentication, Improper Restriction of Excessive Authentication Attempts, Improper Handling of Structural Elements 2. RISK EVALUATION ​Successful exploitation of these vulnerabilities could allow an attacker to utilize ...

Last Updates

BOSCH PSIRT
10.06.2025
SIEMENS CERT
16.06.2025
US CERT
12.06.2025
US CERT (ICS)
12.06.2025

By Source

Archive

2025
2024
2023
2022
2021
2020
2019
2018
2017

Feeds