SIEMENS CERT
05/13/2025
BACnet ATEC devices are affected by a denial of service vulnerability that could be triggered by an attacker residing in the same BACnet network by sending a specially crafted MSTP message. A power cycle is required to restore the device’s normal operation. Siemens recommends countermeasures for products where fixes are …
SIEMENS CERT
05/13/2025
Palo Alto Networks has published [1] information on vulnerabilities in PAN-OS. This advisory lists the related Siemens Industrial products affected by these vulnerabilities. Siemens has released a new version of Palo Alto Networks Virtual NGFW for RUGGEDCOM APE1808 and recommends to update to the latest version. Customers are advised to …
US CERT
05/12/2025
Executive Summary This joint cybersecurity advisory (CSA) highlights a Russian state-sponsored cyber campaign targeting Western logistics entities and technology companies. This includes those involved in the coordination, transport, and delivery of foreign assistance to Ukraine. Since 2022, Western logistics entities and IT companies have faced an elevated risk of targeting …
BOSCH PSIRT
04/25/2025
BOSCH-SA-640452: The base ctrlX OS apps Device Admin and Solutions contain multiple vulnerabilities. In a worst case scenario, a remote authenticated (low-privileged) attacker might be able to execute arbitrary OS commands running with higher privileges. The vulnerabilities have been uncovered and disclosed responsibly by Nozomi. We thank them for making …
CISA (ICS)
04/24/2025
1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION : Exploitable remotely/low attack complexity Vendor : Nice Equipment : Linear eMerge E3 Vulnerability : Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute arbitrary …
CISA (ICS)
04/24/2025
1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Planet Technology Equipment: Planet Technology Network Products Vulnerabilities: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'), Use of Hard-coded Credentials, Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of these vulnerabilities …
CISA (ICS)
04/24/2025
1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION : Exploitable remotely/low attack complexity Vendor : Schneider Electric Equipment : Modicon M580, Modicon M340, Modicon Premium, and Modicon Quantum Vulnerabilities : Trust Boundary Violation, Uncaught Exception, Exposure of Sensitive Information to an Unauthorized Actor, Authentication Bypass by Spoofing, Improper Access Control, Reliance …
CISA (ICS)
04/24/2025
1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION : Exploitable remotely/low attack complexity Vendor : ALBEDO Telecom Equipment : Net.Time - PTP/NTP clock Vulnerability : Insufficient Session Expiration 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to transmit passwords over unencrypted connections, resulting in the product becoming …