February 2025
20.02.2025
US CERT (ICS)
Rapid Response Monitoring My Security Account App
Title
Rapid Response Monitoring My Security Account App
Published
Feb. 20, 2025, 1 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-051-05
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rapid Response Monitoring Equipment: My Security Account App Vulnerability: Authorization Bypass Through User-Controlled Key 2. RISK EVALUATION Successful exploitation of this vulnerability could allow attacker to access sensitive information of other users. 3. TECHNICAL DETAILS 3.1 ...
20.02.2025
US CERT (ICS)
Carrier Block Load
Title
Carrier Block Load
Published
Feb. 20, 2025, 1 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-051-03
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Carrier Equipment: Block Load Vulnerability: Uncontrolled Search Path Element 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a malicious actor to execute arbitrary code with escalated privileges . 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ...
20.02.2025
US CERT (ICS)
ABB FLXEON Controllers
Title
ABB FLXEON Controllers
Published
Feb. 20, 2025, 1 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-051-02
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: ABB Equipment: FLXEON Controllers Vulnerabilities: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion'), Missing Origin Validation in WebSockets, Insertion of Sensitive Information into Log File 2. RISK EVALUATION Successful exploitation ...
20.02.2025
US CERT (ICS)
ABB ASPECT-Enterprise, NEXUS, and MATRIX Series
Title
ABB ASPECT-Enterprise, NEXUS, and MATRIX Series
Published
Feb. 20, 2025, 1 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-051-01
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: ABB Equipment: ASPECT-Enterprise, NEXUS, and MATRIX series Vulnerability: Use of Hard-coded Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to obtain access to devices without proper authentication. 3. TECHNICAL DETAILS 3.1 ...
20.02.2025
US CERT (ICS)
Elseta Vinci Protocol Analyzer
Title
Elseta Vinci Protocol Analyzer
Published
Feb. 20, 2025, 1 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-051-06
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.4 ATTENTION: Exploitable remotely/low attack complexity Vendor: Elseta Equipment: Vinci Protocol Analyzer Vulnerability: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to escalate privileges and perform ...
13.02.2025
US CERT (ICS)
Siemens SIMATIC PCS neo and TIA Administrator
Title
Siemens SIMATIC PCS neo and TIA Administrator
Published
Feb. 13, 2025, 1 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-044-13
Summary
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY ...
13.02.2025
US CERT (ICS)
Siemens SIMATIC S7-1200 CPU Family
Title
Siemens SIMATIC S7-1200 CPU Family
Published
Feb. 13, 2025, 1 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-044-01
Summary
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY ...
13.02.2025
US CERT (ICS)
Siemens SCALANCE W700
Title
Siemens SCALANCE W700
Published
Feb. 13, 2025, 1 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-044-09
Summary
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY ...
13.02.2025
US CERT (ICS)
Siemens SIMATIC IPC DiagBase and SIMATIC IPC DiagMonitor
Title
Siemens SIMATIC IPC DiagBase and SIMATIC IPC DiagMonitor
Published
Feb. 13, 2025, 1 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-044-12
Summary
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY ...
13.02.2025
US CERT (ICS)
Siemens Opcenter Intelligence
Title
Siemens Opcenter Intelligence
Published
Feb. 13, 2025, 1 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-044-14
Summary
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY ...
13.02.2025
US CERT (ICS)
Siemens APOGEE PXC and TALON TC Series
Title
Siemens APOGEE PXC and TALON TC Series
Published
Feb. 13, 2025, 1 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-044-11
Summary
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY ...
13.02.2025
US CERT (ICS)
Outback Power Mojave Inverter
Title
Outback Power Mojave Inverter
Published
Feb. 13, 2025, 1 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-044-17
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Outback Power Equipment: Mojave Inverter Vulnerabilities: Use of GET Request Method With Sensitive Query Strings, Exposure of Sensitive Information to an Unauthorized Actor, Command Injection 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an ...
13.02.2025
US CERT (ICS)
Siemens SIPROTEC 5
Title
Siemens SIPROTEC 5
Published
Feb. 13, 2025, 1 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-044-03
Summary
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY ...
13.02.2025
US CERT (ICS)
Siemens OpenV2G
Title
Siemens OpenV2G
Published
Feb. 13, 2025, 1 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-044-08
Summary
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY ...
13.02.2025
US CERT (ICS)
ORing IAP-420
Title
ORing IAP-420
Published
Feb. 13, 2025, 1 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-044-15
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.6 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: ORing Equipment: IAP-20 Vulnerabilities: Cross-site Scripting, Command Injection 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to invoke commands to compromise the device via the management interface. 3. TECHNICAL ...
13.02.2025
US CERT (ICS)
Dingtian DT-R0 Series
Title
Dingtian DT-R0 Series
Published
Feb. 13, 2025, 1 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-044-18
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Dingtian Equipment: DT-R0 Series Vulnerability: Authentication Bypass Using an Alternate Path or Channel 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated attacker to modify the device settings and gain administrator access. 3. ...
06.02.2025
US CERT (ICS)
Trimble Cityworks
Title
Trimble Cityworks
Published
Feb. 6, 2025, 1 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-037-04
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.6 ATTENTION: Exploitable remotely/low attack complexity/known public exploitation Vendor: Trimble Equipment: Cityworks Vulnerability: Deserialization of Untrusted Data 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an authenticated user to perform a remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The ...
06.02.2025
US CERT (ICS)
Schneider Electric EcoStruxure Power Monitoring Expert (PME)
Title
Schneider Electric EcoStruxure Power Monitoring Expert (PME)
Published
Feb. 6, 2025, 1 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-037-01
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.1 ATTENTION: Exploitable remotely Vendor: Schneider Electric Equipment: EcoStruxure Power Monitoring Expert (PME) Vulnerability: Deserialization of Untrusted Data 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to remotely execute code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Schneider Electric reports ...
06.02.2025
US CERT (ICS)
Trimble Cityworks (Update A)
Title
Trimble Cityworks (Update A)
Published
Feb. 6, 2025, 1 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-037-04
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.6 ATTENTION: Exploitable remotely/low attack complexity/known public exploitation Vendor: Trimble Equipment: Cityworks Vulnerability: Deserialization of Untrusted Data 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an authenticated user to perform a remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The ...
06.02.2025
US CERT (ICS)
ABB Drive Composer
Title
ABB Drive Composer
Published
Feb. 6, 2025, 1 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-037-03
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: ABB Equipment: Drive Composer Vulnerability: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') 2. RISK EVALUATION Successful exploitation of this vulnerability could allow attackers unauthorized access to the file system on the host ...
04.02.2025
US CERT (ICS)
Schneider Electric Pro-face GP-Pro EX and Remote HMI
Title
Schneider Electric Pro-face GP-Pro EX and Remote HMI
Published
Feb. 4, 2025, 1 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-035-07
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.1 ATTENTION: Exploitable remotely Vendor: Schneider Electric Equipment: Pro-face GP-Pro EX and Remote HMI Vulnerability: Improper Enforcement of Message Integrity During Transmission in a Communication Channel 2. RISK EVALUATION Successful exploitation of this vulnerability could allow man-in-the-middle attacks, resulting in information disclosure, integrity ...
04.02.2025
US CERT (ICS)
Rockwell Automation GuardLogix 5380 and 5580 (Update A)
Title
Rockwell Automation GuardLogix 5380 and 5580 (Update A)
Published
Feb. 4, 2025, 1 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-035-02
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: GuardLogix 5380 and 5580 Vulnerability: Improper Handling of Exceptional Conditions 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote, non-privileged user to send malicious requests resulting in a major nonrecoverable ...
04.02.2025
US CERT (ICS)
Schneider Electric Modicon M580 PLCs, BMENOR2200H and EVLink Pro AC
Title
Schneider Electric Modicon M580 PLCs, BMENOR2200H and EVLink Pro AC
Published
Feb. 4, 2025, 1 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-035-04
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: Modicon M580 PLCs, BMENOR2200H and EVLink Pro AC Vulnerability: Incorrect Calculation of Buffer Size 2. RISK EVALUATION Successful exploitation of this vulnerability could cause a denial-of-service of the product when an unauthenticated user ...
04.02.2025
US CERT (ICS)
AutomationDirect C-more EA9 HMI
Title
AutomationDirect C-more EA9 HMI
Published
Feb. 4, 2025, 1 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-035-08
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: AutomationDirect Equipment: C-more EA9 HMI Vulnerability: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service condition or achieve remote ...
04.02.2025
US CERT (ICS)
Schneider Electric Modicon M340 and BMXNOE0100/0110, BMXNOR0200H
Title
Schneider Electric Modicon M340 and BMXNOE0100/0110, BMXNOR0200H
Published
Feb. 4, 2025, 1 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-035-06
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: Modicon M340 and BMXNOE0100/0110, BMXNOR0200H Vulnerability: Exposure of Sensitive Information to an Unauthorized Actor 2. RISK EVALUATION Successful exploitation of this vulnerability could cause information disclosure of a restricted web page, modification of ...

Last Updates

BOSCH PSIRT
15.01.2025
SIEMENS CERT
19.02.2025
US CERT
19.02.2025
US CERT (ICS)
20.02.2025

By Source

Archive

2025
2024
2023
2022
2021
2020
2019
2018
2017

Feeds