August 2023
10.08.2023
US CERT (ICS)
​Siemens Solid Edge SE2023
Title
​Siemens Solid Edge SE2023
Published
Aug. 10, 2023, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-222-11
Summary
1. EXECUTIVE SUMMARY ​CVSS v3 7.8 ​ATTENTION: Low attack complexity ​Vendor: Siemens ​Equipment: Solid Edge ​Vulnerabilities: Out-of-bounds Write, Out-of-bounds Read 2. RISK EVALUATION ​Successful exploitation of these vulnerabilities could allow an attacker to crash the application or execute arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ​The following products from ...
10.08.2023
US CERT (ICS)
Siemens Parasolid and Teamcenter Visualization
Title
Siemens Parasolid and Teamcenter Visualization
Published
Aug. 10, 2023, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-222-06
Summary
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Siemens Equipment: Parasolid and Teamcenter Visualization Vulnerabilities: NULL Pointer Dereference, Out-of-bounds Read, Out-of-bounds Write, Allocation of Resources without Limits or Throttling 2. RISK EVALUATION An attacker could successfully exploit these vulnerabilities by tricking a user into opening a malicious ...
10.08.2023
US CERT (ICS)
Siemens OpenSSL RSA Decryption in SIMATIC
Title
Siemens OpenSSL RSA Decryption in SIMATIC
Published
Aug. 10, 2023, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-222-09
Summary
1. EXECUTIVE SUMMARY ​CVSS v3 5.9 ​ATTENTION: Exploitable remotely ​Vendor: Siemens ​Equipment: SIMATIC, SIPLUS ​Vulnerability: Inadequate Encryption Strength 2. RISK EVALUATION ​Successful exploitation of this vulnerability could allow an attacker to recover the product’s connection secret. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ​The following products from Siemens are affected: ​SIMATIC ...
10.08.2023
US CERT (ICS)
Siemens RUGGEDCOM CROSSBOW
Title
Siemens RUGGEDCOM CROSSBOW
Published
Aug. 10, 2023, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-222-05
Summary
1. EXECUTIVE SUMMARY ​CVSS v3 9.8 ​ATTENTION: Exploitable remotely/low attack complexity ​Vendor: Siemens ​Equipment: RUGGEDCOM CROSSBOW ​Vulnerabilities: Out-of-bounds Read, Improper Privilege Management, SQL Injection, Missing Authentication for Critical Function 2. RISK EVALUATION ​Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary database queries via SQL injection attacks, ...
10.08.2023
US CERT (ICS)
​Siemens Solid Edge, JT2Go, and Teamcenter Visualization
Title
​Siemens Solid Edge, JT2Go, and Teamcenter Visualization
Published
Aug. 10, 2023, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-222-01
Summary
1. EXECUTIVE SUMMARY ​CVSS v3 7.8 ​ATTENTION: Low attack complexity ​Vendor: Siemens ​Equipment: Solid Edge, JT2Go, and Teamcenter Visualization ​Vulnerabilities: Use After Free, Out-of-bounds Read, Out-of-bounds Write 2. RISK EVALUATION ​Successful exploitation of these vulnerabilities could allow an attacker to execute code in the context of the current process. 3. ...
08.08.2023
US CERT (ICS)
​Schneider Electric IGSS
Title
​Schneider Electric IGSS
Published
Aug. 8, 2023, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-220-01
Summary
1. EXECUTIVE SUMMARY ​CVSS v3 7.8 ​ATTENTION: low attack complexity ​Vendor: Schneider Electric ​Equipment: IGSS (Interactive Graphical SCADA System) ​Vulnerability: Deserialization of Untrusted Data 2. RISK EVALUATION ​Successful exploitation of this vulnerability may allow arbitrary code execution or loss of control of the SCADA system. 3. TECHNICAL DETAILS 3.1 AFFECTED ...
08.08.2023
US CERT (ICS)
​Hitachi Energy RTU500 series
Title
​Hitachi Energy RTU500 series
Published
Aug. 8, 2023, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-220-02
Summary
1. EXECUTIVE SUMMARY ​CVSS v3 7.5 ​ATTENTION: Exploitable remotely/low attack complexity ​Vendor: Hitachi Energy ​Equipment: RTU500 series ​Vulnerabilities: Stack-based Buffer Overflow 2. RISK EVALUATION ​Successful exploitation of these vulnerabilities could cause a buffer overflow and reboot of the product. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ​Hitachi Energy reports these vulnerabilities ...
03.08.2023
US CERT (ICS)
TEL-STER TelWin SCADA WebInterface
Title
TEL-STER TelWin SCADA WebInterface
Published
Aug. 3, 2023, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-215-03
Summary
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: TEL-STER Sp. z o. o. Equipment: TelWin SCADA WebInterface Vulnerability: Path Traversal 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated attacker to read files on the system. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS TEL-STER ...
03.08.2023
US CERT (ICS)
​Mitsubishi Electric GT and GOT Series Products
Title
​Mitsubishi Electric GT and GOT Series Products
Published
Aug. 3, 2023, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-215-02
Summary
1. EXECUTIVE SUMMARY ​CVSS v3 7.5 ​ATTENTION: Exploitable remotely/low attack complexity ​Vendor: Mitsubishi Electric ​Equipment: GT Designer3, GOT2000 Series, GOT SIMPLE Series, and GT SoftGOT2000 ​Vulnerability: Weak Encoding for Password 2. RISK EVALUATION ​Successful exploitation of this vulnerability could allow an attacker to obtain plaintext passwords by sniffing packets containing ...
03.08.2023
US CERT (ICS)
​Mitsubishi Electric GOT2000 and GOT SIMPLE
Title
​Mitsubishi Electric GOT2000 and GOT SIMPLE
Published
Aug. 3, 2023, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-215-01
Summary
1. EXECUTIVE SUMMARY ​CVSS v3 5.9 ​ATTENTION: Exploitable remotely ​Vendor: Mitsubishi Electric ​Equipment: GOT2000 Series and GOT SIMPLE Series ​Vulnerability: Predictable Exact Value from Previous Values 2. RISK EVALUATION ​Successful exploitation of this vulnerability could allow an attacker to hijack data connections or prevent legitimate users from establishing data connections. ...
03.08.2023
US CERT (ICS)
​Sensormatic Electronics VideoEdge
Title
​Sensormatic Electronics VideoEdge
Published
Aug. 3, 2023, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-215-04
Summary
1. EXECUTIVE SUMMARY ​CVSS v3 7.1 ​ATTENTION: Low attack complexity ​Vendor: Sensormatic Electronics, LLC, a subsidiary of Johnson Controls Inc. ​Equipment: VideoEdge ​Vulnerability: Acceptance of Extraneous Untrusted Data with Trusted Data 2. RISK EVALUATION ​Successful exploitation of this vulnerability could allow a local user to edit the VideoEdge configuration file ...
01.08.2023
US CERT (ICS)
​APSystems Altenergy Power Control
Title
​APSystems Altenergy Power Control
Published
Aug. 1, 2023, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-213-01
Summary
1. EXECUTIVE SUMMARY ​CVSS v3 9.8 ​ATTENTION: Exploitable remotely / low attack complexity / public exploits available ​Vendor: APSystems ​Equipment: Altenergy Power Control ​Vulnerability: OS Command Injection 2. RISK EVALUATION ​Successful exploitation of this vulnerability may allow remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ​The following versions of ...
July 2023
27.07.2023
US CERT (ICS)
ETIC Telecom RAS Authentication
Title
ETIC Telecom RAS Authentication
Published
July 27, 2023, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-208-01
Summary
1. EXECUTIVE SUMMARY CVSS v3 7.1 ATTENTION: Exploitable with adjacent access/low attack complexity Vendor: ETIC Telecom Equipment: Remote Access Server (RAS) Vulnerability: Insecure Default Initialization of Resource 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to reconfigure the device or cause a denial-of-service condition. 3. TECHNICAL ...
27.07.2023
US CERT (ICS)
PTC KEPServerEX
Title
PTC KEPServerEX
Published
July 27, 2023, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-208-02
Summary
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: PTC Equipment: KEPServerEX Vulnerability: Uncontrolled Resource Consumption 2. RISK EVALUATION Successful exploitation of this vulnerability could result in the affected device crashing. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of KEPServerEX, an industrial automation data concentrator ...
27.07.2023
US CERT (ICS)
Mitsubishi Electric CNC Series (Update A)
Title
Mitsubishi Electric CNC Series (Update A)
Published
July 27, 2023, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-208-03
Summary
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: CNC Series devices Vulnerability: Classic Buffer Overflow 2. UPDATE OR REPOSTED INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-23-208-03 Mitsubishi Electric CNC Series that was published July 27, 2023, on ...
27.07.2023
US CERT (ICS)
Mitsubishi Electric CNC Series
Title
Mitsubishi Electric CNC Series
Published
July 27, 2023, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-208-03
Summary
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: CNC Series devices Vulnerability: Classic Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a malicious remote attacker to cause a denial-of-service condition and execute malicious code on the product by sending ...
25.07.2023
US CERT (ICS)
Johnson Controls IQ Wifi 6
Title
Johnson Controls IQ Wifi 6
Published
July 25, 2023, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-206-04
Summary
1. EXECUTIVE SUMMARY CVSS v3 8.3 ATTENTION: Low attack complexity Vendor: Johnson Controls Inc. Equipment: IQ Wifi 6 Vulnerability: Improper Restriction of Excessive Authentication Attempts 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthorized user to gain account access by conducting a brute force authentication attack. 3. ...
25.07.2023
US CERT (ICS)
AXIS A1001
Title
AXIS A1001
Published
July 25, 2023, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-206-01
Summary
1. EXECUTIVE SUMMARY CVSS v3 7.1 ATTENTION: Exploitable from adjacent network Vendor: Axis Communications Equipment: AXIS A1001 Vulnerability: Heap-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of AXIS A1001, a ...
25.07.2023
US CERT (ICS)
Emerson ROC800 Series RTU and DL8000 Preset Controller
Title
Emerson ROC800 Series RTU and DL8000 Preset Controller
Published
July 25, 2023, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-206-03
Summary
1. EXECUTIVE SUMMARY CVSS v3 9.4 ATTENTION: Exploitable remotely/low attack complexity Vendor: Emerson Equipment: ROC800-Series RTU; including ROC800, ROC800L, and DL8000 Preset Controllers Vulnerability: Authentication Bypass 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service condition or gain unauthorized access to data or ...
20.07.2023
US CERT (ICS)
Schneider Electric EcoStruxure Products, Modicon PLCs, and Programmable Automation Controllers
Title
Schneider Electric EcoStruxure Products, Modicon PLCs, and Programmable Automation Controllers
Published
July 20, 2023, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-201-01
Summary
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: EcoStruxure Products, Modicon PLCs, and Programmable Automation Controllers Vulnerabilities: Improper Check for Unusual or Exceptional Conditions 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker unauthorized access to components, ability to execute ...
18.07.2023
US CERT (ICS)
​Keysight N6845A Geolocation Server
Title
​Keysight N6845A Geolocation Server
Published
July 18, 2023, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-199-02
Summary
1. EXECUTIVE SUMMARY ​CVSS v3 7.8 ​ATTENTION: Low attack complexity ​Vendor: Keysight Technologies ​Equipment: N6854A Geolocation Server ​Vulnerabilities: Exposed Dangerous Method or Function, Relative Path Traversal 2. RISK EVALUATION ​Successful exploitation of these vulnerabilities could allow an attacker to escalate privileges, execute arbitrary code, or cause a denial-of-service condition. 3. ...
18.07.2023
US CERT (ICS)
​Weintek Weincloud
Title
​Weintek Weincloud
Published
July 18, 2023, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-199-04
Summary
1. EXECUTIVE SUMMARY ​CVSS v3 9.8 ​ATTENTION: Exploitable remotely/low attack complexity ​Vendor: Weintek ​Equipment: Weincloud ​Vulnerabilities: Weak Password Recovery Mechanism for Forgotten Password, Improper Authentication, Improper Restriction of Excessive Authentication Attempts, Improper Handling of Structural Elements 2. RISK EVALUATION ​Successful exploitation of these vulnerabilities could allow an attacker to utilize ...
18.07.2023
US CERT (ICS)
​GeoVision GV-ADR2701
Title
​GeoVision GV-ADR2701
Published
July 18, 2023, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-199-05
Summary
1. EXECUTIVE SUMMARY ​CVSS v3 9.8 ​ATTENTION: Exploitable remotely/low attack complexity/public exploits are available ​Vendor: GeoVision ​Equipment: GV-ADR2701 ​Vulnerabilities: Improper Authentication 2. RISK EVALUATION ​Successful exploitation of this vulnerability could allow an attacker to log in to the camera’s web application. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ​GeoVision reports this ...
18.07.2023
US CERT (ICS)
WellinTech KingHistorian
Title
WellinTech KingHistorian
Published
July 18, 2023, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-199-07
Summary
1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: WellinTech Equipment: KingHistorian Vulnerabilities: Exposure of Sensitive Information to an Unauthorized Actor, Signed to Unsigned Conversion Error 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to disclose sensitive information or send ...
18.07.2023
US CERT (ICS)
Iagona ScrutisWeb
Title
Iagona ScrutisWeb
Published
July 18, 2023, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-199-03
Summary
1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Iagona Equipment: ScrutisWeb Vulnerabilities: Absolute Path Traversal, Authorization Bypass Through User-Controlled Key, Use of Hard-coded Cryptographic Key, Unrestricted Upload of File with Dangerous Type 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to upload ...

Last Updates

BOSCH PSIRT
31.10.2024
SIEMENS CERT
18.11.2024
US CERT
08.11.2024
US CERT (ICS)
21.11.2024

By Source

Archive

2024
2023
2022
2021
2020
2019
2018
2017

Feeds