March 2023
Title
Omron CJ1M PLC
Published
March 14, 2023, 1 p.m.
Summary
1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Omron Equipment: CJ1M PLC Vulnerabilities: Improper Access Control 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to bypass user memory protections by writing to a specific memory address. An attacker can also overwrite passwords ...
Title
<a href="/news-events/ics-advisories/icsa-23-073-02" hreflang="en">Autodesk FBX SDK</a>
Published
March 14, 2023, 1 p.m.
Summary
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Autodesk Equipment: FBX SDK Vulnerability: Out-of-bounds Read, Use After Free, Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of these vulnerabilities could lead to code execution or a denial-of-service condition. Products using Autodesk FBX SDK software are affected by ...
Title
<a href="/news-events/ics-advisories/icsa-23-073-03" hreflang="en">GE iFIX</a>
Published
March 14, 2023, 1 p.m.
Summary
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: GE Digital Equipment: iFIX Vulnerability: Code Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow for privilege escalation and full control of the system. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following components of iFIX, a human ...
Title
<a href="/news-events/ics-advisories/icsa-23-068-04" hreflang="en">Step Tools Third-Party</a>
Published
March 9, 2023, 1 p.m.
Summary
1. EXECUTIVE SUMMARY CVSS v3 2.2 ATTENTION: Low attack complexity Vendor: Step Tools, Inc Equipment: STEPTools ifcmesh library Vulnerability: Null Pointer Dereference 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to deny application usage when reading a specially constructed file. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ...
Title
<a href="/news-events/ics-advisories/icsa-23-068-05" hreflang="en">Hitachi Energy Relion 670, 650 and SAM600-IO Series</a>
Published
March 9, 2023, 1 p.m.
Summary
1. EXECUTIVE SUMMARY CVSS v3 4.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: Relion 670, 650, and SAM600-IO Series Vulnerability: Insufficient Verification of Data Authenticity 2. RISK EVALUATION Successful exploitation of this vulnerability could cause the Intelligent Electronic Device (IED) to restart, causing a temporary denial-of-service condition. 3. ...
Title
<a href="/news-events/ics-advisories/icsa-23-068-02" hreflang="en">B&amp;R Systems Diagnostics Manager</a>
Published
March 9, 2023, 1 p.m.
Summary
1. EXECUTIVE SUMMARY CVSS v3 6.1 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: B&R Industrial Automation Equipment: Systems Diagnostics Manager (SDM) Vulnerability: Cross-site Scripting 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code to exfiltrate data and perform any action within ...
Title
<a href="/news-events/ics-advisories/icsa-23-068-03" hreflang="en">ABB Ability Symphony Plus</a>
Published
March 9, 2023, 1 p.m.
Summary
1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Low attack complexity Vendor: ABB Equipment: Ability Symphony Plus Vulnerability: Improper Authentication 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthorized client to connect to the S+ Operations servers (human machine interface (HMI) network), to act as a legitimate S+ ...
Title
<a href="/news-events/ics-advisories/icsa-23-068-01" hreflang="en">Akuvox E11</a>
Published
March 9, 2023, 1 p.m.
Summary
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Akuvox Equipment: E11 Vulnerabilities: Generation of Predictable IV with CBC, User of Hard-coded Cryptographic Key, Missing Authentication for Critical Function, Storing Passwords in a Recoverable Format, Weak Password Recovery Mechanism for Forgotten Password, Command Injection, Reliance on File ...
Title
<a href="/news-events/ics-advisories/icsa-23-061-03" hreflang="en">Rittal CMC III Access systems</a>
Published
March 2, 2023, 1 p.m.
Summary
Title
<a href="/news-events/ics-advisories/icsa-23-061-01" hreflang="en">Mitsubishi Electric MELSEC iQ-F Series</a>
Published
March 2, 2023, 1 p.m.
Summary
Title
<a href="/news-events/ics-advisories/icsa-23-061-02" hreflang="en">Baicells Nova</a>
Published
March 2, 2023, 1 p.m.
Summary
February 2023
Title
<a href="/news-events/ics-advisories/icsa-23-059-02" hreflang="en">Hitachi Energy Gateway Station</a>
Published
Feb. 28, 2023, 1 p.m.
Summary
Title
<a href="/news-events/ics-advisories/icsa-22-139-01-0" hreflang="en">Mitsubishi Electric MELSEC iQ-F Series (Update B)</a>
Published
Feb. 28, 2023, 1 p.m.
Summary
Title
<a href="/news-events/ics-advisories/icsa-23-059-01" hreflang="en">Hitachi Energy Gateway Station</a>
Published
Feb. 28, 2023, 1 p.m.
Summary
Title
PTC ThingWorx Edge
Published
Feb. 23, 2023, 4:10 p.m.
Summary
Title
Moxa UC Series (Update A)
Published
Feb. 23, 2023, 4:05 p.m.
Summary
Title
BD Alaris Infusion Central (Update A)
Published
Feb. 23, 2023, 4 p.m.
Summary
Title
<a href="/news-events/ics-advisories/icsa-23-054-01" hreflang="en">PTC ThingWorx Edge</a>
Published
Feb. 23, 2023, 1 p.m.
Summary
Title
Philips Vue PACS (Update C)
Published
Feb. 21, 2023, 4 p.m.
Summary
This updated advisory is a follow-up to the advisory update titled ICSMA-21-87-01 Philips Vue PACS (Update A) that was published January 20, 2022, to the ICS webpage on www.cisa.gov/uscert/ics. This advisory contains mitigations for numerous vulnerabilities in Philips Vue PACS products.
Title
<a href="/news-events/ics-advisories/icsa-23-052-01" hreflang="en">Mitsubishi Electric MELSOFT iQ AppPortal</a>
Published
Feb. 21, 2023, 1 p.m.
Summary
Title
Siemens SCALANCE X200 IRT
Published
Feb. 16, 2023, 5:05 p.m.
Summary
Title
Siemens Brownfield Connectivity Client
Published
Feb. 16, 2023, 5 p.m.
Summary
Title
Siemens Brownfield Connectivity Gateway
Published
Feb. 16, 2023, 4:55 p.m.
Summary
Title
Siemens SiPass integrated AC5102 / ACC-G2 and ACC-AP
Published
Feb. 16, 2023, 4:50 p.m.
Summary
Title
Siemens Simcenter Femap before V2023.1
Published
Feb. 16, 2023, 4:45 p.m.
Summary

Last Updates

BOSCH PSIRT
31.10.2024
SIEMENS CERT
22.11.2024
US CERT
08.11.2024
US CERT (ICS)
21.11.2024

By Source

Archive

2024
2023
2022
2021
2020
2019
2018
2017

Feeds