February 2025
20.02.2025
US CERT (ICS)
ABB ASPECT-Enterprise, NEXUS, and MATRIX Series
Title
ABB ASPECT-Enterprise, NEXUS, and MATRIX Series
Published
Feb. 20, 2025, 1 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-051-01
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: ABB Equipment: ASPECT-Enterprise, NEXUS, and MATRIX series Vulnerability: Use of Hard-coded Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to obtain access to devices without proper authentication. 3. TECHNICAL DETAILS 3.1 ...
20.02.2025
US CERT (ICS)
Elseta Vinci Protocol Analyzer
Title
Elseta Vinci Protocol Analyzer
Published
Feb. 20, 2025, 1 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-051-06
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.4 ATTENTION: Exploitable remotely/low attack complexity Vendor: Elseta Equipment: Vinci Protocol Analyzer Vulnerability: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to escalate privileges and perform ...
20.02.2025
US CERT (ICS)
ABB FLXEON Controllers
Title
ABB FLXEON Controllers
Published
Feb. 20, 2025, 1 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-051-02
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: ABB Equipment: FLXEON Controllers Vulnerabilities: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion'), Missing Origin Validation in WebSockets, Insertion of Sensitive Information into Log File 2. RISK EVALUATION Successful exploitation ...
13.02.2025
US CERT (ICS)
ORing IAP-420
Title
ORing IAP-420
Published
Feb. 13, 2025, 1 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-044-15
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.6 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: ORing Equipment: IAP-20 Vulnerabilities: Cross-site Scripting, Command Injection 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to invoke commands to compromise the device via the management interface. 3. TECHNICAL ...
13.02.2025
US CERT (ICS)
Siemens SIMATIC S7-1200 CPU Family
Title
Siemens SIMATIC S7-1200 CPU Family
Published
Feb. 13, 2025, 1 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-044-01
Summary
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY ...
13.02.2025
US CERT (ICS)
Siemens SIMATIC IPC DiagBase and SIMATIC IPC DiagMonitor
Title
Siemens SIMATIC IPC DiagBase and SIMATIC IPC DiagMonitor
Published
Feb. 13, 2025, 1 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-044-12
Summary
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY ...
13.02.2025
US CERT (ICS)
Siemens SIMATIC PCS neo and TIA Administrator
Title
Siemens SIMATIC PCS neo and TIA Administrator
Published
Feb. 13, 2025, 1 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-044-13
Summary
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY ...
13.02.2025
US CERT (ICS)
Siemens Opcenter Intelligence
Title
Siemens Opcenter Intelligence
Published
Feb. 13, 2025, 1 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-044-14
Summary
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY ...
13.02.2025
US CERT (ICS)
Siemens APOGEE PXC and TALON TC Series
Title
Siemens APOGEE PXC and TALON TC Series
Published
Feb. 13, 2025, 1 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-044-11
Summary
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY ...
13.02.2025
US CERT (ICS)
Dingtian DT-R0 Series
Title
Dingtian DT-R0 Series
Published
Feb. 13, 2025, 1 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-044-18
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Dingtian Equipment: DT-R0 Series Vulnerability: Authentication Bypass Using an Alternate Path or Channel 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated attacker to modify the device settings and gain administrator access. 3. ...
13.02.2025
US CERT (ICS)
Siemens SCALANCE W700
Title
Siemens SCALANCE W700
Published
Feb. 13, 2025, 1 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-044-09
Summary
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY ...
13.02.2025
US CERT (ICS)
Outback Power Mojave Inverter
Title
Outback Power Mojave Inverter
Published
Feb. 13, 2025, 1 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-044-17
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Outback Power Equipment: Mojave Inverter Vulnerabilities: Use of GET Request Method With Sensitive Query Strings, Exposure of Sensitive Information to an Unauthorized Actor, Command Injection 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an ...
13.02.2025
US CERT (ICS)
Siemens OpenV2G
Title
Siemens OpenV2G
Published
Feb. 13, 2025, 1 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-044-08
Summary
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY ...
13.02.2025
US CERT (ICS)
Siemens SIPROTEC 5
Title
Siemens SIPROTEC 5
Published
Feb. 13, 2025, 1 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-044-03
Summary
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY ...
06.02.2025
US CERT (ICS)
Trimble Cityworks (Update A)
Title
Trimble Cityworks (Update A)
Published
Feb. 6, 2025, 1 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-037-04
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.6 ATTENTION: Exploitable remotely/low attack complexity/known public exploitation Vendor: Trimble Equipment: Cityworks Vulnerability: Deserialization of Untrusted Data 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an authenticated user to perform a remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The ...
06.02.2025
US CERT (ICS)
Trimble Cityworks
Title
Trimble Cityworks
Published
Feb. 6, 2025, 1 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-037-04
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.6 ATTENTION: Exploitable remotely/low attack complexity/known public exploitation Vendor: Trimble Equipment: Cityworks Vulnerability: Deserialization of Untrusted Data 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an authenticated user to perform a remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The ...
06.02.2025
US CERT (ICS)
Schneider Electric EcoStruxure Power Monitoring Expert (PME)
Title
Schneider Electric EcoStruxure Power Monitoring Expert (PME)
Published
Feb. 6, 2025, 1 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-037-01
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.1 ATTENTION: Exploitable remotely Vendor: Schneider Electric Equipment: EcoStruxure Power Monitoring Expert (PME) Vulnerability: Deserialization of Untrusted Data 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to remotely execute code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Schneider Electric reports ...
06.02.2025
US CERT (ICS)
ABB Drive Composer
Title
ABB Drive Composer
Published
Feb. 6, 2025, 1 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-037-03
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: ABB Equipment: Drive Composer Vulnerability: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') 2. RISK EVALUATION Successful exploitation of this vulnerability could allow attackers unauthorized access to the file system on the host ...
04.02.2025
US CERT (ICS)
Elber Communications Equipment
Title
Elber Communications Equipment
Published
Feb. 4, 2025, 1 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-035-03
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: Elber Equipment: Communications Equipment Vulnerabilities: Authentication Bypass Using an Alternate Path or Channel, Hidden Functionality 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker unauthorized administrative access to the affected ...
04.02.2025
US CERT (ICS)
Schneider Electric Web Designer for Modicon
Title
Schneider Electric Web Designer for Modicon
Published
Feb. 4, 2025, 1 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-035-05
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Schneider Electric Equipment: Web Designer for Modicon Vulnerability: Improper Restriction of XML External Entity Reference 2. RISK EVALUATION Successful exploitation of this vulnerability could result in information disclosure, workstation integrity and potential remote code execution on the ...
04.02.2025
US CERT (ICS)
Schneider Electric Pro-face GP-Pro EX and Remote HMI
Title
Schneider Electric Pro-face GP-Pro EX and Remote HMI
Published
Feb. 4, 2025, 1 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-035-07
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.1 ATTENTION: Exploitable remotely Vendor: Schneider Electric Equipment: Pro-face GP-Pro EX and Remote HMI Vulnerability: Improper Enforcement of Message Integrity During Transmission in a Communication Channel 2. RISK EVALUATION Successful exploitation of this vulnerability could allow man-in-the-middle attacks, resulting in information disclosure, integrity ...
04.02.2025
US CERT (ICS)
Schneider Electric Modicon M580 PLCs, BMENOR2200H and EVLink Pro AC
Title
Schneider Electric Modicon M580 PLCs, BMENOR2200H and EVLink Pro AC
Published
Feb. 4, 2025, 1 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-035-04
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: Modicon M580 PLCs, BMENOR2200H and EVLink Pro AC Vulnerability: Incorrect Calculation of Buffer Size 2. RISK EVALUATION Successful exploitation of this vulnerability could cause a denial-of-service of the product when an unauthenticated user ...
04.02.2025
US CERT (ICS)
Rockwell Automation GuardLogix 5380 and 5580 (Update A)
Title
Rockwell Automation GuardLogix 5380 and 5580 (Update A)
Published
Feb. 4, 2025, 1 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-035-02
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: GuardLogix 5380 and 5580 Vulnerability: Improper Handling of Exceptional Conditions 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote, non-privileged user to send malicious requests resulting in a major nonrecoverable ...
04.02.2025
US CERT (ICS)
Western Telematic Inc NPS Series, DSM Series, CPM Series
Title
Western Telematic Inc NPS Series, DSM Series, CPM Series
Published
Feb. 4, 2025, 1 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-035-01
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Western Telematic Inc Equipment: NPS Series, DSM Series, CPM Series Vulnerability: External Control of File Name or Path 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an authenticated attacker to gain privileged access to ...
04.02.2025
US CERT (ICS)
Rockwell Automation 1756-L8zS3 and 1756-L3zS3
Title
Rockwell Automation 1756-L8zS3 and 1756-L3zS3
Published
Feb. 4, 2025, 1 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-035-02
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: 1756-L8zS3, 1756-L3zS3 Vulnerability: Improper Handling of Exceptional Conditions 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote, non-privileged user to send malicious requests resulting in a major nonrecoverable fault causing ...

Last Updates

BOSCH PSIRT
15.01.2025
SIEMENS CERT
17.04.2025
US CERT
01.04.2025
US CERT (ICS)
15.04.2025

By Source

Archive

2025
2024
2023
2022
2021
2020
2019
2018
2017

Feeds