January 2025
30.01.2025
US CERT (ICS)
Schneider Electric System Monitor Application in Harmony and Pro-face PS5000 Legacy Industrial PCs
Title
Schneider Electric System Monitor Application in Harmony and Pro-face PS5000 Legacy Industrial PCs
Published
Jan. 30, 2025, 1 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-030-03
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: Harmony Industrial PC, Pro-face Industrial PC Vulnerability: Exposure of Sensitive Information to an Unauthorized Actor 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to access sensitive information. 3. TECHNICAL ...
30.01.2025
US CERT (ICS)
New Rock Technologies Cloud Connected Devices
Title
New Rock Technologies Cloud Connected Devices
Published
Jan. 30, 2025, 1 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-030-02
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: New Rock Technologies Equipment: Cloud Connected Devices Vulnerabilities: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'), Improper Neutralization of Wildcards or Matching Symbols 2. RISK EVALUATION Successful exploitation of these vulnerabilities ...
30.01.2025
US CERT (ICS)
Rockwell Automation KEPServer
Title
Rockwell Automation KEPServer
Published
Jan. 30, 2025, 1 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-030-04
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: KEPServer Vulnerability: Uncontrolled Resource Consumption 2. RISK EVALUATION Successful exploitation of this vulnerability could cause the device to crash. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Rockwell Automation's KEPServer are ...
28.01.2025
US CERT (ICS)
Schneider Electric Power Logic
Title
Schneider Electric Power Logic
Published
Jan. 28, 2025, 1 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-028-02
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: Power Logic Vulnerabilities: Authorization Bypass Through User-Controlled Key, Improper Restriction of Operations within the Bounds of a Memory Buffer 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to modify ...
28.01.2025
US CERT (ICS)
Schneider Electric RemoteConnect and SCADAPack x70 Utilities
Title
Schneider Electric RemoteConnect and SCADAPack x70 Utilities
Published
Jan. 28, 2025, 1 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-028-06
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Low Attack Complexity Vendor: Schneider Electric Equipment: Electric RemoteConnect and SCADAPack x70 Utilities Vulnerability: Deserialization of Untrusted Data 2. RISK EVALUATION Successful exploitation of this vulnerability could lead to loss of confidentiality, integrity, and potential remote code execution on workstation when ...
28.01.2025
US CERT (ICS)
B&R Automation Runtime
Title
B&R Automation Runtime
Published
Jan. 28, 2025, 1 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-028-01
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: B&R Equipment: Automation Runtime Vulnerability: Use of a Broken or Risky Cryptographic Algorithm 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to masquerade as legitimate services on impacted devices. 3. TECHNICAL DETAILS ...
23.01.2025
US CERT (ICS)
Schneider Electric EcoStruxure Power Build Rapsody
Title
Schneider Electric EcoStruxure Power Build Rapsody
Published
Jan. 23, 2025, 1 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-023-05
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 4.6 ATTENTION: Low attack complexity Vendor: Schneider Electric Equipment: EcoStruxure Power Build Rapsody Vulnerability: Improper Restriction of Operations within the Bounds of a Memory Buffer 2. RISK EVALUATION Successful exploitation of this vulnerability could allow local attackers to potentially execute arbitrary code when ...
23.01.2025
US CERT (ICS)
Schneider Electric EVlink Home Smart and Schneider Charge
Title
Schneider Electric EVlink Home Smart and Schneider Charge
Published
Jan. 23, 2025, 1 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-023-03
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.5 ATTENTION: Low attack complexity Vendor: Schneider Electric Equipment: EVlink Home Smart and Schneider Charge Vulnerability: Cleartext Storage of Sensitive Information 2. RISK EVALUATION Successful exploitation of this vulnerability may expose test credentials in the firmware binary. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ...
23.01.2025
US CERT (ICS)
HMS Networks Ewon Flexy 202
Title
HMS Networks Ewon Flexy 202
Published
Jan. 23, 2025, 1 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-023-06
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.9 ATTENTION: Low attack complexity Vendor: HMS Networks Equipment: Ewon Flexy 202 Vulnerability: Cleartext Transmission of Sensitive Information 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to disclose sensitive user credentials. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following ...
23.01.2025
US CERT (ICS)
Hitachi Energy RTU500 Series Product
Title
Hitachi Energy RTU500 Series Product
Published
Jan. 23, 2025, 1 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-023-02
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.2 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: RTU500 series products Vulnerability: Improperly Implemented Security Check for Standard 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to to update the RTU500 with unsigned firmware. 3. TECHNICAL DETAILS ...
21.01.2025
US CERT (ICS)
ZF Roll Stability Support Plus (RSSPlus)
Title
ZF Roll Stability Support Plus (RSSPlus)
Published
Jan. 21, 2025, 1 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-021-03
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.9 ATTENTION: Exploitable from an adjacent network/low attack complexity Vendor: ZF Equipment: RSSPlus Vulnerability: Authentication Bypass By Primary Weakness 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated attacker to remotely (proximal/adjacent with RF equipment) call diagnostic functions which could ...
21.01.2025
US CERT (ICS)
Siemens SIMATIC S7-1200 CPUs
Title
Siemens SIMATIC S7-1200 CPUs
Published
Jan. 21, 2025, 1 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-021-02
Summary
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY ...
21.01.2025
US CERT (ICS)
Traffic Alert and Collision Avoidance System (TCAS) II
Title
Traffic Alert and Collision Avoidance System (TCAS) II
Published
Jan. 21, 2025, 1 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-021-01
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.1 ATTENTION: Exploitable from adjacent network Standard: Traffic Alert and Collision Avoidance System (TCAS) II Equipment: Collision Avoidance Systems Vulnerabilities: Reliance on Untrusted Inputs in a Security Decision, External Control of System or Configuration Setting 2. RISK EVALUATION Successful exploitation of these vulnerabilities ...
16.01.2025
US CERT (ICS)
Siemens Mendix LDAP
Title
Siemens Mendix LDAP
Published
Jan. 16, 2025, 1 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-016-01
Summary
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY ...
16.01.2025
US CERT (ICS)
Hitachi Energy FOX61x, FOXCST, and FOXMAN-UN Products
Title
Hitachi Energy FOX61x, FOXCST, and FOXMAN-UN Products
Published
Jan. 16, 2025, 1 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-016-06
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 4.9 ATTENTION: Low attack complexity Vendor: Hitachi Energy Equipment: FOX61x, FOXCST, FOXMAN-UN Vulnerability: Improper Validation of Certificate with Host Mismatch 2. RISK EVALUATION Successful exploitation of this vulnerability could allow attackers to intercept or falsify data exchanges between the client and the server. ...
16.01.2025
US CERT (ICS)
Fuji Electric Alpha5 SMART
Title
Fuji Electric Alpha5 SMART
Published
Jan. 16, 2025, 1 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-016-05
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Low attack complexity Vendor: Fuji Electric Equipment: Alpha5 SMART Vulnerability: Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Fuji Electric ...
16.01.2025
US CERT (ICS)
Hitachi Energy FOX61x Products
Title
Hitachi Energy FOX61x Products
Published
Jan. 16, 2025, 1 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-016-07
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 4.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: FOX61x Products Vulnerability: Relative Path Traversal 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to traverse the file system to access files or directories that would otherwise be inaccessible. ...
16.01.2025
US CERT (ICS)
Siemens SIPROTEC 5 Products
Title
Siemens SIPROTEC 5 Products
Published
Jan. 16, 2025, 1 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-016-04
Summary
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY ...
14.01.2025
US CERT (ICS)
Belledonne Communications Linphone-Desktop
Title
Belledonne Communications Linphone-Desktop
Published
Jan. 14, 2025, 1 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-014-04
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Belledonne Communications Equipment: Linphone-Desktop Vulnerability: NULL Pointer Dereference 2. RISK EVALUATION Successful exploitation of this vulnerability could could result in a remote attacker causing a denial-of-service condition on the affected devices. 3. TECHNICAL DETAILS 3.1 AFFECTED ...
14.01.2025
US CERT (ICS)
Schneider Electric Vijeo Designer
Title
Schneider Electric Vijeo Designer
Published
Jan. 14, 2025, 1 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-014-02
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low Attack Complexity Vendor: Schneider Electric Equipment: Vijeo Designer Vulnerability: Improper Privilege Management 2. RISK EVALUATION Successful exploitation of these vulnerabilities could cause a non-admin authenticated user to perform privilege escalation by tampering with the binaries. 3. TECHNICAL DETAILS 3.1 AFFECTED ...
10.01.2025
US CERT (ICS)
Delta Electronics DRASimuCAD
Title
Delta Electronics DRASimuCAD
Published
Jan. 10, 2025, 1 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-010-03-0
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION: Low attack complexity Vendor: Delta Electronics Equipment: DRASimuCAD Vulnerabilities: Out-of-bounds Write, Type Confusion 2. RISK EVALUATION Successful exploitation of these vulnerabilities could crash the device or potentially allow remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of ...
10.01.2025
US CERT (ICS)
Delta Electronics DRASimuCAD (Update A)
Title
Delta Electronics DRASimuCAD (Update A)
Published
Jan. 10, 2025, 1 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-010-03
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION: Low attack complexity Vendor: Delta Electronics Equipment: DRASimuCAD Vulnerabilities: Out-of-bounds Write, Type Confusion 2. RISK EVALUATION Successful exploitation of these vulnerabilities could crash the device or potentially allow remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of ...
10.01.2025
US CERT (ICS)
Schneider Electric PowerChute Serial Shutdown
Title
Schneider Electric PowerChute Serial Shutdown
Published
Jan. 10, 2025, 1 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-010-01
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: PowerChute Serial Shutdown Vulnerability: Improper Authentication 2. RISK EVALUATION Successful exploitation of this vulnerability could cause a denial of access to the web interface when someone on the local network repeatedly requests the ...
10.01.2025
US CERT (ICS)
Schneider Electric Harmony HMI and Pro-face HMI Products
Title
Schneider Electric Harmony HMI and Pro-face HMI Products
Published
Jan. 10, 2025, 1 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-010-02
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: Harmony HMI and Pro-face HMI Products Vulnerability: Use of Unmaintained Third-Party Components 2. RISK EVALUATION Successful exploitation of this vulnerability could cause complete control of the device when an authenticated user installs malicious ...
07.01.2025
US CERT (ICS)
ABB ASPECT-Enterprise, NEXUS, and MATRIX Series Products
Title
ABB ASPECT-Enterprise, NEXUS, and MATRIX Series Products
Published
Jan. 7, 2025, 1 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-25-007-01
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: ABB Equipment: ASPECT-Enterprise, NEXUS, and MATRIX series Vulnerabilities: Files or Directories Accessible to External Parties, Improper Validation of Specified Type of Input, Cleartext Transmission of Sensitive Information, Cross-site Scripting, Server-Side Request Forgery (SSRF), Improper Neutralization of ...

Last Updates

BOSCH PSIRT
25.04.2025
SIEMENS CERT
23.05.2025
US CERT
20.05.2025
US CERT (ICS)
22.05.2025

By Source

Archive

2025
2024
2023
2022
2021
2020
2019
2018
2017

Feeds