CISA (ICS)
11/13/2025
1. EXECUTIVE SUMMARY CVSS v4 8.3 ATTENTION : Low attack complexity Vendor : AVEVA Equipment : Edge Vulnerability : Use of a Broken or Risky Cryptographic Algorithm 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a local attacker to reverse engineer passwords through brute force. 3. TECHNICAL DETAILS …
CISA (ICS)
11/13/2025
1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION : Low attack complexity Vendor : Rockwell Automation Equipment : Studio 5000 Simulation Interface Vulnerabilities : Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Server-Side Request Forgery (SSRF) 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow attackers to …
CISA (ICS)
11/13/2025
1. EXECUTIVE SUMMARY CVSS v3 5.5 ATTENTION : Exploitable remotely/low attack complexity Vendor : Siemens Equipment : SICAM P850 family and SICAM P855 family Vulnerabilities : Cross-Site Request Forgery (CSRF), Incorrect Permission Assignment for Critical Resource 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to perform …
CISA (ICS)
11/13/2025
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). 1. EXECUTIVE SUMMARY CVSS v3 …
CISA (ICS)
11/13/2025
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). 1. EXECUTIVE SUMMARY CVSS v4 …
CISA (ICS)
11/13/2025
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). 1. EXECUTIVE SUMMARY CVSS v3 …
CISA (ICS)
11/13/2025
1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION : Exploitable remotely/low attack complexity Vendor : Brightpick AI Equipment : Brightpick Mission Control / Internal Logic Control Vulnerabilities : Missing Authentication for Critical Function, Unprotected Transport of Credentials 2. RISK EVALUATION Successful exploitation of these vulnerabilities could result in the exposure of …
SIEMENS CERT
11/11/2025
Multiple vulnerabilities were identified in the web server of the SICAM GridEdge application which includes missing authentication for critical API functions, absent cross-origin resource sharing restrictions and access to credentials. Siemens has released a new version for SICAM GridEdge (Classic) and recommends to update to the latest version.