SIEMENS CERT
04/16/2025
TeleControl Server Basic before V3.1.2.2 contains multiple SQL Injection vulnerabilities that could allow an attacker to read and write to the application’s DB, cause denial of service and execute code in an OS shell with limited “NT AUTHORITY” permissions. Siemens has conducted a root-cause analysis for potential SQL injection vulnerabilities …
CISA (ICS)
04/15/2025
1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION : Exploitable remotely/low attack complexity Vendor : Delta Electronics Equipment : COMMGR Vulnerability : Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) 2. RISK EVALUATION Successful exploitation of this vulnerability could allow for an attacker to remotely access the AS3000Simulator family in the …
CISA (ICS)
04/15/2025
1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION : Exploitable remotely/low attack complexity Vendor : Lantronix Equipment : Xport Vulnerability : Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker unauthorized access to the configuration interface and cause disruption to monitoring and operations. …
CISA (ICS)
04/15/2025
1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION : Exploitable remotely/low attack complexity Vendor : Mitsubishi Electric Europe B.V. Equipment : smartRTU Vulnerability : Missing Authentication for Critical Function, OS Command Injection 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow a remote unauthenticated attacker to disclose, tamper with, destroy …
CISA (ICS)
04/15/2025
1. EXECUTIVE SUMMARY CVSS v4 8.8 ATTENTION : Exploitable remotely/low attack complexity Vendor : ABB Equipment : M2M Gateway Vulnerabilities : Integer Overflow or Wraparound, Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling'), Unquoted Search Path or Element, Untrusted Search Path, Use After Free, Out-of-bounds Write, Buffer Copy without Checking …
CISA (ICS)
04/15/2025
1. EXECUTIVE SUMMARY CVSS v4 7.1 ATTENTION : Low attack complexity Vendor : National Instruments Equipment : LabVIEW Vulnerabilities : Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of these vulnerabilities lead to the execution of arbitrary code on affected installations of LabVIEW, which could result in invalid memory writes. 3. …
CISA (ICS)
04/15/2025
1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION : Exploitable remotely/low attack complexity Vendor : Growatt Equipment : Cloud Applications Vulnerabilities : Cross-site Scripting, Authorization Bypass Through User-Controlled Key, Insufficient Type Distinction, External Control of System or Configuration Setting 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker …
CISA (ICS)
04/15/2025
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). 1. EXECUTIVE SUMMARY CVSS v4 …