Alerts

  • CISA Adds One Known Exploited Vulnerability to Catalog
    by CISA on January 24, 2025 at 12:00 pm

    CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2025-23006 SonicWall SMA1000 Appliances Deserialization Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities […]

  • CISA Releases Six Industrial Control Systems Advisories
    by CISA on January 23, 2025 at 12:00 pm

    CISA released six Industrial Control Systems (ICS) advisories on January 23, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-023-01 mySCADA myPRO Manager ICSA-25-023-02 Hitachi Energy RTU500 Series Product ICSA-25-023-03 Schneider Electric EVlink Home Smart and Schneider Charge ICSA-25-023-04 Schneider Electric Easergy Studio ICSA-25-023-05 Schneider Electric EcoStruxure Power Build Rapsody ICSA-25-023-06 […]

  • Hitachi Energy RTU500 Series Product
    by CISA on January 23, 2025 at 12:00 pm

    View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.2 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: RTU500 series products Vulnerability: Improperly Implemented Security Check for Standard 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to to update the RTU500 with unsigned firmware. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Hitachi Energy reports that the following RTU500 series products are affected: RTU500 series CMU […]

  • HMS Networks Ewon Flexy 202
    by CISA on January 23, 2025 at 12:00 pm

    View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.9 ATTENTION: Low attack complexity Vendor: HMS Networks Equipment: Ewon Flexy 202 Vulnerability: Cleartext Transmission of Sensitive Information 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to disclose sensitive user credentials. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following HMS Networks products are affected: Ewon Flexy 202: All versions 3.2 VULNERABILITY OVERVIEW 3.2.1 Cleartext Transmission of […]

  • Schneider Electric EVlink Home Smart and Schneider Charge
    by CISA on January 23, 2025 at 12:00 pm

    View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.5 ATTENTION: Low attack complexity Vendor: Schneider Electric Equipment: EVlink Home Smart and Schneider Charge Vulnerability: Cleartext Storage of Sensitive Information 2. RISK EVALUATION Successful exploitation of this vulnerability may expose test credentials in the firmware binary. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Schneider Electric reports that the following EVlink Home Smart and Schneider Charge charging stations are affected: EVlink Home […]

  • Schneider Electric Easergy Studio
    by CISA on January 23, 2025 at 12:00 pm

    View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Schneider Electric Equipment: Easergy Studio Vulnerability: Improper Privilege Management 2. RISK EVALUATION Successful exploitation of this vulnerability may risk unauthorized access to the installation directory for Easergy Studio, which could allow an attacker with access to the file system to elevate privileges. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Schneider Electric reports that the following Easergy […]

  • CISA Adds One Known Exploited Vulnerability to Catalog
    by CISA on January 23, 2025 at 12:00 pm

    CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2020-11023 JQuery Cross-Site Scripting (XSS) Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as […]

  • Schneider Electric EcoStruxure Power Build Rapsody
    by CISA on January 23, 2025 at 12:00 pm

    View CSAF 1. EXECUTIVE SUMMARY CVSS v4 4.6 ATTENTION: Low attack complexity Vendor: Schneider Electric Equipment: EcoStruxure Power Build Rapsody Vulnerability: Improper Restriction of Operations within the Bounds of a Memory Buffer 2. RISK EVALUATION Successful exploitation of this vulnerability could allow local attackers to potentially execute arbitrary code when opening a malicious project file. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Schneider Electric reports the following versions of […]

  • mySCADA myPRO Manager
    by CISA on January 23, 2025 at 12:00 pm

    View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: mySCADA Equipment: myPRO Vulnerabilities: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow a remote attacker to execute arbitrary commands or disclose sensitive information. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following mySCADA products are affected: myPRO […]

  • CISA and FBI Release Advisory on How Threat Actors Chained Vulnerabilities in Ivanti Cloud Service Applications
    by CISA on January 22, 2025 at 12:00 pm

    CISA, in partnership with the Federal Bureau of Investigation (FBI), released Threat Actors Chained Vulnerabilities in Ivanti Cloud Service Applications. This advisory was crafted in response to exploitation of vulnerabilities—CVE-2024-8963, an administrative bypass vulnerability; CVE-2024-9379, a SQL injection vulnerability; and CVE-2024-8190 and CVE-2024-9380, remote code execution vulnerabilities—in Ivanti Cloud Service Appliances (CSA) in September 2024. CISA, and the use of trusted […]

  • Threat Actors Chained Vulnerabilities in Ivanti Cloud Service Applications
    by CISA on January 22, 2025 at 12:00 pm

    Note: The CVEs in this advisory are unrelated to vulnerabilities (CVE-2025-0282 and CVE-2025-0283) in Ivanti’s Connect Secure, Policy Secure and ZTA Gateways. For more information on mitigating CVE -2025-0282 and CVE-2025-0283, see Ivanti Releases Security Updates for Connect Secure, Policy Secure, and ZTA Gateways. Summary The Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) are releasing this joint Cybersecurity Advisory in response to […]

  • Traffic Alert and Collision Avoidance System (TCAS) II
    by CISA on January 21, 2025 at 12:00 pm

    View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.1 ATTENTION: Exploitable from adjacent network Standard: Traffic Alert and Collision Avoidance System (TCAS) II Equipment: Collision Avoidance Systems Vulnerabilities: Reliance on Untrusted Inputs in a Security Decision, External Control of System or Configuration Setting 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to manipulate safety systems and cause a denial-of-service condition. 3. TECHNICAL DETAILS […]