As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: LOGO! 8 BM Devices Vulnerabilities: Buffer Copy without […]

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Brightpick AI Equipment: Brightpick Mission Control / Internal Logic Control Vulnerabilities: Missing Authentication for Critical Function, Unprotected Transport of Credentials 2. RISK EVALUATION Successful exploitation of these vulnerabilities could result in the exposure of sensitive information and the manipulation of critical functions by an attacker. 3. TECHNICAL DETAILS 3.1 AFFECTED […]

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: Verve Asset Manager Vulnerability: Incorrect Authorization 2. RISK EVALUATION Successful exploitation of this vulnerability could result in an attacker accessing or altering user data. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Verve Asset Manager, an OT cybersecurity platform, are affected: Verve Asset Manager: Version 1.33 Verve […]

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Solid Edge Vulnerability: Improper Certificate […]

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Spectrum Power 4 Vulnerabilities: Incorrect Use of […]

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.2 ATTENTION: Low attack complexity Vendor: AVEVA Equipment: Application Server IDE Vulnerability: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to tamper with help files and inject cross-site scripting (XSS) code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of AVEVA Application Server are affected: Application […]

Today, Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with the Federal Bureau of Investigation, Department of Defense Cyber Crime Center, Department of Health and Human Services, and international partners, released an updated joint Cybersecurity Advisory, #StopRansomware: Akira Ransomware, to provide network defenders with the latest indicators of compromise, tactics, techniques, and procedures, and detection methods associated with Akira ransomware activity. This […]

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.2 ATTENTION: Exploitable remotely/low attack complexity Vendor: General Industrial Controls Equipment: Lynx+ Gateway Vulnerabilities: Weak Password Requirements, Missing Authentication for Critical Function, Cleartext Transmission of Sensitive Information 2. RISK EVALUATION Successful exploitation of these vulnerabilities could result in obtaining sensitive device information, unauthorized access, or create a denial-of-service condition. 3. TECHNICAL […]

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: MELSEC iQ-F Series Vulnerability: Improper Validation of Specified Quantity in Input 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service condition on the product. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Mitsubishi Electric MELSEC iQ-F Series are affected: […]

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Siemens Equipment: Altair Grid Engine Vulnerabilities: Generation of Error Message Containing […]

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.3 ATTENTION: Low attack complexity Vendor: AVEVA Equipment: Edge Vulnerability: Use of a Broken or Risky Cryptographic Algorithm 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a local attacker to reverse engineer passwords through brute force. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of AVEVA Edge (formerly InduSoft Web Studio), a HMI/SCADA software, are affected: Edge: Versions 2023 R2 and prior […]

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Low attack complexity Vendor: Siemens Equipment: Software Center and Solid Edge Vulnerability: Uncontrolled Search Path […]