Siemens ST7 ScadaConnect
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities...
View ArticleRAD Data Communications SecFlow-2
View CSAF1. EXECUTIVE SUMMARYCVSS v4 8.7ATTENTION: Exploitable remotely/low attack complexity/public exploits are availableVendor: RAD Data CommunicationsEquipment: SecFlow-2Vulnerability: Path...
View ArticleCAREL Boss-Mini
View CSAF1. EXECUTIVE SUMMARYCVSS v4 9.3ATTENTION: Exploitable remotely/low attack complexity/public exploits are availableVendor: CARELEquipment: Boss-MiniVulnerability: Path Traversal2. RISK...
View ArticleYokogawa CENTUM
View CSAF1. EXECUTIVE SUMMARYCVSS v4 7.7ATTENTION: Exploitable remotely/Low attack complexityVendor: YokogawaEquipment: CENTUMVulnerability: Uncontrolled Search Path Element2. RISK EVALUATIONSuccessful...
View ArticleWestermo L210-F2G
View CSAF1. EXECUTIVE SUMMARYCVSS v4 8.7ATTENTION: Exploitable remotely/low attack complexityVendor: WestermoEquipment: L210-F2G LynxVulnerabilities: Cleartext Transmission of Sensitive Information,...
View ArticlePTC Creo Elements/Direct License Server
View CSAF1. EXECUTIVE SUMMARYCVSS v4 10.0ATTENTION: Exploitable remotely/low attack complexityVendor: PTCEquipment: Creo Elements/Direct License ServerVulnerability: Missing Authorization2. RISK...
View ArticleABB Ability System 800xA
View CSAF1. EXECUTIVE SUMMARYCVSS v4 6.9ATTENTION: Low attack complexityVendor: ABBEquipment: 800xA BaseVulnerabilities: Improper Input Validation2. RISK EVALUATIONSuccessful exploitation of these...
View ArticleJohnson Controls Illustra Essentials Gen 4
View CSAF1. EXECUTIVE SUMMARYCVSS v3 6.8ATTENTION: Exploitable remotely/low attack complexityVendor: Johnson Controls, Inc.Equipment: Illustra Essentials Gen 4Vulnerability: Insertion of Sensitive...
View ArticleYokogawa FAST/TOOLS and CI Server
View CSAF1. EXECUTIVE SUMMARYCVSS v4 6.9ATTENTION: Exploitable remotely/low attack complexityVendor: YokogawaEquipment: FAST/TOOLS and CI ServerVulnerabilities: Cross-site Scripting, Empty Password in...
View ArticleJohnson Controls Illustra Essentials Gen 4
View CSAF1. EXECUTIVE SUMMARYCVSS v3 6.8ATTENTION: Exploitable remotelyVendor: Johnson Controls, Inc.Equipment: Illustra Essentials Gen 4Vulnerability: Storing Passwords in a Recoverable Format2. RISK...
View ArticleSDG Technologies PnPSCADA
View CSAF1. EXECUTIVE SUMMARYCVSS v4 9.3ATTENTION: Exploitable remotely/low attack complexityVendor: SDG TechnologiesEquipment: PnPSCADAVulnerability: Missing Authorization2. RISK EVALUATIONSuccessful...
View ArticleJohnson Controls Illustra Essentials Gen 4
View CSAF1. EXECUTIVE SUMMARYCVSS v3 6.8ATTENTION: Exploitable remotely/low attack complexityVendor: Johnson Controls, Inc.Equipment: Illustra Essentials Gen 4Vulnerability: Storing Passwords in a...
View ArticleJohnson Controls Illustra Essentials Gen 4
View CSAF1. EXECUTIVE SUMMARYCVSS v3 9.1ATTENTION: Exploitable remotely/low attack complexityVendor: Johnson ControlsEquipment: Illustra Essentials Gen 4Vulnerability: Improper Input Validation2. RISK...
View ArticleTELSAT marKoni FM Transmitter
View CSAF1. EXECUTIVE SUMMARYCVSS v4 9.3ATTENTION: Exploitable remotely/low attack complexity/public exploits are availableVendor: marKoniEquipment: Markoni-D (Compact) FM Transmitters, Markoni-DH...
View ArticlemySCADA myPRO
View CSAF1. EXECUTIVE SUMMARYCVSS v4 9.3ATTENTION: Exploitable remotely/low attack complexityVendor: mySCADAEquipment: myPROVulnerability: Use of Hard-coded Password2. RISK EVALUATIONSuccessful...
View ArticleJohnson Controls Kantech Door Controllers
View CSAF1. EXECUTIVE SUMMARYCVSS v3 3.1ATTENTION: Exploitable via adjacent networkVendor: Johnson Controls, Inc.Equipment: Kantech KT1, KT2, KT400 Door ControllersVulnerability: Exposure of Sensitive...
View ArticleICONICS and Mitsubishi Electric Products
View CSAF1. EXECUTIVE SUMMARYCVSS v3 7.0ATTENTION: Exploitable remotelyVendor: ICONICS, Mitsubishi ElectricEquipment: ICONICS Product SuiteVulnerabilities: Allocation of Resources Without Limits or...
View ArticleSiemens JT Open and PLM XML SDK
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities...
View ArticleSiemens SIMATIC and SIMIT
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities...
View ArticleSiemens Simcenter Femap
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities...
View Article