Browsing Category
Cybersecurity and malware
IOSIX IO-1020 Micro ELD | CISA
View CSAF
1. EXECUTIVE SUMMARY
CVSS v4 9.4
ATTENTION: Exploitable from adjacent network/Low attack complexity
Vendor: IOSiX
Equipment: IO-1020 Micro ELD
Vulnerabilities: Use of Default Credentials, Download of Code Without Integrity…
Rockwell Automation Arena Simulation | CISA
View CSAF
1. EXECUTIVE SUMMARY
CVSS v3 7.8
ATTENTION: low attack complexity
Vendor: Rockwell Automation
Equipment: Arena Simulation Software
Vulnerabilities: Out-of-bounds Write, Heap-based Buffer Overflow, Improper Restriction of…
Rockwell Automation FactoryTalk View ME | CISA
View CSAF
1. EXECUTIVE SUMMARY
CVSS v4 6.9
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Rockwell Automation
Equipment: FactoryTalk View ME
Vulnerability: Cross-site Scripting
2. RISK EVALUATION
Successful exploitation…
Automation-Direct C-MORE EA9 HMI | CISA
View CSAF
1. EXECUTIVE SUMMARY
CVSS v3 7.5
ATTENTION: Exploitable remotely/low attack complexity
Vendor: AutomationDirect
Equipment: C-MORE EA9 HMI
Vulnerabilities: Path Traversal, Stack-Based Buffer Overflow, Plaintext Storage of a…
Rockwell Automation PowerFlex 527 | CISA
View CSAF
1. EXECUTIVE SUMMARY
CVSS v4 8.7
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Rockwell Automation
Equipment: PowerFlex 527
Vulnerabilities: Improper Input Validation, Uncontrolled Resource Consumption
2. RISK…
Vulnerability Summary for the Week of March 18, 2024 | CISA
High Vulnerabilities
Primary
Vendor -- Product
Description
Published
CVSS Score
Source & Patch Info
N/A -- N/A
Directory Traversal vulnerability in Devan-Kerman ARRP v.0.8.1 and before allows a remote…
The most effective extreme weather narratives
From dangerous heat to relentless wildfires, extreme weather is everywhere. July 5th was the hottest day ever recorded. July 6th was hotter.
These extreme weather events can motivate action on climate change–if we talk about them in the…
IRA turns one. A year later, what have we learned?
On the one year anniversary of the passage of the IRA, we thought it was worth reflecting on what we have learned on how to engage Americans on the transition to clean energy.
We are energized by the major success the US forged for…
Top questions about our global report
Earlier this month, we had the opportunity to present our global research briefing, “Later is Too Late,” to over 800 participants. We shared the key findings from our 23-country survey which seeks to answer: Does the world want action on…
Global Report: Later is too late
/* append - start */
.c-content-single {
padding: 0;
}
.l-container--m {
max-width: none;
}
article > h1:first-of-type {
position: absolute;
top: 120px;
left: 60px;
font-size: 20px;
font-weight: 400;
}
.c-social-share {…
The road to clean
Continued investment in electric vehicle (EV) programs depends on broad public support. While EV sales have been accelerating dramatically, perspectives on EVs have become starkly partisan as a result of misinformation.
Through extensive…
How to message electric vehicles in a charged environment
This week, we’re delighted to share our latest communication guide, The Road to Clean: How to message electric vehicles in a charged environment.
Rapid electric vehicle (EV) adoption is essential to eliminating the carbon pollution that…
How to message electric vehicles in a charged environment
This week, we’re delighted to share our latest communication guide, The Road to Clean: How to message electric vehicles in a charged environment.
Rapid electric vehicle (EV) adoption is essential to eliminating the carbon pollution that…
Advantech WebAccess/SCADA | CISA
View CSAF
1. EXECUTIVE SUMMARY
CVSS v4 7.1
ATTENTION: Exploitable remotely/low attack complexity/public exploits are available
Vendor: Advantech
Equipment: WebAccess/SCADA
Vulnerability: SQL Injection
2. RISK EVALUATION
Successful…
CISA and Partners Release Joint Fact Sheet for Leaders on PRC-sponsored Volt Typhoon Cyber Activity…
Today, CISA, the National Security Agency (NSA), Federal Bureau of Investigation (FBI), and other U.S. and international partners are issuing a joint fact sheet, People’s Republic of China State-Sponsored Cyber Activity: Actions for…
Franklin Fueling System EVO 550/5000 | CISA
View CSAF
1. EXECUTIVE SUMMARY
CVSS v4 8.7
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Franklin Fueling System
Equipment: EVO 550, EVO 5000
Vulnerability: Path Traversal
2. RISK EVALUATION
Successful exploitation of…
Vulnerability Summary for the Week of March 11, 2024 | CISA
High Vulnerabilities
Primary
Vendor -- Product
Description
Published
CVSS Score
Source & Patch Info
academylms -- academy_lms_-_elearning_and_online_course_solution_for_wordpress
The Academy LMS -…
Siemens SENTRON 7KM PAC3x20 | CISA
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens'…
Siemens SINEMA Remote Connect Client | CISA
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens'…
Siemens Siveillance Control | CISA
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens'…
Siemens Siveillance Control | CISA
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens'…
Softing edgeConnector | CISA
View CSAF
1. EXECUTIVE SUMMARY
CVSS v3 7.2
ATTENTION: Low attack complexity
Vendor: Softing
Equipment: edgeConnector
Vulnerabilities: Cleartext Transmission of Sensitive Information, Path Traversal
2. RISK EVALUATION
Successful…
Siemens RUGGEDCOM APE1808 with Fortigate NGFW Devices | CISA
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens'…
Siemens SCALANCE XB-200/XC-200/XP-200/XF-200BA/XR-300WG Family | CISA
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens'…
Mitsubishi Electric MELSEC-Q/L Series | CISA
View CSAF
1. EXECUTIVE SUMMARY
CVSS v3 9.8
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Mitsubishi Electric
Equipment: MELSEC-Q/L Series
Vulnerabilities: Incorrect Pointer Scaling, Integer Overflow or Wraparound
2.…
Siemens Sinteso EN Cerberus PRO EN Fire Protection Systems | CISA
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens'…
Siemens SENTRON | CISA
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens'…
Schneider Electric EcoStruxure Power Design | CISA
View CSAF
1. EXECUTIVE SUMMARY
CVSS v3 7.8
ATTENTION: Low Attack Complexity
Vendor: Schneider Electric
Equipment: EcoStruxure Power Design
Vulnerability: Deserialization of Untrusted Data
2. RISK EVALUATION
Successful exploitation of…
Vulnerability Summary for the Week of March 4, 2024 | CISA
High Vulnerabilities
Primary
Vendor -- Product
Description
Published
CVSS Score
Source & Patch Info
acowebs -- pdf_invoices_and_packing_slips_for_woocommerce
The PDF Invoices and Packing Slips For…
Chirp Systems Chirp Access | CISA
View CSAF
1. EXECUTIVE SUMMARY
CVSS v3 9.1
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Chirp Systems
Equipment: Chirp Access
Vulnerability: Use of Hard-coded Credentials
2. RISK EVALUATION
Successful exploitation of…
Nice Linear eMerge E3-Series | CISA
1. EXECUTIVE SUMMARY
CVSS v3 10.0
ATTENTION: Exploitable remotely/low attack complexity/public exploits are available
Vendor: Nice
Equipment: Linear eMerge E3-Series
Vulnerabilities: Path traversal, Cross-site scripting, OS command…
A careful rethinking of the Iraq War
The term “fog of war” expresses the chaos and uncertainty of the battlefield. Often, it is only in hindsight that people can grasp what was unfolding around them.
Now, additional clarity about the Iraq War has arrived in the form of a…
Threat Actors Exploit Multiple Vulnerabilities in Ivanti Connect Secure and Policy Secure Gateways |…
SUMMARY
The Cybersecurity and Infrastructure Security Agency (CISA) and the following partners (hereafter referred to as the authoring organizations) are releasing this joint Cybersecurity Advisory to warn that cyber threat actors are…
CISA and Partners Release Advisory on Threat Actors Exploiting Ivanti Connect Secure and Policy…
Today, CISA and the following partners released joint Cybersecurity Advisory Threat Actors Exploit Multiple Vulnerabilities in Ivanti Connect Secure and Policy Secure Gateways:
Federal Bureau of Investigation (FBI) …
Delta Electronics CNCSoft-B | CISA
View CSAF
1. EXECUTIVE SUMMARY
CVSS v3 7.8
ATTENTION: Low attack complexity
Vendor: Delta Electronics
Equipment: CNCSoft-B
Vulnerability: Stack-based Buffer Overflow
2. RISK EVALUATION
Successful exploitation of this vulnerability…
MicroDicom DICOM Viewer | CISA
View CSAF
1. EXECUTIVE SUMMARY
CVSS v3 7.8
ATTENTION: Low attack complexity
Vendor: MicroDicom
Equipment: DICOM Viewer
Vulnerabilities: Heap-based Buffer Overflow, Out-of-Bounds Write
2. RISK EVALUATION
Successful exploitation of these…
#StopRansomware: Phobos Ransomware | CISA
SUMMARY
Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These…
Vulnerability Summary for the Week of February 19, 2024 | CISA
High Vulnerabilities
Primary
Vendor -- Product
Description
Published
CVSS Score
Source & Patch Info
agronholm -- cbor2
cbor2 provides encoding and decoding for the Concise Binary Object Representation (CBOR) (RFC 8949)…
Mitsubishi Electric Multiple Factory Automation Products | CISA
View CSAF
1. EXECUTIVE SUMMARY
CVSS v3 5.3
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Mitsubishi Electric Corporation
Equipment: MELSEC iQ-F Series
Vulnerability: Insufficient Resource Pool
2. RISK EVALUATION…
SVR Cyber Actors Adapt Tactics for Initial Cloud Access | CISA
How SVR-Attributed Actors are Adapting to the Move of Government and Corporations to Cloud Infrastructure
OVERVIEW
This advisory details recent tactics, techniques, and procedures (TTPs) of the group commonly known as APT29, also known…
Delta Electronics CNCSoft-B DOPSoft | CISA
View CSAF
1. EXECUTIVE SUMMARY
CVSS v3 7.8
ATTENTION: Low attack complexity
Vendor: Delta Electronics
Equipment: CNCSoft-B DOPSoft
Vulnerability: Uncontrolled Search Path Element
2. RISK EVALUATION
Successful exploitation of this…
Vulnerability Summary for the Week of February 12, 2024 | CISA
High Vulnerabilities
Primary
Vendor -- Product
Description
Published
CVSS Score
Source & Patch Info
9bis -- kitty
KiTTY versions 0.76.1.13 and before is vulnerable to command injection via the filename variable, occurs due to…
Ethercat Zeek Plugin | CISA
View CSAF
1. EXECUTIVE SUMMARY
CVSS v3 9.8
ATTENTION: Exploitable remotely/low attack complexity
Vendor: CISA
Equipment: Industrial Control Systems Network Protocol Parsers (ICSNPP) - Ethercat Plugin for Zeek
Vulnerabilities:…
Mitsubishi Electric Electrical Discharge Machines | CISA
View CSAF
1. EXECUTIVE SUMMARY
CVSS v3 9.8
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Mitsubishi Electric Corporation
Equipment: Electrical discharge machines
Vulnerability: Improper Input Validation
2. RISK EVALUATION…
Commend WS203VICM | CISA
View CSAF
1. EXECUTIVE SUMMARY
CVSS v3 9.4
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Commend
Equipment: WS203VICM
Vulnerabilities: Argument Injection, Improper Access Control, Weak Encoding for Password
2. RISK…
Siemens SCALANCE SC-600 Family | CISA
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens'…
Siemens SIMATIC WinCC, OpenPCS | CISA
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens'…
Siemens Location Intelligence | CISA
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens'…
Siemens SINEC NMS | CISA
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens'…
Siemens CP343-1 Devices | CISA
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens'…