Browsing Category
Cybersecurity and malware
Delta Electronics CNCSoft-B DOPSoft | CISA
View CSAF
1. EXECUTIVE SUMMARY
CVSS v3 7.8
ATTENTION: Low attack complexity
Vendor: Delta Electronics
Equipment: CNCSoft-B DOPSoft
Vulnerability: Uncontrolled Search Path Element
2. RISK EVALUATION
Successful exploitation of this…
Vulnerability Summary for the Week of February 12, 2024 | CISA
High Vulnerabilities
Primary
Vendor -- Product
Description
Published
CVSS Score
Source & Patch Info
9bis -- kitty
KiTTY versions 0.76.1.13 and before is vulnerable to command injection via the filename variable, occurs due to…
Ethercat Zeek Plugin | CISA
View CSAF
1. EXECUTIVE SUMMARY
CVSS v3 9.8
ATTENTION: Exploitable remotely/low attack complexity
Vendor: CISA
Equipment: Industrial Control Systems Network Protocol Parsers (ICSNPP) - Ethercat Plugin for Zeek
Vulnerabilities:…
Mitsubishi Electric Electrical Discharge Machines | CISA
View CSAF
1. EXECUTIVE SUMMARY
CVSS v3 9.8
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Mitsubishi Electric Corporation
Equipment: Electrical discharge machines
Vulnerability: Improper Input Validation
2. RISK EVALUATION…
Commend WS203VICM | CISA
View CSAF
1. EXECUTIVE SUMMARY
CVSS v3 9.4
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Commend
Equipment: WS203VICM
Vulnerabilities: Argument Injection, Improper Access Control, Weak Encoding for Password
2. RISK…
Siemens SCALANCE SC-600 Family | CISA
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens'…
Siemens SIMATIC WinCC, OpenPCS | CISA
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens'…
Siemens Location Intelligence | CISA
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens'…
Siemens SINEC NMS | CISA
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens'…
Siemens CP343-1 Devices | CISA
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens'…
Siemens Polarion ALM | CISA
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens'…
Siemens Simcenter Femap | CISA
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens'…
Siemens SIMATIC RTLS Gateways | CISA
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens'…
Threat Actor Leverages Compromised Account of Former Employee to Access State Government…
SUMMARY
The Cybersecurity and Infrastructure Security Agency (CISA) and the Multi-State Information Sharing & Analysis Center (MS-ISAC) conducted an incident response assessment of a state government organization’s network…
Siemens SCALANCE XCM-/XRM-300 | CISA
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens'…
Siemens Unicam FX | CISA
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens'…
Siemens SIDIS Prime | CISA
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens'…
Siemens SCALANCE W1750D | CISA
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens'…
Mitsubishi Electric MELSEC iQ-R Series Safety CPU | CISA
View CSAF
1. EXECUTIVE SUMMARY
CVSS v3 6.5
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Mitsubishi Electric
Equipment: MELSEC iQ-R Series Safety CPU and SIL2 Process CPU Module
Vulnerability: Incorrect Privilege…
Vulnerability Summary for the Week of February 5, 2024 | CISA
High Vulnerabilities
Primary
Vendor -- Product
Description
Published
CVSS Score
Source & Patch Info
allegro_ai -- clearml
Lack of authentication in all versions of the fileserver component of Allegro AI's ClearML platform…
Qolsys IQ Panel 4, IQ4 HUB | CISA
View CSAF
1. EXECUTIVE SUMMARY
CVSS v3 7.3
ATTENTION: Low attack complexity
Vendor: Qolsys, Inc.
Equipment: IQ Panel 4, IQ4 Hub
Vulnerability: Exposure of Sensitive Information to an Unauthorized Actor
2. RISK EVALUATION
Successful…
MAR-10448362-1.v1 Volt Typhoon | CISA
Notification
This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained herein. The DHS does not endorse any…
CISA and Partners Release Advisory on PRC-sponsored Volt Typhoon Activity and Supplemental Living…
Today, CISA, the National Security Agency (NSA), and the Federal Bureau of Investigation (FBI) released a joint Cybersecurity Advisory (CSA), PRC State-Sponsored Actors Compromise and Maintain Persistent Access to U.S. Critical…
PRC State-Sponsored Actors Compromise and Maintain Persistent Access to U.S. Critical Infrastructure…
SUMMARY
The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Federal Bureau of Investigation (FBI) assess that People’s Republic of China (PRC) state-sponsored cyber actors are seeking to…
HID Global Encoders | CISA
View CSAF
1. EXECUTIVE SUMMARY
CVSS v3 5.9
ATTENTION: Exploitable locally
Vendor: HID Global
Equipment: iCLASS SE, OMNIKEY
Vulnerability: Improper Authorization
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow…
HID Global Reader Configuration Cards | CISA
View CSAF
1. EXECUTIVE SUMMARY
CVSS v3 5.3
ATTENTION: Low attack complexity
Vendor: HID Global
Equipment: Reader Configuration Cards
Vulnerability: Improper Authorization
2. RISK EVALUATION
Successful exploitation of this vulnerability…
Vulnerability Summary for the Week of January 29, 2024 | CISA
High Vulnerabilities
Primary
Vendor -- Product
Description
Published
CVSS Score
Source & Patch Info
60indexpage_project -- 60indexpage
A vulnerability classified as critical has been found in 60IndexPage up to 1.8.5. This…
Gessler GmbH WEB-MASTER | CISA
View CSAF
1. EXECUTIVE SUMMARY
CVSS v3 9.8
ATTENTION: Exploitable Remotely/Low attack complexity
Vendor: Gessler GmbH
Equipment: WEB-MASTER
Vulnerabilities: Use of Weak Credentials, Use of Weak Hash
2. RISK EVALUATION
Successful…
AVEVA Edge products (formerly known as InduSoft Web Studio) | CISA
View CSAF
1. EXECUTIVE SUMMARY
CVSS v3 7.3
ATTENTION: Low attack complexity
Vendor: AVEVA
Equipment: AVEVA Edge products (formerly known as InduSoft Web Studio)
Vulnerability: Uncontrolled Search Path Element
2. RISK EVALUATION…
Updated: New Software Updates and Mitigations to Defend Against Exploitation of Ivanti Connect…
Note: CISA will update this Alert with more information as it becomes available.
Updated Jan. 31, 2024:
CISA urges organizations to follow the updated guidance—including software updates—that Ivanti has published to their KB article,…
CISA and FBI Release Secure by Design Alert Urging Manufacturers to Eliminate Defects in SOHO…
Today, CISA and the Federal Bureau of Investigation (FBI) published guidance on Security Design Improvements for SOHO Device Manufacturers as a part of the new Secure by Design (SbD) Alert series that focuses on how manufacturers should…
Emerson Rosemount GC370XA, GC700XA, GC1500XA | CISA
View CSAF
1. EXECUTIVE SUMMARY
CVSS v3 9.8
ATTENTION: Exploitable remotely
Vendor: Emerson
Equipment: Rosemount GC370XA, GC700XA, GC1500XA
Vulnerabilities: Command Injection, Improper Authentication, Improper Authorization
2. RISK…
New Mitigations to Defend Against Exploitation of Ivanti Connect Secure and Policy Secure Gateways |…
CISA is releasing this alert to provide cyber defenders with new mitigations to defend against threat actors exploiting Ivanti Connect Secure and Policy Secure Gateways vulnerabilities in Ivanti devices (CVE-2023-46805 and…
Hitron Systems Security Camera DVR | CISA
View CSAF
1. EXECUTIVE SUMMARY
CVSS v3 8.1
ATTENTION: Exploitable remotely/low attack complexity/public exploits are available/known public exploitation
Vendor: Hitron Systems
Equipment: DVR
Vulnerability: Improper Input Validation
2.…
Rockwell Automation LP30/40/50 and BM40 Operator Interface | CISA
View CSAF
1. EXECUTIVE SUMMARY
CVSS v3 8.8
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Rockwell Automation
Equipment: LP30, LP40, LP50, and BM40 Operator Panels
Vulnerability: Improper Validation of Consistency within…
Rockwell Automation ControlLogix and GuardLogix | CISA
View CSAF
1. EXECUTIVE SUMMARY
CVSS v3 8.6
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Rockwell Automation
Equipment: ControlLogix, GuardLogix
Vulnerability: Improper Restriction of Operations within the Bounds of a…
Rockwell Automation FactoryTalk Service Platform | CISA
View CSAF
1. EXECUTIVE SUMMARY
CVSS v3 9.8
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Rockwell Automation
Equipment: FactoryTalk Service Platform
Vulnerability: Improper Verification of Cryptographic Signature
2. RISK…
Mitsubishi Electric MELSEC WS Series Ethernet Interface Module | CISA
View CSAF
1. EXECUTIVE SUMMARY
CVSS v3 5.9
ATTENTION: Exploitable remotely
Vendor: Mitsubishi Electric
Equipment: MELSEC WS Series
Vulnerability: Authentication Bypass by Capture-replay
2. RISK EVALUATION
Successful exploitation of this…
Vulnerability Summary for the Week of January 22, 2024 | CISA
High Vulnerabilities
Primary
Vendor -- Product
Description
Published
CVSS Score
Source & Patch Info
60indexpage -- 60indexpage
A vulnerability classified as critical has been found in 60IndexPage up to 1.8.5. This affects…
Opteev MachineSense FeverWarn | CISA
View CSAF
1. EXECUTIVE SUMMARY
CVSS v3 10.0
ATTENTION: Exploitable remotely/low attack complexity
Vendor: MachineSense LLC.
Equipment: MachineSense FeverWarn
Vulnerabilities: Missing Authentication for Critical Function, Use of…
SystemK NVR 504/508/516 | CISA
View CSAF
1. EXECUTIVE SUMMARY
CVSS v3 9.8
ATTENTION: Exploitable remotely/low attack complexity/public exploits are available
Vendor: SystemK
Equipment: NVR 504/508/516
Vulnerability: Command Injection
2. RISK EVALUATION
Successful…
Lantronix XPort | CISA
View CSAF
1. EXECUTIVE SUMMARY
CVSS v3 5.7
ATTENTION: Low attack complexity
Vendor: Lantronix
Equipment: XPort
Vulnerability: Weak Encoding for Password
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an…
Voltronic Power ViewPower Pro | CISA
View CSAF
1. EXECUTIVE SUMMARY
CVSS v3 9.8
ATTENTION: Exploitable remotely/Low attack complexity
Vendor: Voltronic Power
Equipment: ViewPower Pro
Vulnerabilities: Deserialization of Untrusted Data, Missing Authentication for Critical…
APsystems Energy Communication Unit (ECU-C) Power Control Software | CISA
View CSAF
1. EXECUTIVE SUMMARY
CVSS v3 8.8
ATTENTION: Exploitable via adjacent network / low attack complexity
Vendor: APsystems
Equipment: Energy communication Unit (ECU-C) Power Control Software
Vulnerability: Improper Access Control…
Westermo Lynx 206-F2G | CISA
View CSAF
1. EXECUTIVE SUMMARY
CVSS v3 8.0
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Westermo
Equipment: Lynx 206-F2G
Vulnerabilities: Cross-site Scripting, Code Injection, Cross-Origin Resource Sharing, Cleartext…
Orthanc Osimis DICOM Web Viewer | CISA
View CSAF
1. EXECUTIVE SUMMARY
CVSS v3 7.1
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Orthanc
Equipment: Osimis Web Viewer
Vulnerability: Cross-site Scripting
2. RISK EVALUATION
Successful exploitation of this…
Crestron AM-300 | CISA
View CSAF
1. EXECUTIVE SUMMARY
CVSS v3 8.4
ATTENTION: Low attack complexity
Vendor: Crestron
Equipment: AM-300
Vulnerability: OS Command Injection
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an attacker…
Vulnerability Summary for the Week of January 15, 2024 | CISA
High Vulnerabilities
Primary
Vendor -- Product
Description
Published
CVSS Score
Source & Patch Info
argoproj -- argo-cd
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. The Argo CD API prior to versions…
SEW-EURODRIVE MOVITOOLS MotionStudio | CISA
View CSAF
1. EXECUTIVE SUMMARY
CVSS v3 5.5
ATTENTION: Low attack complexity
Vendor: SEW-EURODRIVE
Equipment: MOVITOOLS MotionStudio
Vulnerability: Improper Restriction of XML EXTERNAL Entity Reference
2. RISK EVALUATION
Successful…
Integration Objects OPC UA Server Toolkit | CISA
View CSAF
1. EXECUTIVE SUMMARY
CVSS v3 5.3
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Integration Objects
Equipment: OPC UA Server Toolkit
Vulnerability: Improper Output Neutralization for Logs
2. RISK EVALUATION…