Cisco Releases Security Advisories for Multiple Products
Cisco has released security advisories for vulnerabilities affecting multiple Cisco products. A cyber threat actor can exploit some of these vulnerabilities to take control of an affected system or cause a denial-of service condition. CISA encourages users and administrators to review the following advisories and…
Schneider Electric EcoStruxure Products, Modicon PLCs, and Programmable Automation Controllers
Security Assessment of Schneider Electric Products Summary of Findings: During a security assessment of Schneider Electric’s EcoStruxure Products, Modicon PLCs, and Programmable Automation Controllers, several vulnerabilities were discovered. These vulnerabilities involve improper checks for unusual or exceptional conditions and could potentially lead to unauthorized access,…
Hitachi Energy’s AFS65x, AFS67x, AFR67x and AFF66x Products
1. EXECUTIVE SUMMARY 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to disclose sensitive information or lead to a Denial-of-Service (DoS). 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Hitachi Energy’s AFS65x, AFS67x, AFR67x and AFF66x series products, are…
Siemens SIMATIC Cloud Connect 7
1. EXECUTIVE SUMMARY 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following products from Siemens are affected: 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN A COMMAND (‘COMMAND…
Siemens SCALANCE W1750D
1. EXECUTIVE SUMMARY 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to disclose sensitive information or steal the unsuspecting user’s session. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following products from Siemens are affected: 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER INPUT VALIDATION CWE-20…
Hitachi Energy MSM
1. EXECUTIVE SUMMARY 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to obtain user access credentials of the MSM web interface or cause a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Hitachi Energy products are affected: 3.2 VULNERABILITY…
Dataprobe iBoot-PDU (Update A)
1. EXECUTIVE SUMMARY 2. UPDATE OR REPOSTED INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-22-263-03 Dataprobe iBoot-PDU that was published September 20, 2022, on the ICS webpage on cisa.gov/ICS. 3. RISK EVALUATION Successful exploitation of these vulnerabilities could lead to…
Industrial Control Links ScadaFlex II SCADA Controllers
1. EXECUTIVE SUMMARY 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an authenticated attacker to overwrite, delete, or create files. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Industrial Control Links ScadaFlex II SCADA Controllers are affected: 3.2 VULNERABILITY OVERVIEW 3.2.1 EXTERNAL…
Siemens RADIUS Client of SIPROTEC 5 Devices
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens ProductCERT Equipment: RADIUS client of SIPROTEC 5 devices Vulnerability: Loop with Unreachable Exit Condition (‘Infinite Loop’) 2. RISK EVALUATION The RADIUS client implementation of the VxWorks platform in SIPROTEC 5 devices contains a denial-of-service vulnerability that…
Cisco Releases Security Advisory for IOS XR Software
Cisco has released a security advisory for a vulnerability affecting IOS XR Software for ASR 9000 Series Routers. A remote attacker could exploit this vulnerability to cause a denial-of-service condition. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page. CISA encourages users and administrators to…
Stay connected