1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Honeywell Equipment: Performance IP Cameras and Performance NVRs Vulnerability: Information Exposure 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to view device configuration information. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The…

1. EXECUTIVE SUMMARY CVSS v3 6.4 Vendor: Philips Equipment: IntelliVue M3002A X2 MMS Transport Monitor/Module and IntelliVue MP monitors (MP2/X2, MP5, MP20-MP90, MX600, MX700 and MX800) Vulnerabilities: Use of Hard-coded Password, Download of Code Without Integrity Check 2. RISK EVALUATION Successful exploitation of these vulnerabilities may cause corruption…

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: 3S-Smart Software Solutions GmbH Equipment: CODESYS V3 products containing a CODESYS communication server Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could cause a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED…

1    EXECUTIVE SUMMARY ——— Begin Update A ——— CISA is aware of a public report of vulnerabilities with proof-of-concept (PoC) exploit code affecting Mitsubishi Electric Europe B.V. smartRTU (Versions 2.02 and prior) and INEA ME-RTU (Versions 3.0 and prior), remote terminal unit products. According to…

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: Delta Electronics Equipment: TPEditor Vulnerabilities: Stack-based Buffer Overflow, Heap-based Buffer Overflow, Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of these vulnerabilities may allow information disclosure, remote code execution, or may crash the application. 3. TECHNICAL DETAILS…

1. EXECUTIVE SUMMARY CVSS v3 8.0 ATTENTION: Low skill level to exploit Vendor: Siemens Equipment: Siemens Network Planner (SINETPLAN) Vulnerability: Improper Authorization 2. RISK EVALUATION Successful exploitation of this vulnerability could allow information disclosure, code execution, and denial-of-service. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of SINETPLAN,…

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: Industrial Products Vulnerabilities: Integer Overflow or Wraparound, Uncontrolled Resource Consumption 2. RISK EVALUATION Successful exploitation of these vulnerabilities could cause denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports the vulnerabilities affect…

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: IE/WSN-PA Link WirelessHART Gateway Vulnerability: Cross-site Scripting 2. RISK EVALUATION Successful exploitation of this vulnerability could allow information disclosure, code execution, or denial-of-service. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS All versions of IE/WSN-PA Link WirelessHART Gateway are…

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIMATIC TDC CP51M1 Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could create a denial-of-service condition within UDP communication. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of…