1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: OSIsoft Equipment: PI Interface Vulnerability: Numeric Errors 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker-controlled OPC XML-DA Server to respond with a crafted XML message and exploit the PI Interface for…

1. EXECUTIVE SUMMARY CVSS v3 7.7 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: OSIsoft Equipment: PI Vision 2020 Vulnerabilities: Cross-site Scripting, Incorrect Authorization 2. RISK EVALUATION Successful exploitation of these vulnerabilities may allow a remote attacker with write access to the PI ProcessBook files to inject code that…

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Schneider Electric Equipment: PLC Simulator for EcoStruxure Control Expert Vulnerability: Improper Check for Unusual or Exceptional Conditions 2. RISK EVALUATION Successful exploitation of this vulnerability could cause a denial-of-service condition, which could result in a…

1. EXECUTIVE SUMMARY CVSS v3 5.9 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: SIMATIC S7-300 CPUs and SINUMERIK Controller Vulnerability: Uncontrolled Resource Consumption 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports the…

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SCALANCE W 1750D Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to achieve remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions…

1. EXECUTIVE SUMMARY CVSS v3 5.9 ATTENTION: Low skill level to exploit Vendor: Siemens Equipment: SIMATIC S7-300 and S7-400 CPUs Vulnerability: Insufficiently Protected Credentials 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled ICSA-20-252-02 Siemens SIMATIC S7-300 and S7-400 CPUs (Update B) that was…

1. EXECUTIVE SUMMARY CVSS v3 6.7 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: UMC Stack Vulnerabilities: Unquoted Search Path or Element, Uncontrolled Resource Consumption, Improper Input Validation 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled ICSA-20-196-05 Siemens UMC Stack (Update…

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Mitsubishi Electric Equipment: GT14 model of GOT1000 Series  Vulnerabilities: Improper Restriction of Operations within the Bounds of a Memory Buffer, Session Fixation, NULL Pointer Dereference, Improper Access Control, Argument Injection, Resource Management Errors 2. RISK…

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: WECON Equipment: PLC Editor Vulnerabilities: Stack-based Buffer Overflow, Heap-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute code under the privileges of the application. 3. TECHNICAL DETAILS 3.1…

1. EXECUTIVE SUMMARY CVSS v3 8.3 ATTENTION: Low skill level to exploit Vendor: Mitsubishi Electric Equipment: Mitsubishi Electric, Factory Automation Engineering products Vulnerability: Unquoted Search Path or Element 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-20-212-04 Mitsubishi Electric Factory Automation Engineering Products…