1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIMATIC PCS7, WinCC Runtime Professional, WinCC (TIA Portal) Vulnerabilities: SQL Injection, Uncaught Exception, Exposed Dangerous Method 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled ICSA-19-134-08 Siemens SIMATIC…

1. EXECUTIVE SUMMARY CVSS v3 8.4 ATTENTION: Low skill level to exploit Vendor: Philips ——— Begin Update A Part 1 of 3 ———- Equipment: Brilliance CT Scanners and MX8000 Dual EXP ——— End Update A Part 1 of 3 ———- Vulnerabilities: Execution with Unnecessary Privileges, Exposure of Resource to…

1. EXECUTIVE SUMMARY CVSS v3 6.4 ATTENTION: Exploitable locally Vendor: Siemens Equipment: Industrial Products Vulnerability: Improper privilege management 2. UPDATE INFORMATION This updated advisory is a follow-up to the updated advisory titled ICSA-16-313-02 Siemens Industrial Products Local Privilege Escalation Vulnerability (Update H) that was published June 14, 2018, on…

1. EXECUTIVE SUMMARY CVSS v3 9.6 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: SMA Solar Technology AG Equipment: Sunny WebBox Vulnerability: Cross-Site Request Forgery 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to generate a denial-of-service condition, modify passwords, enable services, achieve man-in-the-middle, and…

1. EXECUTIVE SUMMARY CVSS v3 6.8 ATTENTION: Low skill level to exploit Vendor: GE Equipment: Mark VIe Controller Vulnerabilities: Improper Authorization, Use of Hard-coded Credentials 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to create read/write/execute commands within the Mark VIe control system. 3. TECHNICAL…

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIMATIC WinAC RTX (F) 2010 Vulnerability: Uncontrolled Resource Consumption 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to perform a denial-of-service attack that could compromise the availability of the…

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: Industrial Products Vulnerabilities: Integer Overflow or Wraparound, Uncontrolled Resource Consumption 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-19-253-03 Siemens Industrial Products that was published September 10,…

1. EXECUTIVE SUMMARY CVSS v3 7.6 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Becton, Dickinson and Company (BD) Equipment: Pyxis Vulnerability: Session Fixation 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-19-248-01 BD Pyxis that was published September 5, 2019, on the…

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: CP, SIMATIC, SIMOCODE, SINAMICS, SITOP, and TIM Vulnerability: Out-of-bounds Read 2. UPDATE INFORMATION This updated advisory is a follow-up to the updated advisory titled ICSA-19-099-06 Siemens CP, SIMATIC, SIMOCODE, SINAMICS, SITOP, and TIM…

1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable from an adjacent network Vendor: Siemens Equipment: SIMATIC, SINUMERIK, and PROFINET IO Vulnerability: Improper Input Validation 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled ICSA-18-079-02 Siemens SIMATIC, SINUMERIK, and PROFINET IO (Update C) that was…