Siemens S7-400 CPUs (Update A)
1. EXECUTIVE SUMMARY CVSS v3 8.2 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: S7-400 CPUs Vulnerabilities: Improper Input Validation 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-18-317-02 Siemens S7-400 CPUs that was published November 13, 2018, on the NCCIC/ICS-CERT…
WIBU SYSTEMS AG WibuKey Digital Rights Management (Update D)
1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit/public exploits available Vendor: WIBU-SYSTEMS AG Equipment: WibuKey Digital Rights Management (DRM) Vulnerabilities: Information Exposure, Out-of-bounds Write, Heap-based Buffer Overflow 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled ICSA-19-043-03 Siemens Licensing…
Siemens CP, SIMATIC, SIMOCODE, SINAMICS, SITOP, and TIM (Update A)
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: CP, SIMATIC, SIMOCODE, SINAMICS, SITOP, and TIM Vulnerability: Out-of-bounds Read 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-19-099-06 Siemens CP, SIMATIC, SIMOCODE, SINAMICS, SITOP, and TIM…
Fuji Electric Alpha7 PC Loader
1. EXECUTIVE SUMMARY CVSS v3 3.3 ATTENTION: Low skill level to exploit Vendor: Fuji Electric Equipment: Alpha7 PC Loader Vulnerability: Out-of-bounds Read 2. RISK EVALUATION Successful exploitation of this vulnerability could crash the device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Alpha7 PC Loader, a motor…
Schneider Electric Modicon Controllers
1. EXECUTIVE SUMMARY CVSS v3 5.4 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Schneider Electric Equipment: Modicon M580, Modicon M340, Modicon Premium, and Modicon Quantum Vulnerability: Use of Insufficiently Random Values 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to hijack TCP connections or…
Siemens Industrial Products with OPC UA (Update A)
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIMATIC, SINEC-NMS, SINEMA, SINEMURIK Industrial Control Products with OPC UA Vulnerability: Uncaught Exception 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-19-099-03 Siemens Industrial Products with OPC…
Siemens SIMATIC PCS 7, WinCC, TIA Portal
1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIMATIC PCS 7, WinCC Runtime Professional, WinCC (TIA Portal) Vulnerabilities: SQL Injection, Uncaught Exception, Exposed Dangerous Method 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary commands…
Siemens SCALANCE W1750D
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SCALANCE W1750D Vulnerabilities: Command Injection, Information Exposure, Cross-site Scripting 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker execute arbitrary commands within the underlying operating system, discover sensitive information, take…
Siemens SINAMICS PERFECT HARMONY GH180 Fieldbus Networ
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SINAMICS PERFECT HARMONY GH180 Fieldbus Network Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could cause a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens has determined this…
Siemens SINAMICS PERFECT HARMONY GH180 Drives NXG I and NXG II
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SINAMICS PERFECT HARMONY GH180 Drives NXG I and NXG II Vulnerability: Uncontrolled Resource Consumption 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker with access to the Ethernet Modbus Interface…
Stay connected