Gemalto Sentinel UltraPro
1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Low skill level to exploit Vendor: Gemalto Equipment: Sentinel UltraPro Vulnerability: Uncontrolled Search Path Element 2. RISK EVALUATION Successful exploitation of this vulnerability could allow execution of unauthorized code or commands. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Sentinel…
PEPPERL+FUCHS WirelessHART-Gateways
1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low skill level to exploit/public exploits are available Vendor: PEPPERL+FUCHS Equipment: WirelessHART-Gateways Vulnerability: Path Traversal 2. RISK EVALUATION Successful exploitation of this vulnerability could allow access to files and restricted directories stored on the device through the manipulation of file parameters….
Siemens Industrial Products (Update M)
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Remotely exploitable/low skill level to exploit Vendor: Siemens Equipment: Industrial Products Vulnerability: Improper Input Validation 2. UPDATE INFORMATION This updated advisory is a follow-up to the updated advisory titled ICSA-17-339-01 Siemens Industrial Products (Update L) published February 12,…
Siemens Desigo PXC (Update C)
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: Desigo PXC Vulnerability: Improper Authentication 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled ICSA-18-025-02B Siemens Desigo PXC that was published March 22, 2018, on the NCCIC/ICS-CERT website….
Siemens SIPROTEC 4, SIPROTEC Compact, DIGSI 4, and EN100 Ethernet Module (Update C)
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIPROTEC 4, SIPROTEC Compact, DIGSI 4, and EN100 Ethernet module Vulnerabilities: Missing Authentication for Critical Function, Inadequate Encryption Strength 2. UPDATE INFORMATION This updated advisory is a follow-up to…
Siemens SIMATIC PCS 7, SIMATIC WinCC, SIMATIC WinCC Runtime Professional, and SIMATIC NET PC Software (Update G)
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit. Vendor: Siemens Equipment: SIMATIC PCS 7, SIMATIC WinCC, SIMATIC WinCC Runtime Professional, and SIMATIC NET PC Software Vulnerability: Improper Input Validation 2. UPDATE INFORMATION This updated advisory is a follow-up to the…
Siemens SIMATIC S7 (Update A)
Legal Notice All information products included in http://ics-cert.us-cert.gov are provided “as is” for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product…
Siemens SINUMERIK Controllers (Update A)
1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SINUMERIK Controllers Vulnerabilities: Heap-based Buffer Overflow, Integer Overflow or Wraparound, Protection Mechanism Failure, Permissions, Privileges, and Access Controls, Stack-based Buffer Overflow, Uncaught Exception 2. UPDATE INFORMATION This updated advisory is a follow-up…
A “serious” Windows 0-day is being actively exploited in the wild
Google security officials are advising Windows users to ensure they’re using the latest version 10 of the Microsoft operating system to protect themselves against a “serious” unpatched vulnerability that attackers have been actively exploiting in the wild. Unidentified attackers have been combining an exploit for…
Rockwell Automation RSLinx Classic
All information products included in http://ics-cert.us-cert.gov are provided “as is” for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise….
Stay connected