. EXECUTIVE SUMMARY CVSS v3 7.4 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Schneider Electric Equipment: EcoStruxure Vulnerability: Open Redirect 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to use this device as a platform to conduct a phishing attack. 3. TECHNICAL DETAILS 3.1…

Legal Notice All information products included in http://ics-cert.us-cert.gov are provided “as is” for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product…

1. EXECUTIVE SUMMARY CVSS v3 9.0 ATTENTION: Exploitable remotely/HatMan malware specifically targets these vulnerabilities. Vendor: Schneider Electric Equipment: Triconex Tricon, Model 3008 Vulnerabilities: Improper Restriction of Operations within the Bounds of a Memory Buffer 2. UPDATE INFORMATION This updated advisory is a follow-up to the…

1. EXECUTIVE SUMMARY CVSS v3 6.3 ATTENTION: Exploitable from an adjacent network/low skill level to exploit Vendor: ABB Equipment: M2M ETHERNET Vulnerability: Improper Authentication 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to upload a malicious language file. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following…

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable from an adjacent network/low skill level to exploit Vendor: ABB Equipment: CMS-770 Vulnerabilities: Improper Authentication 2. RISK EVALUATION Successful exploitation of this vulnerability may allow an attacker to read sensitive configuration files that may lead to code execution on the device. 3….

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: TIM 1531 IRC Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to perform arbitrary administrative operations. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The…

1. EXECUTIVE SUMMARY CVSS v3 9.4 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: 3S-Smart Software Solutions GmbH Equipment: CODESYS V3 products Vulnerabilities: Use of Insufficiently Random Values, Improper Restriction of Communication Channel to Intended Endpoints 2. RISK EVALUATION Successful exploitation of these vulnerabilities could…

Legal Notice All information products included in http://ics-cert.us-cert.gov are provided “as is” for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product…

1. EXECUTIVE SUMMARY CVSS v3 7.3 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Advantech Equipment: WebAccess/SCADA Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could cause a stack buffer overflow condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of WebAccess/SCADA, a SCADA…

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: ABB Equipment: GATE-E2 Vulnerabilities: Missing Authentication for Critical Function, Cross-site Scripting 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow unrestricted access to the administrative telnet/web interface of the device, enabling attackers to compromise…