Stay connected

Trending News

Luxion KeyShot (Update A)
ICS, News, Vulnerabilities

Luxion KeyShot (Update A) 

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: Luxion Equipment: KeyShot products Vulnerabilities: Out-of-bounds Write, Out-of-bounds Read, Insufficient UI Warning of Dangerous Operations, Untrusted Pointer Dereference, Path Traversal 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-21-035-01 Luxion…

TCP/IP Stack Vulnerabilities–AMNESIA:33 in SENTRON PAC / 3VA Devices
ICS, News, Vulnerabilities

TCP/IP Stack Vulnerabilities–AMNESIA:33 in SENTRON PAC / 3VA Devices 

1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SENTRON 3VA COM100/800, SENTRON 3VA DSP800, SENTRON PAC2200, SENTRON PAC3200T, SENTRON PAC3200, SENTRON PAC3220, SENTRON PAC4200 Vulnerabilities: Out-of-bounds Read, Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of these vulnerabilities could cause a denial-of-service…

Siemens TCP Stack of SIMATIC MV400
ICS, News, Vulnerabilities

Siemens TCP Stack of SIMATIC MV400 

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIMATIC MV400 Vulnerabilities: Improper Validation of Specified Index, Position, or Offset in Input; Use of Insufficiently Random Values 2. RISK EVALUATION Successful exploitation of these vulnerabilities could cause a denial-of-service condition or affect…

Siemens Energy PLUSCONTROL 1st Gen
ICS, News, Vulnerabilities

Siemens Energy PLUSCONTROL 1st Gen 

1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: PLUSCONTROL Vulnerability: Predictable Exact Value from Previous Values 2. RISK EVALUATION Successful exploitation of this vulnerability could affect integrity of TCP connections. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports the vulnerability affects…

dnsmasq by Simon Kelley
ICS, News, Vulnerabilities

dnsmasq by Simon Kelley (Update A) 

1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: dnsmasq by Simon Kelley Equipment: dnsmasq Vulnerabilities: Heap-based Buffer Overflow, Insufficient Verification of Data Authenticity, Use of a Broken or Risky Cryptographic Algorithm CISA is aware of a public report, known as “DNSpooq” that details…

Siemens UMC Stack
ICS, News, Vulnerabilities

Siemens UMC Stack (Update F) 

1. EXECUTIVE SUMMARY CVSS v3 6.7 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: UMC Stack Vulnerabilities: Unquoted Search Path or Element, Uncontrolled Resource Consumption, Improper Input Validation 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled ICSA-20-196-05 Siemens UMC Stack (Update…

Siemens PROFINET-IO Stack
ICS, News, Vulnerabilities

Siemens PROFINET-IO Stack (Update D) 

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: Siemens PROFINET-IO Stack Vulnerability: Uncontrolled Resource Consumption 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled ICSA-20-042-04 Siemens PROFINET-IO Stack (Update C) that was published February 9, 2021,…

Siemens SINEMA Remote Connect
ICS, News, Vulnerabilities

Siemens SINEMA Remote Connect (Update A) 

1. EXECUTIVE SUMMARY CVSS v3 8.3 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SINEMA Remote Connect (Client and Server) Vulnerabilities: Incorrect Calculation of Buffer Size, Out-of-bounds Read, Stack-based Buffer Overflow, Improper Handling of Insufficient Permissions 2. UPDATE INFORMATION This updated advisory is a follow-up to the…

Siemens Industrial Products
ICS, News, Vulnerabilities

Siemens Industrial Products (Update Q) 

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Remotely exploitable/low skill level to exploit Vendor: Siemens Equipment: Industrial Products Vulnerability: Improper Input Validation 2. UPDATE INFORMATION This updated advisory is a follow-up to the updated advisory titled ICSA-17-339-01 Siemens Industrial Products (Update P) published August 11,…