1. EXECUTIVE SUMMARY CVSS v3 4.4 ATTENTION: Low skill level to exploit Vendor: Siemens Equipment: SIMARIS configuration Vulnerability: Incorrect Default Permissions 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to gain persistence or escalate privileges within the system. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The…

1. EXECUTIVE SUMMARY CVSS v3 6.2 ATTENTION: Low skill level to exploit Vendor: Siemens Equipment: SIMATIC WinCC and PCS 7 Vulnerability: Authentication Bypass Using an Alternate Path or Channel 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker unauthenticated access to protected files. 3. TECHNICAL…

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: Siemens Equipment: DIGSI 4 Vulnerability: Incorrect Default Permissions 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a low privileged attacker to execute arbitrary code with SYSTEM privileges. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The…

1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: ENTRON 3VA COM100/800, SENTRON 3VA DSP800, SENTRON PAC2200, SENTRON PAC3200T, SENTRON PAC3200, SENTRON PAC4200, SIRIUS 3RW5 Vulnerability: Integer Overflow 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled…

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: Various SCALANCE, SIMATIC, SIPLUS products Vulnerabilities: Data Processing Errors, NULL Pointer Dereference 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled ICSA-20-042-02 Siemens Industrial Products SNMP Vulnerabilities (Update…

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: Industrial Real-Time (IRT) Devices Vulnerability: Improper Input Validation 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled ICSA-19-283-01 Siemens Industrial Real-Time (IRT) Devices (Update D) that was published…

1. EXECUTIVE SUMMARY CVSS v3 6.1 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: Climatix Vulnerability: Cross-site Scripting, Basic XSS 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-20-105-04 Siemens Climatix that was published April 14th, 2020, to the ICS webpage…

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: Luxion Equipment: KeyShot products Vulnerabilities: Out-of-bounds Write, Out-of-bounds Read, Insufficient UI Warning of Dangerous Operations, Untrusted Pointer Dereference, Path Traversal 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-21-035-01 Luxion…

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: Horner Automation Equipment: Cscape Vulnerability: Out-of-bounds Read 2. RISK EVALUATION Successful exploitation of this vulnerability may allow code execution in the context of the current process. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of…

1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIMATIC HMI Comfort Panels, SIMATIC HMI KTP Mobile Panels  Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote attacker to gain full access to…