1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Philips Equipment: DreamMapper Vulnerability: Insertion of Sensitive Information into Log File 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker access to the log file information containing descriptive error messages. 3. TECHNICAL…

1. EXECUTIVE SUMMARY CVSS v3 8.3 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Mitsubishi Electric Equipment: Mitsubishi Electric, Factory Automation products Vulnerability: Path Traversal 2. RISK EVALUATION Successful exploitation of this vulnerability may allow an attacker to obtain unauthorized information, tamper the information, and cause a denial-of-service condition….

1. EXECUTIVE SUMMARY CVSS v3 8.3 ATTENTION: Low skill level to exploit Vendor: Mitsubishi Electric Equipment: Mitsubishi Electric, Factory Automation Engineering products Vulnerability: Unquoted Search Path or Element 2. RISK EVALUATION Successful exploitation of this vulnerability may allow an attacker to obtain unauthorized information, modify information, and cause a…

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Secomea Equipment: GateManager Vulnerabilities: Improper Neutralization of Null Byte or NUL Character, Off-by-one Error, Use of Hard-coded Credentials, Use of Password Hash with Insufficient Computational Effort 2. RISK EVALUATION Successful exploitation of these vulnerabilities could…

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Softing Industrial Automation, GmbH Equipment: OPC Vulnerabilities: Heap-based Buffer Overflow, Uncontrolled Resource Consumption 2. RISK EVALUATION Successful exploitation of these vulnerabilities could crash the device being accessed. A buffer-overflow condition may also allow remote code…

1. EXECUTIVE SUMMARY CVSS v3 9.6 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: HMS Industrial Networks AB Equipment: eCatcher Vulnerability: Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could crash the device being accessed. In addition, a buffer overflow condition may allow remote code execution…

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: Delta Electronics Equipment: Delta Industrial Automation DOPSoft Vulnerabilities: Out-of-bounds Read, Heap-based Buffer Overflow 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-20-182-01 Delta Industrial Automation DOPSoft that was published June…

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Schneider Electric Equipment: Triconex TriStation and Triconex Tricon Communication Module Vulnerabilities: Cleartext Transmission of Sensitive Information, Uncontrolled Resource Consumption, Hidden Functionality, Improper Access Control 2. RISK EVALUATION Successful exploitation of these…

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely Vendor: Treck Inc. Equipment: TCP/IP Vulnerabilities: Improper Handling of Length Parameter Inconsistency, Improper Input Validation, Double Free, Out-of-bounds Read, Integer Overflow or Wraparound, Improper Null Termination, Improper Access Control CISA is aware of a public report, known as “Ripple20” that…

1. EXECUTIVE SUMMARY CVSS v3 7.6 ATTENTION: Low skill level to exploit/public exploits are available Vendor: Capsule Technologies Equipment: SmartLinx Neuron 2 Vulnerability: Protection Mechanism Failure 2. RISK EVALUATION Successful exploitation of this vulnerability could provide an attacker with full control of a trusted device on a hospital’s internal…