1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Opto 22 Equipment: SoftPAC Project Vulnerabilities: External Control of File Name or Path, Improper Verification of Cryptographic Signature, Improper Access Control, Uncontrolled Search Path Element, Improper Authorization 2. RISK EVALUATION Successful exploitation of these vulnerabilities…

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Eaton Equipment: Intelligent Power Manager Vulnerabilities: Improper Input Validation, Incorrect Privilege Assignment 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to perform command injection or code execution and allow non-administrator users…

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: OSIsoft Equipment: PI System Vulnerabilities: Uncontrolled Search Path Element, Improper Verification of Cryptographic Signature, Incorrect Default Permissions, Uncaught Exception, Null Pointer Dereference, Improper Input Validation, Cross-site Scripting, Insertion of Sensitive Information into Log File 2….

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Emerson Equipment: Emerson WirelessHART Gateways (1410, 1420 and 1552WU) Vulnerability: Improper Access Control 2. RISK EVALUATION Successful exploitation of this vulnerability could disable the internal gateway firewall. Once the gateway’s firewall is disabled, a malicious…

1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION: Low skill level to exploit Vendor: 3S-Smart Software Solutions GmbH Equipment: CODESYS V3 Library Manager Vulnerability: Cross-site Scripting 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-19-255-02 3S-Smart Software Solutions GmbH CODESYS V3 Library Manager that…

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SINAMICS Vulnerability: Uncontrolled Resource Consumption 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update ICSA-19-227-04 Siemens SINAMICS (Update B) that was published December 10, 2019, to the ICS webpage…

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Advantech Equipment: WebAccess Node Vulnerabilities: Improper Validation of Array Index, Relative Path Traversal, SQL Injection, Stack-based Buffer Overflow, Heap-based Buffer Overflow, Out-of-bounds Read 2. RISK EVALUATION Successful exploitation of these vulnerabilities may allow information disclosure,…