1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Advantech Equipment: ADAM-3600 Vulnerability: Use of Hard-coded Cryptographic Key 2. RISK EVALUATION Successful exploitation of this vulnerability could allow unauthorized access to intercept traffic using the hardcoded key. This could allow an attacker to achieve Web Server…

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Fresenius Kabi Equipment: Agilia Connect Infusion System Vulnerabilities: Uncontrolled Resource Consumption, Use of a Broken or Risky Cryptographic Algorithm, Insufficiently Protected Credentials, Improper Access Control, Plaintext Storage of a Password, Files or Directories Accessible to External Parties,…

1. EXECUTIVE SUMMARY 2. UPDATE INFORMATION This updated advisory is a follow up to the original advisory titled ICSA-21-334-02 Mitsubishi Electric MELSEC and MELIPC Series that was published on November 30, 2021, to the ICS webpage on www.cisa.gov/uscert. 3. RISK EVALUATION Successful exploitation of these…

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: GE Gas Power Equipment: ToolBoxST Vulnerabilities: Improper Restriction of XML External Entity Reference, Path Traversal 2. RISK EVALUATION Successful exploitation of these vulnerabilities could result in data exfiltration or arbitrary write, overwrite, and execution. 3. TECHNICAL DETAILS…

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Delta Electronics Equipment: DOPSoft Vulnerabilities: Out-of-bounds Read 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-21-182-03 Delta Electronics DOPSoft that was published July 1, 2021, on the ICS webpage on us-cert.cisa.gov. 3….

1. EXECUTIVE SUMMARY CVSS v3 5.9 ATTENTION: Exploitable remotely Vendor: Mitsubishi Electric Equipment: GOT Vulnerability: Improper Authentication 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-21-112-02 Mitsubishi Electric GOT that was published April 22, 2021, on the ICS webpage on us-cert.cisa.gov. 3. RISK EVALUATION…

1. EXECUTIVE SUMMARY CVSS v3 8.3 ATTENTION: Exploitable remotely Vendor: Mitsubishi Electric Equipment: Mitsubishi Electric, Factory Automation Engineering products Vulnerability: Unquoted Search Path or Element 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled ICSA-20-212-04 Mitsubishi Electric Factory Automation Engineering Products (Update C) that…

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: MELSEC-F Series Vulnerability: NULL Pointer Dereference 2. RISK EVALUATION Successful exploitation of this vulnerability may cause a denial-of-service condition in communication with the product. System reset may be required for recovery. 3. TECHNICAL DETAILS…

1. EXECUTIVE SUMMARY CVSS v3 6.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Ypsomed Equipment: mylife Cloud, mylife Mobile Application Vulnerabilities: Insufficiently Protected Credentials, Not Using an Unpredictable IV with CBC Mode, Use of Hard-coded Credentials 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to obtain…