Stay connected

Trending News

Siemens TCP Stack of SIMATIC MV400
ICS, News, Vulnerabilities

Siemens TCP Stack of SIMATIC MV400 

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIMATIC MV400 Vulnerabilities: Improper Validation of Specified Index, Position, or Offset in Input; Use of Insufficiently Random Values 2. RISK EVALUATION Successful exploitation of these vulnerabilities could cause a denial-of-service condition or affect…

Siemens Energy PLUSCONTROL 1st Gen
ICS, News, Vulnerabilities

Siemens Energy PLUSCONTROL 1st Gen 

1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: PLUSCONTROL Vulnerability: Predictable Exact Value from Previous Values 2. RISK EVALUATION Successful exploitation of this vulnerability could affect integrity of TCP connections. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports the vulnerability affects…

dnsmasq by Simon Kelley
ICS, News, Vulnerabilities

dnsmasq by Simon Kelley (Update A) 

1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: dnsmasq by Simon Kelley Equipment: dnsmasq Vulnerabilities: Heap-based Buffer Overflow, Insufficient Verification of Data Authenticity, Use of a Broken or Risky Cryptographic Algorithm CISA is aware of a public report, known as “DNSpooq” that details…

Siemens UMC Stack
ICS, News, Vulnerabilities

Siemens UMC Stack (Update F) 

1. EXECUTIVE SUMMARY CVSS v3 6.7 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: UMC Stack Vulnerabilities: Unquoted Search Path or Element, Uncontrolled Resource Consumption, Improper Input Validation 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled ICSA-20-196-05 Siemens UMC Stack (Update…

Siemens KTK, SIDOOR, SIMATIC, and SINAMICS
News, Vulnerabilities

Siemens KTK, SIDOOR, SIMATIC, and SINAMICS (UpdateB) 

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: KTK, SIDOOR, SIMATIC, and SINAMICS Vulnerability: Uncontrolled Resource Consumption 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled ICSA-20-105-08 Siemens KTK, SIDOOR, SIMATIC, and SINAMICS (Update A) that…

Siemens PROFINET-IO Stack
ICS, News, Vulnerabilities

Siemens PROFINET-IO Stack (Update D) 

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: Siemens PROFINET-IO Stack Vulnerability: Uncontrolled Resource Consumption 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled ICSA-20-042-04 Siemens PROFINET-IO Stack (Update C) that was published February 9, 2021,…

Siemens SINEMA Remote Connect
ICS, News, Vulnerabilities

Siemens SINEMA Remote Connect (Update A) 

1. EXECUTIVE SUMMARY CVSS v3 8.3 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SINEMA Remote Connect (Client and Server) Vulnerabilities: Incorrect Calculation of Buffer Size, Out-of-bounds Read, Stack-based Buffer Overflow, Improper Handling of Insufficient Permissions 2. UPDATE INFORMATION This updated advisory is a follow-up to the…

Siemens Industrial Products
ICS, News, Vulnerabilities

Siemens Industrial Products (Update Q) 

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Remotely exploitable/low skill level to exploit Vendor: Siemens Equipment: Industrial Products Vulnerability: Improper Input Validation 2. UPDATE INFORMATION This updated advisory is a follow-up to the updated advisory titled ICSA-17-339-01 Siemens Industrial Products (Update P) published August 11,…

Siemens PROFINET DCP
ICS, News, Vulnerabilities

Siemens PROFINET DCP (Update S) 

1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable from an adjacent network/low skill level to exploit. Vendor: Siemens Equipment: Devices using the PROFINET Discovery and Configuration Protocol (DCP) Vulnerabilities: Improper Input Validation 2. UPDATE INFORMATION This updated advisory is a follow-up to the updated advisory…