1. EXECUTIVE SUMMARY CVSS v3 7.6 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Becton, Dickinson and Company (BD) Equipment: Pyxis Vulnerability: Session Fixation 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-19-248-01 BD Pyxis that was published September 5, 2019, on the…

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: CP, SIMATIC, SIMOCODE, SINAMICS, SITOP, and TIM Vulnerability: Out-of-bounds Read 2. UPDATE INFORMATION This updated advisory is a follow-up to the updated advisory titled ICSA-19-099-06 Siemens CP, SIMATIC, SIMOCODE, SINAMICS, SITOP, and TIM…

1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable from an adjacent network Vendor: Siemens Equipment: SIMATIC, SINUMERIK, and PROFINET IO Vulnerability: Improper Input Validation 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled ICSA-18-079-02 Siemens SIMATIC, SINUMERIK, and PROFINET IO (Update C) that was…

  1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Remotely exploitable/low skill level to exploit Vendor: Siemens Equipment: Industrial Products Vulnerability: Improper Input Validation 2. UPDATE INFORMATION This updated advisory is a follow-up to the updated advisory titled ICSA-17-339-01 Siemens Industrial Products (Update M) published March…

1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable from an adjacent network/low skill level to exploit. Vendor: Siemens Equipment: Devices using the PROFINET Discovery and Configuration Protocol (DCP) Vulnerabilities: Improper Input Validation 2. UPDATE INFORMATION This updated advisory is a follow-up to the updated advisory…

1. EXECUTIVE SUMMARY CVSS v3 7.2 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Moxa Equipment: EDR 810 Vulnerabilities: Improper Input Validation, Improper Access Control 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow remote code execution or access to sensitive information. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS…

1. EXECUTIVE SUMMARY CVSS v3 8.4 ATTENTION: Low skill level to exploit Vendor: Yokogawa Equipment: Exaopc, Exaplog, Exaquantum, Exasmoc, Exarqe, GA10, and InsightSuiteAE Vulnerability: Unquoted Search Path or Element 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a local attacker to execute malicious files. 3. TECHNICAL DETAILS…

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit/public exploits are available Vendors: ENEA, Green Hills Software, ITRON, IP Infusion, Wind River Equipment: OSE by ENEA, INTEGRITY RTOS by Green Hills Software, ITRON, Zebos by IP Infusion, and VxWorks by Wind River Vulnerabilities: Stack-based Buffer…

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: Tridium Equipment: Niagara Vulnerabilities: Information Exposure, Improper Authorization 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow a local user to escalate their privileges. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Tridium products are…

  1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION: Low skill level to exploit Vendor: Rockwell Automation Equipment: Arena Simulation Software ——— Begin Update B Part 1 of 2 ——— Vulnerabilities: Use After Free, Information Exposure, Type Confusion, Insufficient UI Warning of Dangerous Operations, Access of Uninitialized Pointer ——— End…