JTEKT TOYOPUC PLC
1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable from an adjacent network/low attack complexity Vendor: JTEKT Corporation Equipment: TOYOPUC PLC Vulnerability: Improper Restriction of Operations within the Bounds of a Memory Buffer 2. RISK EVALUATION Successful exploitation of this vulnerability could crash the device being accessed. 3. TECHNICAL…
Siemens SCALANCE X Switches (Update B)
1. EXECUTIVE SUMMARY CVSS v3 4.2 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SCALANCE X switches Vulnerability: Protection Mechanism Failure 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled ICSA-20-042-07 Siemens SCALANCE X Switches (Update A) that was published February 9,…
Mitsubishi Electric Multiple Products (Update A)
1. EXECUTIVE SUMMARY CVSS v3 7.3 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Mitsubishi Electric Equipment: Multiple Products Vulnerability: Predictable Exact Value from Previous Values 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-20-245-01 Mitsubishi Electric Multiple Products that was published September…
Siemens SCALANCE & SIMATIC (Update A)
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SCALANCE, SIMATIC Vulnerability: Resource Exhaustion 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-20-105-07 Siemens SCALANCE & SIMATIC that was published April 14, 2020 on the ICS…
Mitsubishi Electric MC Works64, MC Works32
1. EXECUTIVE SUMMARY CVSS v3 9.4 ATTENTION: Exploitable remotely Vendor: Mitsubishi Electric Equipment: MC Works64, MC Works32 Vulnerabilities: Out-of-bounds Write, Deserialization of Untrusted Data, Code Injection 2. RISK EVALUATION Successful exploitation of these vulnerabilities may allow remote code execution, a denial-of-service condition, information disclosure, or information tampering. 3. TECHNICAL…
Medtronic Conexus Radio Frequency Telemetry Protocol (Update B)
1. EXECUTIVE SUMMARY CVSS v3 9.3 ATTENTION: Exploitable with adjacent access/low skill level to exploit Vendor: Medtronic Equipment: MyCareLink Monitor, CareLink Monitor, CareLink 2090 Programmer, specific Medtronic implanted cardiac devices listed below Vulnerabilities: Improper Access Control, Cleartext Transmission of Sensitive Information 2. UPDATE INFORMATION This updated advisory is a…
Siemens SIPROTEC 5 and DIGSI 5 (Update C)
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely; low skill level to exploit Vendor: Siemens Equipment: SIPROTEC 5 and DIGSI 5 Vulnerabilities: Improper Input Validation 2 UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-19-190-05 Siemens SIPROTEC 5 and DIGSI 5 (Update B) that…
Siemens PROFINET Devices (Update E)
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: PROFINET Devices Vulnerability: Uncontrolled Resource Consumption 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled ICSA-19-283-02 Siemens PROFINET Devices (Update D) that was published March 10, 2020, to…
Delta Electronics Industrial Automation CNCSoft ScreenEditor
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: Delta Electronics Equipment: Delta Industrial Automation CNCSoft ScreenEditor Vulnerabilities: Stack-based Buffer Overflow, Out-of-bounds Read 2. RISK EVALUATION Successful exploitation of these vulnerabilities could cause buffer overflow conditions that may allow information disclosure, remote code execution, or…
Synergy Systems & Solutions HUSKY RTU
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Synergy Systems & Solutions (SSS) Equipment: HUSKY RTU Vulnerabilities: Improper Authentication, Improper Input Validation 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to read sensitive information, execute arbitrary code, or cause…
Stay connected