Siemens SCALANCE X Switches (Update B)
1. EXECUTIVE SUMMARY CVSS v3 4.2 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SCALANCE X switches Vulnerability: Protection Mechanism Failure 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled ICSA-20-042-07 Siemens SCALANCE X Switches (Update A) that was published February 9,…
Mitsubishi Electric Multiple Products (Update A)
1. EXECUTIVE SUMMARY CVSS v3 7.3 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Mitsubishi Electric Equipment: Multiple Products Vulnerability: Predictable Exact Value from Previous Values 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-20-245-01 Mitsubishi Electric Multiple Products that was published September…
Siemens SCALANCE & SIMATIC (Update A)
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SCALANCE, SIMATIC Vulnerability: Resource Exhaustion 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-20-105-07 Siemens SCALANCE & SIMATIC that was published April 14, 2020 on the ICS…
Mitsubishi Electric MC Works64, MC Works32
1. EXECUTIVE SUMMARY CVSS v3 9.4 ATTENTION: Exploitable remotely Vendor: Mitsubishi Electric Equipment: MC Works64, MC Works32 Vulnerabilities: Out-of-bounds Write, Deserialization of Untrusted Data, Code Injection 2. RISK EVALUATION Successful exploitation of these vulnerabilities may allow remote code execution, a denial-of-service condition, information disclosure, or information tampering. 3. TECHNICAL…
Medtronic Conexus Radio Frequency Telemetry Protocol (Update B)
1. EXECUTIVE SUMMARY CVSS v3 9.3 ATTENTION: Exploitable with adjacent access/low skill level to exploit Vendor: Medtronic Equipment: MyCareLink Monitor, CareLink Monitor, CareLink 2090 Programmer, specific Medtronic implanted cardiac devices listed below Vulnerabilities: Improper Access Control, Cleartext Transmission of Sensitive Information 2. UPDATE INFORMATION This updated advisory is a…
Siemens SIPROTEC 5 and DIGSI 5 (Update C)
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely; low skill level to exploit Vendor: Siemens Equipment: SIPROTEC 5 and DIGSI 5 Vulnerabilities: Improper Input Validation 2 UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-19-190-05 Siemens SIPROTEC 5 and DIGSI 5 (Update B) that…
Siemens PROFINET Devices (Update E)
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: PROFINET Devices Vulnerability: Uncontrolled Resource Consumption 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled ICSA-19-283-02 Siemens PROFINET Devices (Update D) that was published March 10, 2020, to…
Delta Electronics Industrial Automation CNCSoft ScreenEditor
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: Delta Electronics Equipment: Delta Industrial Automation CNCSoft ScreenEditor Vulnerabilities: Stack-based Buffer Overflow, Out-of-bounds Read 2. RISK EVALUATION Successful exploitation of these vulnerabilities could cause buffer overflow conditions that may allow information disclosure, remote code execution, or…
Synergy Systems & Solutions HUSKY RTU
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Synergy Systems & Solutions (SSS) Equipment: HUSKY RTU Vulnerabilities: Improper Authentication, Improper Input Validation 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to read sensitive information, execute arbitrary code, or cause…
ENTTEC Lighting Controllers
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: ENTTEC Equipment: Datagate MK2, Storm 24, Pixelator Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability could reboot this device allowing a continual denial of service condition. 3. TECHNICAL DETAILS…
Stay connected