1. EXECUTIVE SUMMARY CVSS v3 5.9 ATTENTION: Exploitable remotely Vendor: Mitsubishi Electric Equipment: GOT Vulnerability: Improper Authentication 2. RISK EVALUATION Successful exploitation of this vulnerability may allow an attacker to gain unauthorized access. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Mitsubishi Electric reports the vulnerability affects the VNC function of…

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity  Vendor: Delta Electronics Equipment: CNCSoft-B Vulnerabilities: Out-of-bounds Read, Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of these vulnerabilities could lead to arbitrary code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of CNCSoft-B, a software management platform,…

1. EXECUTIVE SUMMARY CVSS v3 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Eaton Equipment: Intelligent Power Manager (IPM) Vulnerabilities: SQL Injection, Eval Injection, Improper Input Validation, Unrestricted Upload of File with Dangerous Type, Code Injection 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow attackers to change certain…

1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Mendix Vulnerability: Improper Privilege Management 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a non-administrative user to gain administrative privileges. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports the vulnerability affects the following…

1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Mitsubishi Electric Equipment: MELSEC iQ-R Series Vulnerability: Resource Exhaustion 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled ICSA-20-161-02 Mitsubishi Electric MELSEC iQ-R series (Update B) that was published November 5, 2020…

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: C-Bus Toolkit Vulnerabilities: Improper Privilege Management, Path Traversal 2. RISK EVALUATION Successful exploitation of these vulnerabilities may allow remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of C-Bus Toolkit are…

1. EXECUTIVE SUMMARY CVSS v3 8.2 ATTENTION: Exploitable remotely/low attack complexity Vendor: EIPStackGroup Equipment: OpENer EtherNet/IP Vulnerabilities: Incorrect Conversion Between Numeric Types, Out-of-bounds Read, Reachable Assertion 2. RISK EVALUATION Successful exploitation of these vulnerabilities could cause a denial-of-service condition and data exposure. 3. TECHNICAL DETAILS…

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Various SCALANCE, SIMATIC, SIPLUS products Vulnerabilities: Data Processing Errors, NULL Pointer Dereference 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled ICSA-20-042-02 Siemens Industrial Products SNMP Vulnerabilities (Update C) that…

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SCALANCE S-600 Firewall Vulnerabilities: Resource Exhaustion, Cross-site Scripting 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled ICSA-20-042-10 Siemens SCALANCE S-600 (Update A) that was published August 11, 2020 to…

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIMATIC Communication Processor Vulnerability: Authentication Bypass Issues 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled ICSA-15-335-03 Siemens SIMATIC Communication Processor (Update B) that was published May 3, 2016, to…