SOOIL Dana Diabecare RS Products
1. EXECUTIVE SUMMARY CVSS v3 7.6 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: SOOIL Developments Co., Ltd. Equipment: Diabecare RS, AnyDana-i and AnyDana-A Vulnerabilities: Use of Hard Coded Credentials, Insufficiently Protected Credentials, Use of Insufficiently Random Values, Use of Client-side Authentication, Client-side Enforcement of Server-side Security, Authentication Bypass…
Schneider Electric EcoStruxure Power Build-Rapsody
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: Schneider Electric Equipment: EcoStruxure Power Build – Rapsody Vulnerability: Unrestricted Upload of File with Dangerous Type 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a local attacker to upload a malicious SSD file, resulting…
Siemens SCALANCE X Switches (Update A)
1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SCALANCE X200, X200IRT, X300 Vulnerabilities: Use of Hard-coded Cryptographic Key 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-20-012-02 Siemens SCALANCE X Switches that was published January…
Siemens JT2Go and Teamcenter Visualization
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: Siemens Equipment: JT2Go and Teamcenter Visualization Vulnerabilities: Type Confusion, Improper Restriction of XML External Entity Reference, Out-of-bounds Write, Heap-based Buffer Overflow, Stack-based Buffer Overflow, Untrusted Pointer Dereference, Out-of-bounds Read 2. UPDATE INFORMATION This updated advisory is…
Siemens Solid Edge
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: Siemens Equipment: Solid Edge Vulnerabilities: Out-of-bounds Write, Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow arbitrary code execution on an affected system. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions…
Siemens SCALANCE X Products (Update A)
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SCALANCE X Products Vulnerabilities: Missing Authentication for Critical Function, Heap-based Buffer Overflow 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-21-012-05 Siemens SCALANCE X Products that was…
Siemens Opcenter Execution Core (Update B)
1. EXECUTIVE SUMMARY CVSS v3 8.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: Opcenter Execution Core ——— Begin Update B Part 1 of 5 ——— Vulnerabilities: Cross-site Scripting, SQL Injection, Improper Access Control, Insufficiently Protected Credentials ——— End Update B Part 1 of 5 ——— 2. UPDATE…
Siemens SIMATIC, SINAMICS, SINEC, SINEMA, SINUMERIK (Update E)
1. EXECUTIVE SUMMARY CVSS v3 6.7 ATTENTION: Low skill level to exploit Vendor: Siemens Equipment: SIMATIC, SINAMICS, SINEC, SINEMA, SINUMERIK Vulnerability: Unquoted Search Path or Element 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled ICSA-20-161-04 Siemens SIMATIC, SINAMICS, SINEC, SINEMA, SINUMERIK (Update D)…
Siemens SIMOTICS, Desigo, APOGEE, and TALON (Update A)
1. EXECUTIVE SUMMARY CVSS v3 7.1 ATTENTION: Exploitable from an adjacent network/low skill level to exploit Vendor: Siemens Equipment: SIMOTICS, Desigo, APOGEE, and TALON Vulnerability: Business Logic Errors 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-20-105-06 Siemens SIMOTICS, Desigo, APOGEE, and TALON…
Siemens SCALANCE & SIMATIC (Update D)
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SCALANCE, SIMATIC Vulnerability: Resource Exhaustion 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled ICSA-20-105-07 Siemens SCALANCE & SIMATIC (Update C) that was published September 8, 2020, to…
Stay connected