1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Kantech, a subsidiary of Johnson Controls Equipment: EntraPass Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow malicious code execution with system-level privileges. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The…

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Johnson Controls Equipment: Metasys Vulnerability: Improper Restriction of XML External Entity Reference 2. RISK EVALUATION Successful exploitation of this vulnerability can allow a denial-of-service attack or disclosure of sensitive data. 3. TECHNICAL DETAILS 3.1 AFFECTED…

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Rockwell Automation Equipment: MicroLogix 1400 Controllers, MicroLogix 1100 Controllers, and RSLogix 500 Software Vulnerabilities: Use of Hard-coded Cryptographic Key, Use of a Broken or Risky Algorithm for Password Protection, Use of Client-Side Authentication, Cleartext Storage…

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: Siemens PROFINET-IO Stack Vulnerability: Uncontrolled Resource Consumption 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-20-042-04 Siemens PROFINET-IO Stack that was published February 11, 2020, to the…

1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIMATIC S7 Vulnerability: Uncontrolled Resource Consumption (Resource Exhaustion) 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-20-042-05 Siemens SIMATIC S7 that was published February 11, 2020, on…

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIMATIC PCS 7, SIMATIC WinCC, SIMATIC NET PC Vulnerability: Incorrect Calculation of Buffer Size 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-19-042-06 ICSA-20-042-06 Siemens SIMATIC PCS…

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: SIMATIC S7-1500 CPU family Vulnerability: Resource Exhaustion 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-20-042-11 Siemens SIMATIC S7-1500 that was published February 11, 2020, to the ICS webpage on us-cert.gov….

1. EXECUTIVE SUMMARY CVSS v3.1  3.7 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: SIMATIC CP 1626; HMI Panel (incl. SIPLUS variants); NET PC software; STEP 7 (TIA Portal); WinCC (TIA Portal); WinCC OA; WinCC Runtime (Pro and Advanced); TIM 1531 IRC (incl. SIPLUS variant) Vulnerability: Exposed Dangerous Method or Function…

1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIMATIC S7-1200 and S7-1500 CPU families Vulnerabilities: Use of a Broken or Risky Cryptographic Algorithm, Missing Support for Integrity Check 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory…

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: Industrial Real-Time (IRT) Devices Vulnerability: Improper Input Validation 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled ICSA-19-283-01 Siemens Industrial Real-Time (IRT) Devices (Update B) that was published…