1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Rittal Equipment: Rittal Chiller SK 3232-Series Vulnerabilities: Missing Authentication for Critical Function, Use of Hard-coded Credentials 2. RISK EVALUATION Successful exploitation of these vulnerabilities could disrupt the primary operations of the affected component, shut down…

1. EXECUTIVE SUMMARY CVSS v3 6.1 ATTENTION: Low skill level to exploit Vendor: Philips Equipment: IntelliSpace Perinatal Vulnerability: Exposure of Resource to Wrong Sphere 2. RISK EVALUATION Successful exploitation of this vulnerability may allow an attacker unauthorized access to system resources, including access to execute software or to view/update…

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Schneider Electric Equipment: Proclima Vulnerabilities: Code Injection, Improper Restriction of Operations within the Bounds of a Memory Buffer, Uncontrolled Search Path Element 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an unauthenticated, remote…

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Low skill level to exploit Vendor: Horner Automation Equipment: Cscape Vulnerabilities: Improper Input Validation, Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of these vulnerabilities could crash the device being accessed, which may allow the attacker to access information and execute arbitrary code….

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: AVEVA Equipment: Vijeo Citect and Citect SCADA Vulnerability: Stack-based Buffer Overflow 2. RISK EVALUATION The IEC870IP driver for Vijeo Citect and Citect SCADA has a buffer overflow that could cause a server-side crash. 3. TECHNICAL…

Alert (AA19-290A) Microsoft Ending Support for Windows 7 and Windows Server 2008 R2 Summary On January 14, 2020, Microsoft will end extended support for their Windows 7 and Windows Server 2008 R2 operating systems.[1] After this date, these products will no longer receive free technical…

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: Industrial Real-Time (IRT) Devices Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could cause a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports the vulnerability affects the…

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: PROFINET Devices Vulnerability: Uncontrolled Resource Consumption 2. RISK EVALUATION Successful exploitation of this vulnerability could cause a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports the vulnerability affects the following PROFINET…

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit/public exploits are available Vendors: ENEA, Green Hills Software, ITRON, IP Infusion, Wind River Equipment: OSE by ENEA, INTEGRITY RTOS by Green Hills Software, ITRON, ZebOS by IP Infusion, and VxWorks by Wind River Vulnerabilities: Stack-based Buffer…

. EXECUTIVE SUMMARY CVSS v3 7.2 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIMATIC WinCC and SIMATIC PCS7 Vulnerability: Unrestricted Upload of File with Dangerous Type 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled ICSA-19-192-02 Siemens SIMATIC WinCC and PCS7…