Siemens EN100 Ethernet Communication Module and SIPROTEC 5 Relays
Legal Notice All information products included in http://ics-cert.us-cert.gov are provided “as is” for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product…
Schneider Electric GUIcon Eurotherm
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: Schneider Electric Equipment: Eurotherm by Schneider Electric GUIcon Vulnerabilities: Type Confusion, Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of these vulnerabilities may allow an attacker to execute code with privileges within…
Medtronic 9790, 2090 CareLink, and 29901 Encore Programmers
1. EXECUTIVE SUMMARY CVSS v3 4.6 ATTENTION: Low skill level to exploit Vendor: Medtronic Equipment: 9790 CareLink Programmer, 2090 CareLink Programmer, 29901 Encore Programmer Vulnerability: Missing Encryption of Sensitive Data 2. RISK EVALUATION As part of the intended functionality of this device, it may store protected health information (PHI)…
Siemens devices using the PROFINET Discovery and Configuration Protocol (Update N)
1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable from an adjacent network/low skill level to exploit. Vendor: Siemens Equipment: Devices using the PROFINET Discovery and Configuration Protocol (DCP) Vulnerabilities: Improper Input Validation 2. UPDATE INFORMATION This updated advisory is a follow-up to the updated advisory…
Siemens Industrial Products (Update J)
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Remotely exploitable/low skill level to exploit Vendor: Siemens Equipment: Industrial Products Vulnerability: Improper Input Validation 2. UPDATE INFORMATION This updated advisory is a follow-up to the updated advisory titled ICSA-17-339-01 Siemens Industrial Products (Update I) published November 13,…
Philips Alice 6 Vulnerabilities (Update A)
1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low skill level to exploit/public exploits are available Vendor: Philips Equipment: Philips Alice 6 System product Vulnerabilities: Improper Authentication, Missing Encryption of Sensitive Data 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSMA-18-086-01 Philips Alice…
Siemens SINUMERIK Controllers
1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SINUMERIK Controllers Vulnerabilities: Heap-based Buffer Overflow, Integer Overflow or Wraparound, Protection Mechanism Failure, Permissions, Privileges, and Access Controls, Stack-based Buffer Overflow, Uncaught Exception 2. RISK EVALUATION Successful exploitation of these vulnerabilities could cause denial-of-service…
McAfee SINAMICS PERFECT HARMONY GH180
1. EXECUTIVE SUMMARY CVSS v3 7.1 ATTENTION: Low skill level to exploit Vendor: McAfee Equipment: SINAMICS PERFECT HARMONY GH180 Vulnerability: Improper Access Control 2. RISK EVALUATION These files can be executed to compromise the HMI, and by extension, the drive system. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens has…
Warning! Unprivileged Linux Users With UID > INT_MAX Can Execute Any Command
Hold tight, this may blow your mind… A low-privileged user account on most Linux operating systems with UID value anything greater than 2147483647 can execute any systemctl command unauthorizedly—thanks to a newly discovered vulnerability. The reported vulnerability actually resides in PolicyKit (also known as polkit)—an…
Rockwell Automation MicroLogix 1400 Controllers and 1756 ControlLogix Communications Modules
1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Rockwell Automation Equipment: MicroLogix 1400 Controllers and 1756 ControlLogix Communications Modules Vulnerability: Missing Authentication for Critical Function 2. REPOSTED INFORMATION This advisory was originally posted to the HSIN ICS-CERT library on November 6, 2018, and…
Stay connected