Siemens SIPROTEC 4, SIPROTEC Compact, and Reyrolle Devices using the EN100 Ethernet Communication Module Extension (Update B)
EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIPROTEC 4, SIPROTEC Compact, and Reyrolle devices using the EN100 Ethernet communication module extension Vulnerability: Missing Authentication for Critical Function 2. UPDATE INFORMATION This updated advisory is a follow-up to the updated advisory titled…
Siemens Industrial Products (Update L)
Legal Notice All information products included in http://ics-cert.us-cert.gov are provided “as is” for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product…
Siemens SICAM A8000 RTU Series
. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SICAM A8000 RTU Vulnerability: Uncaught Exception 2. RISK EVALUATION The SICAM A8000 RTU series is affected by a security vulnerability that could allow unauthenticated remote users to cause a denial-of-service condition on the…
Siemens EN100 Ethernet Module
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: EN100 Ethernet module Vulnerabilities: Improper Input Validation 2. RISK EVALUATION The EN100 Ethernet module for the SWT 3000 management platform is affected by security vulnerabilities that could allow an…
Fuji Electric Alpha5 Smart Loader (Update A)
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit/public exploits are available Vendor: Fuji Electric Equipment: Alpha5 Smart Loader Vulnerabilities: Classic Buffer Overflow, Heap-based Buffer Overflow 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-18-270-02 Fuji Electric Alpha5 Smart…
AVEVA InduSoft Web Studio and InTouch Edge HMI
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: AVEVA Software, LLC (AVEVA) Equipment: InduSoft Web Studio and InTouch Edge HMI (formerly InTouch Machine Edition) Vulnerabilities: Missing Authentication for Critical Function, Resource Injection 2. RISK EVALUATION Successful exploitation of these…
Rockwell Automation EtherNet/IP Web Server Modules
1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Rockwell Automation Equipment: EtherNet/IP Web Server Modules Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote attacker to deny communication with Simple Network Management Protocol (SNMP) service. 3….
WECON LeviStudioU
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: WECON Technology Co., Ltd (WECON) Equipment: LeviStudioU Vulnerabilities: Stack-based Buffer Overflow, Heap-based Buffer Overflow, Memory Corruption 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow attackers to execute arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED…
Siemens SIMATIC S7-1500 CPU
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIMATIC S7-1500 CPU Vulnerabilities: Improper Input Validation 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow a denial of service condition of the device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following…
Kunbus PR100088 Modbus Gateway
1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Kunbus Equipment: PR100088 Modbus gateway Vulnerabilities: Improper Authentication, Missing Authentication for Critical Function, Improper Input Validation 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to achieve remote code execution and/or cause…
Stay connected