Stay connected

Trending News

Siemens PROFINET Devices
ICS, News, Vulnerabilities

Siemens PROFINET Devices (Update F) 

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: PROFINET Devices Vulnerability: Uncontrolled Resource Consumption 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled ICSA-19-283-02 Siemens PROFINET Devices (Update E) that was published April 14, 2020, to…

Siemens SCALANCE Products
ICS, News, Vulnerabilities

Siemens SCALANCE Products (Update A) 

1. EXECUTIVE SUMMARY CVSS v3 6.6 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SCALANCE Products Vulnerabilities: Improper Adherence to Coding Standards 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-19-227-03 Siemens SCALANCE Products that was published August 15, 2019, to…

Siemens Industrial Products
ICS, News, Vulnerabilities

Siemens Industrial Products (Update O) 

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Remotely exploitable/low skill level to exploit Vendor: Siemens Equipment: Industrial Products Vulnerability: Improper Input Validation 2. UPDATE INFORMATION This updated advisory is a follow-up to the updated advisory titled ICSA-17-339-01 Siemens Industrial Products (Update N) published October 8,…

Phoenix Contact Automation Worx Software Suite
Hacks, News, Vulnerabilities

Phoenix Contact Automation Worx Software Suite 

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: Phoenix Contact Equipment: Automation Worx Software Suite Vulnerabilities: Stack-based Buffer Overflow, Out-of-Bounds Read 2. RISK EVALUATION Successful exploitation could allow an attacker to execute arbitrary code under the privileges of the application. 3. TECHNICAL DETAILS 3.1…

Rockwell Automation Logix Designer Studio 5000
ICS, News, Vulnerabilities

Rockwell Automation Logix Designer Studio 5000 

1. EXECUTIVE SUMMARY CVSS v3 3.6 ATTENTION: Low skill level to exploit Vendor: Rockwell Automation Equipment: Logix Designer Studio 5000 Vulnerability: Improper Restriction of XML External Entity Reference 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated attacker to craft a malicious file, which when parsed,…

Rockwell Automation FactoryTalk Linx Software
ICS, News, Vulnerabilities

Rockwell Automation FactoryTalk Linx Software (Update A) 

1. EXECUTIVE SUMMARY CVSS v3 9.6 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Rockwell Automation Equipment: FactoryTalk Linx Software Vulnerabilities: Improper Input Validation, Path Traversal, Unrestricted Upload of File with Dangerous Type 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to cause a denial-of-service…

Treck TCP/IP Stack
ICS, News, Vulnerabilities

Treck TCP/IP Stack (Update E) 

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely Vendor: Treck Inc. Equipment: TCP/IP Vulnerabilities: Improper Handling of Length Parameter Inconsistency, Improper Input Validation, Double Free, Out-of-bounds Read, Integer Overflow or Wraparound, Improper Null Termination, Improper Access Control CISA is aware of a public report, known as “Ripple20” that…

Mitsubishi Electric GOT2000 Series
ICS, News, Vulnerabilities

Mitsubishi Electric GOT2000 Series 

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Mitsubishi Electric Equipment: GOT2000 Series Vulnerabilities: Improper Restriction of Operations within the Bounds of a Memory Buffer, Session Fixation, NULL Pointer Dereference, Improper Access Control, Argument Injection, Resource Management Errors  2. RISK EVALUATION Successful exploitation of…

Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L and FX Series CPU Modules
ICS, News, Vulnerabilities

Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L and FX Series CPU Modules (Update A) 

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Mitsubishi Electric Equipment: MELSEC Vulnerability: Cleartext Transmission of Sensitive Information 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-20-175-01 Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L and FX Series…