Siemens SIMATIC PCS neo
SIMATIC PCS neo: Versions before V4.13.2 Vulnerability Overview3.2.1 MISSING AUTHENTICATION FOR CRITICAL FUNCTION CWE-306Affected products’ PUD Manager fails to authenticate users properly within its web service. This allows an unauthenticated attacker from an adjacent network to generate a privileged token and upload additional documents.CVE-2023-46096 has…
Cisco IOS XE Software Web UI Feature
Summary Affected Products Details Indicators of Compromise Workarounds Fixed Software Recommendations
CISA Releases Guidance for Addressing Cisco IOS XE Web UI Vulnerabilities
SummaryCisco has provided an update regarding the ongoing investigation into the observed exploitation of the web UI feature in Cisco IOS XE Software. The initial fixed software releases are now available on the Cisco Software Download Center. Cisco will continue to update the advisory as…
Industrial Control Links ScadaFlex II SCADA Controllers
1. EXECUTIVE SUMMARY 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an authenticated attacker to overwrite, delete, or create files. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Industrial Control Links ScadaFlex II SCADA Controllers are affected: 3.2 VULNERABILITY OVERVIEW 3.2.1 EXTERNAL…
Hitachi Energy IEC 61850 MMS-Server
1. EXECUTIVE SUMMARY 2. RISK EVALUATION Successful exploitation of this vulnerability could cause products using the IEC 61850 MMS-server communication stack to stop accepting new MMS-client connections. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions Hitachi Energy equipment using the IEC 61850 communication stack…
Siemens LOGO! 8 BM Devices
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: LOGO! 8 BM Devices Vulnerabilities: Buffer Copy without Checking Size of Input; Improper Input Validation; Improper Validation of Specified Index, Position, or Offset in Input. 2. RISK EVALUATION Successful exploitation of these vulnerabilities could…
Cisco Releases Security Updates for Multiple Products
Cisco has released security updates for vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing high and low severity vulnerabilities, see the Cisco Security Advisories page. Reporting or Obtaining Support for a Suspected Security…
Mitsubishi Electric Multiple Factory Automation Products (Update B)
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: GOT2000 compatible HMI software, CC-Link IE TSN Industrial Managed Switch, MELSEC iQ-R Series OPC UA Server Module Vulnerabilities: Infinite Loop, OS Command Injection 2. UPDATE INFORMATION This updated advisory is a follow-up to the…
Hitachi Energy MSM Product
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: MSM Product Vulnerability: Reliance on Uncontrolled Component 2. RISK EVALUATION Successful exploitation of this vulnerability could disrupt the functionality of the MSM web interface, steal sensitive user credentials, or cause a denial-of-service condition. 3….
Schneider Electric EcoStruxure, EcoStruxure Process Expert, SCADAPack RemoteConnect for x70
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: EcoStruxure, EcoStruxure Process Expert, SCADAPack RemoteConnect for x70 Vulnerabilities: Heap-based Buffer Overflow, Wrap or Wraparound, Classic Buffer Overflow, Out-of-bounds Write 2. RISK EVALUATION The successful exploitation of these vulnerabilities on the affected products could…
Stay connected