Rockwell Automation AADvance-Trusted SIS Workstation
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: AADvance-Trusted SIS Workstation Vulnerability: Path Traversal 2. RISK EVALUATION Successful exploitation of this vulnerability may allow remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Rockwell Automation reports the following versions of AADvance-Trusted SIS Workstation, a software suite […]
Siemens LOGO! 8 BM Devices
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens’ ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.6 ATTENTION: Exploitable remotely/low attack […]
Rockwell Automation Studio 5000 Simulation Interface
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Low attack complexity Vendor: Rockwell Automation Equipment: Studio 5000 Simulation Interface Vulnerabilities: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’), Server-Side Request Forgery (SSRF) 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow attackers to trigger outbound SMB requests to capture NTLM […]
Siemens Spectrum Power 4
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens’ ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack […]
Brightpick Mission Control / Internal Logic Control
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Brightpick AI Equipment: Brightpick Mission Control / Internal Logic Control Vulnerabilities: Missing Authentication for Critical Function, Unprotected Transport of Credentials 2. RISK EVALUATION Successful exploitation of these vulnerabilities could result in the exposure of sensitive information and the manipulation of critical […]
Rockwell Automation Verve Asset Manager
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: Verve Asset Manager Vulnerability: Incorrect Authorization 2. RISK EVALUATION Successful exploitation of this vulnerability could result in an attacker accessing or altering user data. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Verve Asset Manager, an […]
Siemens Solid Edge
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens’ ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack […]
Siemens Altair Grid Engine
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens’ ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity […]
Rockwell Automation FactoryTalk Policy Manager
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: FactoryTalk Policy Manager Vulnerability: Improper Resource Shutdown or Release 2. RISK EVALUATION Successful exploitation of this vulnerability could lead to resource exhaustion and denial of service. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Rockwell Automation reports that the following […]
General Industrial Controls Lynx+ Gateway
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.2 ATTENTION: Exploitable remotely/low attack complexity Vendor: General Industrial Controls Equipment: Lynx+ Gateway Vulnerabilities: Weak Password Requirements, Missing Authentication for Critical Function, Cleartext Transmission of Sensitive Information 2. RISK EVALUATION Successful exploitation of these vulnerabilities could result in obtaining sensitive device information, unauthorized access, or create a denial-of-service […]
