US-CERT Blog Alerts

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.5 ATTENTION: Exploitable remotely Vendor: Opto 22 Equipment: GRV-EPIC-PR1, GRV-EPIC-PR2, groov RIO Vulnerability: Improper Neutralization of Special Elements used in an OS Command 2. RISK EVALUATION Successful exploitation of this vulnerability could result in the execution of arbitrary shell commands with root privileges. 3. TECHNICAL DETAILS 3.1 AFFECTED […]

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Emerson Equipment: Appleton UPSMON-PRO Vulnerability: Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could allow remote attackers to execute arbitrary code on affected installations of Appleton UPSMON-PRO. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Emerson products are […]

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.0 ATTENTION: Low attack complexity Vendor: iCam365 Equipment: P201 and QC021 Vulnerabilities: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of these vulnerabilities could result in unauthorized exposure of camera video streams and camera configuration data. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following iCam365 camera […]

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Festo SE & Co. KG Equipment: Didactic products Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow the creation or overwriting of arbitrary files in the engineering system. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Festo reports that […]

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.3 ATTENTION: Low attack complexity Vendor: Shelly Equipment: Pro 3EM Vulnerability: Out-of-Bounds Read 2. RISK EVALUATION Successful exploitation of this vulnerability could result in a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following version of Pro 3EM, a smart DIN rail switch, is affected: Pro 3EM: […]

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.3 ATTENTION: Low attack complexity Vendor: Shelly Equipment: Pro 4PM Vulnerability: Allocation of Resources Without Limits or Throttling 2. RISK EVALUATION Successful exploitation of this vulnerability could result in a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following version of Pro 4PM, a smart DIN rail […]

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Schneider Electric Equipment: PowerChute Serial Shutdown Vulnerabilities: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’), Improper Restriction of Excessive Authentication Attempts, Incorrect Default Permissions 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to access […]

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.3 ATTENTION: Low Attack Complexity Vendor: Schneider Electric Equipment: EcoStruxure Machine SCADA Expert & Pro-face BLUE Open Studio Vulnerability: Use of a Broken or Risky Cryptographic Algorithm 2. RISK EVALUATION Successful exploitation of this vulnerability could lead to loss of confidentiality and integrity. 3. TECHNICAL DETAILS 3.1 AFFECTED […]

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: METZ CONNECT Equipment: EWIO2 Vulnerabilities: Authentication Bypass by Primary Weakness, Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’), Unrestricted Upload of File with Dangerous Type, Path Traversal: ‘…/…//’, Improper Access Control 2. RISK EVALUATION Successful […]

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens’ ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.6 ATTENTION: Exploitable remotely/low attack […]