Siemens Solid Edge
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens’ ProductCERT Security Advisories (CERT Services | Serv…
Rockwell Automation FactoryTalk Edge Gateway
1. EXECUTIVE SUMMARY CVSS v3 7.1 ATTENTION: Low attack complexity Vendor: Rockwell Automation Equipment: FactoryTalk Edge Gateway Vulnerability: Out-of-bounds Read 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a local user to cause the program to crash, causing a de…
Datalogics Library Third-Party
1. EXECUTIVE SUMMARY CVSS v3 5.5 ATTENTION: Low attack complexity Vendor: Datalogics Equipment: Library APDFL v18.0.4PlusP1e Vulnerability: Stack-based buffer overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to crash the device. 3. TECHNICAL DETAI…
Rockwell Automation FactoryTalk Transaction Manager
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: FactoryTalk Transaction Manager Vulnerability: Uncontrolled Resource Consumption. 2. RISK EVALUATION Successful exploitation of this vulnerability could cause the applicat…
Rockwell Automation FactoryTalk Services Platform
1. EXECUTIVE SUMMARY CVSS v3 7.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: FactoryTalk Services Platform Vulnerabilities: Use of Hard-coded Cryptographic Key, Improper Authentication, Origin Validation Error 2. RISK EVALUATION Successful ex…
Sensormatic Electronics Illustra Pro Gen 4
1. EXECUTIVE SUMMARY CVSS v3 8.3 ATTENTION: Exploitable via adjacent network Vendor: Sensormatic Electronics, a subsidiary of Johnson Controls, Inc. Equipment: Illustra Pro Gen 4 Vulnerability: Active Debug Code 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an…
Atlas Copco Power Focus 6000
1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Atlas Copco Equipment: Power Focus 6000 Vulnerabilities: Cleartext Storage of Sensitive Information, Small Space of Random Values, Cleartext Transmission of Sensitive Information 2. RISK EVALUATION Succ…
Delta Electronics CNCSoft-B DOPSoft
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Delta Electronics Equipment: CNCSoft-B DOPSoft Vulnerabilities: Stack-based Buffer Overflow, Heap-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to exploit …
Mitsubishi Electric MELSEC iQ-R Series/iQ-F Series
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: MELSEC iQ-R Series/iQ-F Series EtherNet/IP Modules and EtherNet/IP Configuration tool Vulnerabilities: Weak Password Requirements, Use of Hard-coded Password, Missing Pas…
HID Global SAFE
1. EXECUTIVE SUMMARY CVSS v3 7.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: HID Global Equipment: SAFE Vulnerabilities: Modification of Assumed-Immutable Data 2. RISK EVALUATION Successful exploitation of this vulnerability could result in exposure of personal data or create a…