Siemens SINAMICS Drives
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens’ ProductCERT Security Advisories (CERT Services | Serv…
Siemens Industrial Edge Management OS (IEM-OS)
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens’ ProductCERT Security Advisories (CERT Services | Serv…
Daikin Security Gateway
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.8 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: Daikin Equipment: Security Gateway Vulnerability: Weak Password Recovery Mechanism for Forgotten Password 2. RISK EVALUATION Successful exploitation of this vulne…
Siemens SIMOTION Tools
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens’ ProductCERT Security Advisories (CERT Services | Serv…
Siemens SIMATIC Virtualization as a Service (SIVaaS)
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens’ ProductCERT Security Advisories (CERT Services | Serv…
Siemens Apogee PXC and Talon TC Devices
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens’ ProductCERT Security Advisories (CERT Services | Serv…
Rockwell Automation CompactLogix® 5480
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.0 ATTENTION: Low attack complexity Vendor: Rockwell Automation Equipment: CompactLogix® 5480 Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability could result in arbitrary code executi…
Rockwell Automation FactoryTalk Activation Manager
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Rockwell Automation Equipment: FactoryTalk Activation Manager Vulnerability: Incorrect Implementation of Authentication Algorithm 2. RISK EVALUATION Successful exploitation of this vulnerabili…
ABB Cylon Aspect BMS/BAS
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: ABB Equipment: ASPECT, NEXUS, MATRIX Vulnerabilities: Authentication Bypass Using an Alternate Path or Channel, Missing Authentication for Critical Function, Classic Buffer Overflow 2. RISK EV…
Rockwell Automation ThinManager
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: ThinManager Vulnerability: Server-Side Request Forgery (SSRF) 2. RISK EVALUATION Successful exploitation of this vulnerability could expose the ThinServer servic…