MGS+ Security CERT Global

• Baker Hughes Bently Nevada 3500
  View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Baker Hughes - Bently Nevada Equipment: Bently Nevada 3500 System Vulnerabilities: Exposure of Sensitive Information to ... read more
• Mitsubishi Electric FA Engineering Software
  View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.3 ATTENTION: Low attack complexity Vendor: Mitsubishi Electric Equipment: FA Engineering Software Products Vulnerability: Incorrect Default Permissions 2. RISK EVALUATION Successful exploitation of ... read more
• Advantech EKI-1524-CE series
  View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.4 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: Advantech Equipment: EKI-1524-CE, EKI-1522-CE, EKI-1521-CE Vulnerabilities: Cross-Site Scripting 2. RISK EVALUATION Successful exploitation ... read more
• Suprema BioStar 2
  View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available/known public exploitation Vendor: Suprema Inc. Equipment: BioStar 2 Vulnerability: SQL Injection 2. RISK EVALUATION ... read more
• Hitachi Energy Asset Suite 9
  View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: Asset Suite 9 Vulnerability: Improper Authentication 2. RISK EVALUATION Successful exploitation of this ... read more
• Siemens SIMATIC PCS neo Administration Console
  As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in ... read more
• Omron CJ/CS/CP Series
  View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Omron Equipment: Sysmac CJ/CS/CP Series Vulnerability: Improper Control of Interaction Frequency 2. RISK EVALUATION Successful exploitation ... read more
• Omron Engineering Software
  View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.5 ATTENTION: Low attack complexity Vendor: Omron Equipment: Sysmac Studio Vulnerability: Improper Authorization 2. RISK EVALUATION Successful exploitation of this vulnerability could allow ... read more
• Siemans WIBU Systems CodeMeter
  As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in ... read more
• Siemens RUGGEDCOM APE1808 Product Family
  As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in ... read more
• Siemans QMS Automotive
  As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in ... read more
• Siemens SIMATIC IPCs
  As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in ... read more
• Hitachi Energy Lumada APM Edge
  View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: Lumada Asset Performance Management (APM) Edge Vulnerabilities: Use After Free, Double Free, Type ... read more
• Fujitsu Software Infrastructure Manager
  View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.9 ATTENTION: Low attack complexity Vendor: Fujitsu Software Equipment: Infrastructure Manager Vulnerability: Cleartext Storage of Sensitive Information 2. RISK EVALUATION Successful exploitation of this vulnerability could result in ... read more
• Dover Fueling Solutions MAGLINK LX Console
  1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Dover Fueling Solutions Equipment: MAGLINK LX - Web Console Configuration Vulnerabilities: Authentication Bypass using an Alternate Path or ... read more
• Phoenix Contact TC ROUTER and TC CLOUD CLIENT
  1. EXECUTIVE SUMMARY CVSS v3 9.6 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: Phoenix Contact Equipment: TC ROUTER and TC CLOUD CLIENT Vulnerabilities: Cross-site Scripting, XML Entity Expansion ... read more
• Socomec MOD3GP-SY-120K
  1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Socomec Equipment: MOD3GP-SY-120K Vulnerabilities: Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), Insecure Storage of Sensitive Information, Reliance on ... read more
• Fujitsu Limited Real-time Video Transmission Gear “IP series”
  1. EXECUTIVE SUMMARY CVSS v3 5.9 ATTENTION: Exploitable remotely Vendor: Fujitsu Limited Equipment: Real-time Video Transmission Gear "IP series" Vulnerability: Use Of Hard-Coded Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could result in ... read more
• ​GE Digital CIMPLICITY
  1. EXECUTIVE SUMMARY ​CVSS v3 7.8 ​ATTENTION: Low attack complexity ​Vendor: GE Digital ​Equipment: CIMPLICITY ​Vulnerability: Process Control 2. RISK EVALUATION ​Successful exploitation of this vulnerability could allow a low-privileged ... read more
• ​ARDEREG Sistemas SCADA
  1. EXECUTIVE SUMMARY ​CVSS v3 9.8 ​ATTENTION: Exploitable remotely/low attack complexity ​Vendor: ARDEREG ​Equipment: Sistemas SCADA ​Vulnerability: SQL Injection 2. RISK EVALUATION ​Successful exploitation of this vulnerability could allow an ... read more
• ​Digi RealPort Protocol
  1. EXECUTIVE SUMMARY ​CVSS v3 9.0 ​ATTENTION: Exploitable remotely ​Vendor: Digi International, Inc. ​Equipment: Digi RealPort Protocol ​Vulnerability: Use of Password Hash Instead of Password for Authentication 2. RISK EVALUATION ... read more
• ​PTC Kepware KepServerEX
  1. EXECUTIVE SUMMARY ​CVSS v3 7.8 ​ATTENTION: Exploitable remotely/low attack complexity ​Vendor: PTC ​Equipment: Kepware KepServerEX ​Vulnerabilities: Uncontrolled Search Path Element, Improper Input Validation, Insufficiently Protected Credentials 2. RISK EVALUATION ... read more
• ​PTC Codebeamer
  1. EXECUTIVE SUMMARY ​CVSS v3 8.8 ​ATTENTION: Exploitable remotely/low attack complexity ​Vendor: PTC ​Equipment: Codebeamer ​Vulnerability: Cross site scripting 2. RISK EVALUATION ​Successful exploitation of this vulnerability could allow an ... read more
• ​Rockwell Automation Input/Output Modules
  1. EXECUTIVE SUMMARY ​CVSS v3 8.6  ​ATTENTION: Exploitable remotely/low attack complexity  ​Vendor: Rockwell Automation   ​Equipment: 1734-AENT/1734-AENTR Series C, 1734-AENT/1734-AENTR Series B, 1738-AENT/ 1738-AENTR Series B, 1794-AENTR Series A, 1732E-16CFGM12QCWR ... read more
• CODESYS Development System
  1. EXECUTIVE SUMMARY CVSS v3 9.6 ATTENTION: Exploitable remotely/low attack complexity  Vendor: CODESYS, GmbH  Equipment: CODESYS Development System  Vulnerability: Insufficient Verification of Data Authenticity.  2. RISK EVALUATION Successful exploitation of ... read more
• CODESYS Development System
  1. EXECUTIVE SUMMARY CVSS v3 3.3  ATTENTION: low attack complexity  Vendor: CODESYS, GmbH  Equipment: CODESYS Development System  Vulnerability: Improper Restriction of Excessive Authentication Attempts.  2. RISK EVALUATION Successful exploitation of ... read more
• ​CODESYS Development System
  1. EXECUTIVE SUMMARY ​CVSS v3 7.3  ​ATTENTION: low attack complexity  ​Vendor: CODESYS, GmbH  ​Equipment: CODESYS Development System  ​Vulnerability: Uncontrolled Search Path Element.  2. RISK EVALUATION ​Successful exploitation of this vulnerability ... read more
• KNX Protocol
  1. EXECUTIVE SUMMARY CVSS v3 7.5  ATTENTION: Exploitable remotely/low attack complexity/known public exploitation  Vendor: KNX Association  Equipment: KNX devices using KNX Connection Authorization  Vulnerability: Overly Restrictive Account Lockout Mechanism  2. ... read more
• ​OPTO 22 SNAP PAC S1
  1. EXECUTIVE SUMMARY ​CVSS v3 7.5  ​ATTENTION: Exploitable remotely/low attack complexity  ​Vendor: OPTO 22  ​Equipment: SNAP PAC S1  ​Vulnerabilities: Improper Restriction of Excessive Authentication Attempts, Weak Password Requirements, Improper Access ... read more
• ​Trane Thermostats
  1. EXECUTIVE SUMMARY ​CVSS v3 6.8 ​ATTENTION: Low attack complexity ​Vendor: Trane ​Equipment: XL824, XL850, XL1050, and Pivot thermostats ​Vulnerability: Injection 2. RISK EVALUATION ​Successful exploitation of this vulnerability could ... read more
• Rockwell Automation ThinManager ThinServer
  1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: ThinManager ThinServer Vulnerabilities: Improper Input Validation 2. RISK EVALUATION Successful exploitation of these vulnerabilities could ... read more
• ​Hitachi Energy AFF66x
  1. EXECUTIVE SUMMARY ​CVSS v3 9.6 ​ATTENTION: Exploitable remotely/low attack complexity ​Vendor: Hitachi Energy ​Equipment: AFF66x ​Vulnerabilities: Cross-site Scripting, Use of Insufficiently Random Values, Origin Validation Error, Integer Overflow or ... read more
• Schneider Electric PowerLogic ION7400 / PM8000 / ION8650 / ION8800 / ION9000 Power Meters
  1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: PowerLogic ION7400 / PM8000 / ION8650 / ION8800 / ION9000 Vulnerability: Cleartext Transmission of Sensitive ... read more
• Walchem Intuition 9
  1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Walchem Equipment: Intuition 9 Vulnerabilities: Missing Authentication for Critical Function, Improper Authentication 2. RISK EVALUATION Successful exploitation of ... read more
• ​ICONICS and Mitsubishi Electric Products
  1. EXECUTIVE SUMMARY ​CVSS v3 5.9 ​ATTENTION: Exploitable remotely ​Vendor: ICONICS, Mitsubishi Electric ​Equipment: ICONICS Product Suite ​Vulnerabilities: Buffer Overflow, Out-of-Bounds Read, Observable Timing Discrepancy, Double Free, and NULL Pointer ... read more
• ​Rockwell Automation Armor PowerFlex
  1. EXECUTIVE SUMMARY ​CVSS v3 7.5 ​ATTENTION: Exploitable remotely/low attack complexity ​Vendor: Rockwell Automation ​Equipment: Armor PowerFlex ​Vulnerability: Incorrect Calculation 2. RISK EVALUATION ​Successful exploitation of this vulnerability could allow ... read more
• Schneider Electric EcoStruxure Control Expert, Process Expert, Modicon M340, M580 and M580 CPU
  1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely Vendor: Schneider Electric Equipment: EcoStruxure Control Expert, EcoStruxure Process Expert, Modicon M340 CPU, Modicon M580 CPU, Modicon Momentum Unity M1E Processor, ... read more
• Siemens RUGGEDCOM CROSSBOW
  ​​As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in ... read more
• Siemens Parasolid and Teamcenter Visualization
  ​​As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in ... read more
• ​Siemens JT Open, JT Utilities, and Parasolid
  ​​As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in ... read more
• ​Siemens Software Center
  ​​As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in ... read more
• Siemens OpenSSL RSA Decryption in SIMATIC
  As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in ... read more
• Siemens Parasolid Installer
  1. EXECUTIVE SUMMARY ​CVSS v3 7.8 ​ATTENTION: Low attack complexity ​Vendor: Siemens ​Equipment: Parasolid ​Vulnerability: Incorrect Permission Assignment for Critical Resource 2. RISK EVALUATION ​Successful exploitation of this vulnerability could ... read more
• ​Siemens Solid Edge, JT2Go, and Teamcenter Visualization
  1. EXECUTIVE SUMMARY ​CVSS v3 7.8 ​ATTENTION: Low attack complexity ​Vendor: Siemens ​Equipment: Solid Edge, JT2Go, and Teamcenter Visualization ​Vulnerabilities: Use After Free, Out-of-bounds Read, Out-of-bounds Write 2. RISK EVALUATION ... read more
• ​Hitachi Energy RTU500 series
  1. EXECUTIVE SUMMARY ​CVSS v3 7.5 ​ATTENTION: Exploitable remotely/low attack complexity ​Vendor: Hitachi Energy ​Equipment: RTU500 series ​Vulnerabilities: Stack-based Buffer Overflow 2. RISK EVALUATION ​Successful exploitation of these vulnerabilities could ... read more
• ​Schneider Electric IGSS
  1. EXECUTIVE SUMMARY ​CVSS v3 7.8 ​ATTENTION: low attack complexity ​Vendor: Schneider Electric ​Equipment: IGSS (Interactive Graphical SCADA System) ​Vulnerability: Deserialization of Untrusted Data 2. RISK EVALUATION ​Successful exploitation of ... read more
• ​Sensormatic Electronics VideoEdge
  1. EXECUTIVE SUMMARY ​CVSS v3 7.1 ​ATTENTION: Low attack complexity ​Vendor: Sensormatic Electronics, LLC, a subsidiary of Johnson Controls Inc. ​Equipment: VideoEdge ​Vulnerability: Acceptance of Extraneous Untrusted Data with Trusted ... read more
• ​Mitsubishi Electric GT and GOT Series Products
  1. EXECUTIVE SUMMARY ​CVSS v3 7.5 ​ATTENTION: Exploitable remotely/low attack complexity ​Vendor: Mitsubishi Electric ​Equipment: GT Designer3, GOT2000 Series, GOT SIMPLE Series, and GT SoftGOT2000 ​Vulnerability: Weak Encoding for Password ... read more
• ​Mitsubishi Electric GOT2000 and GOT SIMPLE
  1. EXECUTIVE SUMMARY ​CVSS v3 5.9 ​ATTENTION: Exploitable remotely ​Vendor: Mitsubishi Electric ​Equipment: GOT2000 Series and GOT SIMPLE Series ​Vulnerability: Predictable Exact Value from Previous Values 2. RISK EVALUATION ​Successful ... read more
• ​APSystems Altenergy Power Control
  1. EXECUTIVE SUMMARY ​CVSS v3 9.8 ​ATTENTION: Exploitable remotely / low attack complexity / public exploits available ​Vendor: APSystems ​Equipment: Altenergy Power Control ​Vulnerability: OS Command Injection 2. RISK EVALUATION ... read more