Category: All CISA Advisories

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2021-44207 Acclaim Systems USAHERDS Use of Hard-Coded Credentials Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant…

Read more →

Tibbo AggreGate Network Manager

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Tibbo Equipment: AggreGate Network Manager Vulnerability: Unrestricted Upload of File with Dangerous Type 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to…

Read more →

Fortinet Releases Security Updates for FortiManager

Fortinet released a security update to address a vulnerability in FortiManager. A remote cyber threat actor could exploit this vulnerability to take control of an affected system. Users and administrators are encouraged to review the following Fortinet Security Bulletin and…

Read more →

Ossur Mobile Logic Application

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.6 ATTENTION: Low attack complexity Vendor: Ossur Equipment: Mobile Logic Application Vulnerabilities: Exposure of Sensitive System Information to an Unauthorized Control Sphere, Command Injection, Use of Hard-coded Credentials 2. RISK EVALUATION Successful exploitation…

Read more →

Hitachi Energy SDM600

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.0 ATTENTION: Exploitable from adjacent network Vendor: Hitachi Energy Equipment: SDM600 Vulnerabilities: Origin Validation Error, Incorrect Authorization 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to escalate privileges and…

Read more →

Schneider Electric Modicon Controllers

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.4 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: Modicon Controllers Vulnerability: Cross-site Scripting 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a victim’s browser to…

Read more →

Siemens User Management Component

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, see Siemens’ ProductCERT Security Advisories (CERT Services | Services |…

Read more →

Delta Electronics DTM Soft

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Low attack complexity Vendor: Delta Electronics Equipment: DTM Soft Vulnerability: Deserialization of Untrusted Data 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code. 3.…

Read more →

CISA Releases Eight Industrial Control Systems Advisories

CISA released eight Industrial Control Systems (ICS) advisories on December 19, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-354-01 Hitachi Energy RTU500 series CMU ICSA-24-354-02 Hitachi Energy SDM600 ICSA-24-354-03 Delta Electronics DTM…

Read more →

Hitachi Energy RTU500 series CMU

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.9 ATTENTION: Exploitable remotely Vendor: Hitachi Energy Equipment: RTU500 series CMU Vulnerability: Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’) 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an…

Read more →

Schneider Electric Accutech Manager

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: Accutech Manager Vulnerability: Classic Buffer Overflow 2. RISK EVALUATION Successful exploitation could allow an attacker to cause a crash of the Accutech Manager…

Read more →

CISA Adds Four Known Exploited Vulnerabilities to Catalog

CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2018-14933 NUUO NVRmini Devices OS Command Injection Vulnerability CVE-2022-23227 NUUO NVRmini 2 Devices Missing Authentication Vulnerability CVE-2019-11001 Reolink Multiple IP Cameras OS Command Injection Vulnerability…

Read more →

CISA Releases Best Practice Guidance for Mobile Communications

Today, CISA released Mobile Communications Best Practice Guidance. The guidance was crafted in response to identified cyber espionage activity by People’s Republic of China (PRC) government-affiliated threat actors targeting commercial telecommunications infrastructure, specifically addressing “highly targeted” individuals who are in…

Read more →

ThreatQuotient ThreatQ Platform

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: ThreatQuotient Inc. Equipment: ThreatQ Platform Vulnerability: Command Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to perform remote code execution. 3.…

Read more →

BD Diagnostic Solutions Products

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.0 ATTENTION: Low attack complexity Vendor: Becton, Dickinson and Company (BD) Equipment: Diagnostic Solutions Products Vulnerability: Use of Default Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to…

Read more →

Hitachi Energy TropOS Devices Series 1400/2400/6400

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: TropOS Devices Series 1400/2400/6400 Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a…

Read more →

Schneider Electric Modicon

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: Modicon M241 / M251 / M258 / LMC058 Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could lead to…

Read more →

CISA Releases Five Industrial Control Systems Advisories

CISA released five Industrial Control Systems (ICS) advisories on December 17, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-352-01 ThreatQuotient ThreatQ Platform ICSA-24-352-02 Hitachi Energy TropOS Devices Series 1400/2400/6400 ICSA-24-352-03 Rockwell Automation…

Read more →

CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-20767 Adobe ColdFusion Improper Access Control Vulnerability CVE-2024-35250 Microsoft Windows Kernel-Mode Driver Untrusted Pointer Dereference Vulnerability These types of vulnerabilities are frequent attack vectors…

Read more →