Cybersecurity and Infrastructure Security Agency

• Rockwell Automation Connected Components Workbench September 21, 2023
  View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.6 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available/known public exploitation Vendor: Rockwell Automation Equipment: Connected Components Workbench Vulnerabilities: Use After Free, Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to exploit heap corruption via a crafted HTML. 3. TECHNICAL DETAILS 3.1 […]
  CISA
• Siemens Spectrum Power 7 September 21, 2023
  As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).  View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.2 ATTENTION: Low Attack […]
  CISA
• Rockwell Automation Select Logix Communication Modules September 21, 2023
  View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: 1756-EN2T, 1756-EN2TK, 1756-EN2TXT, 1756-EN2TP, 1756-EN2TPK, 1756-EN2TPXT, 1756-EN2TR, 1756-EN2TRK, 1756-EN2TRXT, 1756-EN2F, 1756-EN2FK, 1756-EN3TR, 1756-EN3TRK Vulnerability: Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to achieve remote code execution. 3. TECHNICAL DETAILS 3.1 […]
  CISA
• Real Time Automation 460 Series September 21, 2023
  View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.4 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: Real Time Automation Equipment: 460MCBS Vulnerability: Cross-site Scripting 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to run malicious JavaScript content, resulting in cross site scripting (XSS). 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The […]
  CISA
• Rockwell Automation FactoryTalk View Machine Edition September 21, 2023
  View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: FactoryTalk View Machine Edition Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute code remotely with specially crafted malicious packets or by using a self-made library to bypass security […]
  CISA
• Delta Electronics DIAScreen September 21, 2023
  View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Delta Electronics Equipment: DIAScreen Vulnerability: Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of this vulnerability may allow remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Delta Electronics reports the following versions of DIAScreen, a software configuration tool for Delta devices, are […]
  CISA
• Siemens SIMATIC PCS neo Administration Console September 19, 2023
  As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).  View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.5 ATTENTION: low attack […]
  CISA
• Omron Engineering Software September 19, 2023
  View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.5 ATTENTION: Low attack complexity Vendor: Omron Equipment: Sysmac Studio Vulnerability: Improper Authorization 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Omron engineering software are affected: Sysmac Studio: version 1.54 […]
  CISA
• Omron Engineering Software Zip-Slip September 19, 2023
  View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.5 ATTENTION: Low attack complexity Vendor: Omron Equipment: Sysmac Studio, NX-IO Configurator Vulnerability: Path Traversal 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to overwrite files on a system. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Omron engineering software are affected: […]
  CISA
• Omron CJ/CS/CP Series September 19, 2023
  View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Omron Equipment: Sysmac CJ/CS/CP Series Vulnerability: Improper Control of Interaction Frequency 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to obtain sensitive information in memory. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Omron CJ/CS/CP […]
  CISA