ICS Advisory: Siemens Teamcenter Visualization and JT2Go

  • Post author:
  • Post category:

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).  View CSAF 1. EXECUTIVE SUMMARY CVSS v3: 7.8 ATTENTION: Low attack complexity

Continue ReadingICS Advisory: Siemens Teamcenter Visualization and JT2Go

ICS Advisory: Schneider Electric Easergy Studio

  • Post author:
  • Post category:

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Schneider Electric Equipment: Easergy Studio Vulnerability: Deserialization of Untrusted Data 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to gain full control of a workstation. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Schneider Electric Easergy

Continue ReadingICS Advisory: Schneider Electric Easergy Studio

ICS Advisory: Horner Automation Cscape

  • Post author:
  • Post category:

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Horner Automation Equipment: Cscape Vulnerability: Stack-Based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Horner Automation products are affected: Cscape: Versions 9.90 SP10 and

Continue ReadingICS Advisory: Horner Automation Cscape

ICS Advisory: Rapid Software LLC Rapid SCADA

  • Post author:
  • Post category:

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.6 ATTENTION: Exploitable remotely, low attack complexity Vendor: Rapid Software LLC Equipment: Rapid SCADA Vulnerabilities: Path Traversal, Relative Path Traversal, Local Privilege Escalation through Incorrect Permission Assignment for Critical Resource, Open Redirect, Use of Hard-coded Credentials, Plaintext Storage of a Password, Generation of Error Message Containing Sensitive Information 2. RISK EVALUATION Successful exploitation

Continue ReadingICS Advisory: Rapid Software LLC Rapid SCADA

Ivanti Releases Security Update for Connect Secure and Policy Secure Gateways

  • Post author:
  • Post category:

Ivanti has released a security update to address an authentication bypass vulnerability (CVE-2023-46805) and a command injection vulnerability (CVE-2024-21887) in all supported versions (9.x and 22.x) of Connect Secure and Policy Secure gateways. A cyber threat actor could exploit these vulnerabilities to take control of an affected system.   Ivanti reports active exploitation of both

Continue ReadingIvanti Releases Security Update for Connect Secure and Policy Secure Gateways