Latest News

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.8 ATTENTION: Low attack complexity Vendor: Siemens Equipment: SICAM Q100, SICAM Q200 Vulnerabilities: Cleartext Storage of Sensitive Information 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an authenticated local attacker to extract the SMTP account password and use the configured SMTP service for arbitrary purposes. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports the following products are affected: Siemens POWER METER SICAM Q100 (7KG9501-0AA01-0AA1): Versions 2.60 up to but not including 2.62 Siemens POWER METER SICAM Q100 (7KG9501-0AA01-2AA1): Versions 2.60 up to but not including 2.62 Si...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Low attack complexity Vendor: Rockwell Automation Equipment: FactoryTalk Action Manager Vulnerability: Exposure of Sensitive Information to an Unauthorized Actor 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a local unauthenticated attacker to listen to communications and manipulate the device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of FactoryTalk Action Manager, a software management platform, are affected: FactoryTalk Action Manager: Version 1.0.0 to 1.01 3.2 VULNERABILITY OVERVIEW 3.2.1 EXPOSURE OF SENSITIVE INFORMATION TO AN UNAUTHORIZED ACTOR CWE-200 A security issue in the runtime event system allows unauthenticated connections to receive a reusable API token. This token is broadcast over a WebSocket and can be intercepted by any local client listening on the connection. CVE-2025-7532 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calcul...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.3 ATTENTION: Exploitable from a local network Vendor: Rockwell Automation Equipment: Studio 5000 Logix Designer Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to crash the device or execute malicious code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Studio 5000 Logix Designer, a centralized control system management software, are affected: Studio 5000 Logix Designer: Version 36.00.02 to 37.00.02 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER INPUT VALIDATION CWE-20 A security issues exists within Studio 5000 Logix Designer due to unsafe handling of environment variables. If the specified path lacks a valid file, Logix Designer crashes; however, it may be possible to execute malicious code without triggering a crash. CVE-2025-7971 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.5 has been calculated; the CVSS vector string i...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: RUGGEDCOM CROSSBOW Station Access Controller (SAC) Vulnerabilities: Heap-Based Buffer Overflow, Integer Overflow or Wraparound 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code or create a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports that the following products are affected: RUGGEDCOM CROSSBOW Station Access Controller (SAC): Versions prior to V5.7 3.2 VULNERABILITY OVERVIEW 3.2.1 HEAP-BASED BUFFER OVERFLOW CWE-122 An integer overflow can be trig...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: RUGGEDCOM APE1808 Vulnerabilities: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'), Execution with Unnecessary Privileges 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an authenticated administrator to execute unauthorized arbitrary OS commands. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports that the following products are affected: RUGGEDCOM APE1808: All versions 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN OS COMMAND ('OS C...

You check that the windows are shut before leaving home. Return to the kitchen to verify that the oven and stove were definitely turned off. Maybe even circle back again to confirm the front door was properly closed. These automatic safety checks give you peace of mind because you know the unlikely but potentially dangerous consequences of forgetting – a break-in, fire, or worse. Your

Cybersecurity researchers have disclosed a new Android trojan called PhantomCard that abuses near-field communication (NFC) to conduct relay attacks for facilitating fraudulent transactions in attacks targeting banking customers in Brazil. "PhantomCard relays NFC data from a victim's banking card to the fraudster's device," ThreatFabric said in a report. "PhantomCard is based on

The breach of the US Courts records system came to light more than a month after the attack was discovered. Details about what was exposed—and who’s responsible—remain unclear.

Zimperium’s zLabs team uncovers a critical security flaw in the popular Android rooting tool, KernelSU v0.5.7. Learn how…

Story teaser text: Cybersecurity leaders face mounting pressure to stop attacks before they start, and the best defense may come down to the settings you choose on day one. In this piece, Yuriy Tsibere explores how default policies like deny-by-default, MFA enforcement, and application Ringfencing ™ can eliminate entire categories of risk. From disabling Office macros to blocking outbound server