Source
us-cert
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION: Low attack complexity Vendor: Rockwell Equipment: FactoryTalk Linx Vulnerability: Improper Access Control 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to to create, update, and delete FTLinx drivers. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Rockwell Automation products are affected: FactoryTalk Linx: Versions prior to 6.50 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER ACCESS CONTROL CWE-284 A security issue exists within the FactoryTalk Linx Network Browser. By modifying the process.env.NODE_ENV to 'development', the attacker can disable FTSP token validation. This bypass allows access to create, update, and delete FTLinx drivers. CVE-2025-7972 has been assigned to this vulnerability. A CVSS v3.1 base score of 9.0 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H). A CVSS v4 score has also been calculated for CVE-2025-7972. A base score of 8.4 ...
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.8 ATTENTION: Low Attack Complexity Vendor: Siemens Equipment: SIMOTION SCOUT, SIMOTION SCOUT TIA, SINAMICS STARTER Vulnerability: Improper Restriction of XML External Entity Reference 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to access arbitrary application files. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports that the following products are affected: SIMOTION SCOUT TIA V5.4: All versions SINAMICS STARTER V5.6: All versions SINAMICS STARTER V5.7: All versions SIMOTION SCOUT TIA V5.5: All versions SIMOTION SCOUT TIA V5.6: Versions prior to V5.6 SP1 HF7 SIMOTION SCOUT TIA V5.7: Ve...
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable from adjacent network/low attack complexity Vendor: Siemens Equipment: SINUMERIK Vulnerability: Authentication Bypass Using an Alternate Path or Channel 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to gain unauthorized remote access and potentially compromise system confidentiality, integrity, or availability. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports that the following products are affected: SINUMERIK 828D PPU.4: Versions prior to V4.95 SP5 SINUMERIK 828D PPU.5: Versions prior to V5.25 SP1 SINUMERIK 840D sl: Versions prior to V4.95 SP5 SINUMERIK MC: V...
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Low attack complexity Vendor: Siemens Equipment: Web Installer Vulnerability: Uncontrolled Search Path Element 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code when a legitimate user installs an application that uses the affected installer component. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports that the following products are affected: Automation License Manager V6.0: All versions OpenPCS 7 V9.1: All versions SIMATIC WinCC Runtime Professional: All versions SIMATIC WinCC Runtime Professional V20: All versions SIMATIC WinCC TeleControl: All versi...
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Low attack complexity Vendor: Rockwell Automation Equipment: FactoryTalk Viewpoint Vulnerability: Improper Handling of Insufficient Permissions or Privileges 2. RISK EVALUATION Successful exploitation of this vulnerability could result in full privilege escalation. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following version of FactoryTalk Viewpoint is affected: FactoryTalk Viewpoint: Version 14.00 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 EXECUTION WITH UNNECESSARY PRIVILEGES CWE-250 A security issue exists in FactoryTalk ViewPoint version 14.0 or below due to improper handling of MSI repair operations. During a repair, attackers can hijack the cscript.exe console window, which runs with SYSTEM privileges. This can be exploited to spawn an elevated command prompt, enabling full privilege escalation. CVE-2025-7973 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is...
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SINEC Traffic Analyzer Vulnerabilities: NULL Pointer Dereference, Use After Free, Uncontrolled Resource Consumption, Execution with Unnecessary Privileges, Exposure of Sensitive Information to an Unauthorized Actor, Irrelevant Code, Channel Accessible by Non-Endpoint 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to cause a denial-of-service condition or gain elevated access and access to sensitive resources. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports the following products are affected: Siemens...
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: BFCClient Vulnerabilities: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'), Out-of-bounds Read, Loop with Unreachable Exit Condition ('Infinite Loop'), Access of Resource Using Incompatible Type ('Type Confusion'), Improper Certificate Validation 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to read memory contents, to change the application behavior, or to create a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports that the following products are aff...
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: EcoStruxure Power Monitoring Expert Vulnerabilities: Path Traversal, Deserialization of Untrusted Data, Server-Side Request Forgery 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow a remote attacker to read arbitrary files from the target machine, or to access internal services directly. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Schneider Electric reports the following versions of EcoStruxure Power Monitoring Expert are affected: EcoStruxure Power Monitoring Expert: Version 13.1 3.2 VULNERABILITY OVERVIEW 3.2.1 PATH TRAVERSAL CWE-22 Schneider Electric EcoStruxure Power Monitoring Expert contains a directory traversal vulnerability, which may enable remote code execution when an authenticated attacker with admin privileges uploads a malicious file over HTTP which then gets executed. Authentication is required to exploit th...
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Johnson Controls Equipment: iSTAR Ultra, iSTAR Ultra SE, iSTAR Ultra G2, iSTAR, ULTRA G2 SE, iSTAR Edge G2 Vulnerabilities: OS Command Injection, Insufficient Verification of Data Authenticity, Use of Default Credentials, Missing Protection Mechanism for Alternate Hardware Interface, Insecure Storage of Sensitive Information 2. RISK EVALUATION Successful exploitation of these vulnerabilities may allow an attacker to modify firmware and access the space that is protected by the device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Software House iSTAR Ultra and Edge door controllers are affected: iSTAR Ultra: Versions 6.9.2.CU02 and prior (CVE-2025-53695, CVE-2025-53696, CVE-2025-53697, CVE-2025-53700) iSTAR Ultra SE: Versions 6.9.2.CU02 and prior (CVE-2025-53695, CVE-2025-53696, CVE-2025-53697, CVE-2025-53700) iSTAR Ultra G2: Versions 6.9.2.CU02 and prior (CVE...
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: AVEVA Equipment: PI Integrator Vulnerabilities: Unrestricted Upload of File with Dangerous Type, Insertion of Sensitive Information into Sent Data 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to disclose sensitive information, or upload and execute files. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following AVEVA products are affected: PI Integrator for Business Analytics: Versions 2020 R2 SP1 and prior. 3.2 VULNERABILITY OVERVIEW 3.2.1 UNRESTRICTED UPLOAD OF FILE WITH DANGEROUS TYPE CWE-434 The vulnerability, if exploited, could allow an authenticated miscreant (with privileges to create or access publication targets of type Text File or HDFS) to upload and persist files that could potentially be executed. CVE-2025-54460 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.6 has been calculated; the CVSS vector stri...