us-cert

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Emerson Equipment: Appleton UPSMON-PRO Vulnerability: Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could allow remote attackers to execute arbitrary code on affected installations of Appleton UPSMON-PRO. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Emerson products are affected: Appleton UPSMON-PRO: Versions 2.6 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 STACK-BASED BUFFER OVERFLOW CWE-121 A crafted UDP packet sent to the default UDP port 2601 can cause an overflow of the buffer stack, overwriting critical memory locations. This could allow unauthorized individuals to execute arbitrary code with SYSTEM privileges if the UPSMONProService service communication is not properly validated. CVE-2024-3871 has been assigned to this vulnerability. A CVSS v3.1 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.0 ATTENTION: Low attack complexity Vendor: iCam365 Equipment: P201 and QC021 Vulnerabilities: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of these vulnerabilities could result in unauthorized exposure of camera video streams and camera configuration data. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following iCam365 camera model is affected: ROBOT PT Camera P201: Versions 43.4.0.0 and prior Night Vision Camera QC021: Versions 43.4.0.0 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 Missing Authentication for Critical Function CWE-306 The affected products allow unauthenticated access to Open Network Video Interface Forum (ONVIF) services, which may allow an attacker unauthorized access to camera configuration information. CVE-2025-64770 has been assigned to this vulnerability. A CVSS v3.1 base score of 6.8 has been calculated; the CVSS vector string is (AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L). A CVSS v4 sco...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Festo SE & Co. KG Equipment: Didactic products Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow the creation or overwriting of arbitrary files in the engineering system. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Festo reports that the following products contain affected versions of Siemens TIA-Portal: Siemens TIA-Portal V15 prior to V17 Update 6 installed on Festo Hardware MES PC: All versions Siemens TIA-Portal V18 prior to V18 Update 1 installed on Festo Hardware MES PC: All versions Siemens TIA-Portal V15 prior to V17 Update 6 installed on Festo Hardware TP260 (<June2023): All versions Siemens TIA-Portal V18 prior to V18 Update 1 installed on Festo Hardware TP260 (<June2023): All versions 3.2 VULNERABILITY OVERVIEW 3.2.1 Improper Input Validation CWE-20 A vulnerability has been identified in Siemens Totally Integrated Automation Po...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Festo SE & Co. KG Equipment: MSE6-C2M/D2M/E2M Vulnerability: Hidden Functionality 2. RISK EVALUATION Successful exploitation of this vulnerability could lead to a complete loss of confidentiality, integrity, and availability. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Festo reports the following products are affected: MSE6-C2M-5000-FB36-D-M-RG-BAR-M12L4-AGD: All versions MSE6-C2M-5000-FB36-D-M-RG-BAR-M12L5-AGD: All versions MSE6-C2M-5000-FB43-D-M-RG-BAR-M12L4-MQ1-AGD: All versions MSE6-C2M-5000-FB43-D-M-RG-BAR-M12L5-MQ1-AGD: All versions MSE6-C2M-5000-FB44-D-M-RG-BAR-AMI-AGD: All versions MSE6-C2M-5000-FB44-D-RG-BAR-AMI-AGD: All versions MSE6-D2M-5000-CBUS-S-RG-BAR-VCB-AGD: All versions MSE6-E2M-5000-FB13-AGD: All versions MSE6-E2M-5000-FB36-AGD: All versions MSE6-E2M-5000-FB37-AGD: All versions MSE6-E2M-5000-FB43-AGD: All versions MSE6-E2M-5000-FB44-AGD: All versions 3.2 VULNERABIL...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Schneider Electric Equipment: PowerChute Serial Shutdown Vulnerabilities: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Improper Restriction of Excessive Authentication Attempts, Incorrect Default Permissions 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to access user accounts or gain elevated system access. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following version of Schneider Electric PowerChute Serial Shutdown are affected: Schneider Electric PowerChute Serial Shutdown: Versions 1.3 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY ('PATH TRAVERSAL') CWE-22 A path traversal vulnerability exists that could cause elevated system access when a Web Admin user on the local network tampers with the POST/REST/UpdateJRE request payload. CVE-2025-115...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.3 ATTENTION: Low attack complexity Vendor: Shelly Equipment: Pro 4PM Vulnerability: Allocation of Resources Without Limits or Throttling 2. RISK EVALUATION Successful exploitation of this vulnerability could result in a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following version of Pro 4PM, a smart DIN rail switch, is affected: Pro 4PM: prior to v1.6 3.2 VULNERABILITY OVERVIEW 3.2.1 ALLOCATION OF RESOURCES WITHOUT LIMITS OR THROTTLING CWE-770 Due to lack of input bounds checking, an attacker can send a specially crafted request to any RPC endpoint. The malicious request causes the device's JSON parser to overallocate memory, leading the device to reboot and creating a denial-of-service condition. CVE-2025-11243 has been assigned to this vulnerability. A CVSS v3 base score of 7.4 has been calculated; the CVSS vector string is (AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H). A CVSS v4 score has also been calculated for CVE-...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: METZ CONNECT Equipment: EWIO2 Vulnerabilities: Authentication Bypass by Primary Weakness, Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion'), Unrestricted Upload of File with Dangerous Type, Path Traversal: '.../...//', Improper Access Control 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to bypass authentication and control the device remotely or perform remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS METZ CONNECT reports that the following products are affected: METZ CONNECT Firmware (<2.2.0) installed on METZ CONNECT Hardware EWIO2-M: All versions METZ CONNECT Firmware (<2.2.0) installed on METZ CONNECT Hardware EWIO2-M-BM: All versions METZ CONNECT Firmware (<2.2.0) installed on METZ CONNECT Hardware EWIO2-BM: All versions 3.2 Vulnerability Overview 3.2.1 AUTHENTI...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.3 ATTENTION: Low Attack Complexity Vendor: Schneider Electric Equipment: EcoStruxure Machine SCADA Expert & Pro-face BLUE Open Studio Vulnerability: Use of a Broken or Risky Cryptographic Algorithm 2. RISK EVALUATION Successful exploitation of this vulnerability could lead to loss of confidentiality and integrity. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Schneider Electric reports that the following products use an affected AVEVA component: EcoStruxure Machine SCADA Expert: Versions prior to 2023.1 Patch 1 Pro-face BLUE Open Studio: Versions prior to 2023.1 Patch 1 3.2 VULNERABILITY OVERVIEW 3.2.1 Use of a Broken or Risky Cryptographic Algorithm CWE-327 The vulnerability disclosed by AVEVA Group Limited impacts the affected Schneider Electric software. Additional information about the vulnerabilities can be found in the AVEVA advisory AVEVA-2025-006. The vulnerability, if exploited, could allow a attacker with read access to Edge project files...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.3 ATTENTION: Low attack complexity Vendor: Shelly Equipment: Pro 3EM Vulnerability: Out-of-Bounds Read 2. RISK EVALUATION Successful exploitation of this vulnerability could result in a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following version of Pro 3EM, a smart DIN rail switch, is affected: Pro 3EM: all versions 3.2 VULNERABILITY OVERVIEW 3.2.1 OUT-OF-BOUNDS READ CWE-125 By sending a specially crafted Modbus request, an attacker can direct the device to access an illegal data address without standard error handling, causing the device to reboot and leading to a denial-of-service condition. CVE-2025-12056 has been assigned to this vulnerability. A CVSS v3 base score of 7.4 has been calculated; the CVSS vector string is (AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H). A CVSS v4 score has also been calculated for CVE-2025-12056. A base score of 8.3 has been calculated; the CVSS vector string is (AV:A/AC:L/AT:N/PR:N/UI:N/...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.3 ATTENTION: Low attack complexity Vendor: AVEVA Equipment: Edge Vulnerability: Use of a Broken or Risky Cryptographic Algorithm 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a local attacker to reverse engineer passwords through brute force. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of AVEVA Edge (formerly InduSoft Web Studio), a HMI/SCADA software, are affected: Edge: Versions 2023 R2 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 USE OF A BROKEN OR RISKY CRYPTOGRAPHIC ALGORITHM CWE-327 The vulnerability, if exploited, could allow a miscreant with read access to Edge Project files or Edge Offline Cache files to reverse engineer Edge users' app-native or Active Directory passwords through computational brute-forcing of weak hashes. CVE-2025-9317 has been assigned to this vulnerability. A CVSS v3.1 base score of 8.4 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/...