us-cert

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.8 ATTENTION: Low Attack Complexity Vendor: Schneider Electric Equipment: Saitel DR RTU Vulnerabilities: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') 2. RISK EVALUATION Successful exploitation of these vulnerabilities could enable an attacker to execute arbitrary shell commands on the affected devices. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Schneider Electric reports that the following products are affected: Schneider Electric Saitel DR RTU: Versions 11.06.29 and prior Schneider Electric Saitel DP RTU: Versions 11.06.33 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN OS COMMAND ('OS COMMAND INJECTION') CWE-78 An OS command injection vulnerability exists that could cause the execution of any shell command when executing a netstat command using BLMon Console in an SSH session. CVE-2025-9996 has been assigned to this vulnerability. A CVSS v3.1 base sc...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Dover Fueling Solutions Equipment: ProGauge MagLink LX4, ProGauge MagLink LX4 Plus, ProGauge MagLink LX4 Ultimate Vulnerabilities: Integer Overflow or Wraparound, Use of Hard-coded Cryptographic Key, Use of Weak Credentials 2. RISK EVALUATION Successful exploitation of these vulnerabilities could result in a remote attacker causing a denial-of-service condition or gaining administrative access to the device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of ProGauge MagLink LX, a fuel and water tank monitor, are affected: ProGauge MagLink LX 4: Versions prior to 4.20.3 ProGauge MagLink LX Plus: Versions prior to 4.20.3 ProGauge MagLink LX Ultimate: Versions prior to 5.20.3 3.2 VULNERABILITY OVERVIEW 3.2.1 INTEGER OVERFLOW OR WRAPAROUND CWE-190 Affected devices fail to handle Unix time values beyond a certain point. An attacker can manually change the system time t...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: Asset Suite Vulnerabilities: Server-Side Request Forgery (SSRF), Deserialization of Untrusted Data, Cleartext Storage of Sensitive Information, Uncontrolled Resource Consumption, URL Redirection to Untrusted Site ('Open Redirect'), Improper Authentication 2. RISK EVALUATION Successful exploitation of this vulnerability could allow attackers to trigger resource consumption or information disclosure through SSRF in Apache XML Graphics Batik, mount a Denial-Of-Service attack via poisoned data in logback, discover cleartext passwords in H2 Database Engine, fill up the file system in Apache CXF, perform open redirect or SSRF attacks through UriComponentsBuilder, and execute arbitrary code in Apache ActiveMQ. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Hitachi Energy reports that the following products are affected: Asset Suite: Versions 9.6.4.5 and prior 3.2 VULN...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.2 ATTENTION: Exploitable remotely Vendor: Westermo Network Technologies Equipment: WeOS 5 Vulnerability: Improper Validation of Syntactic Correctness of Input 2. RISK EVALUATION Successful exploitation of this vulnerability could cause the device to reboot. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Westermo reports following versions of WeOS 5, an industrial network operating system, are affected: WeOS 5: Versions 5.23.0 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER VALIDATION OF SYNTACTIC CORRECTNESS OF INPUT CWE-1286 When configured for IPSec, a Westermo device running WeOS 5 could be vulnerable to a denial-of-service attack. A specifically crafted ESP packet could trigger an immediate reboot of the device. CVE-2025-46419 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.9 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H). A CVSS v4 score has also been calculated for CVE-202...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Cognex Equipment: In-Sight Explorer, In-Sight Camera Firmware Vulnerabilities: Use of Hard-coded Password, Cleartext Transmission of Sensitive Information, Incorrect Default Permissions, Improper Restriction of Excessive Authentication Attempts, Incorrect Permission Assignment for Critical Resource, Authentication Bypass by Capture-replay, Client-Side Enforcement of Server-Side Security 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to disclose sensitive information, steal credentials, modify files, or cause a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Cognex products are affected: In-Sight 2000 series: Versions 5.x up to and including 6.5.1 In-Sight 7000 series: Versions 5.x up to and including 6.5.1 In-Sight 8000 series: Versions 5.x up to and including 6.5.1 In-Sight 9000 series: Versions 5.x ...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIMATIC NET CP, SINEMA and SCALANCE Vulnerabilities: Integer Overflow or Wraparound 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to cause a denial-of-service (DoS) condition in the affected devices by exploiting integer overflow bugs. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports that the following products are affected: Siemens RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2): < V7.1 Siemens SCALANCE M874-3 (6GK5874-3AA00-2AA2): < V7.1 Siemens SCALANCE M876-3 (EVDO) (6GK5876-3AA02-2BA2): < V7.1 ...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: INDUSTRIAL EDGE, OpenPCS, RUGGEDCOM, SCALANCE, SIMATIC, SIMOTION, SINAUT, SINEC, SIPLUS, TIA Vulnerability: Loop with Unreachable Exit Condition ('Infinite Loop') 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to create a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports that the following products are affected: Siemens Industrial Edge - OPC UA Connector: All versions prior to V1.7 Siemens RUGGEDCOM ROX MX5000RE: All versions prior to V2.15.1 Siemens SCALANCE W788-2 RJ45 (6GK5...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.4 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: INDUSTRIAL EDGE, RUGGEDCOM, SCALANCE, SIMATIC, SINEC, SINEMA, SINUMERIK, SIPLUS, TIA Vulnerability: Out-of-bounds Read 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an unauthenticated remote attacker to execute arbitrary code or to cause a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports that the following products are affected: Siemens Industrial Edge - Machine Insight App: All versions Siemens RUGGEDCOM ROX RX1510: All versions prior to V2.15.0 Siemens SCALANCE X201-3P IRT PRO (6GK5201-3JR00-2BA6): All ...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.2 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: RTU500 series Vulnerabilities: NULL Pointer Dereference, Improper Validation of Integrity Check Value, Improper Restriction of XML External Entity Reference, Heap-based Buffer Overflow, Integer Overflow or Wraparound, Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion'), Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of these vulnerabilities could cause a Denial-of-Service condition in RTU500 devices. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Hitachi Energy reports that the following products are affected: Hitachi Energy RTU500 series: Version 13.6.1 (CVE-2023-2953, CVE-2025-39203, CVE-2025-6021) Hitachi Energy RTU500 series: Versions 12.7.1 through 12.7.7 (CVE-2023-2953, CVE-2025-39203, CVE-2025-6021) Hitachi Energy RTU500 series: Versions 13.4.1 through 13.4.4 (CVE-2025-39203) Hitachi Energy RTU500 ...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: Altivar products, ATVdPAC module, ILC992 InterLink Converter Vulnerability: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to read or modify data. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Schneider Electric reports that the following products are affected: Schneider Electric ATVdPAC module: Versions prior to 25.0 Schneider Electric Altivar Process Drives ATV930: All versions Schneider Electric Altivar Process Drives ATV950: All versions Schneider Electric Altivar Process Drives ATV955: All versions Schneider Electric Altivar Process Drives ATV960: All versions Schneider Electric Altivar Process Drives ATV980: All versions Schneider Electric Altivar Process Drives ATV9A0: All versions Schneider Electric Altivar Process Drives A...