us-cert

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: MELSEC iQ-F Series CPU module Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to read or write the device values of the product. In addition, the attacker may be able to stop the operation of the programs. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Mitsubishi Electric reports the following versions of MELSEC iQ-F Series are affected: MELSEC iQ-F Series FX5U-32MT/ES: 1.060 and later MELSEC iQ-F Series FX5U-32MT/DS: 1.060 and later MELSEC iQ-F Series FX5U-32MT/ESS: 1.060 and later MELSEC iQ-F Series FX5U-32MT/DSS: 1.060 and later MELSEC iQ-F Series FX5U-64MT/ES: 1.060 and later MELSEC iQ-F Series FX5U-64MT/DS: 1.060 and later MELSEC iQ-F Series FX5U-64MT/ESS: 1.060 and later MELSEC iQ-F Series FX5U-64MT/DSS: 1.060 and later MELSEC iQ-F Series FX5U-80MT/ES...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: Modicon M340 and Communication Modules Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Schneider Electric reports that the following products are affected: Modicon M340: All versions BMXNOR0200H Ethernet/Serial RTU Module: All versions BMXNGD0100 M580 Global Data module: All versions BMXNOC0401 Modicon M340 X80 Ethernet Communication modules: All versions BMXNOE0100 Modbus/TCP Ethernet Modicon M340 module: Versions prior to 3.60 BMXNOE0110 Modbus/TCP Ethernet Modicon M340 FactoryCast module: Versions prior to 6.80 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER INPUT VALIDATION CWE-20 Improper Input Validation vulnerability exists that could cause a Denial-of-Service when specially crafted FTP com...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Low attack complexity Vendor: INVT Equipment: VT-Designer and HMITool Vulnerabilities: Out-of-bounds Write, Access of Resource Using Incompatible Type ('Type Confusion') 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow attackers to execute arbitrary code in the context of the current process. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of INVT VT-Designer and HMITool are affected: VT-Designer: Version 2.1.13 (CVE-2025-7227, CVE-2025-7228, CVE-2025-7229, CVE-2025-7230, CVE-2025-7231) HMITool: Version 7.1.011 (CVE-2025-7223, CVE-2025-7224, CVE-2025-7225, CVE-2025-7226) 3.2 VULNERABILITY OVERVIEW 3.2.1 OUT-OF-BOUNDS WRITE CWE-787 HMITool is vulnerable to remote attackers who can execute arbitrary code on affected installations. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists w...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Mitsubishi Electric Corporation Equipment: MELSEC iQ-F Series CPU module Vulnerability: Improper Handling of Length Parameter Inconsistency 2. RISK EVALUATION Successful exploitation of this vulnerability could result in a remote attacker being able to delay the processing of the Web server function and prevent legitimate users from utilizing the Web server function by sending a specially crafted HTTP request. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of MELSEC iQ-F Series CPU module are affected: MELSEC iQ-F Series CPU module FX5U-32MT/ES: Versions 1.060 and later MELSEC iQ-F Series CPU module FX5U-32MT/DS: Versions 1.060 and later MELSEC iQ-F Series CPU module FX5U-32MT/ESS: Versions 1.060 and later MELSEC iQ-F Series CPU module FX5U-32MT/DSS: Versions 1.060 and later MELSEC iQ-F Series CPU module FX5U-32MR/ES: Versions 1.060 and later MELSEC iQ-F Series CP...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.2 ATTENTION: Low attack complexity Vendor: Siemens Equipment: Desigo CC Product Family and SENTRON Powermanager Vulnerability: Least Privilege Violation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow privilege escalation. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports that the following products are affected: Desigo CC family V5.0: All versions Desigo CC family V5.1: All versions Desigo CC family V6: All versions Desigo CC family V7: All versions Desigo CC family V8: All versions SENTRON Powermanager V5: All versions SENTRON Powermanager V6: All versions SENTRON Powermanager V7: All versions SEN...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.7 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: Mendix SAML Module Vulnerability: Improper Verification of Cryptographic Signature 2. RISK EVALUATION Successful exploitation of this vulnerability could allow unauthenticated remote attackers to hijack an account in specific SSO configurations. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports that the following products are affected: Siemens Mendix SAML (Mendix 9.24 compatible): Versions prior to V3.6.21 Siemens Mendix SAML (Mendix 10.12 compatible): Versions prior to V4.0.3 Siemens Mendix SAML (Mendix 10.21 compatible): Versions prior to V4.1.2 3.2 VULNERABILITY OV...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.2 ATTENTION: Low Attack Complexity Vendor: Siemens Equipment: COMOS Vulnerability: Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a crash, potentially enabling a denial-of-service attack (Crash, Exit, or Restart) or possible code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports that the following products are affected: Siemens COMOS: all versions prior to V10.6 3.2 VULNERABILITY OVERVIEW 3.2.1 OUT-OF-BOUNDS WRITE CWE-787 Out-of-bounds Write vulnerability was discovered in Open Design Alliance Drawings SDK before 2025.10. Reading crafted DWF file ...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.2 ATTENTION: Low Attack Complexity Vendor: Siemens Equipment: Engineering Platforms Vulnerability: Deserialization of Untrusted Data 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a local authenticated attacker to cause a type confusion and execute arbitrary code within the affected application and its privileges. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports that the following products are affected: Siemens SIMATIC PCS neo V4.1: All Versions Siemens SIMATIC WinCC V18: All Versions Siemens SIMATIC WinCC V19: All versions prior to V19 Update 4 Siemens SIMATIC WinCC V20: All Versions Siemens SIMO...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low Attack Complexity Vendor: Siemens Equipment: Simcenter Femap Vulnerabilities: Out-of-bounds Write, Out-of-bounds Read 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute code in the context of the current process. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports that the following products are affected: Siemens Simcenter Femap V2406: vers:intdot/<2406.0003 Siemens Simcenter Femap V2412: vers:intdot/<2412.0002 3.2 VULNERABILITY OVERVIEW 3.2.1 OUT-OF-BOUNDS WRITE CWE-787 The affected applications contain an out of bounds write vulnerability when parsing a specia...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.3 ATTENTION: Low Attack Complexity Vendor: Siemens Equipment: SIMATIC RTLS Locating Manager Vulnerabilities: Reachable Assertion, Insufficiently Protected Credentials 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to cause a denial of service condition or escalate to higher access rights. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports that the following products are affected: Siemens SIMATIC RTLS Locating Manager: all versions prior to 3.3 3.2 VULNERABILITY OVERVIEW 3.2.1 REACHABLE ASSERTION CWE-617 Affected devices do not properly validate input sent to its listening port on the ...