#auth

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: LOGO! 8 BM Devices Vulnerabilities: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'), Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute code remotely, put the device into a denial-of-service state, or change the behavior of the device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports that the following products are affected: LOGO! 12/24RCE (6ED1052-1MD08-0BA2): All versions SIPLUS LOGO! 12/24RCEo (6AG1052-2MD08-7BA2): All versi...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Siemens Equipment: Altair Grid Engine Vulnerabilities: Generation of Error Message Containing Sensitive Information, Uncontrolled Search Path Element 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to escalate privileges and execute arbitrary code with superuser permissions. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Altair Grid Engine are affected: Altair Grid Engine: All versions prior to V2026.0.0 3.2 VULNERABILITY OVERVIEW 3.2.1 GENERATION OF ERROR MESSAGE CONTAINING SENSITIVE INFORMATION CWE-209 Affected products do not ...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.2 ATTENTION: Low attack complexity Vendor: AVEVA Equipment: Application Server IDE Vulnerability: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to tamper with help files and inject cross-site scripting (XSS) code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of AVEVA Application Server are affected: Application Server: Versions 2023 R2 SP1 P02 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER NEUTRALIZATION OF SCRIPT-RELATED HTML TAGS IN A WEB PAGE (BASIC XSS) CWE-80 The vulnerability, if exploited, could allow an authenticated miscreant (with privilege of "aaConfigTools") to tamper with App Objects' help files and persist a cross-site scripting (XSS) injection that when executed by a victim user, can result in horizontal or vertical escalation of privileges. The vulnerability can only be exploited durin...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.2 ATTENTION: Exploitable remotely/low attack complexity Vendor: General Industrial Controls Equipment: Lynx+ Gateway Vulnerabilities: Weak Password Requirements, Missing Authentication for Critical Function, Cleartext Transmission of Sensitive Information 2. RISK EVALUATION Successful exploitation of these vulnerabilities could result in obtaining sensitive device information, unauthorized access, or create a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Lynx+ Gateway are affected: Lynx+ Gateway: Version R08 Lynx+ Gateway: Version V03 Lynx+ Gateway: Version V05 Lynx+ Gateway: Version V18 3.2 VULNERABILITY OVERVIEW 3.2.1 WEAK PASSWORD REQUIREMENTS CWE-521 The affected product is vulnerable to a weak password requirement vulnerability, which may allow an attacker to execute a brute-force attack resulting in unauthorized access and login. CVE-2025-55034 has been assigned to this vulnerability. A C...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Solid Edge Vulnerability: Improper Certificate Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to perform man in the middle attacks. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports that the following products are affected: Siemens Solid Edge SE2025: All versions prior to V225.0 Update 11 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER CERTIFICATE VALIDATION CWE-295 Affected applications do not properly validate client certificates to connect to License Service endpoint. This c...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: Verve Asset Manager Vulnerability: Incorrect Authorization 2. RISK EVALUATION Successful exploitation of this vulnerability could result in an attacker accessing or altering user data. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Verve Asset Manager, an OT cybersecurity platform, are affected: Verve Asset Manager: Version 1.33 Verve Asset Manager: Version 1.34 Verve Asset Manager: Version 1.35 Verve Asset Manager: Version 1.36 Verve Asset Manager: Version 1.37 Verve Asset Manager: Version 1.38 Verve Asset Manager: Version 1.39 Verve Asset Manager: Version 1.40 Verve Asset Manager: Version 1.41 Verve Asset Manager: Version 1.41.1 Verve Asset Manager: Version 1.41.2 Verve Asset Manager: Version 1.41.3 3.2 VULNERABILITY OVERVIEW 3.2.1 INCORRECT AUTHORIZATION CWE-863 A security issue was discovered within Verve Asset Manager allowin...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: FactoryTalk DataMosaix Private Cloud Vulnerabilities: Weak Authentication, Improper Encoding or Escaping of Output 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to take over accounts, steal credentials, redirect users to a malicious website, or bypass MFA. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of FactoryTalk DataMosaix Private Cloud are affected: FactoryTalk DataMosaix Private Cloud: Versions 7.11, 8.00, 8.01 (CVE-2025-11084) FactoryTalk DataMosaix Private Cloud: Versions 7.11, 8.00 (CVE-2025-11085) 3.2 VULNERABILITY OVERVIEW 3.2.1 WEAK AUTHENTICATION CWE-1390 A security issue exists within DataMosaix™ Private Cloud, allowing attackers to bypass MFA during setup and obtain a valid login-token cookie without knowing the users password. This vulnerability occurs when MFA is enabled...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SICAM P850 family and SICAM P855 family Vulnerabilities: Cross-Site Request Forgery (CSRF), Incorrect Permission Assignment for Critical Resource 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to perform arbitrary actions on the device on behalf of a legitimate user, or impersonate that user. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports that the following products are affected: SICAM P850 (7KG8500-0AA00-0AA0): Versions prior to 3.11 SICAM P850 (7KG8501-0AA02-2AA0): Versions prior to 3.11 SICAM P85...

Malware families like Rhadamanthys Stealer, Venom RAT, and the Elysium botnet have been disrupted as part of a coordinated law enforcement operation led by Europol and Eurojust. The activity, which is taking place between November 10 and 13, 2025, marks the latest phase of Operation Endgame, an ongoing operation designed to take down criminal infrastructures and combat ransomware enablers

In August 2025, Cisco Talos observed big-game hunting and double extortion attacks carried out by Kraken, a Russian-speaking group that has emerged from the remnants of the HelloKitty ransomware cartel.