#web

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: ControlLogix Ethernet Modules Vulnerability: Initialization of a Resource with an Insecure Default 2. RISK EVALUATION Successful exploitation of this vulnerability could allow remote attackers to perform memory dumps, modify memory, and control execution flow. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Rockwell Automation ControlLogix Ethernet Modules are affected: 1756-EN2T/D: Version 11.004 or below 1756-EN2F/C: Version 11.004 or below 1756-EN2TR/C: Version 11.004 or below 1756-EN3TR/B: Version 11.004 or below 1756-EN2TP/A: Version 11.004 or below 3.2 VULNERABILITY OVERVIEW 3.2.1 Initialization of a Resource with an Insecure Default CWE-1188 Rockwell Automation ControlLogix Ethernet Modules are vulnerable to a security issue where the web-based debugger agent is enabled by default on released devices. If a specific IP addres...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: ArmorBlock 5000 I/O Vulnerabilities: Incorrect Authorization, Improper Authentication 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to predict session numbers or perform privileged actions. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of ArmorBlock 5000 I/O are affected: 5032-CFGB16M12P5DR: Versions 1.011 and prior 5032-CFGB16M12DR: Versions 1.011 and prior 5032-CFGB16M12M12LDR: Versions 1.011 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 INCORRECT AUTHORIZATION CWE-863 A security issue exists within the 5032 16pt Digital Configurable module's webserver. The webserver's session number increments at an interval that correlates to the last two consecutive login session interval, making it predictable. CVE-2025-7773 has been assigned to this vulnerability. A CVSS v3.1 base score of 8.6 has be...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Rockwell Automation Equipment: FLEX 5000 I/O Vulnerabilities: Improper Input Validation 2. RISK EVALUATION Successful exploitation of these vulnerabilities could create a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following version of FLEX 5000 I/O is affected: 5069-IF8: version V2.011 (CVE-2025-7861) 5069-IY8: version V2.011 (CVE-2025-7862) 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER INPUT VALIDATION CWE-20 A security issue exists due to improper handling of CIP Class 32's request when a module is inhibited on the 5094-IF8 device. It causes the module to enter a fault state with the Module LED flashing red. Upon un-inhibiting, the module returns a connection fault (Code 16#0010), and the module cannot recover without a power cycle. CVE-2025-7861 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector s...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Low attack complexity Vendor: Siemens Equipment: Web Installer Vulnerability: Uncontrolled Search Path Element 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code when a legitimate user installs an application that uses the affected installer component. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports that the following products are affected: Automation License Manager V6.0: All versions OpenPCS 7 V9.1: All versions SIMATIC WinCC Runtime Professional: All versions SIMATIC WinCC Runtime Professional V20: All versions SIMATIC WinCC TeleControl: All versi...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Low attack complexity Vendor: Rockwell Automation Equipment: FactoryTalk Viewpoint Vulnerability: Improper Handling of Insufficient Permissions or Privileges 2. RISK EVALUATION Successful exploitation of this vulnerability could result in full privilege escalation. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following version of FactoryTalk Viewpoint is affected: FactoryTalk Viewpoint: Version 14.00 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 EXECUTION WITH UNNECESSARY PRIVILEGES CWE-250 A security issue exists in FactoryTalk ViewPoint version 14.0 or below due to improper handling of MSI repair operations. During a repair, attackers can hijack the cscript.exe console window, which runs with SYSTEM privileges. This can be exploited to spawn an elevated command prompt, enabling full privilege escalation. CVE-2025-7973 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIPROTEC 4 and SIPROTEC 4 Compact Vulnerability: Improper Check for Unusual or Exceptional Conditions 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to cause a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports that the following products are affected: SIPROTEC 4 6MD61: All versions SIPROTEC 4 7SJ62: All versions SIPROTEC 4 7SJ63: All versions SIPROTEC 4 7SJ64: All versions SIPROTEC 4 7SJ66: All versions SIPROTEC 4 7SS52: All versions SIPROTEC 4 7ST6: All...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.4 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIMATIC RTLS Locating Manager Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an authenticated remote attacker to execute arbitrary code with high privileges. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports that the following products are affected: SIMATIC RTLS Locating Manager: Versions prior to V3.2 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER INPUT VALIDATION CWE-20 Affected products do not properly validate input for a backup script. This could allow an authenticated remote ...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: RUGGEDCOM ROX II Family Vulnerability: Unrestricted Upload of File with Dangerous Type 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker with a legitimate, highly privileged account on the web interface to upload arbitrary files onto the filesystem of the devices. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports the following products are affected: Siemens RUGGEDCOM ROX MX5000: All versions Siemens RUGGEDCOM ROX RX1536: All versions Siemens RUGGEDCOM ROX RX5000: All versions Siemens RUGGEDCOM ROX MX5000RE: ...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION: Low attack complexity Vendor: Rockwell Equipment: FactoryTalk Linx Vulnerability: Improper Access Control 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to to create, update, and delete FTLinx drivers. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Rockwell Automation products are affected: FactoryTalk Linx: Versions prior to 6.50 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER ACCESS CONTROL CWE-284 A security issue exists within the FactoryTalk Linx Network Browser. By modifying the process.env.NODE_ENV to 'development', the attacker can disable FTSP token validation. This bypass allows access to create, update, and delete FTLinx drivers. CVE-2025-7972 has been assigned to this vulnerability. A CVSS v3.1 base score of 9.0 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H). A CVSS v4 score has also been calculated for CVE-2025-7972. A base score of 8.4 ...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.8 ATTENTION: Low attack complexity Vendor: Siemens Equipment: SICAM Q100, SICAM Q200 Vulnerabilities: Cleartext Storage of Sensitive Information 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an authenticated local attacker to extract the SMTP account password and use the configured SMTP service for arbitrary purposes. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports the following products are affected: Siemens POWER METER SICAM Q100 (7KG9501-0AA01-0AA1): Versions 2.60 up to but not including 2.62 Siemens POWER METER SICAM Q100 (7KG9501-0AA01-2AA1): Versions 2.60 up to but not including 2.62 Si...