us-cert

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SiPass integrated Vulnerability: Out-of-bounds Read 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to cause a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports that the following products are affected: SiPass integrated: Versions prior to V2.95.3.18 3.2 VULNERABILITY OVERVIEW 3.2.1 OUT-OF-BOUNDS READ CWE-125 Affected server applications contain an out of bounds read past the end of an allocated buffer while checking the integrity of incoming packets. Thi...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.2 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SiPass Vulnerability: Improper Verification of Cryptographic Signature 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to upload a maliciously modified firmware onto the device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports that the following products are affected: Siemens SiPass integrated AC5102 (ACC-G2): All versions Siemens SiPass integrated ACC-AP: All versions 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER VERIFICATION OF CRYPTOGRAPHIC SIGNATURE CWE-347 Affected devices do not properly check the integ...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.3 ATTENTION: Low attack complexity Vendor: Johnson Controls Inc. Equipment: iSTAR Configuration Utility (ICU) tool Vulnerability: Use of Uninitialized Variable 2. RISK EVALUATION Successful exploitation of this vulnerability may allow an attacker to gain access to memory leaked from the ICU. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Johnson Controls reports the following versions of ICU are affected: ICU: All versions prior to 6.9.5 3.2 VULNERABILITY OVERVIEW 3.2.1 USE OF UNINITIALIZED VARIABLE CWE-457 The iSTAR Configuration Utility (ICU) tool leaks memory, which could result in unintended exposure of unauthorized data. CVE-2025-26383 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.4 has been calculated; the CVSS vector string is (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N). A CVSS v4 score has also been calculated for CVE-2025-26383. A base score of 6.3 has been calculated; the CVSS vector string is (CVSS:4.0/AV:A/AC:L/...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.9 ATTENTION: Low attack complexity Vendor: Lantronix Equipment: Device Installer Vulnerability: Improper Restriction of XML External Entity Reference 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to gain access to the host machine running the Device Installer software. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Lantronix products are affected: Device Installer: Versions 4.4.0.7 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER RESTRICTION OF XML EXTERNAL ENTITY REFERENCE CWE-611 Lantronix Device installer is vulnerable to XML External Entity (XXE) attacks in configuration files read from the network device. An attacker could obtain credentials, access these network devices, and modify their configurations. An attacker may also gain access to the host running the Device Installer software or the password hash of the user running the application. CVE-2025-4338 has been assigned to this vul...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: 95057C-FTHTWXCT11 Vulnerability: Improper Restriction of XML External Entity Reference 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to launch XXE-based attacks on applications that accept malicious log4net configuration files. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Rockwell Automation FactoryTalk Historian ThingWorx are affected: 95057C-FTHTWXCT11: Versions v4.02.00 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER RESTRICTION OF XML EXTERNAL ENTITY REFERENCE CWE-611 Apache log4net versions before 2.0.10 do not disable XML external entities when parsing log4net configuration files. This allows for XXE-based attacks in applications that accept attacker-controlled log4net configuration files. CVE-2018-1285 has been assigned to this vulnerability. A CVSS v3.1 base score of 9.8 has...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.5 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: Siveillance Video Vulnerability: Missing Encryption of Sensitive Data 2. RISK EVALUATION Successful exploitation of this vulnerability could remove password protection from the system configuration files, also affecting backup data sets that were created after the update to V2024 R1. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports that the following products are affected: Siemens Siveillance Video: Versions V24.1 and later 3.2 VULNERABILITY OVERVIEW 3.2.1 MISSING ENCRYPTION OF SENSITIVE DATA CWE-311 Milestone Systems has discovered a security vulnerability in Milest...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.3 ATTENTION: Low attack complexity Vendor: Mitsubishi Electric Iconics Digital Solutions, Mitsubishi Electric Equipment: ICONICS Product Suite and Mitsubishi Electric MC Works64 Vulnerability: Execution with Unnecessary Privileges 2. RISK EVALUATION Successful exploitation of this vulnerability could result in information tampering on the target workstation. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Mitsubishi Electric Iconics Digital Solutions reports that the following versions of ICONICS Product Suite and Mitsubishi Electric MC Works64 are affected: GENESIS64 AlarmWorX Multimedia (AlarmWorX64 MMX): All Versions Mitsubishi Electric MC Works64 AlarmWorX Multimedia (AlarmWorX64 MMX): All versions 3.2 VULNERABILITY OVERVIEW 3.2.1 EXECUTION WITH UNNECESSARY PRIVILEGES CWE-250 An execution with unnecessary privileges vulnerability in the AlarmWorX64 MMX Pager agent can provide the potential for information tampering. An attacker could make an unau...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.3 ATTENTION: Exploitable remotely Vendor: Danfoss Equipment: AK-SM 8xxA Series Vulnerability: Improper Authentication 2. RISK EVALUATION Successful exploitation of this vulnerability could enable a remote attacker to bypass authentication and execute arbitrary code remotely. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of AK-SM 800A system manager are affected: AK-SM 8xxA Series: Versions prior to R4.2 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER AUTHENTICATION CWE-287 An unauthorized access vulnerability, caused by datetime-based password generation, could potentially result in an authentication bypass. CVE-2025-41450 has been assigned to this vulnerability. A CVSS v3.1 base score of 8.2 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:H). A CVSS v4 score has also been calculated for CVE-2025-41450. A base score of 7.3 has been calculated; the CVSS vector string is (CVSS:4.0/AV:N/AC:H/...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: AutomationDirect Equipment: MB-Gateway Vulnerability: Missing Authentication For Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to make configuration changes, disrupt operations, or achieve arbitrary code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following AutomationDirect product is affected: MB-Gateway: All Versions 3.2 VULNERABILITY OVERVIEW 3.2.1 MISSING AUTHENTICATION FOR CRITICAL FUNCTION CWE-306 The embedded webserver lacks authentication and access controls, allowing unrestricted remote access. This could lead to configuration changes, operational disruption, or arbitrary code execution depending on the environment and exposed functionality. CVE-2025-36535 has been assigned to this vulnerability. A CVSS v3.1 base score of 10.0 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:C/C...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: Modicon Controllers M241/M251/M258/LMC058 Vulnerability: Externally Controlled Reference to a Resource in Another Sphere 2. RISK EVALUATION Successful exploitation of this vulnerability could cause a loss of confidentiality when an unauthenticated attacker manipulates a controller's webserver URL to access resources. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Schneider Electric reports that the following products are affected: Schneider Electric Modicon Controllers M241: Versions prior to 5.3.12.48 Schneider Electric Modicon Controllers M251: Versions prior to 5.3.12.48 Schneider Electric Modicon Controllers M258: All versions Schneider Electric Modicon Controllers LMC058: All versions 3.2 VULNERABILITY OVERVIEW 3.2.1 EXTERNALLY CONTROLLED REFERENCE TO A RESOURCE IN ANOTHER SPHERE CWE-610 CWE-610: Externally Controlled Reference to a Resource in Another...