View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Johnson Controls Inc. Equipment: ICU Vulnerability: Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability may allow an attacker to execute arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Johnson Controls reports the following versions of ICU are affected:… Read more

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Nice Equipment: Linear eMerge E3 Vulnerability: Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute arbitrary OS commands. 3. TECHNICAL DETAILS 3.1 AFFECTED… Read more

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: Modicon M580, Modicon M340, Modicon Premium, and Modicon Quantum Vulnerabilities: Trust Boundary Violation, Uncaught Exception, Exposure of Sensitive Information to an Unauthorized Actor, Authentication Bypass by Spoofing, Improper Access Control, Reliance on Untrusted Inputs in a Security Decision,… Read more

Post Content Read more

Post Content Read more

CISA released five Industrial Control Systems (ICS) advisories on April 22, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-112-01 Siemens TeleControl Server Basic SQL ICSA-25-112-02 Siemens TeleControl Server Basic ICSA-25-112-03 Schneider Electric Wiser Home Controller WHC-5918A ICSA-25-112-04 ABB MV Drives  ICSA-25-035-04 Schneider Electric Modicon M580 PLCs, BMENOR2200H… Read more

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: ABB Equipment: MV Drives Vulnerabilities: Improper Restriction of Operations within the Bounds of a Memory Buffer, Improper Input Validation, Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to gain full access to the drive or… Read more

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: Wiser Home Controller WHC-5918A Vulnerability: Exposure of Sensitive Information to an Unauthorized Actor 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to disclose sensitive credentials. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Schneider Electric reports… Read more

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens’ ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.3 ATTENTION: Exploitable remotely Vendor:… Read more

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens’ ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack… Read more