Cyber & Coffee

Our news

  • CISA Releases Six Industrial Control Systems Advisories

    CISA released six Industrial Control Systems (ICS) Advisories. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.  ICSA-25-322-01 Schneider Electric EcoStruxure Machine SCADA Expert & Pro-face BLUE Open Studio ICSA-25-322-02 Shelly Pro 4PM ICSA-25-322-03 Shelly Pro 3EM ICSA-25-322-04 Schneider Electric PowerChute Serial Shutdown ICSA-25-322-05 METZ CONNECT EWIO2 ICSA-25-224-03 Schneider Electric

    READ MORE

  • Shelly Pro 3EM

    View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.3 ATTENTION: Low attack complexity Vendor: Shelly Equipment: Pro 3EM Vulnerability: Out-of-Bounds Read 2. RISK EVALUATION Successful exploitation of this vulnerability could result in a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following version of Pro 3EM, a smart DIN rail switch, is affected: Pro 3EM:

    READ MORE

  • Schneider Electric EcoStruxure Machine SCADA Expert & Pro-face BLUE Open Studio

    View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.3 ATTENTION: Low Attack Complexity Vendor: Schneider Electric Equipment: EcoStruxure Machine SCADA Expert & Pro-face BLUE Open Studio Vulnerability: Use of a Broken or Risky Cryptographic Algorithm 2. RISK EVALUATION Successful exploitation of this vulnerability could lead to loss of confidentiality and integrity. 3. TECHNICAL DETAILS 3.1 AFFECTED

    READ MORE

  • METZ CONNECT EWIO2

    View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: METZ CONNECT Equipment: EWIO2 Vulnerabilities: Authentication Bypass by Primary Weakness, Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’), Unrestricted Upload of File with Dangerous Type, Path Traversal: ‘…/…//’, Improper Access Control 2. RISK EVALUATION Successful

    READ MORE

  • Fortinet Releases Security Advisory for Relative Path Traversal Vulnerability Affecting FortiWeb Products

    CISA is aware of exploitation of a newly disclosed vulnerability, CVE-2025-64446, in Fortinet FortiWeb, a web application firewall. This vulnerability affects the following FortiWeb versions:1 8.0.0 through 8.0.1 7.6.0 through 7.6.4 7.4.0 through 7.4.9 7.2.0 through 7.2.11 7.0.0 through 7.0.11 CVE-2025-64446 is a relative path traversal vulnerability CWE-23: Relative Path Traversal that may allow an

    READ MORE

  • Siemens Spectrum Power 4

    As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens’ ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack

    READ MORE

  • Rockwell Automation Studio 5000 Simulation Interface

    View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Low attack complexity Vendor: Rockwell Automation Equipment: Studio 5000 Simulation Interface Vulnerabilities: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’), Server-Side Request Forgery (SSRF) 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow attackers to trigger outbound SMB requests to capture NTLM

    READ MORE

  • Rockwell Automation Verve Asset Manager

    View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: Verve Asset Manager Vulnerability: Incorrect Authorization 2. RISK EVALUATION Successful exploitation of this vulnerability could result in an attacker accessing or altering user data. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Verve Asset Manager, an

    READ MORE

  • Siemens SICAM P850 family and SICAM P855 family

    As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens’ ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.5 ATTENTION: Exploitable remotely/low attack

    READ MORE

  • Siemens LOGO! 8 BM Devices

    As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens’ ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.6 ATTENTION: Exploitable remotely/low attack

    READ MORE