View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: AutomationDirect Equipment: Productivity Suite Vulnerabilities: Relative Path Traversal, Weak Password Recovery Mechanism for Forgotten Password, Incorrect Permission Assignment for Critical Resource, Binding to an Unrestricted IP Address 2. RISK EVALUATION Successful exploitation of these vulnerabilities could enable an attacker to execute…

READ MORE →

CISA released eight Industrial Control Systems (ICS) Advisories. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.  ICSA-25-296-01 AutomationDirect Productivity Suite ICSA-25-296-02 ASKI Energy ALS-Mini-S8 and ALS-Mini-S4 ICSA-25-296-03 Veeder-Root TLS4B Automatic Tank Gauge System ICSA-25-296-04 Delta Electronics ASDA-Soft ICSMA-25-296-01 NIHON KOHDEN Central Monitor CNS-6201 ICSA-25-037-02 Schneider Electric EcoStruxure (Update C)…

READ MORE →

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION: Low attack complexity Vendor: Delta Electronics Equipment: ASDA-Soft Vulnerability: Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to write data outside of the allocated memory buffer. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Delta Electronics reports the following versions of…

READ MORE →

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.4 ATTENTION: Exploitable remotely/low attack complexity Vendor: Veeder-Root Equipment: TLS4B Automatic Tank Gauge System Vulnerabilities: Improper Neutralization of Special Elements used in a Command (‘Command Injection’), Integer Overflow or Wraparound 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow attackers to execute system-level commands, gain full shell…

READ MORE →

CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2025-61932 Motex LANSCOPE Endpoint Manager Improper Verification of Source of a Communication Channel Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise.  Binding Operational…

READ MORE →

CISA released 10 Industrial Control Systems (ICS) advisories. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-294-01 Rockwell Automation 1783-NATR ICSA-25-294-02 Rockwell Automation Compact GuardLogix 5370 ICSA-25-294-03 Siemens SIMATIC S7-1200 CPU V1/V2 Devices ICSA-25-294-04 Siemens RUGGEDCOM ROS Devices ICSA-25-294-05 CloudEdge Online Cameras and App ICSA-25-294-06 Raisecomm RAX701-GC Series ICSMA-25-294-01…

READ MORE →

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: CloudEdge Equipment: CloudEdge App, CloudEdge Online Cameras Vulnerability: Use of Hard-coded Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to gain access to live video feed and camera control. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The…

READ MORE →

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Raisecomm Equipment: RAX701-GC-WP-01 P200R002C52, RAX701-GC-WP-01 P200R002C53 Vulnerability: Authentication Bypass Using an Alternate Path or Channel 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote attacker to bypass authentication and gain unauthenticated root shell access to the affected devices.…

READ MORE →

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: 1783-NATR Vulnerabilities: Missing Authentication for Critical Function, Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’), Cross-Site Request Forgery (CSRF) 2. RISK EVALUATION Successful exploitation of these vulnerabilities could result in a denial-of-service, data modification, or in…

READ MORE →

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: Compact GuardLogix 5370 Vulnerability: Uncaught Exception 2. RISK EVALUATION Successful exploitation of this vulnerability could result in a denial-of-service. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Compact GuardLogix 5370 are affected: Compact GuardLogix 5370: All…

READ MORE →