Cyber & Coffee

Our news

  • AutomationDirect MB-Gateway

    View CSAF 1. EXECUTIVE SUMMARY CVSS v4 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: AutomationDirect Equipment: MB-Gateway Vulnerability: Missing Authentication For Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to make configuration changes, disrupt operations, or achieve arbitrary code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following AutomationDirect

    READ MORE

  • Assured Telematics Inc (ATI) Fleet Management System with Geotab Integration

    View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Assured Telematics Inc. Equipment: Fleet Management System Vulnerabilities: Exposure of Sensitive System Information to an Unauthorized Control Sphere 2. RISK EVALUATION Successful exploitation of this vulnerability could result in an attacker collecting sensitive file system information or obtain administrative credentials. 3.

    READ MORE

  • Schneider Electric PrismaSeT Active – Wireless Panel Server

    View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: PrismaSeT Active – Wireless Panel Server Vulnerability: Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’) 2. RISK EVALUATION Successful exploitation of this vulnerability could allow unauthorized code execution, which could result in the unavailability of the

    READ MORE

  • CISA Releases Thirteen Industrial Control Systems Advisories

    CISA released thirteen Industrial Control Systems (ICS) advisories on May 20, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-140-01 ABUP IoT Cloud Platform ICSA-25-140-02 National Instruments Circuit Design Suite ICSA-25-140-03 Danfoss AK-SM 8xxA Series ICSA-25-140-04 Mitsubishi Electric Iconics Digital Solutions and Mitsubishi Electric Products ICSA-25-140-05 Siemens Siveillance

    READ MORE

  • Schneider Electric Modicon Controllers

    View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: Modicon Controllers M241/M251/M258/LMC058 Vulnerability: Externally Controlled Reference to a Resource in Another Sphere 2. RISK EVALUATION Successful exploitation of this vulnerability could cause a loss of confidentiality when an unauthenticated attacker manipulates a controller’s webserver URL to access

    READ MORE

  • Siemens Siveillance Video

    As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens’ ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.5 ATTENTION: Exploitable remotely Vendor:

    READ MORE

  • Schneider Electric Galaxy VS, Galaxy VL, Galaxy VXL

    View CSAF 1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: Galaxy VS, Galaxy VL, Galaxy VXL Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to perform unauthenticated remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following

    READ MORE

  • Siemens Desigo

    As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens’ ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack

    READ MORE

  • CISA Adds Six Known Exploited Vulnerabilities to Catalog

    CISA has added six new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.  CVE-2025-4427 Ivanti Endpoint Manager Mobile (EPMM) Authentication Bypass Vulnerability CVE-2025-4428 Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability CVE-2024-11182 MDaemon Email Server Cross-Site Scripting (XSS) Vulnerability CVE-2025-27920 Srimax Output Messenger Directory Traversal Vulnerability CVE-2024-27443 Synacor Zimbra Collaboration Suite

    READ MORE

  • CISA Releases Twenty-Two Industrial Control Systems Advisories

    CISA released twenty-two Industrial Control Systems (ICS) advisories on May 15, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-135-01 Siemens RUGGEDCOM APE1808 Devices ICSA-25-135-02 Siemens INTRALOG WMS ICSA-25-135-03 Siemens BACnet ATEC Devices ICSA-25-135-04 Siemens Desigo ICSA-25-135-05 Siemens SIPROTEC and SICAM ICSA-25-135-06 Siemens Teamcenter Visualization ICSA-25-135-07 Siemens IPC

    READ MORE