Our news
Schneider Electric Modicon
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: Modicon M241 / M251 / M258 / LMC058 Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could lead to a denial-of-service and a loss of confidentiality and integrity in the controller. 3. TECHNICAL DETAILS…
Rockwell Automation PowerMonitor 1000 Remote
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: PowerMonitor 1000 Remote Vulnerabilities: Unprotected Alternate Channel, Heap-based Buffer Overflow, Classic Buffer Overflow 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to perform edit operations, create admin users, perform factory reset, execute arbitrary code,…
BD Diagnostic Solutions Products
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.0 ATTENTION: Low attack complexity Vendor: Becton, Dickinson and Company (BD) Equipment: Diagnostic Solutions Products Vulnerability: Use of Default Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to use default credentials to access, modify, or delete sensitive data, which could impact the availability…
CISA Releases Five Industrial Control Systems Advisories
CISA released five Industrial Control Systems (ICS) advisories on December 17, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-352-01 ThreatQuotient ThreatQ Platform ICSA-24-352-02 Hitachi Energy TropOS Devices Series 1400/2400/6400 ICSA-24-352-03 Rockwell Automation PowerMonitor 1000 Remote ICSA-24-352-04 Schneider Electric Modicon ICSMA-24-352-01 BD Diagnostic Solutions Products CISA encourages users…
CISA Adds Two Known Exploited Vulnerabilities to Catalog
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-20767 Adobe ColdFusion Improper Access Control Vulnerability CVE-2024-35250 Microsoft Windows Kernel-Mode Driver Untrusted Pointer Dereference Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive…
CISA Requests Public Comment for Draft National Cyber Incident Response Plan Update
Today, CISA—through the Joint Cyber Defense Collaborative and in coordination with the Office of the National Cyber Director (ONCD)—released the National Cyber Incident Response Plan Update Public Comment Draft. The draft requests public comment on the National Cyber Incident Response Plan (NCIRP)—public comment period begins today and concludes on January 15, 2025. Since initial publication…
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-50623 Cleo Multiple Products Unrestricted File Upload Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known…
CISA and EPA Release Joint Fact Sheet Detailing Risks Internet-Exposed HMIs Pose to WWS Sector
Today, CISA and the Environmental Protection Agency (EPA) released Internet-Exposed HMIs Pose Cybersecurity Risks to Water and Wastewater Systems. This joint fact sheet provides Water and Wastewater Systems (WWS) facilities with recommendations for limiting the exposure of Human Machine Interfaces (HMIs) and securing them against malicious cyber activity. HMIs enable operational technology owners and operators…