Our news
-
Siemens Tecnomatix Plant Simulation
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens’ ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.3 ATTENTION: Low attack complexity
-
CISA Adds Two Known Exploited Vulnerabilities to Catalog
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2025-24016 Wazuh Server Deserialization of Untrusted Data Vulnerability CVE-2025-33053 Web Distributed Authoring and Versioning (WebDAV) External Control of File Name or Path Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose
-
SinoTrack GPS Receiver
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.8 ATTENTION: Exploitable remotely/Low attack complexity Vendor: SinoTrack Equipment: All Known SinoTrack Devices Vulnerabilities: Weak Authentication, Observable Response Discrepency 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to access device profiles without authorization through the common web management interface. Access to the device profile
-
CISA Releases Four Industrial Control Systems Advisories
CISA released four Industrial Control Systems (ICS) advisories on June 10, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-160-01 SinoTrack GPS Receiver ICSA-25-160-02 Hitachi Energy Relion 670, 650, SAM600-IO Series ICSMA-25-160-01 MicroDicom DICOM Viewer ICSA-25-140-11 Assured Telematics Inc (ATI) Fleet Management System (Update A) CISA encourages users
-
Hitachi Energy Relion 670, 650, SAM600-IO Series
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.2 ATTENTION: Exploitable remotely Vendor: Hitachi Energy Equipment: Relion 670, 650, SAM600-IO Series Vulnerability: Observable Discrepancy 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to decrypt application data in transit. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Hitachi Energy reports that the following products are
-
MicroDicom DICOM Viewer
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: MicroDicom Equipment: DICOM Viewer Vulnerability: Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on affected installations of DICOM Viewer. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following MicroDicom products are affected:
-
CISA Adds Two Known Exploited Vulnerabilities to Catalog
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2025-32433 Erlang Erlang/OTP SSH Server Missing Authentication for Critical Function Vulnerability CVE-2024-42009 RoundCube Webmail Cross-Site Scripting Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.
-
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2025-5419 Google Chromium V8 Out-of-Bounds Read and Write Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the
-
CISA Adds Five Known Exploited Vulnerabilities to Catalog
CISA added five new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2021-32030 ASUS Routers Improper Authentication Vulnerability CVE-2023-39780 ASUS RT-AX55 Routers OS Command Injection Vulnerability CVE-2024-56145 Craft CMS Code Injection Vulnerability CVE-2025-3935 ConnectWise ScreenConnect Improper Authentication Vulnerability CVE-2025-35939 Craft CMS External Control of Assumed-Immutable Web Parameter Vulnerability These types of vulnerabilities are
-
CISA Releases Three Industrial Control Systems Advisories
CISA released three Industrial Control Systems (ICS) advisories on June 3, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-153-01 Schneider Electric Wiser Home Automation ICSA-25-153-02 Schneider Electric EcoStruxure Power Build Rapsody ICSA-25-153-03 Mitsubishi Electric MELSEC iQ-F Series CISA encourages users and administrators to review newly released ICS