View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: Air conditioning systems Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to control the air conditioning system. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Mitsubishi Electric reports the following Read more

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.3 ATTENTION: Low attack complexity Vendor: TrendMakers Equipment: Sight Bulb Pro Vulnerabilities: Use of a Broken or Risky Cryptographic Algorithm, Improper Neutralization of Special Elements used in a Command (‘Command Injection’) 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to capture sensitive information and Read more

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2024-54085 AMI MegaRAC SPx Authentication Bypass by Spoofing Vulnerability CVE-2024-0769 D-Link DIR-859 Router Path Traversal Vulnerability CVE-2019-6693 Fortinet FortiOS Use of Hard-Coded Credentials Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and Read more

Today, CISA, in partnership with the National Security Agency (NSA), released a joint guide on reducing memory-related vulnerabilities in modern software development.  Memory safety vulnerabilities pose serious risks to national security and critical infrastructure. Adopting memory safe languages (MSLs) offers the most comprehensive mitigation against this class of vulnerabilities and provides built-in safeguards that enhance Read more

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/Low attack complexity Vendor: MICROSENS Equipment: NMP Web+ Vulnerabilities: Use of Hard-coded, Security-relevant Constants, Insufficient Session Expiration, Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to gain system access, overwrite Read more

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: EVLink WallBox Vulnerabilities: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’), Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’), Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) 2. Read more

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: ControlID Equipment: iDSecure On-premises Vulnerabilities: Improper Authentication, Server-Side Request Forgery (SSRF), SQL Injection 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to bypass authentication, retrieve information, leak arbitrary data, or perform SQL injections. 3. TECHNICAL DETAILS 3.1 Read more

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.3 ATTENTION: Low attack complexity Vendor: Delta Electronics Equipment: CNCSoft Vulnerabilities: Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute code within the context of the current process. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Delta Electronics reports the following versions of Read more

CISA released eight Industrial Control Systems (ICS) advisories on June 24, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-175-01 Kaleris Navis N4 Terminal Operating System ICSA-25-175-02 Delta Electronics CNCSoft ICSA-25-175-03 Schneider Electric Modicon Controllers ICSA-25-175-04 Schneider Electric EVLink WallBox ICSA-25-175-05 ControlID iDSecure On-Premises ICSA-25-175-06 Parsons AccuWeather Widget Read more

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Kaleris Equipment: Navis N4 Vulnerabilities: Deserialization of Untrusted Data, Cleartext Transmission of Sensitive Information 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to remotely exploit the operating system, achieve remote code execution, or extract sensitive information. 3. Read more