CISA (ICS)
07/24/2025
1. EXECUTIVE SUMMARY CVSS v3 7.0 ATTENTION : Exploitable from a local network Vendor : Mitsubishi Electric Equipment : CNC Series Vulnerability : Uncontrolled Search Path Element 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute malicious code by getting setup-launcher to load a malicious …
CISA (ICS)
07/24/2025
1. EXECUTIVE SUMMARY CVSS v3 9.4 ATTENTION : Exploitable remotely/low attack complexity Vendor : Honeywell Equipment : Experion PKS Vulnerabilities : Use of Uninitialized Variable, Improper Restriction of Operations within the Bounds of a Memory Buffer, Sensitive Information in Resource Not Removed Before Reuse, Integer Underflow (Wrap or Wraparound), Deployment …
CISA (ICS)
07/24/2025
1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION : Exploitable remotely/low attack complexity Vendor : Network Thermostat Equipment : X-Series WiFi thermostats Vulnerability : Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to gain full administrative access to the device. 3. TECHNICAL …
CISA (ICS)
07/24/2025
1. EXECUTIVE SUMMARY CVSS v4 8.3 ATTENTION: Exploitable remotely Vendor: LG Innotek Equipment: Camera Model LNV5110R Vulnerability: Authentication Bypass Using an Alternate Path or Channel 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to gain administrative access to the device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS …
CISA (ICS)
07/22/2025
1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION : Exploitable remotely/low attack complexity Vendor : DuraComm Corporation Equipment : SPM-500 DP-10iN-100-MU Vulnerabilities : Cleartext Transmission of Sensitive Information, Missing Authentication for a Critical Function, Improper Neutralization of Input During Web Page Generation 2. RISK EVALUATION Successful exploitation of these vulnerabilities could …
CISA (ICS)
07/22/2025
1. EXECUTIVE SUMMARY CVSS v3 6.9 ATTENTION : Exploitable remotely Vendor : Schneider Electric Equipment : System Monitor Application Vulnerability : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute untrusted code. 3. TECHNICAL DETAILS …
CISA (ICS)
07/22/2025
1. EXECUTIVE SUMMARY CVSS v4 5.3 ATTENTION : Exploitable remotely/low attack complexity Vendor : Schneider Electric Equipment : EcoStruxure Power Monitoring Expert (PME) and EcoStruxure Power Operation (EPO) Vulnerability : Exposure of Resource to Wrong Sphere 2. RISK EVALUATION Successful exploitation of this vulnerability could provide other authenticated users with …
CISA (ICS)
07/22/2025
1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION : Exploitable remotely/low attack complexity/public exploits are available/known public exploitation Vendor : Schneider Electric Equipment : EcoStruxure Power Operation Vulnerabilities : Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection'), Integer Overflow to Buffer Overflow, Improper Handling of Highly Compressed Data (Data …