CISA (ICS)
07/24/2025
1. EXECUTIVE SUMMARY CVSS v4 8.3 ATTENTION: Exploitable remotely Vendor: LG Innotek Equipment: Camera Model LNV5110R Vulnerability: Authentication Bypass Using an Alternate Path or Channel 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to gain administrative access to the device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS …
CISA (ICS)
07/22/2025
1. EXECUTIVE SUMMARY CVSS v4 8.6 ATTENTION : Low attack complexity Vendor : Lantronix Equipment : Provisioning Manager Vulnerability : Improper Restriction of XML External Entity Reference 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to perform a cross-site scripting attack, which could result in remote …
CISA (ICS)
07/22/2025
1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION : Exploitable remotely/low attack complexity Vendor : DuraComm Corporation Equipment : SPM-500 DP-10iN-100-MU Vulnerabilities : Cleartext Transmission of Sensitive Information, Missing Authentication for a Critical Function, Improper Neutralization of Input During Web Page Generation 2. RISK EVALUATION Successful exploitation of these vulnerabilities could …
CISA (ICS)
07/22/2025
1. EXECUTIVE SUMMARY CVSS v4 5.3 ATTENTION : Exploitable remotely/low attack complexity Vendor : Schneider Electric Equipment : EcoStruxure Power Monitoring Expert (PME) and EcoStruxure Power Operation (EPO) Vulnerability : Exposure of Resource to Wrong Sphere 2. RISK EVALUATION Successful exploitation of this vulnerability could provide other authenticated users with …
CISA (ICS)
07/22/2025
1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION : Exploitable remotely/low attack complexity/public exploits are available/known public exploitation Vendor : Schneider Electric Equipment : EcoStruxure Power Operation Vulnerabilities : Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection'), Integer Overflow to Buffer Overflow, Improper Handling of Highly Compressed Data (Data …
CISA (ICS)
07/22/2025
1. EXECUTIVE SUMMARY CVSS v4 9.5 ATTENTION : Exploitable remotely/low attack complexity Vendor : Schneider Electric Equipment : EcoStruxure IT Data Center Expert Vulnerabilities : Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'), Insufficient Entropy, Improper Control of Generation of Code ('Code Injection'), Server-Side Request …
CISA (ICS)
07/22/2025
1. EXECUTIVE SUMMARY CVSS v3 6.9 ATTENTION : Exploitable remotely Vendor : Schneider Electric Equipment : System Monitor Application Vulnerability : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute untrusted code. 3. TECHNICAL DETAILS …
US CERT
07/21/2025
Summary Note: This joint Cybersecurity Advisory is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect …