CISA (ICS)
09/02/2025
1. EXECUTIVE SUMMARY CVSS v4 6.7 ATTENTION : Low attack complexity Vendor : Delta Electronics Equipment : EIP Builder Vulnerability : Improper Restriction of XML External Entity Reference 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to potentially process dangerous external entities, resulting in disclosure of …
CISA (ICS)
08/28/2025
1. EXECUTIVE SUMMARY CVSS v4 7.0 ATTENTION : Low attack complexity Vendor : GE Vernova Equipment : CIMPLICITY Vulnerability : Uncontrolled Search Path Element 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a low-privileged local attacker to escalate privileges. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions …
CISA (ICS)
08/28/2025
1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION : Low attack complexity Vendor : Delta Electronics Equipment : CNCSoft-G2 Vulnerability : Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of this vulnerability could allow attackers to execute arbitrary code on affected installations of the device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The …
CISA (ICS)
08/28/2025
1. EXECUTIVE SUMMARY CVSS v3 6.7 ATTENTION : Low Attack Complexity Vendor : Schneider Electric Equipment : Saitel DR RTU, Saitel DP RTU Vulnerability : Improper Privilege Management 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an authenticated attacker to escalate privileges, potentially leading to arbitrary code execution. …
CISA (ICS)
08/28/2025
1. EXECUTIVE SUMMARY CVSS v4 6.9 ATTENTION : Exploitable remotely/low attack complexity Vendor : Mitsubishi Electric Equipment : MELSEC iQ-F Series CPU module Vulnerability : Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to read or write the device values of …
CISA (ICS)
08/26/2025
1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION : Low attack complexity Vendor : INVT Equipment : VT-Designer and HMITool Vulnerabilities : Out-of-bounds Write, Access of Resource Using Incompatible Type ('Type Confusion') 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow attackers to execute arbitrary code in the context of …
CISA (ICS)
08/26/2025
1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION : Exploitable remotely/low attack complexity Vendor : Schneider Electric Equipment : Modicon M340 and Communication Modules Vulnerability : Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED …
SIEMENS CERT
08/26/2025
Siemens has released a new version for SIMATIC RTLS Locating Manager and recommends to update to the latest version.