View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.0 ATTENTION: Low attack complexity Vendor: GE Vernova Equipment: CIMPLICITY Vulnerability: Uncontrolled Search Path Element 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a low-privileged local…
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: MELSEC iQ-F Series CPU module Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this…
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.7 ATTENTION: Low Attack Complexity Vendor: Schneider Electric Equipment: Saitel DR RTU, Saitel DP RTU Vulnerability: Improper Privilege Management 2. RISK EVALUATION Successful exploitation of this vulnerability could…
WASHINGTON – The Cybersecurity and Infrastructure Security Agency (CISA) and its public and private sector partners are working closely with officials in Nevada as they respond to an August 24th cyber attack targeting the state…
WASHINGTON – Today, the Cybersecurity and Infrastructure Security Agency (CISA), in coordination with the National Security Agency (NSA), Federal Bureau of Investigation (FBI), and international partners, released a joint cybersecurity advisory detailing ongoing malicious activity by People’s…
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: Modicon M340 and Communication Modules Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could…
WASHINGTON – Today, the Cybersecurity and Infrastructure Security Agency (CISA) released the Software Acquisition Guide: Supplier Response Web Tool, a no-cost, interactive resource designed to empower information technology (IT) and industry decision makers, procurement professionals and…
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Low attack complexity Vendor: INVT Equipment: VT-Designer and HMITool Vulnerabilities: Out-of-bounds Write, Access of Resource Using Incompatible Type (‘Type Confusion’) 2. RISK EVALUATION Successful exploitation of…
WASHINGTON – Today, the Cybersecurity and Infrastructure Security Agency (CISA) released a draft Minimum Elements for a Software Bill of Materials (SBOM) for public comment. Reflecting the growing maturity of SBOM practices, this guide incorporates…
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Mitsubishi Electric Corporation Equipment: MELSEC iQ-F Series CPU module Vulnerability: Improper Handling of Length Parameter Inconsistency 2. RISK EVALUATION Successful exploitation…