View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.4 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: Lifecycle Services with Veeam Backup and Replication Vulnerability: Deserialization of Untrusted Data 2. RISK EVALUATION Successful exploitation of…
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.3 ATTENTION: High attack complexity Vendor: Rockwell Automation Equipment: 440G TLS-Z Vulnerability: Improper Neutralization of Special Elements in Output Used by a Downstream Component 2. RISK EVALUATION Successful…
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: ABB Equipment: RMC-100 Vulnerability: Improperly Controlled Modification of Object Prototype Attributes (‘Prototype Pollution’) 2. RISK EVALUATION Successful exploitation of this vulnerability…
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Inaba Denki Sangyo Co., Ltd. Equipment: CHOCO TEI WATCHER mini Vulnerabilities: Use of Client-Side Authentication, Storing Passwords in a Recoverable Format,…
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: SMA Equipment: Sunny Portal Vulnerability: Unrestricted Upload of File with Dangerous Type 2. RISK EVALUATION Successful exploitation of this vulnerability could…
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: Enerlin’X IFE interface and Enerlin’X eIFE Vulnerabilities: Improper Input Validation 2. RISK EVALUATION Successful exploitation of these vulnerabilities…
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Low attack complexity Vendor: Schneider Electric Equipment: EcoStruxure™ Vulnerability: Improper Privilege Management 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause…
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.4 ATTENTION: Low attack complexity/public exploits are available/known public exploitation Vendor: Rockwell Automation Equipment: Industrial Data Center (IDC) with VMware, VersaVirtual Appliance (VVA) with VMware, Threat Detection Managed…
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.0 ATTENTION: Low Attack Complexity Vendor: Schneider Electric Equipment: EcoStruxure Power Automation System User Interface (EPAS-UI) Vulnerability: Improper Authentication 2. RISK EVALUATION Successful exploitation of this vulnerability could…
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: ASCO 5310 / 5350 Vulnerabilities: Download of Code Without Integrity Check, Allocation of Resources Without Limits or Throttling,…