WASHINGTON – Today, the Cybersecurity and Infrastructure Security Agency (CISA) and the Environmental Protection Agency (EPA) hosted a CISA Live event on LinkedIn, titled Boosting Water Sector Cybersecurity. The event featured CISA Deputy Director Nitin…
Advisory provides details on the PRC’s efforts to conceal its hacking activity, discovery and mitigation guidance to potential victims, and encourage reporting of any suspected incident WASHINGTON – The Cybersecurity and Infrastructure Security Agency…
WASHINGTON – As part of its unwavering commitment to safeguarding the security and integrity of the nation’s elections infrastructure, the Cybersecurity and Infrastructure Agency (CISA) launched its new #Protect2024 webpage today. Election security remains a…
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Low attack complexity Vendor: HID Global Equipment: Reader Configuration Cards Vulnerability: Improper Authorization 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to…
WASHINGTON – Today, the Cybersecurity and Infrastructure Security Agency (CISA) announced a two-year renewal of the Information and Communications Technology (ICT) Supply Chain Risk Management (SCRM) Task Force. The Task Force, chaired by CISA’s National…
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.9 ATTENTION: Exploitable locally Vendor: HID Global Equipment: iCLASS SE, OMNIKEY Vulnerability: Improper Authorization 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to read…
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable Remotely/Low attack complexity Vendor: Gessler GmbH Equipment: WEB-MASTER Vulnerabilities: Use of Weak Credentials, Use of Weak Hash 2. RISK EVALUATION Successful exploitation of these vulnerabilities…
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.3 ATTENTION: Low attack complexity Vendor: AVEVA Equipment: AVEVA Edge products (formerly known as InduSoft Web Studio) Vulnerability: Uncontrolled Search Path Element 2. RISK EVALUATION Successful exploitation of this vulnerability could result in…
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: EZSocket, FR Configurator2, GT Designer3 Version1(GOT1000), GT Designer3 Version1(GOT2000), GX Works2, GX Works3, MELSOFT Navigator, MT Works2, MX…
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: ControlLogix, GuardLogix Vulnerability: Improper Restriction of Operations within the Bounds of a Memory Buffer 2. RISK EVALUATION Successful exploitation…