View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Voltronic Power Equipment: ViewPower Pro Vulnerabilities: Deserialization of Untrusted Data, Missing Authentication for Critical Function, Exposed Dangerous Method or Function, OS Command Injection 2. RISK EVALUATION…
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.7 ATTENTION: Low attack complexity Vendor: Lantronix Equipment: XPort Vulnerability: Weak Encoding for Password 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to obtain…
WASHINGTON – Today, the Cybersecurity and Infrastructure Security Agency (CISA) issued Emergency Directive 24-01 in response to observed widespread and active exploitation of vulnerabilities in Ivanti Connect Secure and Ivanti Policy Secure appliances by malicious cyber threat…
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: AVEVA Equipment: PI Server Vulnerabilities: Improper Check or Handling of Exceptional Conditions, Missing Release of Resource after Effective Lifetime 2. RISK…
With WWS Sector contributions, guide provides recommended actions and available resources throughout cyber incident response lifecycle WASHINGTON – The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and Environmental Protection Agency (EPA) published a guide today…
WASHINGTON – Today, the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) released, Cybersecurity Guidance: Chinese-Manufactured Unmanned Aircraft Systems (UAS), to raise awareness of the threats posed by Chinese-manufactured UAS and…
WASHINGTON – Today, the Cybersecurity and Infrastructure Security Agency (CISA) released its fourth annual Year in Review showcasing CISA’s work to protect the nation from cyber and physical threats, while working to increase the resilience of…
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Integration Objects Equipment: OPC UA Server Toolkit Vulnerability: Improper Output Neutralization for Logs 2. RISK EVALUATION Successful exploitation of this vulnerability…
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.5 ATTENTION: Low attack complexity Vendor: SEW-EURODRIVE Equipment: MOVITOOLS MotionStudio Vulnerability: Improper Restriction of XML EXTERNAL Entity Reference 2. RISK EVALUATION Successful exploitation of this vulnerability could result…
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.6 ATTENTION: Exploitable remotely, low attack complexity Vendor: Rapid Software LLC Equipment: Rapid SCADA Vulnerabilities: Path Traversal, Relative Path Traversal, Local Privilege Escalation through Incorrect Permission Assignment for Critical Resource, Open Redirect, Use…