View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.3 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Johnson Controls, Inc. Equipment: Software House C●CURE 9000 Vulnerability: Use of Weak Credentials 2. RISK EVALUATION Successful exploitations of this vulnerability…
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION: Low attack complexity Vendor: Delta Electronics Equipment: CNCSoft-G2 Vulnerabilities: Stack-based Buffer Overflow, Out-of-bounds Write, Out-of-bounds Read, Heap-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of these…
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.0 ATTENTION: Exploitable remotely Vendor: Johnson Controls, Inc. Equipment: Illustra Pro Gen 4 Vulnerability: Dependency on Vulnerable Third-Party Component 2. RISK EVALUATION Successful exploitation of this vulnerability could…
WASHINGTON –Today, the Cybersecurity and Infrastructure Security Agency (CISA) released its “Guide to Operational Security for Election Officials.” This essential guide aims to enhance the security of election infrastructure by providing a thorough overview of…
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: mySCADA Equipment: myPRO Vulnerability: Use of Hard-coded Password 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to…
WASHINGTON – Today, the Cybersecurity and Infrastructure Security Agency (CISA) is releasing an update to the agency’s Marine Transportation System Resilience Assessment Guide (MTS Guide) with a new, more accessible web-based tool for stakeholders in…
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 3.1 ATTENTION: Exploitable via adjacent network Vendor: Johnson Controls, Inc. Equipment: Kantech KT1, KT2, KT400 Door Controllers Vulnerability: Exposure of Sensitive Information to an Unauthorized Actor 2. RISK…
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.0 ATTENTION: Exploitable remotely Vendor: ICONICS, Mitsubishi Electric Equipment: ICONICS Product Suite Vulnerabilities: Allocation of Resources Without Limits or Throttling, Improper Neutralization, Uncontrolled Search Path Element, Improper Authentication,…
NOKESVILLE, Va. – The Cybersecurity and Infrastructure Security Agency (CISA), in partnership with the Fauquier County Sheriff’s Office, the Fauquier County Fire Rescue System, and Fauquier County Public Schools, successfully conducted a full-scale active shooter/reunification…
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.8 ATTENTION: Exploitable remotely Vendor: Johnson Controls, Inc. Equipment: Illustra Essentials Gen 4 Vulnerability: Storing Passwords in a Recoverable Format 2. RISK EVALUATION Successful exploitation of this vulnerability…