View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: PowerLogic PM5500 and PowerLogic PM8ECC Vulnerabilities: Weak Password Recovery Mechanism for Forgotten Password, Improper Authentication 2. RISK EVALUATION…
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.4 ATTENTION: Exploitable remotely Vendor: Hitachi Energy Equipment: RTU500 Scripting Interface Vulnerability: Improper Certificate Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow attackers to spoof…
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: MicroSCADA Pro/X SYS600 Vulnerabilities: Improper Neutralization of Special Elements in Data Query Logic, Improper Limitation of a Pathname…
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely Vendor: Schneider Electric Equipment: EcoStruxure Control Expert, EcoStruxure Process Expert and Modicon M340, M580 and M580 Safety PLCs Vulnerabilities: Improper Enforcement of Message Integrity…
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: EcoStruxure IT Gateway Vulnerability: Missing Authorization 2. RISK EVALUATION Successful exploitation of this vulnerability could allow unauthorized access.…
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.7 ATTENTION: Exploitable remotely Vendor: Schneider Electric Equipment: Modicon M340, MC80, and Momentum Unity M1E Vulnerabilities: Improper Enforcement of Message Integrity During Transmission in a Communication Channel, Authentication…
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.1 ATTENTION: Low attack complexity Vendor: CODESYS GmbH Equipment: OSCAT Basic Library Vulnerability: Out-of-bounds Read 2. RISK EVALUATION Successful exploitation of this vulnerability allows an local, unprivileged attacker…
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: mySCADA Equipment: myPRO Vulnerabilities: OS Command Injection, Improper Authentication, Missing Authentication for Critical Function, Path Traversal. 2. RISK EVALUATION Successful exploitation…
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Automated Logic Equipment: WebCTRL Premium Server Vulnerabilities: Unrestricted Upload of File with Dangerous Type, URL Redirection to Untrusted Site (‘Open Redirect’)…
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: PowerLogic PM5300 Series Vulnerability: Uncontrolled Resource Consumption 2. RISK EVALUATION Successful exploitation of this vulnerability could cause the…