View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: MELSEC iQ-R Series Safety CPU and SIL2 Process CPU Module Vulnerability: Incorrect Privilege Assignment 2. RISK EVALUATION Successful…
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.3 ATTENTION: Low attack complexity Vendor: Qolsys, Inc. Equipment: IQ Panel 4, IQ4 Hub Vulnerability: Exposure of Sensitive Information to an Unauthorized Actor 2. RISK EVALUATION Successful exploitation…
WASHINGTON – As part of its unwavering commitment to safeguarding the security and integrity of the nation’s elections infrastructure, the Cybersecurity and Infrastructure Agency (CISA) launched its new #Protect2024 webpage today. Election security remains a…
Advisory provides details on the PRC’s efforts to conceal its hacking activity, discovery and mitigation guidance to potential victims, and encourage reporting of any suspected incident WASHINGTON – The Cybersecurity and Infrastructure Security Agency…
WASHINGTON – Today, the Cybersecurity and Infrastructure Security Agency (CISA) and the Environmental Protection Agency (EPA) hosted a CISA Live event on LinkedIn, titled Boosting Water Sector Cybersecurity. The event featured CISA Deputy Director Nitin…
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.9 ATTENTION: Exploitable locally Vendor: HID Global Equipment: iCLASS SE, OMNIKEY Vulnerability: Improper Authorization 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to read…
WASHINGTON – Today, the Cybersecurity and Infrastructure Security Agency (CISA) announced a two-year renewal of the Information and Communications Technology (ICT) Supply Chain Risk Management (SCRM) Task Force. The Task Force, chaired by CISA’s National…
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Low attack complexity Vendor: HID Global Equipment: Reader Configuration Cards Vulnerability: Improper Authorization 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to…
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable Remotely/Low attack complexity Vendor: Gessler GmbH Equipment: WEB-MASTER Vulnerabilities: Use of Weak Credentials, Use of Weak Hash 2. RISK EVALUATION Successful exploitation of these vulnerabilities…
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.3 ATTENTION: Low attack complexity Vendor: AVEVA Equipment: AVEVA Edge products (formerly known as InduSoft Web Studio) Vulnerability: Uncontrolled Search Path Element 2. RISK EVALUATION Successful exploitation of this vulnerability could result in…