View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.0 ATTENTION: Low Attack Complexity Vendor: Beckhoff Automation Equipment: TwinCAT Package Manager Vulnerability: Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) 2. RISK…
In November CISA asks all Americans to “Resolve to be Resilient” WASHINGTON – Today, the Cybersecurity and Infrastructure Security Agency (CISA) announced the kickoff of Critical Infrastructure Security and Resilience (CISR) Month. The safety and security…
WASHINGTON – Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly issued the following statement today on the security of the 2024 elections: Over the past several weeks, citizens across our country came together to…
WASHINGTON – The Cybersecurity and Infrastructure Security Agency (CISA) and the U.S. Election Assistance Commission (EAC) issued the following statement today. “Tens of millions of Americans will cast their ballot tomorrow as we elect the…
WASHINGTON, D.C. – Today, the Office of the Director of National Intelligence (ODNI), the Federal Bureau of Investigation (FBI), and the Cybersecurity and Infrastructure Security Agency (CISA) released the following statement: “The IC assesses that…
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: FactoryTalk ThinManager Vulnerabilities: Missing Authentication For Critical Function, Out-of-Bounds Read 2. RISK EVALUATION Successful exploitation of these vulnerabilities…
CISA will proactively engage international partners to strengthen the security and resilience of our nation’s critical infrastructure WASHINGTON – Today, the Cybersecurity and Infrastructure Security Agency (CISA) released its 2025–2026 International Strategic Plan, the agency’s first,…
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.1 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: Solar-Log Equipment: Base 15 Vulnerability: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) 2. RISK EVALUATION…
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens’ ProductCERT Security…
WASHINGTON – Today, the Cybersecurity and Infrastructure Security Agency (CISA) launched a new one-stop shop website for election threat updates from CISA and our federal government partners. As foreign actors continue their efforts to influence and…