Category: All CISA Advisories

CISA is aware of public reporting regarding potential unauthorized access to a legacy Oracle cloud environment. While the scope and impact remains unconfirmed, the nature of the reported activity presents potential risk to organizations and individuals, particularly where credential material…

Read more →

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2021-20035 SonicWall SMA100 Appliances OS Command Injection Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant…

Read more →

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: ABB Equipment: M2M Gateway Vulnerabilities: Integer Overflow or Wraparound, Inconsistent Interpretation of HTTP Requests (‘HTTP Request/Response Smuggling’), Unquoted Search Path or Element, Untrusted Search Path, Use…

Read more →

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Europe B.V. Equipment: smartRTU Vulnerability: Missing Authentication for Critical Function, OS Command Injection 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow a…

Read more →

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Delta Electronics Equipment: COMMGR Vulnerability: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) 2. RISK EVALUATION Successful exploitation of this vulnerability could allow for an attacker…

Read more →

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Growatt Equipment: Cloud Applications Vulnerabilities: Cross-site Scripting, Authorization Bypass Through User-Controlled Key, Insufficient Type Distinction, External Control of System or Configuration Setting 2. RISK EVALUATION Successful…

Read more →

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Lantronix Equipment: Xport Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker unauthorized access to the configuration…

Read more →

Fortinet is aware of a threat actor creating a malicious file from previously exploited Fortinet RCE vulnerabilities within FortiOS and FortiGate products. This malicious file could enable read-only access to files on the devices’ file system, which may include configurations. …

Read more →

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens’ ProductCERT Security Advisories (CERT Services | Services…

Read more →

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.2 ATTENTION: Exploitable remotely/low attack complexity Vendor: ABB Equipment: Arctic Wireless Gateways Vulnerabilities: Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’), Improper Privilege Management, Exposure of Sensitive Information to an Unauthorized…

Read more →