Category: All CISA Advisories

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: Enerlin’X IFE interface and Enerlin’X eIFE Vulnerabilities: Improper Input Validation 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to…

Read more →

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, see Siemens’ ProductCERT Security Advisories (CERT Services | Services |…

Read more →

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: SMA Equipment: Sunny Portal Vulnerability: Unrestricted Upload of File with Dangerous Type 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to upload…

Read more →

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Low attack complexity Vendor: Schneider Electric Equipment: EcoStruxure™ Vulnerability: Improper Privilege Management 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a local privilege escalation, which…

Read more →

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2025-1316 Edimax IC-7100 IP Camera OS Command Injection Vulnerability CVE-2024-48248 NAKIVO Backup and Replication Absolute Path Traversal Vulnerability CVE-2017-12637 SAP NetWeaver Directory Traversal Vulnerability These types…

Read more →

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 4.0 ATTENTION: Low attack complexity Vendor: Schneider Electric Equipment: EcoStruxure Panel Server Vulnerability: Insertion of Sensitive Information into Log File 2. RISK EVALUATION Successful exploitation of this vulnerability could allow disclosure of sensitive…

Read more →

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.2 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: WebHMI – Deployed with EcoStruxure Power Automation System Vulnerability: Initialization of a Resource with an Insecure Default 2. RISK EVALUATION Successful exploitation of…

Read more →

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.4 ATTENTION: Low attack complexity/public exploits are available/known public exploitation Vendor: Rockwell Automation Equipment: Industrial Data Center (IDC) with VMware, VersaVirtual Appliance (VVA) with VMware, Threat Detection Managed Services (TDMS) with VMware, Endpoint…

Read more →

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.0 ATTENTION: Low Attack Complexity Vendor: Schneider Electric Equipment: EcoStruxure Power Automation System User Interface (EPAS-UI) Vulnerability: Improper Authentication 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to bypass…

Read more →

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: ASCO 5310 / 5350 Vulnerabilities: Download of Code Without Integrity Check, Allocation of Resources Without Limits or Throttling, Cleartext Transmission of Sensitive Information,…

Read more →