As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens’ ProductCERT Security Advisories (CERT Services | Services…
Category: All CISA Advisories
Siemens SIPROTEC 5
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens’ ProductCERT Security Advisories (CERT Services | Services…
CISA Adds Two Known Exploited Vulnerabilities to Catalog
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2025-24200 Apple iOS and iPadOS Incorrect Authorization Vulnerability CVE-2024-41710 Mitel SIP Phones Argument Injection Vulnerability These types of vulnerabilities are frequent attack vectors for malicious…
CISA and FBI Warn of Malicious Cyber Actors Using Buffer Overflow Vulnerabilities to Compromise Software
CISA and the Federal Bureau of Investigation (FBI) have released a Secure by Design Alert, Eliminating Buffer Overflow Vulnerabilities, as part of their cooperative Secure by Design Alert series—an ongoing series aimed at advancing industry-wide best practices to eliminate entire…
CISA Adds Four Known Exploited Vulnerabilities to Catalog
CISA has added four vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-40891 Zyxel DSL CPE OS Command Injection Vulnerability CVE-2024-40890 Zyxel DSL CPE OS Command Injection Vulnerability CVE-2025-21418 Microsoft Windows Ancillary Function Driver for WinSock…
CISA Releases Two Industrial Control Systems Advisories
CISA released two Industrial Control Systems (ICS) advisories on February 11, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-319-17 2N Access Commander (Update A) ICSA-25-037-04 Trimble Cityworks (Update A) CISA encourages users…
Trimble Releases Security Updates to Address a Vulnerability in Cityworks Software
CISA is collaborating with private industry partners to respond to reports of exploitation of a vulnerability (CVE-2025-0994) discovered by Trimble impacting its Cityworks Server AMS (Asset Management System). Trimble has released security updates and an advisory addressing a recently discovered…
CISA Releases Six Industrial Control Systems Advisories
CISA released six Industrial Control Systems (ICS) advisories on February 6, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-037-01 Schneider Electric EcoStruxure Power Monitoring Expert (PME) ICSA-25-037-02 Schneider Electric EcoStruxure ICSA-25-037-03 ABB…
Orthanc Server
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.2 ATTENTION: Exploitable remotely/low attack complexity Vendor: Orthanc Equipment: Orthanc Server Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to disclose sensitive information,…
Trimble Cityworks
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.6 ATTENTION: Exploitable remotely/low attack complexity/known public exploitation Vendor: Trimble Equipment: Cityworks Vulnerability: Deserialization of Untrusted Data 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an authenticated user to perform a…