As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens’ ProductCERT Security Advisories (CERT Services | Services…
Tag: All CISA Advisories
Siemens OpenSSL Vulnerability in Industrial Products
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens’ ProductCERT Security Advisories (CERT Services | Services…
Hitachi Energy RTU500 Series
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.2 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: RTU500 series Vulnerabilities: NULL Pointer Dereference, Improper Validation of Integrity Check Value, Improper Restriction of XML External Entity Reference, Heap-based Buffer Overflow, Integer…
CISA Releases Eight Industrial Control Systems Advisories
CISA released eight Industrial Control Systems (ICS) advisories on September 16, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-259-01 Schneider Electric Altivar Products, ATVdPAC Module, ILC992 InterLink Converter ICSA-25-259-02 Hitachi Energy RTU500…
Schneider Electric Altivar Products, ATVdPAC Module, ILC992 InterLink Converter
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: Altivar products, ATVdPAC module, ILC992 InterLink Converter Vulnerability: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) 2. RISK EVALUATION Successful exploitation…
Daikin Security Gateway
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.8 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: Daikin Equipment: Security Gateway Vulnerability: Weak Password Recovery Mechanism for Forgotten Password 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an…
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2025-5086 Dassault Systèmes DELMIA Apriso Deserialization of Untrusted Data Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber…
Siemens Apogee PXC and Talon TC Devices
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens’ ProductCERT Security Advisories (CERT Services | Services…
Siemens User Management Component (UMC)
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens’ ProductCERT Security Advisories (CERT Services | Services…
Siemens SIMATIC Virtualization as a Service (SIVaaS)
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens’ ProductCERT Security Advisories (CERT Services | Services…