Tag: All CISA Advisories

Microsoft released security updates to address vulnerabilities in multiple Microsoft products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.  CISA encourages users and administrators to review the following and apply necessary…

Read more →

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low Attack Complexity Vendor: Schneider Electric Equipment: Vijeo Designer Vulnerability: Improper Privilege Management 2. RISK EVALUATION Successful exploitation of these vulnerabilities could cause a non-admin authenticated user to perform privilege escalation…

Read more →

Ivanti released security updates to address vulnerabilities in Ivanti Avalanche, Ivanti Application Control Engine, and Ivanti EPM.  CISA encourages users and administrators to review the following Ivanti security advisories and apply the necessary guidance and updates: Ivanti Avalanche Ivanti Application…

Read more →

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.4 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: EcoStruxure Power Monitoring Expert, EcoStruxure Power Operation, EcoStruxure Power SCADA Operation 2020 Vulnerability: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)…

Read more →

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: FOXMAN-UN Vulnerabilities: Authentication Bypass Using an Alternate Path or Channel, Improper Neutralization of Argument Delimiters in a Command (‘Argument Injection’), Heap-based Buffer Overflow,…

Read more →

CISA released four Industrial Control Systems (ICS) advisories on January 14, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-014-01 Hitachi Energy FOXMAN-UN ICSA-25-014-02 Schneider Electric Vijeo Designer ICSA-25-014-03 Schneider Electric EcoStruxure ICSA-25-014-04…

Read more →

Today, CISA released the JCDC AI Cybersecurity Collaboration Playbook and Fact Sheet to foster operational collaboration among government, industry, and international partners and strengthen artificial intelligence (AI) cybersecurity. The playbook provides voluntary information-sharing processes that, if adopted, can help protect organizations…

Read more →

Today, CISA—along with U.S. and international partners—released joint guidance Secure by Demand: Priority Considerations for Operational Technology Owners and Operators when Selecting Digital Products. As part of CISA’s Secure by Demand series, this guidance focuses on helping customers identify manufacturers dedicated…

Read more →

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: Harmony HMI and Pro-face HMI Products Vulnerability: Use of Unmaintained Third-Party Components 2. RISK EVALUATION Successful exploitation of this vulnerability could cause complete…

Read more →

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION: Low attack complexity Vendor: Delta Electronics Equipment: DRASimuCAD Vulnerabilities: Out-of-bounds Write, Type Confusion 2. RISK EVALUATION Successful exploitation of these vulnerabilities could crash the device or potentially allow remote code execution.…

Read more →