SIEMENS CERT
08/12/2025
Affected products do not properly restrict access permissions to a local Windows Named Pipe and do not properly sanitize user-controllable input sent to that Named Pipe. This could allow a local authenticated attacker to cause a type confusion and execute arbitrary code within the affected application and its privileges. Siemens …
SIEMENS CERT
08/12/2025
This advisory documents the impact of CVE-2024-3596 (also dubbed “Blastradius”), a vulnerability in the RADIUS protocol, to SIPROTEC, SICAM and related products. The vulnerability could allow on-path attackers, located between a Network Access Server (the RADIUS client, e.g., a SICAM device) and a RADIUS server, to forge Access-Request packets in …
SIEMENS CERT
08/12/2025
Affected SIPROTEC 5 devices contain a development shell which is accessible via a physical interface which is not properly restricted. This could allow an unauthenticated attacker with physical access to an affected device to execute arbitrary commands on the device. Siemens has released new versions for several affected products and …
US CERT
07/29/2025
Summary The Cybersecurity and Infrastructure Security Agency (CISA) and U.S. Coast Guard (USCG) are issuing this Cybersecurity Advisory to present findings from a recent CISA and USCG hunt engagement. The purpose of this advisory is to highlight identified cybersecurity issues, thereby informing security defenders in other organizations of potential similar …
CISA (ICS)
07/24/2025
1. EXECUTIVE SUMMARY CVSS v3 7.0 ATTENTION : Exploitable from a local network Vendor : Mitsubishi Electric Equipment : CNC Series Vulnerability : Uncontrolled Search Path Element 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute malicious code by getting setup-launcher to load a malicious …
CISA (ICS)
07/24/2025
1. EXECUTIVE SUMMARY CVSS v3 9.4 ATTENTION : Exploitable remotely/low attack complexity Vendor : Honeywell Equipment : Experion PKS Vulnerabilities : Use of Uninitialized Variable, Improper Restriction of Operations within the Bounds of a Memory Buffer, Sensitive Information in Resource Not Removed Before Reuse, Integer Underflow (Wrap or Wraparound), Deployment …
CISA (ICS)
07/24/2025
1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION : Exploitable remotely/low attack complexity Vendor : Network Thermostat Equipment : X-Series WiFi thermostats Vulnerability : Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to gain full administrative access to the device. 3. TECHNICAL …
CISA (ICS)
07/24/2025
1. EXECUTIVE SUMMARY CVSS v4 8.3 ATTENTION: Exploitable remotely Vendor: LG Innotek Equipment: Camera Model LNV5110R Vulnerability: Authentication Bypass Using an Alternate Path or Channel 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to gain administrative access to the device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS …