SIEMENS CERT
11/11/2025
This advisory documents the impact of CVE-2024-3596 (also dubbed “Blastradius”), a vulnerability in the RADIUS protocol, to SIPROTEC, SICAM and related products. The vulnerability could allow on-path attackers, located between a Network Access Server (the RADIUS client, e.g., a SICAM device) and a RADIUS server, to forge Access-Request packets in …
SIEMENS CERT
11/11/2025
The installers used to install several Siemens products are affected by a DLL hijacking vulnerability. This could allow an attacker to execute arbitrary code when a legitimate user installs an application that uses the affected installer component. This vulnerability poses a risk only during setup and installation phase of the …
CISA (ICS)
11/06/2025
1. EXECUTIVE SUMMARY CVSS v4 7.1 ATTENTION : Exploitable remotely/low attack complexity Vendor : Ubia Equipment : Ubox Vulnerability : Insufficiently Protected Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to remotely view camera feeds or modify settings. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The …
CISA (ICS)
11/06/2025
1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION : Exploitable remotely/low attack complexity Vendor : ABB Equipment : FBXi, FBVi, FBTi, CBXi Vulnerabilities : Use of Hard-coded Credentials, Improper Validation of Specified Type of Input, Use of a One-Way Hash without a Salt 2. RISK EVALUATION Successful exploitation of these vulnerabilities …
CISA (ICS)
11/06/2025
1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Advantech Equipment: DeviceOn/iEdge Vulnerabilities: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') 2. RISK EVALUATION Successful exploitation of these vulnerabilities could result in a denial-of-service …
CISA (ICS)
11/04/2025
1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION : Exploitable remotely/low attack complexity Vendor : Survision Equipment : License Plate Recognition (LPR) Camera Vulnerability : Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to fully access the system without requiring authentication. 3. …
CISA (ICS)
11/04/2025
1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION : Low attack complexity Vendor : Fuji Electric Equipment : Monitouch V-SFT-6 Vulnerabilities : Heap-based Buffer Overflow, Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of these vulnerabilities could crash the accessed device; a buffer overflow condition may allow remote code execution. 3. …
CISA (ICS)
11/04/2025
1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: IDIS Equipment: ICM Viewer Vulnerability: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') 2. RISK EVALUATION Successful exploitation of this vulnerability could result in an attacker executing arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The …