CISA (ICS)
09/30/2025
1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION : Exploitable remotely/low attack complexity Vendor : Megasys Enterprises Equipment : Telenium Online Web Application Vulnerability : OS Command Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated attacker to inject arbitrary operating system commands through a crafted HTTP …
CISA (ICS)
09/30/2025
1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION : Low attack complexity Vendor : National Instruments Equipment : Circuit Design Suite Vulnerabilities : Type Confusion, Out-of-bounds Read 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to cause memory corruption, potentially leading to information disclosure and execution of …
CISA (ICS)
09/30/2025
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION : Exploitable remotely/low attack complexity Vendor : Festo Equipment : Controller CECC-S,-LK,-D Family Firmware Vulnerabilities : Exposure of Resource to Wrong Sphere, Untrusted Pointer Dereference, NULL Pointer Dereference, Files or Directories Accessible to External Parties, Out-of-bounds Write, Improper Privilege Management, Incorrect Permission Assignment …
CISA (ICS)
09/30/2025
1. EXECUTIVE SUMMARY CVSS v4 6.1 ATTENTION : Low attack complexity Vendor : OpenPLC_V3 Equipment : OpenPLC_V3 Vulnerability : Reliance on Undefined, Unspecified, or Implementation-Defined Behavior 2. RISK EVALUATION Successful exploitation of this vulnerability could cause a denial of service, making the PLC runtime process crash. 3. TECHNICAL DETAILS 3.1 …
CISA (ICS)
09/30/2025
1. EXECUTIVE SUMMARY CVSS v3 8.2 ATTENTION : Exploitable remotely/low attack complexity Vendor : Festo Equipment : SBRD-Q/SBOC-Q/SBOI-Q Vulnerabilities : Incorrect Conversion between Numeric Types, Out-of-bounds Read, Reachable Assertion 2. RISK EVALUATION Successful exploitation of these vulnerabilities may allow the attacker to read arbitrary data or cause a denial-of-service condition. …
CISA (ICS)
09/25/2025
1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION : Exploitable remotely/low attack complexity Vendor : Dingtian Equipment : DT-R002 Vulnerabilities : Insufficiently Protected Credentials 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to retrieve credentials without authentication. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of …
CISA (ICS)
09/23/2025
1. EXECUTIVE SUMMARY CVSS v3 7.3 ATTENTION : Low Attack Complexity Vendor : Schneider Electric Equipment : SESU Vulnerability : Improper Link Resolution Before File Access ('Link Following') 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an authenticated attacker to write arbitrary data to protected locations, potentially leading …
CISA (ICS)
09/23/2025
1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION : Low attack complexity Vendor : Viessmann Equipment : Vitogate 300 Vulnerabilities : Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'), Client-Side Enforcement of Server-Side Security 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker …