CISA.gov
1 month 3 weeks ago

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, see 

1. EXECUTIVE SUMMARY
  • CVSS v4 9.4
  • ATTENTION: Exploitable remotely/low attack complexity
  • Vendor: Siemens
  • Equipment: SiPass integrated AC5102 (ACC-G2), SiPass integrated ACC-AP
  • Vulnerabilities: Missing Authentication for Critical Function, Improper Input Validation
2. RISK EVALUATION

Successful exploitation of these vulnerabilities could allow an attacker to execute commands on the device with root privileges and access sensitive data.

3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS

Siemens reports that the following products are affected:

  • Siemens SiPass integrated AC5102 (ACC-G2): All versions prior to V6.4.8 (CVE-2024-52285)
  • Siemens SiPass integrated AC5102 (ACC-G2): All versions prior to V6.4.9 (CVE-2025-27493, CVE-2025-27494)
  • Siemens SiPass integrated ACC-AP: All versions prior to V6.4.8 (CVE-2024-52285)
  • Siemens SiPass integrated ACC-AP: All versions prior to V6.4.9 (CVE-2025-27493, CVE-2025-27494)
3.2 VUNERABILITY OVERVIEW 3.2.1

Affected devices expose several MQTT URLs without authentication. This could allow an unauthenticated remote attacker to access sensitive data.

has been assigned to this vulnerability. A CVSS v3 base score of 5.3 has been calculated; the CVSS vector string is ().

A CVSS v4 score has also been calculated for . A base score of 6.9 has been calculated; the CVSS vector string is ().

3.2.2

Affected devices improperly sanitize user input for specific commands on the telnet command line interface. This could allow an authenticated local administrator to escalate privileges by injecting arbitrary commands that are executed with root privileges.

has been assigned to this vulnerability. A CVSS v3 base score of 8.2 has been calculated; the CVSS vector string is ().

A CVSS v4 score has also been calculated for . A base score of 9.3 has been calculated; the CVSS vector string is ().

3.2.3

Affected devices improperly sanitize input for the pubkey endpoint of the REST API. This could allow an authenticated remote administrator to escalate privileges by injecting arbitrary commands that are executed with root privileges.

has been assigned to this vulnerability. A CVSS v3 base score of 9.1 has been calculated; the CVSS vector string is ().

A CVSS v4 score has also been calculated for . A base score of 9.4 has been calculated; the CVSS vector string is ().

3.3 BACKGROUND
  • CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing
  • COUNTRIES/AREAS DEPLOYED: Worldwide
  • COMPANY HEADQUARTERS LOCATION: Germany
3.4 RESEARCHER

Airbus Security reported these vulnerabilities to Siemens.

4. MITIGATIONS

Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk:

  • SiPass integrated AC5102 (ACC-G2), SiPass integrated ACC-AP: Update to V6.4.8 or later version (CVE-2024-52285)
  • SiPass integrated AC5102 (ACC-G2), SiPass integrated ACC-AP: Set an individual strong password for the administrator account "SIEMENS" (CVE-2025-27493, CVE-2025-27494)
  • SiPass integrated AC5102 (ACC-G2), SiPass integrated ACC-AP: Update to V6.4.9 or later version (CVE-2025-27493, CVE-2025-27494)

As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to and following recommendations in the product manuals.

Additional information on industrial security by Siemens can be found on the

For more information see the associated Siemens security advisory SSA-515903 in and .

CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:

  • Minimize network exposure for all control system devices and/or systems, ensuring they are .
  • Locate control system networks and remote devices behind firewalls and isolating them from business networks.
  • When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs). Recognize VPNs may have vulnerabilities, should be updated to the most recent version available, and are only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for on the ICS webpage on . Several CISA products detailing cyber defense best practices are available for reading and download, including .

CISA encourages organizations to implement recommended cybersecurity strategies for .

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at in the technical information paper, .

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

CISA also recommends users take the following measures to protect themselves from social engineering attacks:

  • Do not click web links or open attachments in unsolicited email messages.
  • Refer to for more information on avoiding email scams.
  • Refer to for more information on social engineering attacks.

No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.

5. UPDATE HISTORY
  • March 13, 2025: Initial Publication
CISA

CISA.gov
1 month 3 weeks ago

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, see 

1. EXECUTIVE SUMMARY
  • CVSS v4 9.5
  • ATTENTION: Exploitable remotely/low attack complexity
  • Vendor: Siemens
  • Equipment: SINAMICS S200
  • Vulnerability: Improper Authentication
2. RISK EVALUATION

Successful exploitation of this vulnerability could allow an attacker to download untrusted firmware that could damage or compromise the device.

3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS

Siemens reports that the following products are affected:

  • Siemens SINAMICS S200: All versions
3.2 VULNERABILITY OVERVIEW 3.2.1

The affected device contains an unlocked bootloader. This security oversight enables attackers to inject malicious code or to install untrusted firmware. The intrinsic security features designed to protect against data manipulation and unauthorized access are compromised when the bootloader is not secured.

has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is ().

A CVSS v4 score has also been calculated for . A base score of 9.5 has been calculated; the CVSS vector string is ().

3.3 BACKGROUND
  • CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing
  • COUNTRIES/AREAS DEPLOYED: Worldwide
  • COMPANY HEADQUARTERS LOCATION: Germany
3.4 RESEARCHER

Siemens reported this vulnerability to CISA.

4. MITIGATIONS

Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk:

  • SINAMICS S200: Follow the general security recommendations and apply defense in depth. Contact your local customer service for further support

As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to and following recommendations in the product manuals.

Additional information on industrial security by Siemens can be found on the

For more information see the associated Siemens security advisory SSA-787280 in and .

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:

  • Minimize network exposure for all control system devices and/or systems, ensuring they are .
  • Locate control system networks and remote devices behind firewalls and isolating them from business networks.
  • When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs). Recognize VPNs may have vulnerabilities, should be updated to the most recent version available, and are only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for on the ICS webpage on . Several CISA products detailing cyber defense best practices are available for reading and download, including .

CISA encourages organizations to implement recommended cybersecurity strategies for .

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at in the technical information paper, .

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

CISA also recommends users take the following measures to protect themselves from social engineering attacks:

  • Do not click web links or open attachments in unsolicited email messages.
  • Refer to for more information on avoiding email scams.
  • Refer to for more information on social engineering attacks.

No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time.

5. UPDATE HISTORY
  • March 13, 2025: Initial Publication

 

CISA

CISA.gov
1 month 3 weeks ago

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, see 

1. EXECUTIVE SUMMARY
  • CVSS v4 8.7
  • ATTENTION: Exploitable remotely/low attack complexity
  • Vendor: Siemens
  • Equipment: SCALANCE LPE9403
  • Vulnerabilities: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'), Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Improper Check for Dropped Privileges
2. RISK EVALUATION

Successful exploitation of these vulnerabilities allow a remote attacker to execute arbitrary code, read and write arbitrary files, escalate privileges, or execute a limited set of binaries that are present on the filesystem

3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS

Siemens reports that the following products are affected:

  • SCALANCE LPE9403 (6GK5998-3GS00-2AC2): Versions prior to V4.0
3.2 VULNERABILITY OVERVIEW 3.2.1

Affected devices do not properly sanitize user input when creating new VXLAN configurations. This could allow an authenticated highly-privileged remote attacker to execute arbitrary code on the device.

has been assigned to this vulnerability. A CVSS v3 base score of 7.2 has been calculated; the CVSS vector string is ().

A CVSS v4 score has also been calculated for . A base score of 8.6 has been calculated; the CVSS vector string is ().

3.2.2

Affected devices do not properly sanitize user input when creating new users. This could allow an authenticated highly-privileged remote attacker to execute arbitrary code on the device.

has been assigned to this vulnerability. A CVSS v3 base score of 7.2 has been calculated; the CVSS vector string is ().

A CVSS v4 score has also been calculated for . A base score of 8.6 has been calculated; the CVSS vector string is ().

3.2.3

Affected devices do not properly sanitize user input when creating new SNMP users. This could allow an authenticated highly-privileged remote attacker to execute arbitrary code on the device.

has been assigned to this vulnerability. A CVSS v3 base score of 7.2 has been calculated; the CVSS vector string is ().

A CVSS v4 score has also been calculated for . A base score of 8.6 has been calculated; the CVSS vector string is ().

3.2.4

Affected devices do not properly limit the scope of files accessible through and the privileges of the SFTP functionality. This could allow an authenticated highly-privileged remote attacker to read and write arbitrary files.

has been assigned to this vulnerability. A CVSS v3 base score of 7.2 has been calculated; the CVSS vector string is ().

A CVSS v4 score has also been calculated for . A base score of 8.6 has been calculated; the CVSS vector string is ().

3.2.5

Affected devices do not properly limit the elevation of privileges required to perform certain valid functionality. This could allow an authenticated lowly-privileged remote attacker to escalate their privileges.

has been assigned to this vulnerability. A CVSS v3 base score of 8.8 has been calculated; the CVSS vector string is ().

A CVSS v4 score has also been calculated for . A base score of 8.7 has been calculated; the CVSS vector string is ().

3.2.6

Affected devices do not properly limit user controlled paths to which logs are written and from where they are read. This could allow an authenticated highly-privileged remote attacker to read and write arbitrary files in the filesystem, if and only if the malicious path ends with 'log' .

has been assigned to this vulnerability. A CVSS v3 base score of 3.8 has been calculated; the CVSS vector string is ().

A CVSS v4 score has also been calculated for . A base score of 5.1 has been calculated; the CVSS vector string is ().

3.2.7

Affected devices do not properly neutralize special characters when interpreting user controlled log paths. This could allow an authenticated highly-privileged remote attacker to execute a limited set of binaries that are already present on the filesystem.

has been assigned to this vulnerability. A CVSS v3 base score of 2.7 has been calculated; the CVSS vector string is ().

A CVSS v4 score has also been calculated for . A base score of 2.1 has been calculated; the CVSS vector string is ().

3.3 BACKGROUND
  • CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing
  • COUNTRIES/AREAS DEPLOYED: Worldwide
  • COMPANY HEADQUARTERS LOCATION: Germany
3.4 RESEARCHER

Siemens reported these vulnerabilities to CISA.

4. MITIGATIONS

Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk:

  • SCALANCE LPE9403 (6GK5998-3GS00-2AC2): Update to V4.0 or .

As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to and following recommendations in the product manuals.

Additional information on industrial security by Siemens can be found on the

For more information see the associated Siemens security advisory SSA-075201 in and .

CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:

  • Minimize network exposure for all control system devices and/or systems, ensuring they are .
  • Locate control system networks and remote devices behind firewalls and isolating them from business networks.
  • When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs). Recognize VPNs may have vulnerabilities, should be updated to the most recent version available, and are only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for on the ICS webpage on . Several CISA products detailing cyber defense best practices are available for reading and download, including .

CISA encourages organizations to implement recommended cybersecurity strategies for .

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at in the technical information paper, .

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

CISA also recommends users take the following measures to protect themselves from social engineering attacks:

  • Do not click web links or open attachments in unsolicited email messages.
  • Refer to for more information on avoiding email scams.
  • Refer to for more information on social engineering attacks.

No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.

5. UPDATE HISTORY
  • March 13, 2025: Initial Publication
CISA

CISA.gov
1 month 3 weeks ago

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, see 

1. EXECUTIVE SUMMARY
  • CVSS v4 6.3
  • ATTENTION: Exploitable remotely
  • Vendor: Siemens
  • Equipment: SCALANCE M-800 family (incl. S615, MUM-800 and RM1224), SCALANCE SC-600 family
  • Vulnerability: Partial String Comparison
2. RISK EVALUATION

Successful exploitation of this vulnerability could allow an attacker to obtain partial invalid usernames accepted by the server. A remote attacker would need access to a valid certificate in order to perform a successful attack.

3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS

Siemens reports that the following products are affected:

  • Siemens SCALANCE SC-600 family: All versions
  • Siemens RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2): All versions prior to V8.2.1
  • Siemens SCALANCE M876-3 (6GK5876-3AA02-2BA2): vers: All versions prior to V8.2.1
  • Siemens SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2): All versions prior to V8.2.1
  • Siemens SCALANCE M876-4 (6GK5876-4AA10-2BA2): All versions prior to V8.2.1
  • Siemens SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2): All versions prior to V8.2.1
  • Siemens SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2): All versions prior to V8.2.1
  • Siemens SCALANCE MUB852-1 (A1) (6GK5852-1EA10-1AA1): All versions prior to V8.2.1
  • Siemens SCALANCE MUB852-1 (B1) (6GK5852-1EA10-1BA1): All versions prior to V8.2.1
  • Siemens SCALANCE MUM853-1 (A1) (6GK5853-2EA10-2AA1): All versions prior to V8.2.1
  • Siemens SCALANCE MUM853-1 (B1) (6GK5853-2EA10-2BA1): All versions prior to V8.2.1
  • Siemens SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1): All versions prior to V8.2.1
  • Siemens RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2): All versions prior to V8.2.1
  • Siemens SCALANCE MUM856-1 (A1) (6GK5856-2EA10-3AA1): All versions prior to V8.2.1
  • Siemens SCALANCE MUM856-1 (B1) (6GK5856-2EA10-3BA1): All versions prior to V8.2.1
  • Siemens SCALANCE MUM856-1 (CN) (6GK5856-2EA00-3FA1): All versions prior to V8.2.1
  • Siemens SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1): All versions prior to V8.2.1
  • Siemens SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1): All versions prior to V8.2.1
  • Siemens SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2): All versions prior to V8.2.1
  • Siemens SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2): All versions prior to V8.2.1
  • Siemens SCALANCE M804PB (6GK5804-0AP00-2AA2): All versions prior to V8.2.1
  • Siemens SCALANCE M812-1 ADSL-Router family: All versions prior to V8.2.1
  • Siemens SCALANCE M816-1 ADSL-Router family: All versions prior to V8.2.1
  • Siemens SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2): All versions prior to V8.2.1
  • Siemens SCALANCE M874-2 (6GK5874-2AA00-2AA2): All versions prior to V8.2.1
  • Siemens SCALANCE M874-3 3G-Router (CN) (6GK5874-3AA00-2FA2): All versions prior to V8.2.1
  • Siemens SCALANCE M874-3 (6GK5874-3AA00-2AA2): All versions prior to V8.2.1
3.2 VULNERABILITY OVERVIEW 3.2.1

Affected devices improperly validate usernames during OpenVPN authentication. This could allow an attacker to get partial invalid usernames accepted by the server.

has been assigned to this vulnerability. A CVSS v3 base score of 3.7 has been calculated; the CVSS vector string is ().

A CVSS v4 score has also been calculated for . A base score of 6.3 has been calculated; the CVSS vector string is ().

3.4 BACKGROUND
  • CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing
  • COUNTRIES/AREAS DEPLOYED: Worldwide
  • COMPANY HEADQUARTERS LOCATION: Germany
3.5 RESEARCHER

Siemens reported this vulnerability to CISA.

4. MITIGATIONS

Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk:

  • SCALANCE SC-600 family: Currently no fix is available.
  • RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2), SCALANCE M804PB (6GK5804-0AP00-2AA2), SCALANCE M812-1 ADSL-Router family, SCALANCE M816-1 ADSL-Router family, SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2), SCALANCE M874-2 (6GK5874-2AA00-2AA2), SCALANCE M874-3 (6GK5874-3AA00-2AA2), SCALANCE M874-3 3G-Router (CN) (6GK5874-3AA00-2FA2), SCALANCE M876-3 (6GK5876-3AA02-2BA2), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2), SCALANCE M876-4 (6GK5876-4AA10-2BA2), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2), SCALANCE MUB852-1 (A1) (6GK5852-1EA10-1AA1), SCALANCE MUB852-1 (B1) (6GK5852-1EA10-1BA1), SCALANCE MUM853-1 (A1) (6GK5853-2EA10-2AA1), SCALANCE MUM853-1 (B1) (6GK5853-2EA10-2BA1), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1), SCALANCE MUM856-1 (A1) (6GK5856-2EA10-3AA1), SCALANCE MUM856-1 (B1) (6GK5856-2EA10-3BA1), SCALANCE MUM856-1 (CN) (6GK5856-2EA00-3FA1), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2): Update to or later version.
  • All affected products: Apply a strong password policy for your devices.

As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to and following recommendations in the product manuals.

Additional information on industrial security by Siemens can be found on the

For more information see the associated Siemens security advisory SSA-280834 in and .

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:

  • Minimize network exposure for all control system devices and/or systems, ensuring they are .
  • Locate control system networks and remote devices behind firewalls and isolating them from business networks.
  • When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs). Recognize VPNs may have vulnerabilities, should be updated to the most recent version available, and are only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for on the ICS webpage on . Several CISA products detailing cyber defense best practices are available for reading and download, including .

CISA encourages organizations to implement recommended cybersecurity strategies for .

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at in the technical information paper, .

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

CISA also recommends users take the following measures to protect themselves from social engineering attacks:

  • Do not click web links or open attachments in unsolicited email messages.
  • Refer to for more information on avoiding email scams.
  • Refer to for more information on social engineering attacks.

No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time. This vulnerability has a high attack complexity.

5. UPDATE HISTORY
  • March 13, 2025: Initial Publication
CISA

CISA.gov
1 month 3 weeks ago

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, see 

1. EXECUTIVE SUMMARY
  • CVSS v4 7.0
  • ATTENTION: Low attack complexity
  • Vendor: Siemens
  • Equipment: Tecnomatix Plant Simulation
  • Vulnerabilities: Files or Directories Accessible to External Parties
2. RISK EVALUATION

Successful exploitation of these vulnerabilities could allow an unauthorized attacker to read or delete arbitrary files or the entire file system of the device.

3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS

Siemens reports that the following products are affected:

  • Siemens Tecnomatix Plant Simulation V2302: All versions prior to V2302.0021
  • Siemens Tecnomatix Plant Simulation V2404: All versions prior to V2404.0010
3.2 VULNERABILITY OVERVIEW 3.2.1

The affected application does not properly restrict access to the file deletion functionality. This could allow an unauthorized attacker to delete files even when access to the system should be prohibited, resulting in potential data loss or unauthorized modification of system files.

has been assigned to this vulnerability. A CVSS v3 base score of 6.8 has been calculated; the CVSS vector string is ().

A CVSS v4 score has also been calculated for . A base score of 7.0 has been calculated; the CVSS vector string is ().

3.2.2

The affected application does not properly restrict the scope of files accessible to the simulation model. This could allow an unauthorized attacker to compromise the confidentiality of the system.

has been assigned to this vulnerability. A CVSS v3 base score of 6.2 has been calculated; the CVSS vector string is ().

A CVSS v4 score has also been calculated for . A base score of 6.9 has been calculated; the CVSS vector string is ().

3.3 BACKGROUND
  • CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing
  • COUNTRIES/AREAS DEPLOYED: Worldwide
  • COMPANY HEADQUARTERS LOCATION: Germany
3.4 RESEARCHER

Siemens reported these vulnerabilities to CISA.

4. MITIGATIONS

Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk:

  • Tecnomatix Plant Simulation V2302: Update to or later version
  • Tecnomatix Plant Simulation V2404: Update to or later version

As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to and following recommendations in the product manuals.

Additional information on industrial security by Siemens can be found on the

For more information see the associated Siemens security advisory SSA-507653 in and .

CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:

  • Minimize network exposure for all control system devices and/or systems, ensuring they are .
  • Locate control system networks and remote devices behind firewalls and isolating them from business networks.
  • When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs). Recognize VPNs may have vulnerabilities, should be updated to the most recent version available, and are only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for on the ICS webpage on . Several CISA products detailing cyber defense best practices are available for reading and download, including .

CISA encourages organizations to implement recommended cybersecurity strategies for .

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at in the technical information paper, .

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

CISA also recommends users take the following measures to protect themselves from social engineering attacks:

  • Do not click web links or open attachments in unsolicited email messages.
  • Refer to for more information on avoiding email scams.
  • Refer to for more information on social engineering attacks.

No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time. These vulnerabilities are not exploitable remotely.

5. UPDATE HISTORY
  • March 13, 2025: Initial Publication
CISA

CISA.gov
1 month 3 weeks ago

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, see 

1. EXECUTIVE SUMMARY
  • CVSS v4 9.3
  • ATTENTION: Exploitable remotely/low attack complexity
  • Vendor: Siemens
  • Equipment: OPC UA
  • Vulnerabilities: Observable Timing Discrepancy, Authentication Bypass by Primary Weakness
2. RISK EVALUATION

Successful exploitation of these vulnerabilities could allow an attacker to bypass application authentication and gain access to the data managed by the server.

3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS

Siemens reports that the following products are affected:

  • Industrial Edge for Machine Tools (formerly known as "SINUMERIK Edge"): All versions (CVE-2024-42513)
  • SIMIT V11: All versions (CVE-2024-42512)
  • SIMATIC BRAUMAT: All versions from V8.0 SP1 up to but not including V8.1 (CVE-2024-42513)
  • SIMATIC Energy Manager PRO: All versions from V7.5 up to but not including V7.5 Update 2
  • SIMATIC Energy Manager PRO: All versions after V7.2 Update 6
  • SIMATIC IPC DiagMonitor: All versions (CVE-2024-42513)
  • SIMATIC SISTAR: All versions from V8.0 SP1 up to but not including V8.1 (CVE-2024-42513)
  • SIMATIC WinCC Unified V18: All versions (CVE-2024-42513)
  • SIMATIC WinCC Unified V19: All versions before V19 Update 4 (CVE-2024-42513)
  • SIMATIC WinCC V8.0: All versions before V8.0 Update 3 (CVE-2024-42513)
3.2 VULNERABILITY OVERVIEW 3.2.1

Vulnerability in the OPC UA .NET standard stack before 1.5.374.158 allows an unauthorized attacker to bypass application authentication when the deprecated Basic128Rsa15 security policy is enabled.

has been assigned to this vulnerability. A CVSS v3 base score of 7.4 has been calculated; the CVSS vector string is ().

A CVSS v4 score has also been calculated for . A base score of 9.1 has been calculated; the CVSS vector string is ().

3.2.2

Vulnerability in the OPC UA .NET standard stack before 1.5.374.158 allows an unauthorized attacker to bypass application authentication when using HTTPS endpoints.

has been assigned to this vulnerability. A CVSS v3 base score of 9.1 has been calculated; the CVSS vector string is ().

A CVSS v4 score has also been calculated for . A base score of 9.3 has been calculated; the CVSS vector string is ().

3.3 BACKGROUND
  • CRITICAL INFRASTRUCTURE SECTORS: Chemical, Critical Manufacturing, Energy, Food and Agriculture, Water and Wastewater Systems
  • COUNTRIES/AREAS DEPLOYED: Worldwide
  • COMPANY HEADQUARTERS LOCATION: Germany
3.4 RESEARCHER

Siemens reported these vulnerabilities to CISA.

4. MITIGATIONS

Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk:

  • SIMATIC Energy Manager PRO: Update to V7.5 Update 2 or
  • (CVE-2024-42512) SIMATIC Energy Manager PRO, SIMIT V11: Currently no fix is available.
  • (CVE-2024-42513) SIMATIC WinCC Unified V18, SIMATIC WinCC Unified V19: Please note that the affected functionality (HTTPS endpoint in OPC UA server) is deactivated by default in Unified RT. Systems running with default configuration are therefore not affected by this vulnerability.
  • (CVE-2024-42513) SIMATIC IPC DiagMonitor: Please note that the affected functionality (HTTPS endpoint in OPC UA Server) is deactivated by default. Systems running with default configuration are therefore not affected by this vulnerability.
  • (CVE-2024-42513) Industrial Edge for Machine Tools (formerly known as "SINUMERIK Edge"), SIMATIC IPC DiagMonitor: Currently no fix is planned.
  • (CVE-2024-42513) SIMATIC Energy Manager PRO, SIMATIC WinCC Unified V18: Currently no fix is available.
  • (CVE-2024-42513) SIMATIC WinCC Unified V19: Update to V19 Update 4 or later version.
  • (CVE-2024-42513) SIMATIC WinCC V8.0: Update to V8.0 Update 3 or later version.
  • (CVE-2024-42513) SIMATIC BRAUMAT, SIMATIC SISTAR: Update to V8.1 or

As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to and following recommendations in the product manuals.

Additional information on industrial security by Siemens can be found on the

For more information see the associated Siemens security advisory SSA-858251 in and .

CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:

  • Minimize network exposure for all control system devices and/or systems, ensuring they are .
  • Locate control system networks and remote devices behind firewalls and isolating them from business networks.
  • When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs). Recognize VPNs may have vulnerabilities, should be updated to the most recent version available, and are only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for on the ICS webpage on . Several CISA products detailing cyber defense best practices are available for reading and download, including .

CISA encourages organizations to implement recommended cybersecurity strategies for .

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at in the technical information paper, .

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.

5. UPDATE HISTORY
  • March 13, 2025: Initial Publication
CISA

CISA.gov
1 month 3 weeks ago

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, see 

1. EXECUTIVE SUMMARY
  • CVSS v4 9.3
  • ATTENTION: Exploitable remotely/low attack complexity
  • Vendor: Siemens
  • Equipment: SINEMA Remote Connect Client
  • Vulnerabilities: Integer Overflow or Wraparound, Unprotected Alternate Channel, Improper Restriction of Communication Channel to Intended Endpoints, Stack-based Buffer Overflow, Unrestricted Upload of File with Dangerous Type, Missing Release of Resource after Effective Lifetime
2. RISK EVALUATION

Successful exploitation of these vulnerabilities could allow an attacker to overflow memory buffers, impersonate a legitimate user, maintain longer session times, gain elevated privileges, and execute code remotely.

3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS

Siemens reports that the following products are affected:

  • Siemens SINEMA Remote Connect Client: All versions below V3.2 SP3
3.2 VULNERABILITY OVERVIEW 3.2.1

The tap-windows6 driver version 9.26 and earlier does not properly check the size data of incoming write operations which an attacker can use to overflow memory buffers, resulting in a bug check and potentially arbitrary code execution in kernel space.

has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is ().

A CVSS v4 score has also been calculated for . A base score of 9.3 has been calculated; the CVSS vector string is ().

3.2.2

If an attacker with SeImeprsonatePrivilege manages to create a named pipe server with a name matching that used by the "Interactive Service", user interfaces such as OpenVPN-GUI connecting to it could allow the attacker to impersonate the user running the UI.

has been assigned to this vulnerability. A CVSS v3 base score of 4.9 has been calculated; the CVSS vector string is ().

A CVSS v4 score has also been calculated for . A base score of 6.9 has been calculated; the CVSS vector string is ().

3.2.3

The interactive service in OpenVPN 2.6.9 and earlier allows the OpenVPN service pipe to be accessed remotely which allows a remote attacker to interact with the privileged OpenVPN interactive service.

has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is ().

A CVSS v4 score has also been calculated for . A base score of 8.7 has been calculated; the CVSS vector string is ().

3.2.4

The interactive service in OpenVPN 2.6.9 and earlier allows an attacker to send data causing a stack overflow which can be used to execute arbitrary code with more privileges.

has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is ().

A CVSS v4 score has also been calculated for . A base score of 8.5 has been calculated; the CVSS vector string is ().

3.2.5

OpenVPN plug-ins on Windows with OpenVPN 2.6.9 and earlier could be loaded from any directory which allows an attacker to load an arbitrary plug-in which can be used to interact with the privileged OpenVPN interactive service.

has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is ().

A CVSS v4 score has also been calculated for . A base score of 9.3 has been calculated; the CVSS vector string is ().

3.2.6

OpenVPN from 2.6.0 through 2.6.10 in a server role accepts multiple exit notifications from authenticated clients which will extend the validity of a closing session.

has been assigned to this vulnerability. A CVSS v3 base score of 6.5 has been calculated; the CVSS vector string is ().

A CVSS v4 score has also been calculated for . A base score of 7.1 has been calculated; the CVSS vector string is ().

3.3 BACKGROUND
  • CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing, Commercial Facilities, Energy, Food and Agriculture, Healthcare and Public Health, Transportation Systems, Water and Wastewater Systems
  • COUNTRIES/AREAS DEPLOYED: Worldwide
  • COMPANY HEADQUARTERS LOCATION: Germany
3.4 RESEARCHER

Siemens reported these vulnerabilities to CISA.

4. MITIGATIONS

Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk:

  • SINEMA Remote Connect Client:

As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to and following recommendations in the product manuals.

Additional information on industrial security by Siemens can be found on the

For more information see the associated Siemens security advisory SSA-615740 in and .

CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:

  • Minimize network exposure for all control system devices and/or systems, ensuring they are .
  • Locate control system networks and remote devices behind firewalls and isolating them from business networks.
  • When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs). Recognize VPNs may have vulnerabilities, should be updated to the most recent version available, and are only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for on the ICS webpage on . Several CISA products detailing cyber defense best practices are available for reading and download, including .

CISA encourages organizations to implement recommended cybersecurity strategies for .

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at in the technical information paper, .

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.

5. UPDATE HISTORY
  • March 13, 2025: Initial Publication
CISA

CISA.gov
1 month 3 weeks ago

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, see 

1. EXECUTIVE SUMMARY
  • CVSS v4 8.4
  • ATTENTION: Low attack complexity
  • Vendor: Siemens
  • Equipment: SIMATIC IPC Family, SIMATIC ITP1000, SIMATIC Field PGs
  • Vulnerabilities: Protection Mechanism Failure
2. RISK EVALUATION

Successful exploitation of these vulnerabilities could allow an authenticated attacker to alter the secure boot configuration or to disable the BIOS password.

3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS

Siemens reports that the following products are affected:

  • Siemens SIMATIC Field PG M5: All versions
  • Siemens SIMATIC IPC377G: All versions
  • Siemens SIMATIC IPC427E: All versions
  • Siemens SIMATIC IPC477E: All versions
  • Siemens SIMATIC IPC477E PRO: All versions
  • Siemens SIMATIC IPC527G: All versions
  • Siemens SIMATIC IPC627E: Versions prior to 25.02.15
  • Siemens SIMATIC IPC647E: Versions prior to V25.02.15
  • Siemens SIMATIC IPC677E: Versions prior to V25.02.15
  • Siemens SIMATIC IPC847E: Versions prior to V25.02.15
  • Siemens SIMATIC IPC3000 SMART V3: All versions
  • Siemens SIMATIC Field PG M6: Versions prior to V26.01.12 (CVE-2024-56182)
  • Siemens SIMATIC IPC BX-21A: Versions prior to V31.01.07
  • Siemens SIMATIC IPC BX-32A: Versions prior to V29.01.07
  • Siemens SIMATIC IPC BX-39A: Versions prior to V29.01.07
  • Siemens SIMATIC IPC BX-59A: Versions prior to V32.01.04
  • Siemens SIMATIC IPC PX-32A: Versions prior to V29.01.07
  • Siemens SIMATIC IPC PX-39A: Versions prior to V29.01.07
  • Siemens SIMATIC IPC PX-39A PRO: Versions prior to V29.01.07
  • Siemens SIMATIC IPC RC-543B: All versions
  • Siemens SIMATIC IPC RW-543A: All versions
  • Siemens SIMATIC ITP1000: All versions
  • Siemens SIMATIC IPC127E: All versions
  • Siemens SIMATIC IPC277G PRO: All versions
  • Siemens SIMATIC IPC227E: All versions
  • Siemens SIMATIC IPC227G: All versions
  • Siemens SIMATIC IPC277E: All versions
  • Siemens SIMATIC IPC277G: All versions
  • Siemens SIMATIC IPC327G: All versions
  • Siemens SIMATIC IPC347G: All versions
3.2 VULNERABILITY OVERVIEW 3.2.1

The affected devices have insufficient protection mechanism for the EFI (Extensible Firmware Interface) variables stored on the device. This could allow an authenticated attacker to alter the secure boot configuration without proper authorization by directly communicating with the flash controller.

has been assigned to this vulnerability. A CVSS v3 base score of 8.2 has been calculated; the CVSS vector string is ().

A CVSS v4 score has also been calculated for . A base score of 8.4 has been calculated; the CVSS vector string is ().

3.2.2

The affected devices have insufficient protection mechanism for the EFI (Extensible Firmware Interface) variables stored on the device. This could allow an authenticated attacker to disable the BIOS password without proper authorization by directly communicating with the flash controller.

has been assigned to this vulnerability. A CVSS v3 base score of 8.2 has been calculated; the CVSS vector string is ().

A CVSS v4 score has also been calculated for . A base score of 8.4 has been calculated; the CVSS vector string is ().

3.3 BACKGROUND
  • CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing
  • COUNTRIES/AREAS DEPLOYED: Worldwide
  • COMPANY HEADQUARTERS LOCATION: Germany
3.4 RESEARCHER

Siemens reported these vulnerabilities to CISA.

4. MITIGATIONS

Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk:

  • Restrict access to root/administrator permission for the operating system
  • SIMATIC IPC627E, SIMATIC IPC647E, SIMATIC IPC677E, SIMATIC IPC847E: Update to or later version
  • SIMATIC IPC BX-39A, SIMATIC IPC PX-39A, SIMATIC IPC PX-39A PRO, SIMATIC IPC BX-32A, SIMATIC IPC PX-32A: Update to or later version
  • SIMATIC IPC BX-21A: Update to or later version
  • SIMATIC IPC BX-59A: Update to or later version
  • SIMATIC Field PG M6: Update to or later version
  • SIMATIC Field PG M5, SIMATIC IPC RC-543B, SIMATIC IPC RW-543A, SIMATIC IPC127E, SIMATIC IPC227G, SIMATIC IPC277G, SIMATIC IPC277G PRO, SIMATIC IPC3000 SMART V3, SIMATIC IPC327G, SIMATIC IPC347G, SIMATIC IPC377G, SIMATIC IPC427E, SIMATIC IPC477E, SIMATIC IPC477E PRO, SIMATIC IPC527G, SIMATIC ITP1000, SIMATIC IPC227E, SIMATIC IPC277E: Currently no fix is available

As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to and following recommendations in the product manuals.

Additional information on industrial security by Siemens can be found on the

For more information see the associated Siemens security advisory SSA-216014 in and .

CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:

  • Minimize network exposure for all control system devices and/or systems, ensuring they are .
  • Locate control system networks and remote devices behind firewalls and isolating them from business networks.
  • When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs). Recognize VPNs may have vulnerabilities, should be updated to the most recent version available, and are only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for on the ICS webpage on . Several CISA products detailing cyber defense best practices are available for reading and download, including .

CISA encourages organizations to implement recommended cybersecurity strategies for .

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at in the technical information paper, .

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

CISA also recommends users take the following measures to protect themselves from social engineering attacks:

  • Do not click web links or open attachments in unsolicited email messages.
  • Refer to for more information on avoiding email scams.
  • Refer to for more information on social engineering attacks.

No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time. These vulnerabilities are not exploitable remotely.

5. UPDATE HISTORY
  • March 13, 2025: Initial Publication
CISA

CISA.gov
1 month 3 weeks ago

1. EXECUTIVE SUMMARY
  • CVSS v4 9.5
  • ATTENTION: Exploitable remotely
  • Vendor: Sungrow
  • Equipment: iSolarCloud Android App, WiNet Firmware
  • Vulnerabilities: Improper Certificate Validation, Use of a Broken or Risky Cryptographic Algorithm, Authorization Bypass Through User-Controlled Key, User of Hard-Coded Credentials, Stack-Based Buffer Overflow, Heap-Based Buffer Overflow
2. RISK EVALUATION

Successful exploitation of these vulnerabilities could result in attackers being able to access and could modify sensitive information.

3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS

The following Sungrow software products are affected:

  • iSolarCloud Android App: Version 2.1.6 and prior
  • WiNet Firmware: All versions
3.2 VULNERABILITY OVERVIEW 3.2.1

The Android app for iSolarCloud explicitly ignores certificate errors and is vulnerable to adversary-in-the-middle attacks. This may allow an attacker to impersonate the iSolarCloud server and communicate with the Android app.

has been assigned to this vulnerability. A CVSS v3.1 base score of 6.5 has been calculated; the CVSS vector string is ().

A CVSS v4 score has also been calculated for . A base score of 8.3 has been calculated; the CVSS vector string is ().

3.2.2

The iSolarCloud Android mobile application uses an insecure AES key to encrypt client data (insufficient entropy). This may allow attackers to decrypt intercepted communications between the mobile app and iSolarCloud.

has been assigned to this vulnerability. A CVSS v3.1 base score of 6.5 has been calculated; the CVSS vector string is ().

A CVSS v4 score has also been calculated for . A base score of 8.3 has been calculated; the CVSS vector string is ().

3.2.3

The iSolarCloud API is vulnerable to multiple insecure direct object references (IDOR) via the powerStationService API model. This vulnerability may allow an attacker to gain unauthorized access to user data and potentially modify key identifying data values.

has been assigned to this vulnerability. A CVSS v3.1 base score of 6.5 has been calculated; the CVSS vector string is ().

A CVSS v4 score has also been calculated for . A base score of 6.9 has been calculated; the CVSS vector string is ().

3.2.4

The Solar iCloud API is vulnerable to multiple insecure direct object references (IDOR) via the userService API model. This vulnerability may allow an attacker to gain unauthorized access to user data and potentially modify key identifying data values.

has been assigned to this vulnerability. A CVSS v3.1 base score of 8.2 has been calculated; the CVSS vector string is ().

A CVSS v4 score has also been calculated for . A base score of 9.2 has been calculated; the CVSS vector string is ().

3.2.5

The Solar iCloud API is vulnerable to multiple insecure direct object references (IDOR) via the orgService API model. This vulnerability may allow an attacker to gain unauthorized access to user data and potentially modify key identifying data values.

has been assigned to this vulnerability. A CVSS v3.1 base score of 8.2 has been calculated; the CVSS vector string is ().

A CVSS v4 score has also been calculated for . A base score of 9.2 has been calculated; the CVSS vector string is ().

3.2.6

The Solar iCloud API is vulnerable to multiple insecure direct object references (IDOR) via the commonService API model. This vulnerability may allow an attacker to gain unauthorized access to user data and potentially modify key identifying data values.

has been assigned to this vulnerability. A CVSS v3.1 base score of 5.3 has been calculated; the CVSS vector string is ().

A CVSS v4 score has also been calculated for . A base score of 6.9 has been calculated; the CVSS vector string is ().

3.2.7

The Solar iCloud API is vulnerable to multiple insecure direct object references (IDOR) via the devService API model. This vulnerability may allow an attacker to gain unauthorized access to user data and potentially modify key identifying data values.

has been assigned to this vulnerability. A CVSS v3.1 base score of 5.3 has been calculated; the CVSS vector string is ().

A CVSS v4 score has also been calculated for . A base score of 6.9 has been calculated; the CVSS vector string is ().

3.2.8

The iSolarCloud Android application and the cloud use hard-coded MQTT credentials for exchanging the device telemetry. This vulnerability may allow an attacker to gain unauthorized access to user accounts, sensitive information, and execute arbitrary code.

has been assigned to this vulnerability. A CVSS v3.1 base score of 5.3 has been calculated; the CVSS vector string is ().

A CVSS v4 score has also been calculated for . A base score of 6.9 has been calculated; the CVSS vector string is ().

3.2.9

The WiNet's module firmware contains hardcoded MQTT credentials that could allow an attacker to impersonate a device-facing MQTT broker. This vulnerability may allow an attacker to gain unauthorized access to user accounts, sensitive information, and execute arbitrary code.

has been assigned to this vulnerability. A CVSS v3.1 base score of 8.1 has been calculated; the CVSS vector string is ().

A CVSS v4 score has also been calculated for . A base score of 9.5 has been calculated; the CVSS vector string is ().

3.2.10

The WiNet WebUI contains a hard-coded password that can be used to decrypt all firmware updates. This vulnerability can allow an attacker to gain unauthorized access to accounts.

has been assigned to this vulnerability. A CVSS v3.1 base score of 6.5 has been calculated; the CVSS vector string is ().

A CVSS v4 score has also been calculated for . A base score of 6.9 has been calculated; the CVSS vector string is ().

3.2.11

When copying the time stamp read from an MQTT message, the underlying code does not check the bounds of the buffer that is used to store the message. This may lead to a stack-based buffer overflow in which an attacker could potentially execute arbitrary code, remotely.

has been assigned to this vulnerability. A CVSS v3.1 base score of 8.1 has been calculated; the CVSS vector string is ().

A CVSS v4 score has also been calculated for . A base score of 9.5 has been calculated; the CVSS vector string is ().

3.2.12

When decrypting MQTT messages, the code that parses specific TLV fields does not have sufficient bounds checks. This may result in a stack-based buffer overflow in which an attacker could potentially execute arbitrary code, remotely.

has been assigned to this vulnerability. A CVSS v3.1 base score of 8.1 has been calculated; the CVSS vector string is ().

A CVSS v4 score has also been calculated for . A base score of 9.5 has been calculated; the CVSS vector string is ().

3.2.13

There is a potential stack-based buffer overflow when parsing MQTT messages, due to missing MQTT topic bounds checks. The affected products are vulnerable to a stack-based buffer overflow which may allow an attacker to remotely execute arbitrary code.

has been assigned to this vulnerability. A CVSS v3.1 base score of 8.1 has been calculated; the CVSS vector string is ().

A CVSS v4 score has also been calculated for . A base score of 9.5 has been calculated; the CVSS vector string is ().

3.2.14

The affected products are vulnerable to a heap-based buffer overflow, due to bounds checks of the MQTT message content. This vulnerability may allow an attacker to remotely execute arbitrary code.

has been assigned to this vulnerability. A CVSS v3.1 base score of 8.1 has been calculated; the CVSS vector string is ().

A CVSS v4 score has also been calculated for . A base score of 9.5 has been calculated; the CVSS vector string is ().

3.2.15

The affected products lack proper integrity checks during the update process. This vulnerability allows an attacker to send a specific MQTT message to install potentially harmful firmware files hosted on an attacker-controlled server. This could result in unauthorized control of affected devices.

has been assigned to this vulnerability. A CVSS v3.1 base score of 8.1 has been calculated; the CVSS vector string is ().

A CVSS v4 score has also been calculated for . A base score of 9.5 has been calculated; the CVSS vector string is ().

3.3 BACKGROUND
  • CRITICAL INFRASTRUCTURE SECTORS: Energy
  • COUNTRIES/AREAS DEPLOYED: Worldwide
  • COMPANY HEADQUARTERS LOCATION: China
3.4 RESEARCHER

Daniel dos Santos, Stanislav Dashevskyi, and Francesco La Spina of Forescout Technologies reported these vulnerabilities to CISA.

4. MITIGATIONS

Sungrow has released updated versions of affected firmware. Users are encouraged to apply version WINET-SV200.001.00.P028 or higher. Users should also update their iSolarCloud Android App to the latest version via device app store. The iSolarCloud has been repaired and requires no further user action.

For more information refer to Sungrow's

CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:

  • Minimize network exposure for all control system devices and/or systems, ensuring they are .
  • Locate control system networks and remote devices behind firewalls and isolating them from business networks.
  • When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for on the ICS webpage on . Several CISA products detailing cyber defense best practices are available for reading and download, including .

CISA encourages organizations to implement recommended cybersecurity strategies for .

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at in the technical information paper, .

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.

5. UPDATE HISTORY
  • March 13, 2025: Initial Publication
CISA

CISA.gov
1 month 4 weeks ago

1. EXECUTIVE SUMMARY
  • CVSS v4 6.8
  • ATTENTION: Low attack complexity
  • Vendor: Schneider Electric
  • Equipment: Uni-Telway Driver
  • Vulnerability: Improper Input Validation
2. RISK EVALUATION

Successful exploitation of this vulnerability could allow an attacker to perform a denial of service.

3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS

Schneider Electric reports the following products are affected:

  • Schneider Electric Uni-Telway Driver: All versions
  • Schneider Electric Uni-Telway Driver installed on Control Expert: All versions
  • Schneider Electric Uni-Telway Driver installed on Process Expert: All versions
  • Schneider Electric Uni-Telway Driver installed on Process Expert for AVEVA System Platform: All versions
  • Schneider Electric Uni-Telway Driver installed on OPC Factory Server: All versions
3.2 VULNERABILITY OVERVIEW 3.2.1

Schneider Electric Uni-Telway Driver is vulnerable to an improper input validation vulnerability that could cause denial-of-service of engineering workstations when a specific driver interface is invoked locally by an authenticated user with crafted input.

has been assigned to this vulnerability. A CVSS v3 base score of 5.5 has been calculated; the CVSS vector string is ().

A CVSS v4 score has also been calculated for . A base score of 6.8 has been calculated; the CVSS vector string is ().

3.3 BACKGROUND
  • CRITICAL INFRASTRUCTURE SECTORS: Commercial Facilities, Critical Manufacturing, Energy
  • COUNTRIES/AREAS DEPLOYED: Worldwide
  • COMPANY HEADQUARTERS LOCATION: France
3.4 RESEARCHER

Sangjun Park, Jongseoung Kim, Byunghyun Kang, Yunjin Park, Albert Einstein, Kwon Yul, Seungchan Kim of today-0day reported this vulnerability to Schneider Electric.

4. MITIGATIONS

Schneider Electric has identified the following specific workarounds and mitigations users can apply to reduce risk:

For users requiring the use of Uni-Telway Driver, Schneider Electric recommends using following mitigations to reduce the risk of exploit:

  • McAfee Application and Change Control software for application control. Refer to the Cybersecurity Application Note available .
  • Follow workstation, network, and site-hardening guidelines in the Schneider Electric Recommended Cybersecurity Best Practices document. For users not requiring the use of Uni-Telway driver, Schneider Electric recommends uninstalling the driver. Version 16.1 of EcoStruxure Control Expert does not include Uni-Telway driver by default anymore. This vulnerability is only affecting users who have installed Uni-Telway driver. To ensure users are informed of all updates, including details on affected products and remediation plans, subscribe to Schneider Electric's security notification service here:

For more information see the associated Schneider Electric CPCERT security advisory SEVD-2025-042-02 , .

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:

  • Minimize network exposure for all control system devices and/or systems, ensuring they are .
  • Locate control system networks and remote devices behind firewalls and isolating them from business networks.
  • When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs). Recognize VPNs may have vulnerabilities, should be updated to the most recent version available, and are only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for on the ICS webpage on . Several CISA products detailing cyber defense best practices are available for reading and download, including .

CISA encourages organizations to implement recommended cybersecurity strategies for .

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at in the technical information paper, .

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time. This vulnerability is not exploitable remotely.

5. UPDATE HISTORY
  • March 11, 2025: Initial Publication
CISA

CISA.gov
1 month 4 weeks ago

1. EXECUTIVE SUMMARY
  • CVSS v4 9.3
  • ATTENTION: Exploitable remotely/low attack complexity
  • Vendor: Optigo Networks
  • Equipment: Visual BACnet Capture Tool, Optigo Visual Networks Capture Tool
  • Vulnerabilities: Use of Hard-coded, Security-relevant Constants, Authentication Bypass Using an Alternate Path or Channel
2. RISK EVALUATION

Successful exploitation of these vulnerabilities could allow an attacker to bypass authentication, gain control over the products, or impersonate the web applications.

3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS

The following versions of Optigo Networks Visual BACnet Capture Tool and Optigo Visual Networks Capture Tool are affected:

  • Visual BACnet Capture Tool: Version 3.1.2rc11
  • Optigo Visual Networks Capture Tool: Version 3.1.2rc11
3.2 VULNERABILITY OVERVIEW 3.2.1

Optigo Networks Visual BACnet Capture Tool and Optigo Visual Networks Capture Tool version 3.1.2rc11 contain a hard coded secret key. This could allow an attacker to generate valid JWT (JSON Web Token) sessions.

has been assigned to this vulnerability. A CVSS v3.1 base score of 7.5 has been calculated; the CVSS vector string is ().

A CVSS v4 score has also been calculated for . A base score of 8.7 has been calculated; the CVSS vector string is ().

3.2.2

Optigo Networks Visual BACnet Capture Tool and Optigo Visual Networks Capture Tool version 3.1.2rc11 contain an exposed web management service that could allow an attacker to bypass authentication measures and gain controls over utilities within the products.

has been assigned to this vulnerability. A CVSS v3.1 base score of 9.8 has been calculated; the CVSS vector string is ().

A CVSS v4 score has also been calculated for . A base score of 9.3 has been calculated; the CVSS vector string is ().

3.2.3

Optigo Networks Visual BACnet Capture Tool and Optigo Visual Networks Capture Tool version 3.1.2rc11 are vulnerable to an attacker impersonating the web application service and mislead victim clients.

has been assigned to this vulnerability. A CVSS v3.1 base score of 7.5 has been calculated; the CVSS vector string is ().

A CVSS v4 score has also been calculated for . A base score of 8.7 has been calculated; the CVSS vector string is ().

3.3 BACKGROUND
  • CRITICAL INFRASTRUCTURE SECTORS: Information Technology
  • COUNTRIES/AREAS DEPLOYED: Worldwide
  • COMPANY HEADQUARTERS LOCATION: Canada
3.4 RESEARCHER

Tomer Goldschmidt of Claroty Team82 reported these vulnerabilities to CISA.

4. MITIGATIONS

Optigo Networks recommends users to upgrade to the following:

  • Visual BACnet Capture Tool:
  • Optigo Visual Networks Capture Tool:

CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:

  • Minimize network exposure for all control system devices and/or systems, ensuring they are .
  • Locate control system networks and remote devices behind firewalls and isolating them from business networks.
  • When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for on the ICS webpage on . Several CISA products detailing cyber defense best practices are available for reading and download, including .

CISA encourages organizations to implement recommended cybersecurity strategies for .

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at in the technical information paper, .

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.

5. UPDATE HISTORY
  • March 11, 2025: Initial Publication
CISA

CISA.gov
2 months ago

1. EXECUTIVE SUMMARY
  • CVSS v3 7.5
  • ATTENTION: Exploitable remotely/low attack complexity
  • Vendor: Hitachi Energy
  • Equipment: PCU400, PCULogger
  • Vulnerabilities: Access of Resource Using Incompatible Type ('Type Confusion'), NULL Pointer Dereference, Use After Free, Double Free, Observable Discrepancy, Out-of-bounds Read
2. RISK EVALUATION

Exploitation of these vulnerabilities could allow an attacker to access or decrypt sensitive data, crash the device application, or cause a denial-of-service condition.

3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS

Hitachi Energy reports that the following products are affected:

  • PCU400: Version 6.5 K and prior
  • PCU400: Version 9.4.1 and prior
  • PCULogger: Version 1.1.0 and prior
3.2 VULNERABILITY OVERVIEW 3.2.1

There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or enact a denial-of-service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to only affect applications which have implemented their own functionality for retrieving CRLs over a network.

has been assigned to this vulnerability. A CVSS v3 base score of 7.4 has been calculated; the CVSS vector string is ().

3.2.2

An invalid pointer dereference on read can be triggered when an application tries to check a malformed DSA public key by the EVP_PKEY_public_check() function. This will most likely lead to an application crash. This function can be called on public keys supplied from untrusted sources which could allow an attacker to cause a denial-of-service attack. The TLS implementation in OpenSSL does not call this function but applications might call the function if there are additional security requirements imposed by standards such as FIPS 140-3.

has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is ().

3.2.3

An invalid pointer dereference on read can be triggered when an application tries to load malformed PKCS7 data with the d2i_PKCS7(), d2i_PKCS7_bio() or d2i_PKCS7_fp() functions. The result of the dereference is an application crash which could lead to a denial-of-service attack. The TLS implementation in OpenSSL does not call this function however third party applications might call these functions on untrusted data.

has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is ().

3.2.4

A NULL pointer can be dereferenced when signatures are being verified on PKCS7 signed or signedAndEnveloped data. In case the hash algorithm used for the signature is known to the OpenSSL library but the implementation of the hash algorithm is not available, the digest initialization will fail. There is a missing check for the return value from the initialization function which later leads to invalid usage of the digest API most likely leading to a crash. The unavailability of an algorithm can be caused by using FIPS enabled configuration of providers or more commonly by not loading the legacy provider. PKCS7 data is processed by the SMIME library calls and also by the time stamp (TS) library calls. The TLS implementation in OpenSSL does not call these functions, however third party applications would be affected if they call these functions to verify signatures on untrusted data.

has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is ().

3.2.5

The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications. The function receives a BIO from the caller, prepends a new BIO_f_asn1 filter BIO onto the front of it to form a BIO chain, and then returns the new head of the BIO chain to the caller. Under certain conditions, for example if a CMS recipient public key is invalid, the new filter BIO is freed and the function returns a NULL result indicating a failure. However, in this case, the BIO chain is not properly cleaned up and the BIO passed by the caller still retains internal pointers to the previously freed filter BIO. If the caller then goes on to call BIO_pop() on the BIO then a use-after-free will occur. This will most likely result in a crash. This scenario occurs directly in the internal function B64_write_ASN1() which may cause BIO_new_NDEF() to be called and will subsequently call BIO_pop() on the BIO. This internal function is in turn called by the public API functions PEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream, PEM_write_bio_PKCS7_stream, SMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7. Other public API functions that may be impacted by this include i2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream and i2d_PKCS7_bio_stream. The OpenSSL cms and smime command line applications are similarly affected.

has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is ().

3.2.6

The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the "name" (e.g. CERTIFICATE"), any header data and the payload data. If the function succeeds then the "name_out", "header" and "data" arguments are populated with pointers to buffers containing the relevant decoded data. The caller is responsible for freeing those buffers. It is possible to construct a PEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex() will return a failure code but will populate the header argument with a pointer to a buffer that has already been freed. If the caller also frees this buffer then a double free will occur. This will most likely lead to a crash. This could be exploited by an attacker who has the ability to supply malicious PEM files for parsing to achieve a denial-of-service attack. The functions PEM_read_bio() and PEM_read() are simple wrappers around PEM_read_bio_ex() and therefore these functions are also directly affected. These functions are also called indirectly by a number of other OpenSSL functions including PEM_X509_INFO_read_bio_ex() and SSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL internal uses of these functions are not vulnerable because the caller does not free the header argument if PEM_read_bio_ex() returns a failure code. These locations include the PEM_read_bio_TYPE() functions as well as the decoders introduced in OpenSSL 3.0. The OpenSSL asn1parse command line application is also impacted by this issue.

has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is ().

3.2.7

A timing-based side channel exists in the OpenSSL RSA decryption implementation which could be sufficient to recover plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption, an attacker would have to be able to send a very large number of trial messages for decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE. For example, in a TLS connection, RSA is commonly used by a client to send an encrypted pre-master secret to the server. An attacker that had observed a genuine connection between a client and a server could use this flaw to send trial messages to the server and record the time taken to process them. After a sufficiently large number of messages the attacker could recover the pre-master secret used for the original connection and thus be able to decrypt the application data sent over that connection.

has been assigned to this vulnerability. A CVSS v3 base score of 5.9 has been calculated; the CVSS vector string is ().

3.2.8

A read buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate verification despite failure to construct a path to a trusted issuer. The read buffer overrun might result in a crash which could lead to a denial-of-service attack. In theory it could also result in the disclosure of private memory contents (such as private keys, or sensitive plaintext) although we are not aware of any working exploit leading to memory contents disclosure as of the time of release of this advisory. In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects.

has been assigned to this vulnerability. A CVSS v3 base score of 4.9 has been calculated; the CVSS vector string is ().

3.3 BACKGROUND
  • CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing
  • COUNTRIES/AREAS DEPLOYED: Worldwide
  • COMPANY HEADQUARTERS LOCATION: Switzerland
3.4 RESEARCHER

A researcher from Dragos reported these vulnerabilities to Hitachi Energy.

4. MITIGATIONS

Hitachi Energy has identified the following specific workarounds and mitigations users can apply to reduce risk:

  • PCU400 versions 6.5 K and below: If IEC62351-3 secure for IEC104/DNP3 is used, then update to version 6.6.0 or later.
  • PCU400 versions 9.4.1 and below: If IEC62351-3 secure for IEC104/DNP3 is used, then update to version 9.4.2 or later.
  • PCULogger versions 1.1.0 and below: If the PCULogger program is used, then update to version 1.2.0* when available. This version is compatible with PCU400 9.4.2 and later.

For more information see the associated Hitachi Energy PSIRT security advisory 8dbd000213 .

Hitachi Energy recommends users implement recommended security practices and firewall configurations to help protect the process control network from attacks originating from outside the network. Process control systems should be physically protected from direct access by unauthorized personnel, have no direct connections to the Internet, and be separated from other networks by means of a firewall system with a minimal number of ports exposed. Process control systems should not be used for Internet surfing, instant messaging, or receiving e-mails. Portable computers and removable storage media should be carefully scanned for viruses before they are connected to a control system.

CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for on the ICS webpage on . Several CISA products detailing cyber defense best practices are available for reading and download, including .

CISA encourages organizations to implement recommended cybersecurity strategies for .

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at in the technical information paper, .

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.

5. UPDATE HISTORY
  • March 6, 2025: Initial Publication
CISA

CISA.gov
2 months ago

1. EXECUTIVE SUMMARY
  • CVSS v4 8.6
  • ATTENTION: Exploitable remotely/low attack complexity
  • Vendor: Hitachi Energy
  • Equipment: Relion 670/650/SAM600-IO
  • Vulnerability: Improper Handling of Insufficient Privileges
2. RISK EVALUATION

Successful exploitation of this vulnerability could allow anyone with user credentials to bypass the security controls enforced by the product.

3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS

Hitachi Energy reports the following products are affected:

  • Relion 670/650 series: Version 2.2.0 all revisions
  • Relion 670/650/SAM600-IO series: Version 2.2.1 all revisions up to but not including version 2.2.1.8.
  • Relion 670 series: Version 2.2.2 all revisions up to but not including 2.2.2.5
  • Relion 670 series: Version 2.2.3 revisions up to 2.2.3.4
  • Relion 670/650 series Version 2.2.4 all revisions up to but not including version 2.2.4.3.
  • Relion 670/650/SAM600-IO series: Version 2.2.5 up to revision 2.2.5.1
  • Relion 670/650 series: Version 2.1 all revisions up to but not including version 2.1.0.5
  • Relion 670 series: Version 2.0 all revisions up to but not including version 2.0.0.14.
  • Relion 650 series: Version 1.3 all revisions up to but not including version 1.3.0.8.
  • Relion 650 series: Version 1.2 all revisions
  • Relion 650 series: Version 1.1 all revisions
  • Relion 650 series: Version 1.0 all revisions
3.2 VULNERABILITY OVERVIEW 3.2.1

A vulnerability exists in the database schema inside the product. An attacker could exploit the vulnerability by gaining access to credentials of any account or to have access to a session ticket issued for an account. Then, through the configuration tool that accesses the proprietary Open Database Connectivity (ODBC) protocol (TCP 2102), the database table can be manipulated for privilege escalation, which then allows unauthorized modification or to permanently disabling of the device.

has been assigned to this vulnerability. A CVSS v3 base score of 7.2 has been calculated; the CVSS vector string is ().

A CVSS v4 score has also been calculated for . A base score of 8.6 has been calculated; the CVSS vector string is ().

3.3 BACKGROUND
  • CRITICAL INFRASTRUCTURE SECTORS: Energy
  • COUNTRIES/AREAS DEPLOYED: Worldwide
  • COMPANY HEADQUARTERS LOCATION: Switzerland
3.4 RESEARCHER

Hitachi Energy PSIRT reported this vulnerability to CISA.

4. MITIGATIONS

Hitachi Energy has identified the following recommended immediate actions for each affected version:

  • Relion 650 series Version 2.2.1, Relion 670 series Version 2.2.1, SAM600-IO series Version 2.2.1: Update to Relion 670/650/SAM600-IO series Version 2.2.1.8.
  • Relion 670 series Version 2.2.2: Update to Relion 670 series Version 2.2.2.5.
  • Relion 670 series Version 2.2.3: Update to Relion 670 series Version 2.2.3.5.
  • Relion 670 series Version 2.2.4, Relion 650 series Version 2.2.4: Update to Relion 670/650 series Version 2.2.4.3.
  • Relion 670 series Version 2.2.5, Relion 670 series Version 2.2.5, SAM600-IO series Version 2.2.5: Update to Relion 670/650/SAM600-IO series Version 2.2.5.2.
  • Relion 650 series Version 2.1.0, Relion 670 series Version 2.1.0: Update to Relion 670/650 series Version 2.1.0.5.
  • Relion 670 series Version 2.0.0: Update to Relion 670/650 series Version 2.0.0.14.
  • Relion 650 series Version 1.3.0.8: Update to Relion 650 series Version 1.3.0.8.
  • Relion 670 series Version 2.2.0, Relion 650 series Version 1.1.0, Relion 650 series Version 1.0.0: Refer to the general mitigation factors below.
  • Relion 650 series Version 1.2.0: Refer to the general mitigation factors below for the current mitigation strategy or upgrade to Relion 650 series Version 1.3.

For more information see the associated Hitachi Energy PSIRT security advisory 8DBD000058 .

Hitachi Energy recommends users implement recommended security practices and firewall configurations to help protect the process control network from attacks originating from outside the network. Process control systems should be physically protected from direct access by unauthorized personnel, have no direct connections to the Internet, and be separated from other networks by means of a firewall system with a minimal number of ports exposed. Open Database Connectivity (ODBC) protocol that is used for device configuration should be limited within the substation only. Process control systems should not be used for Internet surfing, instant messaging, or receiving e-mails. Portable computers and removable storage media should be carefully scanned for viruses before they are connected to a control system.

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for on the ICS webpage on . Several CISA products detailing cyber defense best practices are available for reading and download, including .

CISA encourages organizations to implement recommended cybersecurity strategies for .

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at in the technical information paper, .

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time.

5. UPDATE HISTORY
  • March 06, 2025: Initial Publication
CISA

CISA.gov
2 months ago

1. EXECUTIVE SUMMARY
  • CVSS v4 7.1
  • ATTENTION: Low attack complexity
  • Vendor: Carrier
  • Equipment: Block Load
  • Vulnerability: Uncontrolled Search Path Element
2. RISK EVALUATION

Successful exploitation of this vulnerability could allow a malicious actor to execute arbitrary code with escalated privileges .

3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS

The following Carrier product, which is a HVAC load calculation program, are affected:

  • Block Load: Version 4.00, v4.10 to 4.16
3.2 VUNERABILITY OVERVIEW 3.2.1

The vulnerability could allow a malicious actor to perform DLL hijacking and execute arbitrary code with escalated privileges.

has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is ().

A CVSS v4 score has also been calculated for . A base score of 7.1 has been calculated; the CVSS vector string is ().

3.3 BACKGROUND
  • CRITICAL INFRASTRUCTURE SECTORS: Commercial Facilities
  • COUNTRIES/AREAS DEPLOYED: United States
  • COMPANY HEADQUARTERS LOCATION: United States
3.4 RESEARCHER

Sahil Shah and Shuvrosayar Das reported this vulnerability to Carrier.

4. MITIGATIONS

Carrier recommends users to upgrade the product to .

If any issues arise, users are encouraged to contact Carrier directly.

For more information refer to .

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:

  • Minimize network exposure for all control system devices and/or systems, ensuring they are .
  • Locate control system networks and remote devices behind firewalls and isolating them from business networks.
  • When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for on the ICS webpage on . Several CISA products detailing cyber defense best practices are available for reading and download, including .

CISA encourages organizations to implement recommended cybersecurity strategies for .

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at in the technical information paper, .

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time.

5. UPDATE HISTORY
  • March 3, 2025: Initial Publication
CISA

CISA.gov
2 months ago

1. EXECUTIVE SUMMARY
  • CVSS v4 9.3
  • ATTENTION: Exploitable remotely/low attack complexity
  • Vendor: GMOD
  • Equipment: Apollo
  • Vulnerabilities: Incorrect Privilege Assignment, Relative Path Traversal, Missing Authentication for Critical Function, Generation of Error Message Containing Sensitive Information
2. RISK EVALUATION

Successful exploitation of these vulnerabilities could allow an attacker to escalate privileges, bypass authentication, upload malicious files, or disclose sensitive information.

3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS

The following GMOD products are affected:

  • Apollo: All versions prior to 2.8.0
3.2 VULNERABILITY OVERVIEW 3.2.1

The product does not have sufficient logical or access checks when updating a user's information. This could result in an attacker being able to escalate privileges for themselves or others.

has been assigned to this vulnerability. A CVSS v3.1 base score of 6.5 has been calculated; the CVSS vector string is ().

A CVSS v4 score has also been calculated for . A base score of 7.1 has been calculated; the CVSS vector string is ().

3.2.2

When uploading organism or sequence data via the web interface, the application will unzip and inspect the files and will not check for path traversal in supported archive types.

has been assigned to this vulnerability. A CVSS v3.1 base score of 9.8 has been calculated; the CVSS vector string is ().

A CVSS v4 score has also been calculated for . A base score of 9.3 has been calculated; the CVSS vector string is ().

3.2.3

Certain functionality within GMOD Apollo does not require authentication when passed with an administrative username

has been assigned to this vulnerability. A CVSS v3.1 base score of 9.8 has been calculated; the CVSS vector string is ().

A CVSS v4 score has also been calculated for . A base score of 9.3 has been calculated; the CVSS vector string is ().

3.2.4

After attempting to upload a file that does not meet pre-requisites, GMOD Apollo will respond with local path information disclosure

has been assigned to this vulnerability. A CVSS v3.1 base score of 5.3 has been calculated; the CVSS vector string is ().

A CVSS v4 score has also been calculated for . A base score of 6.9 has been calculated; the CVSS vector string is ().

3.3 BACKGROUND
  • CRITICAL INFRASTRUCTURE SECTORS: Food and Agriculture, Government Services and Facilities, Healthcare and Public Health
  • COUNTRIES/AREAS DEPLOYED: Worldwide
  • COMPANY HEADQUARTERS LOCATION: United States
3.4 RESEARCHER

CISA reported these vulnerabilities to GMOD.

4. MITIGATIONS

GMOD recommends users to update to the newest Version .

CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:

  • Minimize network exposure for all control system devices and/or systems, ensuring they are .
  • Locate control system networks and remote devices behind firewalls and isolating them from business networks.
  • When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for on the ICS webpage on . Several CISA products detailing cyber defense best practices are available for reading and download, including .

CISA encourages organizations to implement recommended cybersecurity strategies for .

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at in the technical information paper, .

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

No known public exploitation specifically targeting these vulnerabilities have been reported to CISA at this time.

5. UPDATE HISTORY
  • March 4, 2025: Initial Publication
CISA

CISA.gov
2 months ago

1. EXECUTIVE SUMMARY
  • CVSS v4 8.5
  • ATTENTION: Low attack complexity
  • Vendor: Delta Electronics
  • Equipment: CNCSoft-G2
  • Vulnerability: Heap-based Buffer Overflow
2. RISK EVALUATION

Successful exploitation of this vulnerability could allow an attacker to execute code remotely.

3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS

Delta Electronics reports that the following versions of CNCSoft-G2, a human-machine interface, are affected:

  • CNCSoft-G2: Versions V2.1.0.10 and prior
3.2 VULNERABILITY OVERVIEW 3.2.1

Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can manipulate users to visit a malicious page or file to leverage this vulnerability to execute code in the context of the current process.

has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is ().

A CVSS v4 score has also been calculated for . A base score of 8.5 has been calculated; the CVSS vector string is ().

3.3 BACKGROUND
  • CRITICAL INFRASTRUCTURE SECTORS: Energy, Critical Manufacturing
  • COUNTRIES/AREAS DEPLOYED: Worldwide
  • COMPANY HEADQUARTERS LOCATION: Taiwan
3.4 RESEARCHER

Trend Micro Zero Day Initiative reported this vulnerability to CISA.

4. MITIGATIONS

Delta Electronics recommends users

Delta Electronics published a product cybersecurity advisory for this issue.

For more information, please contact .

Delta Electronics recommends the following general cybersecurity practices:

  • Don't click on untrusted Internet links or open unsolicited attachments in emails.
  • Avoid exposing control systems and equipment to the Internet.
  • Place systems and devices behind a firewall and isolate them from the business network.
  • When remote access is required, use a secure access method, such as a virtual private network (VPN).

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for on the ICS webpage on . Several CISA products detailing cyber defense best practices are available for reading and download, including .

CISA encourages organizations to implement recommended cybersecurity strategies for .

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at in the technical information paper, .

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time. This vulnerability is not exploitable remotely.

5. UPDATE HISTORY
  • March 4, 2025: Initial Publication
CISA

CISA.gov
2 months ago

1. EXECUTIVE SUMMARY
  • CVSS v4 6.9
  • ATTENTION: Exploitable remotely/low attack complexity
  • Vendor: Hitachi Energy
  • Equipment: XMC20
  • Vulnerability: Relative Path Traversal
2. RISK EVALUATION

Successful exploitation of this vulnerability could allow an attacker to access files or directories outside the authorized scope.

3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS

Hitachi Energy reports that the following products are affected:

  • XMC20: R15A and prior including all subversions
  • XMC20: R15B
  • XMC20: R16A
  • XMC20: R16B Revision C (cent2_r16b04_02,
    co5ne_r16b04_02) and older including all subversions
3.2 VULNERABILITY OVERVIEW 3.2.1

Hitachi Energy is aware of a vulnerability that affects the XMC20. If exploited, an attacker could traverse the file system to access files or directories that would otherwise be inaccessible.

has been assigned to this vulnerability. A CVSS v3 base score of 4.9 has been calculated; the CVSS vector string is ().

A CVSS v4 score has also been calculated for  . A base score of 6.9 has been calculated; the CVSS vector string is ().

3.3 BACKGROUND
  • CRITICAL INFRASTRUCTURE SECTORS: Energy, Government Services and Facilities, Transportation Systems
  • COUNTRIES/AREAS DEPLOYED: Worldwide
  • COMPANY HEADQUARTERS LOCATION: Switzerland
3.4 RESEARCHER

Darius Pavelescu and Bernhard Rader from Limes Security reported this vulnerability to Hitachi Energy.

4. MITIGATIONS

Hitachi Energy has identified the following specific workarounds and mitigations users can apply to reduce risk:

  • XMC20 R16B Revision C (cent2_r16b04_02, co5ne_r16b04_02) and older including all subversions: Update to XMC20 R16B Revision D, version (cent2_r16b04_07, co5ne_r16b04_07) and apply general mitigation factors. (Hitachi Energy recommends that users apply the update at the earliest convenience.)
  • XMC20 R15B: Recommended to update to XMC20 R16B Revision D, version (cent2_r16b04_07, co5ne_r16b04_07) and apply general mitigation factors.
  • XMC20 R15A and older including all subversions, XMC20 R16A: EOL versions - no remediation will be available. Recommended to update to XMC20 R16B Revision D, version (cent2_r16b04_07, co5ne_r16b04_07) and apply general mitigation factors.

The following product versions have been fixed:

  • XMC20 R16B Revision D, version (cent2_r16b04_07, co5ne_r16b04_07) is a fixed version.

For more information see the associated security advisory .

Hitachi Energy recommends users implement recommended security practices and firewall configurations to help protect the process control network from attacks originating from outside the network. Process control systems should be physically protected from direct access by unauthorized personnel, have no direct connections to the Internet, and be separated from other networks by means of a firewall system with a minimal number of ports exposed. Process control systems should not be used for Internet surfing, instant messaging, or receiving e-mails. Portable computers and removable storage media should be carefully scanned for viruses before they are connected to a control system.

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for on the ICS webpage on . Several CISA products detailing cyber defense best practices are available for reading and download, including .

CISA encourages organizations to implement recommended cybersecurity strategies for .

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at in the technical information paper, .

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time.

5. UPDATE HISTORY
  • March 4, 2025: Initial Publication
CISA

CISA.gov
2 months ago

1. EXECUTIVE SUMMARY
  • CVSS v4 6.8
  • ATTENTION: Low Attack Complexity
  • Vendor: Hitachi Energy
  • Equipment: XMC20, ECST, UNEM
  • Vulnerability: Improper Validation of Certificate with Host Mismatch
2. RISK EVALUATION

Successful exploitation of this vulnerability could allow attackers to intercept or falsify data exchanges between the client and the server.

3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS

Hitachi Energy reports that the following products are affected:

  • XMC20: Versions prior to R16B
  • ECST: Versions prior to 16.2.1
  • UNEM: Versions prior to R15A
  • UNEM: R15A
  • UNEM: R15B PC4 and prior
  • UNEM: R16A
  • UNEM: R16B PC2 and prior
3.2 VULNERABILITY OVERVIEW 3.2.1

Hitachi Energy is aware of a vulnerability that affects the ECST client application which if exploited could allow attackers to intercept or falsify data exchanges between the client and the server.

has been assigned to this vulnerability. A CVSS v3 base score of 4.9 has been calculated; the CVSS vector string is ().

A CVSS v4 score has also been calculated for  . A base score of 6.8 has been calculated; the CVSS vector string is ().

3.3 BACKGROUND
  • CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing
  • COUNTRIES/AREAS DEPLOYED: Worldwide
  • COMPANY HEADQUARTERS LOCATION: Switzerland
3.4 RESEARCHER

Darius Pavelescu and Bernhard Rader from Limes Security reported this vulnerability to Hitachi Energy.

4. MITIGATIONS

Hitachi Energy has identified the following specific workarounds and mitigations users can apply to reduce risk:

  • UNEM R16B PC2 and earlier: Update to UNEM R16B PC3 or later and apply general mitigation factors.
  • UNEM R15B PC4 or prior: Update to UNEM R15B PC5 and apply general mitigation factors. (Update planned)
  • UNEM R16A, UNEM R15A: EOL versions - no fix will be available. Apply general mitigation factors. It should be noted that users with a UNEM R16A installation are entitled to an update to the UNEM R16B given the R16B is not in an inactive lifecycle state.
  • XMC20 less than R16B: Update to XMC20 R16B
  • ECST less than 16.2.1: Update to ECST_16.2.1

The following product versions have been fixed:

  • UNEM R16B PC3 or later is a fixed version.
  • UNEM R15B PC5 is a fixed version.
  • XMC20 R16B is a fixed version.
  • ECST 16.2.1 is a fixed version.

For more information see the associated security advisory .

Hitachi Energy recommends users implement recommended security practices and firewall configurations to help protect the process control network from attacks originating from outside the network. Process control systems should be physically protected from direct access by unauthorized personnel, have no direct connections to the Internet, and be separated from other networks by means of a firewall system with a minimal number of ports exposed. Process control systems should not be used for Internet surfing, instant messaging, or receiving e-mails. Portable computers and removable storage media should be carefully scanned for viruses before they are connected to a control system.

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for on the ICS webpage on . Several CISA products detailing cyber defense best practices are available for reading and download, including .

CISA encourages organizations to implement recommended cybersecurity strategies for .

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at in the technical information paper, .

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time. This vulnerability is not exploitable remotely.

5. UPDATE HISTORY
  • March 4, 2025: Initial Publication
CISA

CISA.gov
2 months ago

1. EXECUTIVE SUMMARY
  • CVSS v3 6.7
  • ATTENTION:
  • Vendor: Hitachi Energy
  • Equipment: MACH PS700
  • Vulnerability: Uncontrolled Search Path Element
2. RISK EVALUATION

Successful exploitation of this vulnerability could allow an attacker to escalate privileges and gain control over the software.

3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS

Hitachi Energy reports the following products are affected:

  • MACH PS700: Version v2
3.2 VULNERABILITY OVERVIEW 3.2.1

Uncontrolled search path element in some Intel(R) Chipset Device Software before Version 10.1.19444.8378 may allow an authenticated user to potentially enable escalation of privilege via local access.

has been assigned to this vulnerability. A CVSS v3 base score of 6.7 has been calculated; the CVSS vector string is ().

3.3 BACKGROUND
  • CRITICAL INFRASTRUCTURE SECTORS: Energy
  • COUNTRIES/AREAS DEPLOYED: Worldwide
  • COMPANY HEADQUARTERS LOCATION: Switzerland
3.4 RESEARCHER

Hitachi Energy PSIRT reported this vulnerability to CISA.

4. MITIGATIONS

Hitachi Energy has identified the following specific workarounds and mitigations users can apply to reduce risk:

  • MACH PS700 v2 System: Install patch scripts to safely remove the software causing the vulnerability. In addition, general mitigation factors are recommended. (Due to complexity of individual implementation of project, contact local account team for further information on possible remediation and mitigation strategies.)

For more information see the associated Hitachi Energy PSIRT security advisory 8DBD000208 .

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:

  • Minimize network exposure for all control system devices and/or systems, ensuring they are .
  • Locate control system networks and remote devices behind firewalls and isolating them from business networks.
  • When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs). Recognize VPNs may have vulnerabilities, should be updated to the most recent version available, and are only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for on the ICS webpage on . Several CISA products detailing cyber defense best practices are available for reading and download, including .

CISA encourages organizations to implement recommended cybersecurity strategies for .

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at in the technical information paper, .

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time. This vulnerability is not exploitable remotely. This vulnerability has a high attack complexity.

5. UPDATE HISTORY
  • March 04, 2025: Initial Publication
CISA

CISA.gov
2 months ago

1. EXECUTIVE SUMMARY
  • CVSS v4 9.3
  • ATTENTION: Exploitable remotely/low attack complexity/public exploits are available
  • Vendor: Edimax
  • Equipment: IC-7100 IP Camera
  • Vulnerability: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
2. RISK EVALUATION

Successful exploitation of this vulnerability could allow an attacker to send specially crafted requests to achieve remote code execution on the device.

3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS

The following versions of Edimax products are affected:

  • IC-7100 IP Camera: All versions
3.2 VULNERABILITY OVERVIEW 3.2.1

Edimax IC-7100 does not properly neutralize requests. An attacker can create specially crafted requests to achieve remote code execution on the device

has been assigned to this vulnerability. A CVSS v3.1 base score of 9.8 has been calculated; the CVSS vector string is ().

A CVSS v4 score has also been calculated for . A base score of 9.3 has been calculated; the CVSS vector string is ().

3.3 BACKGROUND
  • CRITICAL INFRASTRUCTURE SECTORS: Commercial Facilities Sector
  • COUNTRIES/AREAS DEPLOYED: Worldwide
  • COMPANY HEADQUARTERS LOCATION: Taiwan
3.4 RESEARCHER

Akamai SIRT reported this vulnerability to CISA.

4. MITIGATIONS

Edimax has not responded to CISA requests to coordinate the vulnerability. Affected users are encouraged to reach out to .

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:

  • Minimize network exposure for all control system devices and/or systems, ensuring they are .
  • Locate control system networks and remote devices behind firewalls and isolating them from business networks.
  • When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

CISA also provides a section for on the ICS webpage on . Several CISA products detailing cyber defense best practices are available for reading and download, including .

CISA encourages organizations to implement recommended cybersecurity strategies for .

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at in the technical information paper, .

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

5. UPDATE HISTORY
  • March 4, 2025: Initial Publication
CISA