IAVA Bulletins

For the second year in a row, at the invitation of the Montenegrin Government, an elite cyber team of U.S. service members is working alongside Montenegrin cyber defenders to counter malicious cyber actors on critical networks and platforms. Along with U.S. European Command, the U.S. Cyber Command team’s operations are part of U.S. efforts to persistently engage adversaries in cyberspace, working to protect critical infrastructure alongside valued partners and allies. These defense operations also generate insights into adversarial cyber threats to the upcoming U.S. and Montenegrin elections in 2020. <br/>

When it comes to conducting large-scale combat operations and putting boots on the ground, the<br/>

Following a successful nine-month pilot, Joint Force Headquarters–Department of Defense Information Network (JFHQ-DODIN) will officially launch its Cyber Operational Readiness Assessment program March 1.<br/> <img src='https://media.defense.gov/2024/Feb/28/2003401776/150/150/0/240227-D-PY362-1001.JPG' alt='CORA Overview Graphic' /> <br />

<p>CISA has added&nbsp;two&nbsp;new&nbsp;vulnerabilities&nbsp;to its&nbsp;<a href="https://www.cisa.gov/known-exploited-vulnerabilities-catalog">Known Exploited Vulnerabilities (KEV) Catalog</a>, based on evidence of active exploitation.&nbsp;</p> <ul> <li><a href="https://www.cve.org/CVERecord?id=CVE-2022-20775" target="_blank">CVE-2022-20775</a>&nbsp;Cisco&nbsp;Catalyst&nbsp;SD-WAN Path Traversal Vulnerability</li> <li><a href="https://www.cve.org/CVERecord?id=CVE-2026-20127" target="_blank">CVE-2026-20127</a>&nbsp;Cisco Catalyst SD-WAN Controller and Manager Authentication Bypass Vulnerability&nbsp;</li> </ul> <p>These&nbsp;types&nbsp;of vulnerabilities&nbsp;are&nbsp;frequent attack vectors&nbsp;for malicious cyber actors and pose&nbsp;significant risks to the federal enterprise.&nbsp;</p> <p><a href="https://www.cisa.gov/binding-operational-directive-22-01">Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities</a>&nbsp;established the KEV&nbsp;Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the&nbsp;<a href="https://www.cisa.gov/sites/default/files/publications/Reducing_the_Significant_Risk_of_Known_Exploited_Vulnerabilities_211103.pdf">BOD 22-01 Fact Sheet</a>&nbsp;for more information.&nbsp;</p> <p>Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing&nbsp;timely&nbsp;remediation of&nbsp;<a href="https://www.cisa.gov/known-exploited-vulnerabilities-catalog">KEV Catalog vulnerabilities</a>&nbsp;as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the&nbsp;<a href="https://www.cisa.gov/known-exploited-vulnerabilities">specified criteria</a>.</p>

<p><em>The purpose of this Alert is to provide resources for organizations with Cisco Software-Defined Wide-Area Networking (SD-WAN) systems, including Federal Civilian Executive Branch (FCEB) agencies, to address ongoing exploitation of multiple vulnerabilities. Notably, the Cybersecurity and Infrastructure Security Agency (CISA) has added&nbsp;</em><a href="https://www.cve.org/CVERecord?id=CVE-2026-20127" target="_blank"><em>CVE-2026-20127</em></a><em> and&nbsp;</em><a href="https://www.cve.org/CVERecord?id=CVE-2022-20775" target="_blank"><em>CVE-2022-20775</em></a><em> to its Known Exploited Vulnerabilities (KEV) Catalog on Feb. 25, 2026. As a result of the malicious cyber activity and vulnerabilities involving Cisco SD-WAN systems, CISA has outlined requirements for FCEB agencies in Emergency Directive (ED) 26-03 to inventory Cisco SD-WAN systems, update them, and assess compromise.</em></p> <p>CISA and partners have observed malicious cyber actors targeting and compromising Cisco SD-WAN systems of organizations, globally. These actors have been observed exploiting a previously undisclosed authentication bypass vulnerability, CVE-2026-20127, for initial access before escalating privileges using CVE-2022-20775 and establishing long-term persistence in Cisco SD-WAN systems.</p> <p>CISA, National Security Agency (NSA), and international partners Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC), Canadian Centre for Cyber Security (Cyber Centre), New Zealand National Cyber Security Centre (NCSC-NZ), and United Kingdom National Cyber Security Centre (NCSC-UK), hereafter the “authoring organizations,” strongly urge network defenders to immediately 1) inventory all in-scope Cisco SD-WAN systems, 2) collect artifacts, including virtual snapshots and logs off of SD-WAN systems to support threat hunt activities, 3) fully patch Cisco SD-WAN systems with available updates, 4) hunt for evidence of compromise, and 5) concurrently review Cisco’s latest security advisories, <a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-rpa-EHchtZk" target="_blank">Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability</a> and <a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v" target="_blank">Cisco Catalyst SD-WAN Vulnerabilities</a>, and implement <a href="https://sec.cloudapps.cisco.com/security/center/resources/Cisco-Catalyst-SD-WAN-HardeningGuide" target="_blank">Cisco’s SD-WAN Hardening Guidance</a>.<a href="#note1">¹</a></p> <p>To address malicious activity involving vulnerable Cisco SD-WAN systems, CISA issued <a href="https://www.cisa.gov/news-events/directives/ed-26-03-mitigate-vulnerabilities-cisco-sd-wan-systems">Emergency Directive 26-03: Mitigate Vulnerabilities in Cisco SD-WAN Systems</a>, which outlines requirements for FCEB agencies to inventory Cisco SD-WAN systems, update them, and assess compromise. Further, CISA released <a href="https://www.cisa.gov/news-events/directives/supplemental-direction-ed-26-03-hunt-and-hardening-guidance-cisco-sd-wan-systems">Supplemental Direction ED 26-03: Hunt and Hardening Guidance for Cisco SD-WAN Systems</a> to provide prescriptive actions for FCEB agencies.&nbsp;</p> <p>Cisco’s Catalyst SD-WAN Hardening Guide recommends that network defenders address:</p> <ul> <li><strong>Network perimeter controls</strong>: Ensure control components are behind a firewall, isolate virtual private network (VPN) 512 interfaces, and use internet protocol (IP) blocks for manually provisioned edge IPs.</li> <li><strong>SD-WAN manager access</strong>: Replace the self-signed certificate for the web user interface.</li> <li><strong>Control and data plane security</strong>: Use pairwise keys.</li> <li><strong>Session timeout</strong>: Limit to the shortest period possible.</li> <li><strong>Logging</strong>: Forward to a remote syslog server.</li> </ul> <p>CISA and the authoring organizations are providing the following resources: &nbsp;</p> <ul> <li>CISA: <a href="https://www.cisa.gov/news-events/directives/ed-26-03-mitigate-vulnerabilities-cisco-sd-wan-systems">Emergency Directive 26-03: Mitigate Vulnerabilities in Cisco SD-WAN Systems</a></li> <li>CISA: <a href="https://www.cisa.gov/news-events/directives/supplemental-direction-ed-26-03-hunt-and-hardening-guidance-cisco-sd-wan-systems">Supplemental Direction ED 26-03: Hunt and Hardening Guidance for Cisco SD-WAN Systems</a></li> <li>Cisco: <a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-rpa-EHchtZk" target="_blank">Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability</a></li> <li>Cisco: <a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v" target="_blank">Cisco Catalyst SD-WAN Vulnerabilities</a></li> <li>Cisco: <a href="https://sec.cloudapps.cisco.com/security/center/resources/Cisco-Catalyst-SD-WAN-HardeningGuide" target="_blank">Cisco Catalyst SD-WAN Hardening Guide</a></li> <li>ASD’s ACSC: <a href="https://www.cyber.gov.au/sites/default/files/2026-02/ACSC-led%20Cisco%20SD-WAN%20Hunt%20Guide.pdf" target="_blank">Cisco SD-WAN Threat Hunt Guide</a>, co-sealed by CISA, NSA, Cyber Centre, NCSC-NZ, and NCSC-UK. This guide, based on investigative data, supports network defenders’ detection of and response to the malicious actors’ threat activity</li> </ul> <h2><strong>Acknowledgements</strong></h2> <p>NSA, ASD’s ACSC, Cyber Centre, NCSC-NZ, and NCSC-UK contributed to this alert<strong>.</strong></p> <h2><strong>Disclaimer</strong></h2> <p>The information in this report is being provided “as is” for informational purposes only. CISA does not endorse any commercial entity, product, company, or service, including any entities, products, or services linked within this document. Any reference to specific commercial entities, products, processes, or services by service mark, trademark, manufacturer, or otherwise, does not constitute or imply endorsement, recommendation, or favoring by CISA. </p> <h2><strong>Notes</strong>&nbsp;</h2> <p><a class="ck-anchor" id="note1">1</a> Cisco Security, “Cisco Catalyst SD-WAN Hardening Guide,” last modified February 9, 2026, <a href="https://sec.cloudapps.cisco.com/security/center/resources/Cisco-Catalyst-SD-WAN-HardeningGuide" target="_blank">https://sec.cloudapps.cisco.com/security/center/resources/Cisco-Catalyst-SD-WAN-HardeningGuide</a></p>

ANNAPOLIS, Md. — U.S. Cyber Command hosted the second CyberRECon Symposium that showcased groundbreaking developments in cybersecurity and intelligence analysis with academic minds from around the country converging at the U.S. Naval Academy’s Alumni Hall to tackle some of the nation's toughest cyber challenges, April 17-18.<br/> <img src='https://media.defense.gov/2024/Apr/24/2003449094/150/150/0/240418-A-Q1826-1001.JPG' alt='A group photo of individuals holding plaques.' /> <br />

Cyber operators from U.S. Cyber Command’s Cyber National Mission Force recently returned from the command’s first-ever defensive cyber deployment to Zambia, bringing back strengthened collaborative ties with the partner and actionable insights to harden Zambian and U.S. networks. <br/> <img src='https://media.defense.gov/2024/May/22/2003470598/150/150/0/240522-A-QI826-001.JPG' alt='US Zambia Graphic' /> <br />

USCYBERCOM is hosting upcoming hiring events to fill Cyber Excepted Service positions, including two events Nov. 28 and Dec. 3.<br/>

FORT GEORGE E. MEADE, Md.-- In close coordination with the Security Service of Ukraine, USCYBERCOM’s<br/>

<p>CISA has added two new vulnerabilities to its <a href="https://www.cisa.gov/known-exploited-vulnerabilities-catalog">Known Exploited Vulnerabilities (KEV) Catalog</a>, based on evidence of active exploitation.</p> <ul> <li><a href="https://www.cve.org/CVERecord?id=CVE-2021-22175" target="_blank">CVE-2021-22175</a> GitLab Server-Side Request Forgery (SSRF) Vulnerability</li> <li><a href="https://www.cve.org/CVERecord?id=CVE-2026-22769" target="_blank">CVE-2026-22769</a> Dell RecoverPoint for Virtual Machines (RP4VMs) Use of Hard-coded Credentials Vulnerability</li> </ul> <p>These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.</p> <p><a href="https://www.cisa.gov/binding-operational-directive-22-01">Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities</a> established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the <a href="https://www.cisa.gov/sites/default/files/publications/Reducing_the_Significant_Risk_of_Known_Exploited_Vulnerabilities_211103.pdf">BOD 22-01 Fact Sheet</a> for more information.</p> <p>Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of <a href="https://www.cisa.gov/known-exploited-vulnerabilities-catalog">KEV Catalog vulnerabilities</a> as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the <a href="https://www.cisa.gov/known-exploited-vulnerabilities">specified criteria</a>.&nbsp;</p>

Ten years ago, on Jan. 17, 2014, the Cyber National Mission Force was activated as a subordinate unit to U.S. Cyber Command with a mission to plan, direct and synchronize cyberspace operations to deter, deny, and if necessary, defeat adversary cyber actors in order to Defend the Nation.<br/> <img src='https://media.defense.gov/2024/Jan/17/2003377273/150/150/0/221219-D-D0451-0010.JPG' alt='The Cyber National Mission Force seal' /> <br />

To better enable defense against malicious cyber actors, U.S. Cyber Command’s Cyber National Mission Force has identified and disclosed multiple open-source tools that Iranian intelligence actors are using in networks around the world.<br/>

<p>CISA has added one new vulnerability to its <a href="https://www.cisa.gov/known-exploited-vulnerabilities-catalog">Known Exploited Vulnerabilities (KEV) Catalog</a>, based on evidence of active exploitation.</p> <ul> <li><a href="https://www.cve.org/CVERecord?id=CVE-2025-68613" target="_blank">CVE-2025-68613</a> n8n Improper Control of Dynamically-Managed Code Resources Vulnerability</li> </ul> <p>This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise.</p> <p><a href="https://www.cisa.gov/binding-operational-directive-22-01">Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities</a> established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the <a href="https://www.cisa.gov/sites/default/files/publications/Reducing_the_Significant_Risk_of_Known_Exploited_Vulnerabilities_211103.pdf">BOD 22-01 Fact Sheet</a> for more information.</p> <p>Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of <a href="https://www.cisa.gov/known-exploited-vulnerabilities-catalog">KEV Catalog vulnerabilities</a> as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the <a href="https://www.cisa.gov/known-exploited-vulnerabilities">specified criteria</a>.<br>&nbsp;</p>

Yasuhide Nakayama, State Minister of Defense for Japan, visited U.S. Cyber Command at Ft. Meade on August 9, 2021 to meet with senior leaders.<br/> <img src='https://media.defense.gov/2021/Aug/11/2002828923/150/150/0/210809-D-LA132-0036.JPG' alt='U.S. Army Gen. Paul M. Nakasone, U.S. Cyber Command commander and National Security Agency director, greets the Honorable Yasuhide Nakayama, Japan Ministry of Defense, State Minister of Defense, at Fort George G. Meade, Md., Aug. 9, 2021.' /> <br />

“Shared threats, shared understanding”: U.S., Canada and Latvia conclude defensive Hunt Operations<br/> <img src='https://media.defense.gov/2023/May/10/2003219479/150/150/0/230510-D-D0451-0001.JPG' alt='Hunt Forward Latvia' /> <br />

POSTURE STATEMENT OF LIEUTENANT GENERAL WILLIAM J. HARTMAN, USA ACTING COMMANDER, UNITED STATES CYBER COMMAND BEFORE THE 119th CONGRESS SENATE COMMITTEE ON ARMED SERVICES SUBCOMMITTEE ON CYBERSECURITY 9 APRIL 2025<br/>

Sixteenth Air Force (Air Forces Cyber) served as the Air component command and U.S. representative for NATO’s annual Cyber Coalition exercise, Nov. 27–Dec. 1<br/> <img src='https://media.defense.gov/2023/Dec/06/2003369574/150/150/0/231130-F-YI823-1001.JPG' alt='Capt. Ryan Baity, (left) 33d Cyberspace Operations Squadron exercise lead, discusses cyber defense with 1st Lt. Tricia Dang, 834th COS mission element lead and Justin Connelley, 834th COS host analyst, during Cyber Coalition 2023, Joint Base San Antonio, Lackland, Nov. 30, 2023.' /> <br />

U.S. Cyber Command’s Cyber National Mission Force has rapidly evolved to meet the needs of the Nation and has participated in or responded to almost every national crisis the U.S. has faced.<br/>

Cyber leaders from across multiple sectors descended upon the National Defense University’s (NDU) campus to participate in the third annual Cyber Symposium hosted by U.S. Cyber Command on Dec. 5 of 2023. Co-sponsored with the NDU’s College of Information and Cyberspace (CIC), this iteration of the Cyber Symposium served as an opportunity to welcome a diverse group of cyber experts from government, the military, academia, and industry to engage in a rich conversation about the future of cyberspace and information with a strong focus on Artificial Intelligence (AI). <br/> <img src='https://media.defense.gov/2024/Jan/10/2003374062/150/150/0/231205-A-QI826-1001.JPG' alt='U.S. Army Gen. Paul M. Nakasone, commander of U.S. Cyber Command, gives his opening remarks a keynote speaker for the Cyber Symposium at the National Defense University in Washington D.C., December 5, 2023.' /> <br />

At the invitation of the Lithuanian government, U.S. Cyber Command’s Cyber National Mission Force deployed a hunt forward team to conduct defensive cyber operations alongside partner cyber forces, concluding in May. For three months, the U.S. cyber operators hunted for malicious cyber activity on key Lithuanian national defense systems and Ministry of Foreign Affairs’ networks alongside its allies. This was the first shared defensive cyber operation between Lithuanian cyber forces and CNMF in their country. <br/> <img src='https://media.defense.gov/2023/Aug/25/2003288387/150/150/0/230825-D-D0451-0001.JPG' alt='Lithuanian graphic' /> <br />

U.S. Cyber Command hosted its 10th annual Reserve Components (RC) Summit 20-21 August. The theme for the 2021 RC Summit was “Maximizing the Total Force Advantage,” which focuses on advancing the Total Force’s cyber warfighting capability.<br/> <img src='https://media.defense.gov/2021/Aug/26/2002840320/150/150/0/210820-D-LA132-0407.JPG' alt='U.S. Army General Paul M. Nakasone, U.S. Cyber Command commander and National Security Agency director, presents opening remarks for the 10th annual Reserve Component Summit at Fort George G. Meade, Md., Aug. 20, 2021.' /> <br />

Cyberspace is not governed by a central body, but by numerous government and non-governmental organizations across the globe. The cyber domain is not naturally occurring and is wholly dependent upon owned or leased technology on both government and commercial infrastructure providers for its existence and operation. Due to the ever-evolving technological aspects of the information environment, adversaries are continuously looking to disrupt and degrade the integrity of U.S. information networks and those of its allies and partners.<br/>

<p>CISA has added one new vulnerability to its <a href="https://www.cisa.gov/known-exploited-vulnerabilities-catalog" data-entity-type="node" data-entity-uuid="79453b83-86b9-4e2f-b1ec-abf73c6eb291" data-entity-substitution="canonical" title="Known Exploited Vulnerabilities Catalog">Known Exploited Vulnerabilities (KEV) Catalog</a>, based on evidence of active exploitation.</p> <ul> <li><a href="https://www.cve.org/CVERecord?id=CVE-2026-25108" target="_blank">CVE-2026-25108</a> Soliton Systems K.K. FileZen OS Command Injection Vulnerability</li> </ul> <p>This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise.</p> <p><a href="https://www.cisa.gov/binding-operational-directive-22-01">Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities</a> established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the <a href="https://www.cisa.gov/sites/default/files/publications/Reducing_the_Significant_Risk_of_Known_Exploited_Vulnerabilities_211103.pdf">BOD 22-01 Fact Sheet</a> for more information.</p> <p>Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of <a href="https://www.cisa.gov/known-exploited-vulnerabilities-catalog" data-entity-type="node" data-entity-uuid="79453b83-86b9-4e2f-b1ec-abf73c6eb291" data-entity-substitution="canonical" title="Known Exploited Vulnerabilities Catalog">KEV Catalog vulnerabilities</a> as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the <a href="https://www.cisa.gov/known-exploited-vulnerabilities" data-entity-type="node" data-entity-uuid="f2adba9a-0404-494c-a90c-4363a4a5c934" data-entity-substitution="canonical" title="Reducing the Significant Risk of Known Exploited Vulnerabilities">specified criteria</a>.</p>

<p><a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-055-03.json"><strong>View CSAF</strong></a></p> <h2>Summary</h2> <p><strong>Successful exploitation of these vulnerabilities could allow unauthenticated users to access and control edge devices, access cloud-based devices and user information without authentication, and pivot to other edge devices managed in the Gardyn cloud environment.</strong></p> <p>The following versions of Gardyn Home Kit are affected:</p> <ul> <li>Home Kit Firmware</li> <li>Gardyn Home Kit Mobile Application &lt;2.11.0 (CVE-2025-29628, CVE-2025-29629, CVE-2025-29631, CVE-2025-1242)</li> <li>Gardyn Home Kit Cloud API &lt;2.12.2026 (CVE-2025-29628, CVE-2025-29629, CVE-2025-29631, CVE-2025-1242)</li> </ul> <div class="csaf-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS</th> <th role="columnheader">Vendor</th> <th role="columnheader">Equipment</th> <th role="columnheader">Vulnerabilities</th> </tr> </thead> <tbody> <tr> <td>v3 9.1</td> <td>Gardyn</td> <td>Gardyn Home Kit</td> <td>Cleartext Transmission of Sensitive Information, Use of Default Credentials, Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'), Use of Hard-coded Credentials</td> </tr> </tbody> </table> </div> <h3>Background</h3> <ul> <li><strong>Critical Infrastructure Sectors: </strong>Food and Agriculture</li> <li><strong>Countries/Areas Deployed: </strong>United States</li> <li><strong>Company Headquarters Location: </strong>United States</li> </ul> <hr> <h2>Vulnerabilities</h2> <div class="csaf-accordion"> <p><a class="csaf-accordion-toggle-all" href="#">Expand All +</a></p> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2025-29628</a></h3> <div class="csaf-accordion-content"> <p>A Gardyn Azure IoT Hub connection string is downloaded over an insecure HTTP connection leaving the string vulnerable to interception and modification through a Man-in-the-Middle attack. This may result in the attacker capturing device credentials or taking control of vulnerable home kits.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-29628">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Gardyn Home Kit</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Gardyn</div> <div class="ics-version"><strong>Product Version:</strong><br>Gardyn Home Kit Firmware: &lt;master.619, Gardyn Gardyn Home Kit Mobile Application: &lt;2.11.0, Gardyn Gardyn Home Kit Cloud API: &lt;2.12.2026</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Mitigation</strong><br>Gardyn states that the relevant fixes are included in the latest version of the Gardyn mobile application. Users are required to run a supported version of the Gardyn App on their phone in order to access Gardyn services and devices.</p> <p><strong>Mitigation</strong><br>The current versions of the Gardyn App and the Gardyn Home firmware can be checked in the Gardyn App.</p> <p><strong>Mitigation</strong><br>For all vulnerabilities, Gardyn recommends users ensure their home kit devices are upgraded to firmware master.619 or later. Gardyn also recommends that users update their mobile application to the most recent version. Gardyn requests that users ensure their home kits have network connectivity in order to automatically download needed firmware updates. Unconnected devices will automatically update when configured with a working Internet connection.</p> <p><strong>Mitigation</strong><br>Further information on Gardyn security can be found here: https://mygardyn.com/security/</p> <p><strong>Mitigation</strong><br>Further customer support can be obtained from Gardyn at: support@mygardyn.com</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/319.html">CWE-319 Cleartext Transmission of Sensitive Information</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>8.3</td> <td>HIGH</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L">CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2025-29629</a></h3> <div class="csaf-accordion-content"> <p>The Gardyn Home Kit uses weak default credentials for secure shell access. This may result in attackers gaining access to exposed Gardyn Home Kits.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-29629">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Gardyn Home Kit</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Gardyn</div> <div class="ics-version"><strong>Product Version:</strong><br>Gardyn Home Kit Firmware: &lt;master.619, Gardyn Gardyn Home Kit Mobile Application: &lt;2.11.0, Gardyn Gardyn Home Kit Cloud API: &lt;2.12.2026</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Mitigation</strong><br>Gardyn states that the relevant fixes are included in the latest version of the Gardyn mobile application. Users are required to run a supported version of the Gardyn App on their phone in order to access Gardyn services and devices.</p> <p><strong>Mitigation</strong><br>The current versions of the Gardyn App and the Gardyn Home firmware can be checked in the Gardyn App.</p> <p><strong>Mitigation</strong><br>For all vulnerabilities, Gardyn recommends users ensure their home kit devices are upgraded to firmware master.619 or later. Gardyn also recommends that users update their mobile application to the most recent version. Gardyn requests that users ensure their home kits have network connectivity in order to automatically download needed firmware updates. Unconnected devices will automatically update when configured with a working Internet connection.</p> <p><strong>Mitigation</strong><br>Further information on Gardyn security can be found here: https://mygardyn.com/security/</p> <p><strong>Mitigation</strong><br>Further customer support can be obtained from Gardyn at: support@mygardyn.com</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/1392.html">CWE-1392 Use of Default Credentials</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>8.3</td> <td>HIGH</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L">CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2025-29631</a></h3> <div class="csaf-accordion-content"> <p>The Gardyn Home Kit is vulnerable to command injection through vulnerable methods that do not sanitize input before passing content to the operating system for execution. The vulnerability may allow an attacker to execute arbitrary operating system commands on a target Home Kit.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-29631">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Gardyn Home Kit</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Gardyn</div> <div class="ics-version"><strong>Product Version:</strong><br>Gardyn Home Kit Firmware: &lt;master.619, Gardyn Gardyn Home Kit Mobile Application: &lt;2.11.0, Gardyn Gardyn Home Kit Cloud API: &lt;2.12.2026</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Mitigation</strong><br>Gardyn states that the relevant fixes are included in the latest version of the Gardyn mobile application. Users are required to run a supported version of the Gardyn App on their phone in order to access Gardyn services and devices.</p> <p><strong>Mitigation</strong><br>The current versions of the Gardyn App and the Gardyn Home firmware can be checked in the Gardyn App.</p> <p><strong>Mitigation</strong><br>For all vulnerabilities, Gardyn recommends users ensure their home kit devices are upgraded to firmware master.619 or later. Gardyn also recommends that users update their mobile application to the most recent version. Gardyn requests that users ensure their home kits have network connectivity in order to automatically download needed firmware updates. Unconnected devices will automatically update when configured with a working Internet connection.</p> <p><strong>Mitigation</strong><br>For CVE-2025-29631: Gardyn is currently working on a full mitigation to address this vulnerability. As previously stated, Gardyn recommends that users ensure their devices are always updated to the most current firmware version.</p> <p><strong>Mitigation</strong><br>Further information on Gardyn security can be found here: https://mygardyn.com/security/</p> <p><strong>Mitigation</strong><br>Further customer support can be obtained from Gardyn at: support@mygardyn.com</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/78.html">CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>9.1</td> <td>CRITICAL</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2025-1242</a></h3> <div class="csaf-accordion-content"> <p>The administrative credentials can be extracted through application API responses, mobile application reverse engineering, and device firmware reverse engineering. The exposure may result in an attacker gaining full administrative access to the Gardyn IoT Hub exposing connected devices to malicious control.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-1242">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Gardyn Home Kit</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Gardyn</div> <div class="ics-version"><strong>Product Version:</strong><br>Gardyn Home Kit Firmware: &lt;master.619, Gardyn Gardyn Home Kit Mobile Application: &lt;2.11.0, Gardyn Gardyn Home Kit Cloud API: &lt;2.12.2026</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Mitigation</strong><br>Gardyn states that the relevant fixes are included in the latest version of the Gardyn mobile application. Users are required to run a supported version of the Gardyn App on their phone in order to access Gardyn services and devices.</p> <p><strong>Mitigation</strong><br>The current versions of the Gardyn App and the Gardyn Home firmware can be checked in the Gardyn App.</p> <p><strong>Mitigation</strong><br>For all vulnerabilities, Gardyn recommends users ensure their home kit devices are upgraded to firmware master.619 or later. Gardyn also recommends that users update their mobile application to the most recent version. Gardyn requests that users ensure their home kits have network connectivity in order to automatically download needed firmware updates. Unconnected devices will automatically update when configured with a working Internet connection.</p> <p><strong>Mitigation</strong><br>Further information on Gardyn security can be found here: https://mygardyn.com/security/</p> <p><strong>Mitigation</strong><br>Further customer support can be obtained from Gardyn at: support@mygardyn.com</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/798.html">CWE-798 Use of Hard-coded Credentials</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>9.1</td> <td>CRITICAL</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N</a></td> </tr> </tbody> </table> </div> </div> </div> </div> <hr> <h2>Acknowledgments</h2> <ul> <li>Michael Groberman reported these vulnerabilities to CISA</li> </ul> <hr> <h2>Legal Notice and Terms of Use</h2> <p>This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy &amp; Use policy (https://www.cisa.gov/privacy-policy).</p> <hr> <h2>Recommended Practices</h2> <p>CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:</p> <p>Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the Internet.</p> <p>Locate control system networks and remote devices behind firewalls and isolating them from business networks.</p> <p>When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.</p> <p>CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.</p> <p>CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.</p> <p>CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.</p> <p>Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.</p> <p>Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.</p> <p>No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.</p> <hr> <h2>Revision History</h2> <ul> <li><strong>Initial Release Date: </strong>2026-02-24</li> </ul> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">Date</th> <th role="columnheader">Revision</th> <th role="columnheader">Summary</th> </tr> </thead> <tbody> <tr> <td>2026-02-24</td> <td>1</td> <td>Initial Publication</td> </tr> </tbody> </table> <hr> <h2>Legal Notice and Terms of Use</h2>

<p><a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-055-01.json"><strong>View CSAF</strong></a></p> <h2>Summary</h2> <p><strong>Successful exploitation of these vulnerabilities may allow remote code execution.</strong></p> <p>The following versions of InSAT MasterSCADA BUK-TS are affected:</p> <ul> <li>MasterSCADA BUK-TS vers:all/* (CVE-2026-21410, CVE-2026-22553)</li> </ul> <div class="csaf-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS</th> <th role="columnheader">Vendor</th> <th role="columnheader">Equipment</th> <th role="columnheader">Vulnerabilities</th> </tr> </thead> <tbody> <tr> <td>v3 9.8</td> <td>InSAT</td> <td>InSAT MasterSCADA BUK-TS</td> <td>Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'), Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')</td> </tr> </tbody> </table> </div> <h3>Background</h3> <ul> <li><strong>Critical Infrastructure Sectors: </strong>Critical Manufacturing, Energy, Water and Wastewater</li> <li><strong>Countries/Areas Deployed: </strong>Worldwide</li> <li><strong>Company Headquarters Location: </strong>Russia</li> </ul> <hr> <h2>Vulnerabilities</h2> <div class="csaf-accordion"> <p><a class="csaf-accordion-toggle-all" href="#">Expand All +</a></p> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2026-21410</a></h3> <div class="csaf-accordion-content"> <p>InSAT MasterSCADA BUK-TS is susceptible to SQL Injection through its main web interface. Malicious users that use the vulnerable endpoint are potentially able to cause remote code execution.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-21410">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>InSAT MasterSCADA BUK-TS</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>InSAT</div> <div class="ics-version"><strong>Product Version:</strong><br>InSAT MasterSCADA BUK-TS: vers:all/*</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Mitigation</strong><br>InSAT has not responded to requests to work with CISA to mitigate these vulnerabilities. Users of the affected products are encouraged to contact info@insat.ru or scada@insat.ru for additional information.</p> <p><strong>Mitigation</strong><br>InSAT has not responded to requests to work with CISA to mitigate these vulnerabilities. Users of the affected products are encouraged to contact info@insat.ru or scada@insat.ru for additional information.</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/89.html">CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>9.8</td> <td>CRITICAL</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2026-22553</a></h3> <div class="csaf-accordion-content"> <p>All versions of InSAT MasterSCADA BUK-TS are susceptible to OS command injection through a field in its MMadmServ web interface. Malicious users that use the vulnerable endpoint are potentially able to cause remote code execution.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-22553">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>InSAT MasterSCADA BUK-TS</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>InSAT</div> <div class="ics-version"><strong>Product Version:</strong><br>InSAT MasterSCADA BUK-TS: vers:all/*</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Mitigation</strong><br>InSAT has not responded to requests to work with CISA to mitigate these vulnerabilities. Users of the affected products are encouraged to contact info@insat.ru or scada@insat.ru for additional information.</p> <p><strong>Mitigation</strong><br>InSAT has not responded to requests to work with CISA to mitigate these vulnerabilities. Users of the affected products are encouraged to contact info@insat.ru or scada@insat.ru for additional information.</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/78.html">CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>9.8</td> <td>CRITICAL</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H</a></td> </tr> </tbody> </table> </div> </div> </div> </div> <hr> <h2>Acknowledgments</h2> <ul> <li>Adem El Adeb reported these vulnerabilities to CISA</li> </ul> <hr> <h2>Legal Notice and Terms of Use</h2> <p>This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy &amp; Use policy (https://www.cisa.gov/privacy-policy).</p> <hr> <h2>Recommended Practices</h2> <p>CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:</p> <p>Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.</p> <p>Locate control system networks and remote devices behind firewalls and isolating them from business networks.</p> <p>When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.</p> <p>CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.</p> <p>CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.</p> <p>CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.</p> <p>Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.</p> <p>Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.</p> <p>No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.</p> <hr> <h2>Revision History</h2> <ul> <li><strong>Initial Release Date: </strong>2026-02-24</li> </ul> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">Date</th> <th role="columnheader">Revision</th> <th role="columnheader">Summary</th> </tr> </thead> <tbody> <tr> <td>2026-02-24</td> <td>1</td> <td>Initial Publication</td> </tr> </tbody> </table> <hr> <h2>Legal Notice and Terms of Use</h2>

<p><a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-055-02.json"><strong>View CSAF</strong></a></p> <h2>Summary</h2> <p><strong>Schneider Electric is aware of a vulnerability in EcoStruxure Building Operation Workstation and EcoStruxure Building Operation WebStation. [EcoStruxure Building Operation (EBO)](https://www.se.com/ww/en/product-range/62111-ecostruxure-building-operation-software/#overview) is an open and scalable software platform providing insight, control and management of multiple building systems and devices in one mobile-enabled convenient view. It delivers valuable data for decision-making to improve energy management and increase efficiency for better building performance and comfort, reduced carbon, and more sustainable building environments. Failure to apply the remediations below may risk exposure of local files or denial of service, which could result in data breaches, and operational disruptions.</strong></p> <p>The following versions of Schneider Electric EcoStruxure Building Operation Workstation are affected:</p> <ul> <li>EcoStruxure Building Operation Workstation vers:generic/&gt;=7.0.x|&lt;7.0.3.2000_(CP1), 7.0.3.2000_CP1, vers:generic/&gt;=6.x|&lt;6.0.4.14001_(CP10), 6.0.4.14001_CP10, vers:intdot/&gt;=7.0.x|&lt;7.0.2, 7.0.2, vers:generic/&gt;=6.0.x|&lt;6.0.4.7000_(CP5), 6.0.4.7000_CP5 (CVE-2026-1227, CVE-2026-1227, CVE-2026-1226, CVE-2026-1226)</li> <li>EcoStruxure Building Operation WebStation vers:generic/&gt;=7.0.x|&lt;7.0.3.2000_(CP1), 7.0.3.2000_CP1, vers:generic/&gt;=6.x|&lt;6.0.4.14001_(CP10), 6.0.4.14001_CP10, vers:intdot/&gt;=7.0.x|&lt;7.0.2, 7.0.2, vers:generic/&gt;=6.0.x|&lt;6.0.4.7000_(CP5), 6.0.4.7000_CP5 (CVE-2026-1227, CVE-2026-1227, CVE-2026-1226, CVE-2026-1226)</li> </ul> <div class="csaf-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS</th> <th role="columnheader">Vendor</th> <th role="columnheader">Equipment</th> <th role="columnheader">Vulnerabilities</th> </tr> </thead> <tbody> <tr> <td>v3 7.3</td> <td>Schneider Electric</td> <td>Schneider Electric EcoStruxure Building Operation Workstation</td> <td>Improper Restriction of XML External Entity Reference, Improper Control of Generation of Code ('Code Injection')</td> </tr> </tbody> </table> </div> <h3>Background</h3> <ul> <li><strong>Critical Infrastructure Sectors: </strong>Commercial Facilities, Energy, Government Services and Facilities, Healthcare and Public Health, Information Technology, Transportation Systems, Financial Services, Defense Industrial Base, Critical Manufacturing</li> <li><strong>Countries/Areas Deployed: </strong>Worldwide</li> <li><strong>Company Headquarters Location: </strong>France</li> </ul> <hr> <h2>Vulnerabilities</h2> <div class="csaf-accordion"> <p><a class="csaf-accordion-toggle-all" href="#">Expand All +</a></p> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2026-1227</a></h3> <div class="csaf-accordion-content"> <p>An improper restriction of XML external entity reference vulnerability exists that could result in unauthorized disclosure of local files, unauthorized interaction with the EBO system, or denial-of-service conditions. This occurs when a local user uploads a maliciously crafted TGML graphics file to the EBO server from Workstation.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-1227">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Schneider Electric EcoStruxure Building Operation Workstation</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Schneider Electric</div> <div class="ics-version"><strong>Product Version:</strong><br>EcoStruxure Building Operation Workstation All 7.0.x versions prior to 7.0.3.2000 (CP1), EcoStruxure Building Operation Workstation All 6.x versions prior to 6.0.4.14001 (CP10), EcoStruxure Building Operation WebStation All 7.0.x versions prior to 7.0.3.2000 (CP1), EcoStruxure Building Operation WebStation All 6.x versions prior to 6.0.4.14001 (CP10)</div> <div class="ics-status"><strong>Product Status:</strong><br>fixed, known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>The following versions of EcoStruxure Building Operation Workstation and EcoStruxure Building Operation WebStation include a fix for CVE-2026-1227: • 7.0.3.2000 (CP1) Step 1: Navigate to this link: https://www.se.com/myschneider/documentsDownloadCenter/detail?id=EBO-Patch-v7-0 Step 2: Download 'EcoStruxure Building Operation Patch v7.0' Step 3: Follow the installation instructions provided in the accompanying readme file. Additionally, ensure you are following the [EBO hardening guidelines](https://ecostruxure-building-help.se.com/bms/Topics/show.castle?id=14923&amp;productversion=7.1&amp;locale=en-US).</p> <p><strong>Vendor fix</strong><br>The following versions of EcoStruxure Building Operation Workstation and EcoStruxure Building Operation WebStation includes a fix for CVE-2026-1227: • 6.0.4.14001 (CP10) Step 1: Locate the appropriate version for your system here: https://www.se.com/myschneider/documentsDownloadCenter/detail?id=EBO-Patch-v6-0 Step 2: Download ‘EcoStruxure Building Operation Patch v6.0‘ Step 3: Follow the installation instructions provided in the accompanying readme file. Additionally, ensure you are following the [EBO hardening guidelines](https://ecostruxure-building-help.se.com/bms/Topics/show.castle?id=14923&amp;productversion=7.1&amp;locale=en-US).</p> <p><strong>Mitigation</strong><br>If customers choose not to apply the remediation provided above, they should immediately apply the following mitigations to reduce the risk of exploit: • Implement strong access controls to limit system access to authorized personnel. • Use multi factor authentication if using EBO version 7.0 or later. • Use firewalls to segregate networks and protect the building management system. • Regularly monitor system activity. • Ensure you are following [EBO hardening guidelines](https://ecostruxure-building-help.se.com/bms/Topics/show.castle?id=14923&amp;productversion=7.1&amp;locale=en-US).</p> <p><strong>Mitigation</strong><br>For more information see the associated Schneider Electric security advisory SEVD-2026-041-02, titled ‘Multiple Vulnerabilities on EcoStruxure Building Operation Workstation and EcoStruxure Building Operation WebStation‘. • PDF Version: [https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-041-02&amp;p_enDocType=Security+and+Safety+Notice&amp;p_File_Name=SEVD-2026-041-02.pdf](https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-041-02&amp;p_enDocType=Security+and+Safety+Notice&amp;p_File_Name=SEVD-2026-041-02.pdf) • CSAF Version: [https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-041-02&amp;p_enDocType=Security+and+Safety+Notice&amp;p_File_Name=sevd-2026-041-02.json](https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-041-02&amp;p_enDocType=Security+and+Safety+Notice&amp;p_File_Name=sevd-2026-041-02.json).</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/611.html">CWE-611 Improper Restriction of XML External Entity Reference</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>7.3</td> <td>HIGH</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H">CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2026-1226</a></h3> <div class="csaf-accordion-content"> <p>An improper control of generation of code vulnerability exists that could result in the execution of untrusted or unintended code within the application. This occurs when maliciously crafted design content is processed through a TGML graphics file.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-1226">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Schneider Electric EcoStruxure Building Operation Workstation</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Schneider Electric</div> <div class="ics-version"><strong>Product Version:</strong><br>EcoStruxure Building Operation Workstation All 7.0.x versions prior to 7.0.2, EcoStruxure Building Operation Workstation All 6.0.x versions prior to 6.0.4.7000 (CP5), EcoStruxure Building Operation Webstation All 7.0.x versions prior to 7.0.2, EcoStruxure Building Operation Webstation All 6.0.x versions prior to 6.0.4.7000 (CP5)</div> <div class="ics-status"><strong>Product Status:</strong><br>fixed, known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>The following versions of EcoStruxure Building Operation Workstation and EcoStruxure Building Operation WebStation include a fix for CVE-2026-1226:&nbsp; • 7.0.2 Step 1: Navigate to this link: https://www.se.com/myschneider/documentsDownloadCenter/detail?id=EBO-Patch-v7-0 Step 2: Download 'EcoStruxure Building Operation Patch v7.0' Step 3: Follow the installation instructions provided in the accompanying readme file. Additionally, ensure you are following the [EBO hardening guidelines](https://ecostruxure-building-help.se.com/bms/Topics/show.castle?id=14923&amp;productversion=7.1&amp;locale=en-US).</p> <p><strong>Vendor fix</strong><br>The following versions of EcoStruxure Building Operation Workstation and EcoStruxure Building Operation WebStation includes a fix for CVE-2026-1226: • 6.0.4.7000 (CP5) Step 1: Locate the appropriate version for your system here: https://www.se.com/myschneider/documentsDownloadCenter/detail?id=EBO-Patch-v6-0 Step 2: Download ‘EcoStruxure Building Operation Patch v6.0‘ Step 3: Follow the installation instructions provided in the accompanying readme file. Additionally, ensure you are following the [EBO hardening guidelines](https://ecostruxure-building-help.se.com/bms/Topics/show.castle?id=14923&amp;productversion=7.1&amp;locale=en-US).</p> <p><strong>Mitigation</strong><br>If customers choose not to apply the remediation provided above, they should immediately apply the following mitigations to reduce the risk of exploit: • Implement strong access controls to limit system access to authorized personnel. • Use multi factor authentication if using EBO version 7.0 or later. • Use firewalls to segregate networks and protect the building management system. • Regularly monitor system activity. • Ensure you are following [EBO hardening guidelines](https://ecostruxure-building-help.se.com/bms/Topics/show.castle?id=14923&amp;productversion=7.1&amp;locale=en-US).</p> <p><strong>Mitigation</strong><br>For more information see the associated Schneider Electric security advisory SEVD-2026-041-02, titled "Multiple Vulnerabilities on EcoStruxure Building Operation Workstation and EcoStruxure Building Operation WebStation". • PDF Version: [https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-041-02&amp;p_enDocType=Security+and+Safety+Notice&amp;p_File_Name=SEVD-2026-041-02.pdf](https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-041-02&amp;p_enDocType=Security+and+Safety+Notice&amp;p_File_Name=SEVD-2026-041-02.pdf) • CSAF Version: [https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-041-02&amp;p_enDocType=Security+and+Safety+Notice&amp;p_File_Name=sevd-2026-041-02.json](https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-041-02&amp;p_enDocType=Security+and+Safety+Notice&amp;p_File_Name=sevd-2026-041-02.json).</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/94.html">CWE-94 Improper Control of Generation of Code ('Code Injection')</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>7.3</td> <td>HIGH</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H">CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H</a></td> </tr> </tbody> </table> </div> </div> </div> </div> <hr> <h2>Acknowledgments</h2> <ul> <li>Pentest Limited reported these vulnerabilities to Schneider Electric.</li> <li>Robin Plugge reported these vulnerabilities to Schneider Electric.</li> </ul> <hr> <h2>General Security Recommendations</h2> <p>We strongly recommend the following industry cybersecurity best practices. * Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. * Install physical controls so no unauthorized personnel can access your industrial control and safety systems, components, peripheral equipment, and networks. * Place all controllers in locked cabinets and never leave them in the “Program” mode. * Never connect programming software to any network other than the network intended for that device. * Scan all methods of mobile data exchange with the isolated network such as CDs, USB drives, etc. before use in the terminals or any node connected to these networks. * Never allow mobile devices that have connected to any other network besides the intended network to connect to the safety or control networks without proper sanitation. * Minimize network exposure for all control system devices and systems and ensure that they are not accessible from the Internet. * When remote access is required, use secure methods, such as Virtual Private Networks (VPNs). Recognize that VPNs may have vulnerabilities and should be updated to the most current version available. Also, understand that VPNs are only as secure as the connected devices. For more information refer to the Schneider Electric [Recommended Cybersecurity Best Practices](https://www.se.com/us/en/download/document/7EN52-0390/) document.</p> <hr> <h2>For More Information</h2> <p>This document provides an overview of the identified vulnerability or vulnerabilities and actions required to mitigate. For more details and assistance on how to protect your installation, contact your local Schneider Electric representative or Schneider Electric Industrial Cybersecurity Services: https://www.se.com/ww/en/work/solutions/cybersecurity/. These organizations will be fully aware of this situation and can support you through the process. For further information related to cybersecurity in Schneider Electric's products, visit the company's cybersecurity support portal page: https://www.se.com/ww/en/work/support/cybersecurity/overview.jsp</p> <hr> <h2>LEGAL DISCLAIMER</h2> <p>THIS NOTIFICATION DOCUMENT, THE INFORMATION CONTAINED HEREIN, AND ANY MATERIALS LINKED FROM IT (COLLECTIVELY, THIS “NOTIFICATION”) ARE INTENDED TO HELP PROVIDE AN OVERVIEW OF THE IDENTIFIED SITUATION AND SUGGESTED MITIGATION ACTIONS, REMEDIATION, FIX, AND/OR GENERAL SECURITY RECOMMENDATIONS AND IS PROVIDED ON AN “AS-IS” BASIS WITHOUT WARRANTY OR GUARANTEE OF ANY KIND. SCHNEIDER ELECTRIC DISCLAIMS ALL WARRANTIES RELATING TO THIS NOTIFICATION, EITHER EXPRESS OR IMPLIED, INCLUDING WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. SCHNEIDER ELECTRIC MAKES NO WARRANTY THAT THE NOTIFICATION WILL RESOLVE THE IDENTIFIED SITUATION. IN NO EVENT SHALL SCHNEIDER ELECTRIC BE LIABLE FOR ANY DAMAGES OR LOSSES WHATSOEVER IN CONNECTION WITH THIS NOTIFICATION, INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF SCHNEIDER ELECTRIC HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. YOUR USE OF THIS NOTIFICATION IS AT YOUR OWN RISK, AND YOU ARE SOLELY LIABLE FOR ANY DAMAGES TO YOUR SYSTEMS OR ASSETS OR OTHER LOSSES THAT MAY RESULT FROM YOUR USE OF THIS NOTIFICATION. SCHNEIDER ELECTRIC RESERVES THE RIGHT TO UPDATE OR CHANGE THIS NOTIFICATION AT ANY TIME AND IN ITS SOLE DISCRETION</p> <hr> <h2>About Schneider Electric</h2> <p>Schneider's purpose is to create Impact by empowering all to make the most of our energy and resources, bridging progress and sustainability for all. We call this Life Is On. Our mission is to be the trusted partner in sustainability and efficiency. We are a global industrial technology leader bringing world-leading expertise in electrification, automation and digitization to smart industries, resilient infrastructure, future-proof data centers, intelligent buildings, and intuitive homes. Anchored by our deep domain expertise, we provide integrated end-to-end lifecycle AI enabled Industrial IoT solutions with connected products, automation, software and services, delivering digital twins to enable profitable growth for our customers. We are a people company with an ecosystem of 150,000 colleagues and more than a million partners operating in over 100 countries to ensure proximity to our customers and stakeholders. We embrace diversity and inclusion in everything we do, guided by our meaningful purpose of a sustainable future for all. www.se.com</p> <hr> <h2>Legal Notice and Terms of Use</h2> <p>This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy &amp; Use policy (https://www.cisa.gov/privacy-policy).</p> <hr> <h2>Recommended Practices</h2> <p>CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability: * Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet. * Locate control system networks and remote devices behind firewalls and isolate them from business networks. * When remote access is required, use more secure methods, such as virtual private networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.</p> <p>CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.</p> <p>CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies. (https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf)</p> <p>CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies. (https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf)</p> <p>Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.</p> <hr> <h2>Advisory Conversion Disclaimer</h2> <p>This ICSA is a verbatim republication of Schneider Electric SEVD-2026-041-02 from a direct conversion of the vendor's Common Security Advisory Framework (CSAF) advisory. This is republished to CISA's website as a means of increasing visibility and is provided "as-is" for informational purposes only. CISA is not responsible for the editorial or technical accuracy of republished advisories and provides no warranties of any kind regarding any information contained within this advisory. Further, CISA does not endorse any commercial product or service. Please contact Schneider Electric directly for any questions regarding this advisory.</p> <h2>Revision History</h2> <ul> <li><strong>Initial Release Date: </strong>2026-02-10</li> </ul> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">Date</th> <th role="columnheader">Revision</th> <th role="columnheader">Summary</th> </tr> </thead> <tbody> <tr> <td>2026-02-10</td> <td>1</td> <td>Original Release</td> </tr> <tr> <td>2026-02-24</td> <td>2</td> <td>Initial CISA Republication of Schneider Electric SEVD-2026-041-02 advisory</td> </tr> </tbody> </table> <hr> <h2>Legal Notice and Terms of Use</h2>

SUFFOLK, Va. — U.S. Cyber Command launched Cyber Flag 25-2 at the Joint Warfighting Center in Suffolk, Virginia on July 7. As the largest, recurring, multi-national cyber exercise, Cyber Flag brings together over 20 partner nations for the month-long event, focused on enhancing defensive cyber operations.<br/>

Following the creation of the Constellation pilot program launched in 2022 by U.S. Cyber Command and DARPA, the organizations recently signed a new binding agreement establishing the joint governance structure, roles, responsibilities, and budgeting goals to enable future planning.<br/> <img src='https://media.defense.gov/2024/May/21/2003469824/150/150/0/240414-F-QI826-001.JPG' alt='Lieutenant General Hartman sits at a table with DARPA director Stefanie Tompkins while members of the program gather behind them for a group photo.' /> <br />

The mission of U.S. Cyber Command (USCYBERCOM) is to plan and execute global cyber operations, activities, and missions to defend and advance national interests in collaboration with domestic and international partners across the full spectrum of competition and conflict.<br/>

<p>CISA has added four new vulnerabilities to its <a href="https://www.cisa.gov/known-exploited-vulnerabilities-catalog" data-entity-type="node" data-entity-uuid="79453b83-86b9-4e2f-b1ec-abf73c6eb291" data-entity-substitution="canonical" title="Known Exploited Vulnerabilities Catalog">Known Exploited Vulnerabilities (KEV) Catalog</a>, based on evidence of active exploitation.</p> <ul> <li><a href="https://www.cve.org/CVERecord?id=CVE-2008-0015" target="_blank">CVE-2008-0015</a> Microsoft Windows Video ActiveX Control Remote Code Execution Vulnerability</li> <li><a href="https://www.cve.org/CVERecord?id=CVE-2020-7796" target="_blank">CVE-2020-7796</a> Synacor Zimbra Collaboration Suite (ZCS) Server-Side Request Forgery Vulnerability</li> <li><a href="https://www.cve.org/CVERecord?id=CVE-2024-7694" target="_blank">CVE-2024-7694</a> TeamT5 ThreatSonar Anti-Ransomware Unrestricted Upload of File with Dangerous Type Vulnerability</li> <li><a href="https://www.cve.org/CVERecord?id=CVE-2026-2441" target="_blank">CVE-2026-2441</a> Google Chromium CSS Use-After-Free Vulnerability</li> </ul> <p>These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.</p> <p><a href="https://www.cisa.gov/binding-operational-directive-22-01">Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities</a> established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the <a href="https://www.cisa.gov/sites/default/files/publications/Reducing_the_Significant_Risk_of_Known_Exploited_Vulnerabilities_211103.pdf">BOD 22-01 Fact Sheet</a> for more information.</p> <p>Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of <a href="https://www.cisa.gov/known-exploited-vulnerabilities-catalog" data-entity-type="node" data-entity-uuid="79453b83-86b9-4e2f-b1ec-abf73c6eb291" data-entity-substitution="canonical" title="Known Exploited Vulnerabilities Catalog">KEV Catalog vulnerabilities</a> as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the <a href="https://www.cisa.gov/known-exploited-vulnerabilities" data-entity-type="node" data-entity-uuid="f2adba9a-0404-494c-a90c-4363a4a5c934" data-entity-substitution="canonical" title="Reducing the Significant Risk of Known Exploited Vulnerabilities">specified criteria</a>.&nbsp;</p>

<p><a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-048-02.json"><strong>View CSAF</strong></a></p> <h2>Summary</h2> <p><strong>Successful exploitation of this vulnerability may allow an attacker to write arbitrary data beyond the bounds of a stack-allocated buffer, leading to the corruption of a structured exception handler (SEH).</strong></p> <p>The following versions of Delta Electronics ASDA-Soft are affected:</p> <ul> <li>ASDA-Soft &lt;=7.2.0.0 (CVE-2026-1361)</li> </ul> <div class="csaf-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS</th> <th role="columnheader">Vendor</th> <th role="columnheader">Equipment</th> <th role="columnheader">Vulnerabilities</th> </tr> </thead> <tbody> <tr> <td>v3 7.8</td> <td>Delta Electronics</td> <td>Delta Electronics ASDA-Soft</td> <td>Stack-based Buffer Overflow</td> </tr> </tbody> </table> </div> <h3>Background</h3> <ul> <li><strong>Critical Infrastructure Sectors: </strong>Critical Manufacturing</li> <li><strong>Countries/Areas Deployed: </strong>Worldwide</li> <li><strong>Company Headquarters Location: </strong>Taiwan</li> </ul> <hr> <h2>Vulnerabilities</h2> <div class="csaf-accordion"> <p><a class="csaf-accordion-toggle-all" href="#">Expand All +</a></p> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2026-1361</a></h3> <div class="csaf-accordion-content"> <p>A stack-based buffer overflow vulnerability exists in ASDA_Soft version 7.2.0.0 when parsing .par files. The root cause is the improper validation of a user-controlled size parameter, which is checked incorrectly against the upper limits of the local buffer. This allows data to be written past the end of the buffer.</p> <p><a href="https://www.cve.org/CVERecord?id=CVE-2026-1361">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Delta Electronics ASDA-Soft</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Delta Electronics</div> <div class="ics-version"><strong>Product Version:</strong><br>Delta Electronics ASDA-Soft: &lt;=7.2.0.0</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Mitigation</strong><br>Delta has fixed this vulnerability and released a new version v7.2.2.0 at Delta Download Center (https://downloadcenter.deltaww.com/en-US/DownloadCenter?v=1&amp;q=asda-soft&amp;sort_expr=cdate&amp;sort_dir=DESC).<br><a href="https://downloadcenter.deltaww.com/en-US/DownloadCenter?v=1&amp;q=asda-soft&amp;sort_expr=cdate&amp;sort_dir=DESC">https://downloadcenter.deltaww.com/en-US/DownloadCenter?v=1&amp;q=asda-soft&amp;sort_expr=cdate&amp;sort_dir=DESC</a></p> <p><strong>Mitigation</strong><br>For more information, see Delta Electronics advisory Delta-PCSA-2026-00003 at https://www.deltaww.com/en-US/service-support/product-cybersecurity/advisory<br><a href="https://www.deltaww.com/en-US/service-support/product-cybersecurity/advisory">https://www.deltaww.com/en-US/service-support/product-cybersecurity/advisory</a></p> <p><strong>Mitigation</strong><br>Delta Electronics provides the following general recommendations: Do not click on untrusted internet links or open unsolicited attachments in emails. Avoid exposing control systems and equipment to the Internet. Place control system networks and remote devices behind firewalls, and isolate them from the business network. When remote access is required, use a secure access method, such as a virtual private network (VPN).<br>If you have any product-related support concerns, contact Delta via the portal page(https://www.deltaww.com/en-US/service-support/contact-us?type=1) for any information or materials you may require.<br><a href="https://www.deltaww.com/en-US/service-support/contact-us?type=1">https://www.deltaww.com/en-US/service-support/contact-us?type=1</a></p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/121.html">CWE-121 Stack-based Buffer Overflow</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>7.8</td> <td>HIGH</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H">CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H</a></td> </tr> </tbody> </table> </div> </div> </div> </div> <hr> <h2>Acknowledgments</h2> <ul> <li>nisu of Trend Research reported this vulnerability to CISA</li> </ul> <hr> <h2>Legal Notice and Terms of Use</h2> <p>This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy &amp; Use policy (https://www.cisa.gov/privacy-policy).</p> <hr> <h2>Recommended Practices</h2> <p>CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.</p> <p>CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.</p> <p>CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.</p> <p>Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.</p> <p>Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.</p> <p>No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time. This vulnerability is not exploitable remotely.</p> <hr> <h2>Revision History</h2> <ul> <li><strong>Initial Release Date: </strong>2026-02-17</li> </ul> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">Date</th> <th role="columnheader">Revision</th> <th role="columnheader">Summary</th> </tr> </thead> <tbody> <tr> <td>2026-02-17</td> <td>1</td> <td>Initial Publication.</td> </tr> </tbody> </table> <hr> <h2>Legal Notice and Terms of Use</h2>

<p><a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-048-03.json"><strong>View CSAF</strong></a></p> <h2>Summary</h2> <p><strong>Successful exploitation of these vulnerabilities may allow code execution with elevated privileges.</strong></p> <p>The following versions of GE Vernova Enervista UR Setup are affected:</p> <ul> <li>Enervista UR Setup &lt;8.70 (CVE-2026-1762, CVE-2026-1763)</li> </ul> <div class="csaf-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS</th> <th role="columnheader">Vendor</th> <th role="columnheader">Equipment</th> <th role="columnheader">Vulnerabilities</th> </tr> </thead> <tbody> <tr> <td>v3 7.8</td> <td>GE Vernova</td> <td>GE Vernova Enervista UR Setup</td> <td>Uncontrolled Search Path Element, Path Traversal: '.../...//'</td> </tr> </tbody> </table> </div> <h3>Background</h3> <ul> <li><strong>Critical Infrastructure Sectors: </strong>Critical Manufacturing, Energy, Water and Wastewater</li> <li><strong>Countries/Areas Deployed: </strong>Worldwide</li> <li><strong>Company Headquarters Location: </strong>United States</li> </ul> <hr> <h2>Vulnerabilities</h2> <div class="csaf-accordion"> <p><a class="csaf-accordion-toggle-all" href="#">Expand All +</a></p> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2026-1762</a></h3> <div class="csaf-accordion-content"> <p>The GE Vernova Enervista UR Setup Installer for versions prior to 8.70 are vulnerable to DLL hijacking. When running the installer in a location with unknown or untrusted DLLs, an attacker could obtain code execution with administrative privileges.</p> <p><a href="https://www.cve.org/CVERecord?id=CVE-2026-1762">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>GE Vernova Enervista UR Setup</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>GE Vernova</div> <div class="ics-version"><strong>Product Version:</strong><br>GE Vernova Enervista UR Setup: &lt;8.70</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>GE Vernova recommends affected users to use patched versions of Enervista UR Setup: Versions 8.70 or later (https://www.gevernova.com/grid-solutions/resources?prod=urfamily&amp;type=7).<br><a href="https://www.gevernova.com/grid-solutions/resources?prod=urfamily&amp;type=7">https://www.gevernova.com/grid-solutions/resources?prod=urfamily&amp;type=7</a></p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/427.html">CWE-427 Uncontrolled Search Path Element</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>7.8</td> <td>HIGH</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2026-1763</a></h3> <div class="csaf-accordion-content"> <p>GE Vernova Enervista UR Setup versions prior to 8.70 are vulnerable to directory traversal when opening certain firmware update files. This could allow an attacker to write to some files on the filesystem with the privileges of the logged-in user.</p> <p><a href="https://www.cve.org/CVERecord?id=CVE-2026-1763">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>GE Vernova Enervista UR Setup</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>GE Vernova</div> <div class="ics-version"><strong>Product Version:</strong><br>GE Vernova Enervista UR Setup: &lt;8.70</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>GE Vernova recommends affected users to use patched versions of Enervista UR Setup: Versions 8.70 or later (https://www.gevernova.com/grid-solutions/resources?prod=urfamily&amp;type=7).<br><a href="https://www.gevernova.com/grid-solutions/resources?prod=urfamily&amp;type=7">https://www.gevernova.com/grid-solutions/resources?prod=urfamily&amp;type=7</a></p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/35.html">CWE-35 Path Traversal: '.../...//'</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>3.3</td> <td>LOW</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N</a></td> </tr> </tbody> </table> </div> </div> </div> </div> <hr> <h2>Acknowledgments</h2> <ul> <li>Reid Wightman of Dragos reported these vulnerabilities to CISA</li> </ul> <hr> <h2>Legal Notice and Terms of Use</h2> <p>This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy &amp; Use policy (https://www.cisa.gov/privacy-policy).</p> <hr> <h2>Recommended Practices</h2> <p>CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:</p> <p>Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.</p> <p>Locate control system networks and remote devices behind firewalls and isolating them from business networks.</p> <p>When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.</p> <p>CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.</p> <p>CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.</p> <p>CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.</p> <p>Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.</p> <p>Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.</p> <p>No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time. These vulnerabilities are not exploitable remotely.</p> <hr> <h2>Revision History</h2> <ul> <li><strong>Initial Release Date: </strong>2026-02-17</li> </ul> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">Date</th> <th role="columnheader">Revision</th> <th role="columnheader">Summary</th> </tr> </thead> <tbody> <tr> <td>2026-02-17</td> <td>1</td> <td>Initial Publication</td> </tr> </tbody> </table> <hr> <h2>Legal Notice and Terms of Use</h2>

<p><a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-048-04.json"><strong>View CSAF</strong></a></p> <h2>Summary</h2> <p><strong>Successful exploitation of this vulnerability could lead to account takeovers and unauthorized access to camera feeds; an unauthenticated attacker may change the recovery email address, potentially leading to further network compromise.</strong></p> <p>The following versions of Honeywell CCTV Products are affected:</p> <ul> <li>I-HIB2PI-UL 2MP IP 6.1.22.1216 (CVE-2026-1670)</li> <li>SMB NDAA MVO-3 WDR_2MP_32M_PTZ_v2.0 (CVE-2026-1670)</li> <li>PTZ WDR 2MP 32M WDR_2MP_32M_PTZ_v2.0 (CVE-2026-1670)</li> <li>25M IPC WDR_2MP_32M_PTZ_v2.0 (CVE-2026-1670)</li> </ul> <div class="csaf-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS</th> <th role="columnheader">Vendor</th> <th role="columnheader">Equipment</th> <th role="columnheader">Vulnerabilities</th> </tr> </thead> <tbody> <tr> <td>v3 9.8</td> <td>Honeywell</td> <td>Honeywell CCTV Products</td> <td>Missing Authentication for Critical Function</td> </tr> </tbody> </table> </div> <h3>Background</h3> <ul> <li><strong>Critical Infrastructure Sectors: </strong>Commercial Facilities</li> <li><strong>Countries/Areas Deployed: </strong>Worldwide</li> <li><strong>Company Headquarters Location: </strong>United States</li> </ul> <hr> <h2>Vulnerabilities</h2> <div class="csaf-accordion"> <p><a class="csaf-accordion-toggle-all" href="#">Expand All +</a></p> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2026-1670</a></h3> <div class="csaf-accordion-content"> <p>The affected product is vulnerable to an unauthenticated API endpoint exposure, which may allow an attacker to remotely change the "forgot password" recovery email address.</p> <p><a href="https://www.cve.org/CVERecord?id=CVE-2026-1670">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Honeywell CCTV Products</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Honeywell</div> <div class="ics-version"><strong>Product Version:</strong><br>Honeywell I-HIB2PI-UL 2MP IP: 6.1.22.1216, Honeywell SMB NDAA MVO-3: WDR_2MP_32M_PTZ_v2.0, Honeywell PTZ WDR 2MP 32M: WDR_2MP_32M_PTZ_v2.0, Honeywell 25M IPC: WDR_2MP_32M_PTZ_v2.0</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Mitigation</strong><br>Honeywell recommends users contact Honeywell at https://www.honeywell.com/us/en/contact/support for patch information.<br><a href="https://www.honeywell.com/us/en/contact/support">https://www.honeywell.com/us/en/contact/support</a></p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/306.html">CWE-306 Missing Authentication for Critical Function</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>9.8</td> <td>CRITICAL</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H</a></td> </tr> </tbody> </table> </div> </div> </div> </div> <hr> <h2>Acknowledgments</h2> <ul> <li>Souvik Kandar reported this vulnerability to CISA</li> </ul> <hr> <h2>Legal Notice and Terms of Use</h2> <p>This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy &amp; Use policy (https://www.cisa.gov/privacy-policy).</p> <hr> <h2>Recommended Practices</h2> <p>CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:</p> <p>Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the Internet.</p> <p>Locate control system networks and remote devices behind firewalls and isolating them from business networks.</p> <p>When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.</p> <p>CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.</p> <p>CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.</p> <p>CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.</p> <p>Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.</p> <p>Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.</p> <p>CISA also recommends users take the following measures to protect themselves from social engineering attacks:</p> <p>Do not click web links or open attachments in unsolicited email messages.</p> <p>Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams.</p> <p>Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.</p> <p>No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time.</p> <hr> <h2>Revision History</h2> <ul> <li><strong>Initial Release Date: </strong>2026-02-17</li> </ul> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">Date</th> <th role="columnheader">Revision</th> <th role="columnheader">Summary</th> </tr> </thead> <tbody> <tr> <td>2026-02-17</td> <td>1</td> <td>Initial Publication</td> </tr> </tbody> </table> <hr> <h2>Legal Notice and Terms of Use</h2>

<p><a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-048-01.json"><strong>View CSAF</strong></a></p> <h2>Summary</h2> <p><strong>Siemens Simcenter Femap and Nastran is affected by multiple file parsing vulnerabilities that could be triggered when the application reads files in NDB and XDB formats. If a user is tricked to open a malicious file with any of the affected products, this could lead the application to crash or potentially lead to arbitrary code execution. Siemens has released new versions for the affected products and recommends to update to the latest versions.</strong></p> <p>The following versions of Siemens Simcenter Femap and Nastran are affected:</p> <ul> <li>Simcenter Femap vers:intdot/&lt;2512 (CVE-2026-23715, CVE-2026-23716, CVE-2026-23717, CVE-2026-23718, CVE-2026-23719, CVE-2026-23720)</li> <li>Simcenter Nastran vers:intdot/&lt;2512 (CVE-2026-23715, CVE-2026-23716, CVE-2026-23717, CVE-2026-23718, CVE-2026-23719, CVE-2026-23720)</li> </ul> <div class="csaf-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS</th> <th role="columnheader">Vendor</th> <th role="columnheader">Equipment</th> <th role="columnheader">Vulnerabilities</th> </tr> </thead> <tbody> <tr> <td>v3 7.8</td> <td>Siemens</td> <td>Siemens Simcenter Femap and Nastran</td> <td>Out-of-bounds Write, Out-of-bounds Read, Heap-based Buffer Overflow</td> </tr> </tbody> </table> </div> <h3>Background</h3> <ul> <li><strong>Critical Infrastructure Sectors: </strong>Critical Manufacturing</li> <li><strong>Countries/Areas Deployed: </strong>Worldwide</li> <li><strong>Company Headquarters Location: </strong>Germany</li> </ul> <hr> <h2>Vulnerabilities</h2> <div class="csaf-accordion"> <p><a class="csaf-accordion-toggle-all" href="#">Expand All +</a></p> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2026-23715</a></h3> <div class="csaf-accordion-content"> <p>The affected applications contains an out of bounds write vulnerability while parsing specially crafted XDB files. This could allow an attacker to execute code in the context of the current process.</p> <p><a href="https://www.cve.org/CVERecord?id=CVE-2026-23715">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Siemens Simcenter Femap and Nastran</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Siemens</div> <div class="ics-version"><strong>Product Version:</strong><br>Simcenter Femap, Simcenter Nastran</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Mitigation</strong><br>Do not open untrusted XDB files in affected applications</p> <p><strong>Vendor fix</strong><br>Update to V2512 or later version<br><a href="https://support.sw.siemens.com/product/275652363/">https://support.sw.siemens.com/product/275652363/</a></p> <p><strong>Vendor fix</strong><br>Update to V2512 or later version<br><a href="https://support.sw.siemens.com/product/289054037/">https://support.sw.siemens.com/product/289054037/</a></p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/787.html">CWE-787 Out-of-bounds Write</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>7.8</td> <td>HIGH</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H">CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2026-23716</a></h3> <div class="csaf-accordion-content"> <p>The affected applications contains an out of bounds read vulnerability while parsing specially crafted XDB files. This could allow an attacker to execute code in the context of the current process.</p> <p><a href="https://www.cve.org/CVERecord?id=CVE-2026-23716">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Siemens Simcenter Femap and Nastran</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Siemens</div> <div class="ics-version"><strong>Product Version:</strong><br>Simcenter Femap, Simcenter Nastran</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Mitigation</strong><br>Do not open untrusted XDB files in affected applications</p> <p><strong>Vendor fix</strong><br>Update to V2512 or later version<br><a href="https://support.sw.siemens.com/product/275652363/">https://support.sw.siemens.com/product/275652363/</a></p> <p><strong>Vendor fix</strong><br>Update to V2512 or later version<br><a href="https://support.sw.siemens.com/product/289054037/">https://support.sw.siemens.com/product/289054037/</a></p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/125.html">CWE-125 Out-of-bounds Read</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>7.8</td> <td>HIGH</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H">CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2026-23717</a></h3> <div class="csaf-accordion-content"> <p>The affected applications contains an out of bounds read vulnerability while parsing specially crafted XDB files. This could allow an attacker to execute code in the context of the current process.</p> <p><a href="https://www.cve.org/CVERecord?id=CVE-2026-23717">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Siemens Simcenter Femap and Nastran</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Siemens</div> <div class="ics-version"><strong>Product Version:</strong><br>Simcenter Femap, Simcenter Nastran</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Mitigation</strong><br>Do not open untrusted XDB files in affected applications</p> <p><strong>Vendor fix</strong><br>Update to V2512 or later version<br><a href="https://support.sw.siemens.com/product/275652363/">https://support.sw.siemens.com/product/275652363/</a></p> <p><strong>Vendor fix</strong><br>Update to V2512 or later version<br><a href="https://support.sw.siemens.com/product/289054037/">https://support.sw.siemens.com/product/289054037/</a></p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/125.html">CWE-125 Out-of-bounds Read</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>7.8</td> <td>HIGH</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H">CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2026-23718</a></h3> <div class="csaf-accordion-content"> <p>The affected applications contains an out of bounds read vulnerability while parsing specially crafted NDB files. This could allow an attacker to execute code in the context of the current process.</p> <p><a href="https://www.cve.org/CVERecord?id=CVE-2026-23718">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Siemens Simcenter Femap and Nastran</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Siemens</div> <div class="ics-version"><strong>Product Version:</strong><br>Simcenter Femap, Simcenter Nastran</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Mitigation</strong><br>Do not open untrusted XDB files in affected applications</p> <p><strong>Vendor fix</strong><br>Update to V2512 or later version<br><a href="https://support.sw.siemens.com/product/275652363/">https://support.sw.siemens.com/product/275652363/</a></p> <p><strong>Vendor fix</strong><br>Update to V2512 or later version<br><a href="https://support.sw.siemens.com/product/289054037/">https://support.sw.siemens.com/product/289054037/</a></p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/125.html">CWE-125 Out-of-bounds Read</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>7.8</td> <td>HIGH</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H">CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2026-23719</a></h3> <div class="csaf-accordion-content"> <p>The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted NDB files. This could allow an attacker to execute code in the context of the current process.</p> <p><a href="https://www.cve.org/CVERecord?id=CVE-2026-23719">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Siemens Simcenter Femap and Nastran</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Siemens</div> <div class="ics-version"><strong>Product Version:</strong><br>Simcenter Femap, Simcenter Nastran</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Mitigation</strong><br>Do not open untrusted NDB files in affected applications</p> <p><strong>Vendor fix</strong><br>Update to V2512 or later version<br><a href="https://support.sw.siemens.com/product/275652363/">https://support.sw.siemens.com/product/275652363/</a></p> <p><strong>Vendor fix</strong><br>Update to V2512 or later version<br><a href="https://support.sw.siemens.com/product/289054037/">https://support.sw.siemens.com/product/289054037/</a></p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/122.html">CWE-122 Heap-based Buffer Overflow</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>7.8</td> <td>HIGH</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H">CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2026-23720</a></h3> <div class="csaf-accordion-content"> <p>The affected applications contains an out of bounds read vulnerability while parsing specially crafted NDB files. This could allow an attacker to execute code in the context of the current process.</p> <p><a href="https://www.cve.org/CVERecord?id=CVE-2026-23720">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Siemens Simcenter Femap and Nastran</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Siemens</div> <div class="ics-version"><strong>Product Version:</strong><br>Simcenter Femap, Simcenter Nastran</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Mitigation</strong><br>Do not open untrusted NDB files in affected applications</p> <p><strong>Vendor fix</strong><br>Update to V2512 or later version<br><a href="https://support.sw.siemens.com/product/275652363/">https://support.sw.siemens.com/product/275652363/</a></p> <p><strong>Vendor fix</strong><br>Update to V2512 or later version<br><a href="https://support.sw.siemens.com/product/289054037/">https://support.sw.siemens.com/product/289054037/</a></p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/125.html">CWE-125 Out-of-bounds Read</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>7.8</td> <td>HIGH</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H">CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H</a></td> </tr> </tbody> </table> </div> </div> </div> </div> <hr> <h2>Acknowledgments</h2> <ul> <li>Siemens ProductCERT reported these vulnerabilities to CISA.</li> <li>Michael Heinzl reported these vulnerabilities Siemens.</li> </ul> <hr> <h2>General Recommendations</h2> <p>As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals. Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity</p> <hr> <h2>Additional Resources</h2> <p>For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories</p> <hr> <h2>Terms of Use</h2> <p>The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.</p> <hr> <h2>Legal Notice and Terms of Use</h2> <p>This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy &amp; Use policy (https://www.cisa.gov/privacy-policy).</p> <hr> <h2>Recommended Practices</h2> <p>CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.</p> <p>Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.</p> <p>Locate control system networks and remote devices behind firewalls and isolate them from business networks.</p> <p>When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.</p> <p>CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.</p> <p>CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.</p> <p>CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.</p> <p>Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.</p> <hr> <h2>Advisory Conversion Disclaimer</h2> <p>This ICSA is a verbatim republication of Siemens ProductCERT SSA-965753 from a direct conversion of the vendor's Common Security Advisory Framework (CSAF) advisory. This is republished to CISA's website as a means of increasing visibility and is provided "as-is" for informational purposes only. CISA is not responsible for the editorial or technical accuracy of republished advisories and provides no warranties of any kind regarding any information contained within this advisory. Further, CISA does not endorse any commercial product or service. Please contact Siemens ProductCERT directly for any questions regarding this advisory.</p> <h2>Revision History</h2> <ul> <li><strong>Initial Release Date: </strong>2026-02-10</li> </ul> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">Date</th> <th role="columnheader">Revision</th> <th role="columnheader">Summary</th> </tr> </thead> <tbody> <tr> <td>2026-02-10</td> <td>1</td> <td>Publication Date</td> </tr> <tr> <td>2026-02-17</td> <td>2</td> <td>Initial CISA Republication of Siemens ProductCERT SSA-965753 advisory</td> </tr> </tbody> </table> <hr> <h2>Legal Notice and Terms of Use</h2>

As the U.S. Air Force’s competition force, 16th Air Force (Air Forces CYBER) cultivates air and space superiority by integrating space into all warfighting functions to enhance integrated deterrence. This integration unifies 16th Air Force’s mission support with Space Operations Command to grow readiness. <br/> <img src='https://media.defense.gov/2024/Jan/16/2003377268/150/150/0/231115-F-CT549-1039.JPG' alt='A photo of service members walking towards a building.' /> <br />

U.S. Cyber Command’s Cyber National Mission Force recently concluded their second defensive hunt operation to Lithuania, building upon relationships and experiences from their previous deployment to the country in May 2022. U.S. cyber operators spent months alongside their counterparts from Lithuania’s Information Technology and Communications Department, part of the country’s Ministry of the Interior. The teams analyzed key networks, identified and prioritized by the partner, for evidence of malicious cyber activity while identifying vulnerabilities.<br/> <img src='https://media.defense.gov/2023/Sep/12/2003298675/150/150/0/230912-D-D0451-0001.JPG' alt='US Lithuania Graphic' /> <br />

<p><a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-069-01.json"><strong>View CSAF</strong></a></p> <h2>Summary</h2> <p><strong>Successful exploitation of these vulnerabilities could allow an attacker to take control of the device or view camera feeds.</strong></p> <p>The following versions of Apeman Cameras are affected:</p> <ul> <li>ID71 vers:all/* (CVE-2025-11126, CVE-2025-11851, CVE-2025-11852)</li> </ul> <div class="csaf-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS</th> <th role="columnheader">Vendor</th> <th role="columnheader">Equipment</th> <th role="columnheader">Vulnerabilities</th> </tr> </thead> <tbody> <tr> <td>v3 9.8</td> <td>Apeman</td> <td>Apeman Cameras</td> <td>Insufficiently Protected Credentials, Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), Missing Authentication for Critical Function</td> </tr> </tbody> </table> </div> <h3>Background</h3> <ul> <li><strong>Critical Infrastructure Sectors: </strong>Commercial Facilities</li> <li><strong>Countries/Areas Deployed: </strong>Worldwide</li> <li><strong>Company Headquarters Location: </strong>China</li> </ul> <hr> <h2>Vulnerabilities</h2> <div class="csaf-accordion"> <p><a class="csaf-accordion-toggle-all" href="#">Expand All +</a></p> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2025-11126</a></h3> <div class="csaf-accordion-content"> <p>A security flaw has been discovered in Apeman ID71 218.53.203.117. This vulnerability affects unknown code of the file /system/www/system.ini. The attack may be performed from remote. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-11126">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Apeman Cameras</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Apeman</div> <div class="ics-version"><strong>Product Version:</strong><br>Apeman ID71: vers:all/*</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Mitigation</strong><br>Apeman did not respond to CISAs request for coordination. Users are encouraged to reach out to Apeman for support https://apemans.com/pages/contactus</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/522.html">CWE-522 Insufficiently Protected Credentials</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>9.8</td> <td>CRITICAL</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2025-11851</a></h3> <div class="csaf-accordion-content"> <p>A vulnerability has been found in Apeman ID71 EN75.8.53.20. The affected element is an unknown function of the file /set_alias.cgi. Such manipulation of the argument alias leads to cross site scripting. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-11851">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Apeman Cameras</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Apeman</div> <div class="ics-version"><strong>Product Version:</strong><br>Apeman ID71: vers:all/*</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Mitigation</strong><br>Apeman did not respond to CISAs request for coordination. Users are encouraged to reach out to Apeman for support https://apemans.com/pages/contactus</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/79.html">CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>3.5</td> <td>LOW</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N">CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2025-11852</a></h3> <div class="csaf-accordion-content"> <p>A vulnerability was found in Apeman ID71 218.53.203.117. The impacted element is an unknown function of the file /onvif/device_service of the component ONVIF Service. Performing manipulation results in missing authentication. The attack is possible to be carried out remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-11852">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Apeman Cameras</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Apeman</div> <div class="ics-version"><strong>Product Version:</strong><br>Apeman ID71: vers:all/*</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Mitigation</strong><br>Apeman did not respond to CISAs request for coordination. Users are encouraged to reach out to Apeman for support https://apemans.com/pages/contactus</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/306.html">CWE-306 Missing Authentication for Critical Function</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>5.3</td> <td>MEDIUM</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N</a></td> </tr> </tbody> </table> </div> </div> </div> </div> <hr> <h2>Acknowledgments</h2> <ul> <li>CISA discovered the PoCs (Proof of Concept) as authored by Julio Urena</li> </ul> <hr> <h2>Legal Notice and Terms of Use</h2> <p>This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy &amp; Use policy (https://www.cisa.gov/privacy-policy).</p> <hr> <h2>Recommended Practices</h2> <p>CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:</p> <p>Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.</p> <p>Locate control system networks and remote devices behind firewalls and isolating them from business networks.</p> <p>When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.</p> <p>CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.</p> <p>CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.</p> <p>CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.</p> <p>Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.</p> <p>Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.</p> <p>CISA also recommends users take the following measures to protect themselves from social engineering attacks:</p> <p>Do not click web links or open attachments in unsolicited email messages.</p> <p>Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams.</p> <p>Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.</p> <p>No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.</p> <hr> <h2>Revision History</h2> <ul> <li><strong>Initial Release Date: </strong>2026-03-10</li> </ul> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">Date</th> <th role="columnheader">Revision</th> <th role="columnheader">Summary</th> </tr> </thead> <tbody> <tr> <td>2026-03-10</td> <td>1</td> <td>Initial Publication</td> </tr> </tbody> </table> <hr> <h2>Legal Notice and Terms of Use</h2>

<p><a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-069-04.json"><strong>View CSAF</strong></a></p> <h2>Summary</h2> <p><strong>Successful exploitation of this vulnerability could result in arbitrary file upload to the target equipment.</strong></p> <p>The following versions of Ceragon Siklu MultiHaul and EtherHaul Series are affected:</p> <ul> <li>MultiHaul MH-B100-CCS</li> <li>MultiHaul MH-T200-CCC</li> <li>MultiHaul MH-T200-CNN</li> <li>MultiHaul MH-T201-CNN</li> <li>EtherHaul EH-8010FX</li> <li>EtherHaul EH-500TX</li> <li>EtherHaul EH-600TX</li> <li>EtherHaul EH-614TX</li> <li>EtherHaul EH-700TX</li> <li>EtherHaul EH-710TX</li> <li>EtherHaul EH-1200TX</li> <li>EtherHaul EH-1200FX</li> <li>EtherHaul EH-2200FX</li> <li>EtherHaul EH-2500FX</li> <li>EtherHaul EH-5500FD</li> </ul> <div class="csaf-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS</th> <th role="columnheader">Vendor</th> <th role="columnheader">Equipment</th> <th role="columnheader">Vulnerabilities</th> </tr> </thead> <tbody> <tr> <td>v3 5.3</td> <td>Ceragon</td> <td>Ceragon Siklu MultiHaul and EtherHaul Series</td> <td>Unrestricted Upload of File with Dangerous Type</td> </tr> </tbody> </table> </div> <h3>Background</h3> <ul> <li><strong>Critical Infrastructure Sectors: </strong>Communications</li> <li><strong>Countries/Areas Deployed: </strong>Worldwide</li> <li><strong>Company Headquarters Location: </strong>Israel</li> </ul> <hr> <h2>Vulnerabilities</h2> <div class="csaf-accordion"> <p><a class="csaf-accordion-toggle-all" href="#">Expand All +</a></p> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2025-57176</a></h3> <div class="csaf-accordion-content"> <p>The rfpiped service on TCP port 555 in Ceragon Networks / Siklu Communication EtherHaul and MultiHaul Series microwave antennas allow unauthenticated file uploads to any writable location on the device. File upload packets use weak encryption (metadata only) with file contents transmitted in cleartext. No authentication or path validation is performed.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-57176">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Ceragon Siklu MultiHaul and EtherHaul Series</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Ceragon</div> <div class="ics-version"><strong>Product Version:</strong><br>Ceragon MultiHaul MH-B100-CCS: &lt;R2.4.0, Ceragon MultiHaul MH-T200-CCC: &lt;R2.4.0, Ceragon MultiHaul MH-T200-CNN: &lt;R2.4.0, Ceragon MultiHaul MH-T201-CNN: &lt;R2.4.0, Ceragon EtherHaul EH-8010FX: &lt;R10.8.1, Ceragon EtherHaul EH-500TX: &lt;R7.7.12, Ceragon EtherHaul EH-600TX: &lt;R7.7.12, Ceragon EtherHaul EH-614TX: &lt;R7.7.12, Ceragon EtherHaul EH-700TX: &lt;R7.7.12, Ceragon EtherHaul EH-710TX: &lt;R7.7.12, Ceragon EtherHaul EH-1200TX: &lt;R7.7.12, Ceragon EtherHaul EH-1200FX: &lt;R7.7.12, Ceragon EtherHaul EH-2200FX: &lt;R7.7.12, Ceragon EtherHaul EH-2500FX: &lt;R7.7.12, Ceragon EtherHaul EH-5500FD: &lt;R7.7.12</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>Ceragon has released a software update for the affected models:</p> <p><strong>Vendor fix</strong><br>Affected users should install firmware version R2.4.0 for affected MultiHaul models.</p> <p><strong>Vendor fix</strong><br>Affected users should install firmware version R10.8.1 for the affected EH-8010FX model.</p> <p><strong>Vendor fix</strong><br>Affected users should install firmware version R7.7.12 for other affected EtherHaul models.</p> <p><strong>Mitigation</strong><br>Additionally Ceragon has provided the following security recommendations for mitigating the listed vulnerability. To prevent exposure, management access must follow standard operator security guidelines:</p> <p><strong>Mitigation</strong><br>Management IP addresses must use private subnets (RFC 1918)</p> <p><strong>Mitigation</strong><br>Management networks must be protected by: *-* Firewalls *-* Access Control Lists *-* Network Access Translation / Secure management domains</p> <p><strong>Mitigation</strong><br>Firewalls</p> <p><strong>Mitigation</strong><br>Access Control Lists</p> <p><strong>Mitigation</strong><br>Network Access Translation / Secure management domains</p> <p><strong>Mitigation</strong><br>Public exposure of management IP Addresses is not supported nor recommendedCeragon requests that affected users please verify that all affected radio units:</p> <p><strong>Mitigation</strong><br>Use private management IP addresses only</p> <p><strong>Mitigation</strong><br>Are placed behind internal security controls</p> <p><strong>Mitigation</strong><br>Follow your organization's authentication and access-control policies</p> <p><strong>Mitigation</strong><br>Please visit the Ceragon portal here: https://portal.ceragon.com/ (login required) for further information.</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/434.html">CWE-434 Unrestricted Upload of File with Dangerous Type</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>5.3</td> <td>MEDIUM</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N</a></td> </tr> </tbody> </table> </div> </div> </div> </div> <hr> <h2>Acknowledgments</h2> <ul> <li>CISA discovered a public Proof of Concept (PoC) as authored by semaja22 and reported it to Ceragon</li> </ul> <hr> <h2>Legal Notice and Terms of Use</h2> <p>This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy &amp; Use policy (https://www.cisa.gov/privacy-policy).</p> <hr> <h2>Recommended Practices</h2> <p>CISA recommends users take defensive measures to minimize the risk of exploitation of this (these) vulnerability(ies), such as:</p> <p>When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.</p> <p>CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.</p> <p>CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.</p> <p>CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.</p> <p>Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.</p> <p>Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.</p> <p>No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time.</p> <hr> <h2>Revision History</h2> <ul> <li><strong>Initial Release Date: </strong>2026-03-10</li> </ul> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">Date</th> <th role="columnheader">Revision</th> <th role="columnheader">Summary</th> </tr> </thead> <tbody> <tr> <td>2026-03-10</td> <td>1</td> <td>Initial Publication</td> </tr> </tbody> </table> <hr> <h2>Legal Notice and Terms of Use</h2>

<p><a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-069-03.json"><strong>View CSAF</strong></a></p> <h2>Summary</h2> <p><strong>Successful exploitation of this vulnerability could allow an unauthorized attacker to access controller management settings, control components, disclose information, or cause a denial-of-service condition.</strong></p> <p>The following versions of Honeywell IQ4x BMS Controller are affected:</p> <ul> <li>IQ4E &gt;=Firmware_v3.50_3.44|&lt;4.36_build_4.3.7.9 (CVE-2026-3611)</li> <li>IQ412 &gt;=Firmware_v3.50_3.44|&lt;4.36_build_4.3.7.9 (CVE-2026-3611)</li> <li>IQ422 &gt;=Firmware_v3.50_3.44|&lt;4.36_build_4.3.7.9 (CVE-2026-3611)</li> <li>IQ4NC &gt;=Firmware_v3.50_3.44|&lt;4.36_build_4.3.7.9 (CVE-2026-3611)</li> <li>IQ41x &gt;=Firmware_v3.50_3.44|&lt;4.36_build_4.3.7.9 (CVE-2026-3611)</li> <li>IQ3 &gt;=Firmware_v3.50_3.44|&lt;4.36_build_4.3.7.9 (CVE-2026-3611)</li> <li>IQECO &gt;=Firmware_v3.50_3.44|&lt;4.36_build_4.3.7.9 (CVE-2026-3611)</li> </ul> <div class="csaf-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS</th> <th role="columnheader">Vendor</th> <th role="columnheader">Equipment</th> <th role="columnheader">Vulnerabilities</th> </tr> </thead> <tbody> <tr> <td>v3 10</td> <td>Honeywell</td> <td>Honeywell IQ4x BMS Controller</td> <td>Missing Authentication for Critical Function</td> </tr> </tbody> </table> </div> <h3>Background</h3> <ul> <li><strong>Critical Infrastructure Sectors: </strong>Commercial Facilities, Critical Manufacturing, Government Services and Facilities, Healthcare and Public Health</li> <li><strong>Countries/Areas Deployed: </strong>Worldwide</li> <li><strong>Company Headquarters Location: </strong>United States</li> </ul> <hr> <h2>Vulnerabilities</h2> <div class="csaf-accordion"> <p><a class="csaf-accordion-toggle-all" href="#">Expand All +</a></p> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2026-3611</a></h3> <div class="csaf-accordion-content"> <p>The Honeywell IQ4x building management controller, exposes its full web-based HMI without authentication in its factory-default configuration. With no user module configured, security is disabled by design and the system operates under a System Guest (level 100) context, granting read/write privileges to any party able to reach the HTTP interface. Authentication controls are only enforced after a web user is created via U.htm, which dynamically enables the user module. Because this function is accessible prior to authentication, a remote user can create a new account with administrative read/write permissions enabling the user module and imposing authentication under attacker-controlled credentials. This action can effectively lock legitimate operators out of local and web-based configuration and administration.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-3611">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Honeywell IQ4x BMS Controller</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Honeywell</div> <div class="ics-version"><strong>Product Version:</strong><br>Honeywell IQ4E: &gt;=Firmware_v3.50_3.44|&lt;4.36_build_4.3.7.9, Honeywell IQ412: &gt;=Firmware_v3.50_3.44|&lt;4.36_build_4.3.7.9, Honeywell IQ422: &gt;=Firmware_v3.50_3.44|&lt;4.36_build_4.3.7.9, Honeywell IQ4NC: &gt;=Firmware_v3.50_3.44|&lt;4.36_build_4.3.7.9, Honeywell IQ41x: &gt;=Firmware_v3.50_3.44|&lt;4.36_build_4.3.7.9, Honeywell IQ3: &gt;=Firmware_v3.50_3.44|&lt;4.36_build_4.3.7.9, Honeywell IQECO: &gt;=Firmware_v3.50_3.44|&lt;4.36_build_4.3.7.9</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Mitigation</strong><br>Honeywell is aware of the issue, but has not released a fix. For more information, contact Honeywell directly. https://www.honeywell.com/us/en/contact.</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/306.html">CWE-306 Missing Authentication for Critical Function</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>10</td> <td>CRITICAL</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H</a></td> </tr> </tbody> </table> </div> </div> </div> </div> <hr> <h2>Acknowledgments</h2> <ul> <li>Gjoko Krstic of Zero Science reported this vulnerability to Honeywell</li> </ul> <hr> <h2>Legal Notice and Terms of Use</h2> <p>This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy &amp; Use policy (https://www.cisa.gov/privacy-policy).</p> <hr> <h2>Recommended Practices</h2> <p>CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:</p> <p>Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.</p> <p>Locate control system networks and remote devices behind firewalls and isolating them from business networks.</p> <p>When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.</p> <p>CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.</p> <p>CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.</p> <p>CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.</p> <p>Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.</p> <p>Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.</p> <p>CISA also recommends users take the following measures to protect themselves from social engineering attacks:</p> <p>Do not click web links or open attachments in unsolicited email messages.</p> <p>Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams.</p> <p>Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.</p> <p>No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time.</p> <hr> <h2>Revision History</h2> <ul> <li><strong>Initial Release Date: </strong>2026-03-10</li> </ul> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">Date</th> <th role="columnheader">Revision</th> <th role="columnheader">Summary</th> </tr> </thead> <tbody> <tr> <td>2026-03-10</td> <td>1</td> <td>Initial Publication</td> </tr> </tbody> </table> <hr> <h2>Legal Notice and Terms of Use</h2>

<p><a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-069-02.json"><strong>View CSAF</strong></a></p> <h2>Summary</h2> <p><strong>Successful exploitation of these vulnerabilities could allow an attacker to bypass authentication and execute code with root-level privileges.</strong></p> <p>The following versions of Lantronix EDS3000PS and EDS5000 are affected:</p> <ul> <li>EDS3000PS 3.1.0.0R2 (CVE-2025-67039, CVE-2025-70082, CVE-2025-67041)</li> <li>EDS5000 2.1.0.0R3 (CVE-2025-67034, CVE-2025-67035, CVE-2025-67036, CVE-2025-67037, CVE-2025-67038)</li> </ul> <div class="csaf-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS</th> <th role="columnheader">Vendor</th> <th role="columnheader">Equipment</th> <th role="columnheader">Vulnerabilities</th> </tr> </thead> <tbody> <tr> <td>v3 9.8</td> <td>Lantronix</td> <td>Lantronix EDS3000PS and EDS5000</td> <td>Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'), Authentication Bypass Using an Alternate Path or Channel, Unverified Password Change</td> </tr> </tbody> </table> </div> <h3>Background</h3> <ul> <li><strong>Critical Infrastructure Sectors: </strong>Communications, Information Technology, Critical Manufacturing</li> <li><strong>Countries/Areas Deployed: </strong>Worldwide</li> <li><strong>Company Headquarters Location: </strong>United States</li> </ul> <hr> <h2>Vulnerabilities</h2> <div class="csaf-accordion"> <p><a class="csaf-accordion-toggle-all" href="#">Expand All +</a></p> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2025-67034</a></h3> <div class="csaf-accordion-content"> <p>An issue was discovered in Lantronix EDS5000 2.1.0.0R3. An authenticated attacker can inject OS commands into the "name" parameter when deleting SSL credentials through the management interface. Injected commands are executed with root privileges.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-67034">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Lantronix EDS3000PS and EDS5000</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Lantronix</div> <div class="ics-version"><strong>Product Version:</strong><br>Lantronix EDS5000: 2.1.0.0R3</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>For vulnerabilities CVE-2025-67034, CVE-2025-67035, CVE-2025-67036, CVE-2025-67037, CVE-2025-67038 Lantronix recommends users upgrade to EDS5000 version 2.2.0.0R1. The patch can be found here: https://ltrxdev.atlassian.net/wiki/spaces/LTRXTS/pages/2538438657/Latest+Firmware+for+the+EDS5000+series+EDS5008+EDS5016+EDS5032.</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/78.html">CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>7.2</td> <td>HIGH</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H">CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2025-67035</a></h3> <div class="csaf-accordion-content"> <p>An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The SSH Client and SSH Server pages are affected by multiple OS injection vulnerabilities due to missing sanitization of input parameters. An attacker can inject arbitrary commands in delete actions of various objects, such as server keys, users, and known hosts. Commands are executed with root privileges.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-67035">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Lantronix EDS3000PS and EDS5000</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Lantronix</div> <div class="ics-version"><strong>Product Version:</strong><br>Lantronix EDS5000: 2.1.0.0R3</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>For vulnerabilities CVE-2025-67034, CVE-2025-67035, CVE-2025-67036, CVE-2025-67037, CVE-2025-67038 Lantronix recommends users upgrade to EDS5000 version 2.2.0.0R1. The patch can be found here: https://ltrxdev.atlassian.net/wiki/spaces/LTRXTS/pages/2538438657/Latest+Firmware+for+the+EDS5000+series+EDS5008+EDS5016+EDS5032.</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/78.html">CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>7.2</td> <td>HIGH</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H">CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2025-67036</a></h3> <div class="csaf-accordion-content"> <p>An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The Log Info page allows users to see log files by specifying their names. Due to a missing sanitization in the file name parameter, an authenticated attacker can inject arbitrary OS commands that are executed with root privileges.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-67036">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Lantronix EDS3000PS and EDS5000</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Lantronix</div> <div class="ics-version"><strong>Product Version:</strong><br>Lantronix EDS5000: 2.1.0.0R3</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>For vulnerabilities CVE-2025-67034, CVE-2025-67035, CVE-2025-67036, CVE-2025-67037, CVE-2025-67038 Lantronix recommends users upgrade to EDS5000 version 2.2.0.0R1. The patch can be found here: https://ltrxdev.atlassian.net/wiki/spaces/LTRXTS/pages/2538438657/Latest+Firmware+for+the+EDS5000+series+EDS5008+EDS5016+EDS5032.</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/78.html">CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>7.2</td> <td>HIGH</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H">CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2025-67037</a></h3> <div class="csaf-accordion-content"> <p>An issue was discovered in Lantronix EDS5000 2.1.0.0R3. An authenticated attacker can inject OS commands into the "tunnel" parameter when killing a tunnel connection. Injected commands are executed with root privileges.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-67037">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Lantronix EDS3000PS and EDS5000</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Lantronix</div> <div class="ics-version"><strong>Product Version:</strong><br>Lantronix EDS5000: 2.1.0.0R3</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>For vulnerabilities CVE-2025-67034, CVE-2025-67035, CVE-2025-67036, CVE-2025-67037, CVE-2025-67038 Lantronix recommends users upgrade to EDS5000 version 2.2.0.0R1. The patch can be found here: https://ltrxdev.atlassian.net/wiki/spaces/LTRXTS/pages/2538438657/Latest+Firmware+for+the+EDS5000+series+EDS5008+EDS5016+EDS5032.</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/78.html">CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>7.2</td> <td>HIGH</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H">CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2025-67038</a></h3> <div class="csaf-accordion-content"> <p>An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The HTTP RPC module executes a shell command to write logs when user's authentication fails. The username is directly concatenated with the command without any sanitization. This allow attackers to inject arbitrary OS commands into the username parameter. Injected commands are executed with root privileges.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-67038">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Lantronix EDS3000PS and EDS5000</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Lantronix</div> <div class="ics-version"><strong>Product Version:</strong><br>Lantronix EDS5000: 2.1.0.0R3</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>For vulnerabilities CVE-2025-67034, CVE-2025-67035, CVE-2025-67036, CVE-2025-67037, CVE-2025-67038 Lantronix recommends users upgrade to EDS5000 version 2.2.0.0R1. The patch can be found here: https://ltrxdev.atlassian.net/wiki/spaces/LTRXTS/pages/2538438657/Latest+Firmware+for+the+EDS5000+series+EDS5008+EDS5016+EDS5032.</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/78.html">CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>9.8</td> <td>CRITICAL</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2025-67039</a></h3> <div class="csaf-accordion-content"> <p>An issue was discovered in Lantronix EDS3000PS 3.1.0.0R2. The authentication on management pages can be bypassed by appending a specific suffix to the URL and by sending an Authorization header that uses "admin" as the username.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-67039">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Lantronix EDS3000PS and EDS5000</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Lantronix</div> <div class="ics-version"><strong>Product Version:</strong><br>Lantronix EDS3000PS: 3.1.0.0R2</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>For vulnerabilities CVE-2025-67039, CVE-2025-70082, and CVE-2025-67041, Lantronix recommends users upgrade to EDS3000PS version 3.2.0.0R2. The patch can be found here: https://ltrxdev.atlassian.net/wiki/spaces/LTRXTS/pages/1349189633/Latest+Firmware+for+the+EDS3000PS+series.</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/288.html">CWE-288 Authentication Bypass Using an Alternate Path or Channel</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>9.8</td> <td>CRITICAL</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2025-70082</a></h3> <div class="csaf-accordion-content"> <p>The administrator password can be changed without knowledge of the current password. When chained with an authentication bypass vulnerability, this issue may allow unauthenticated attackers to modify the administrator password.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-70082">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Lantronix EDS3000PS and EDS5000</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Lantronix</div> <div class="ics-version"><strong>Product Version:</strong><br>Lantronix EDS3000PS: 3.1.0.0R2</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>For vulnerabilities CVE-2025-67039, CVE-2025-70082, and CVE-2025-67041, Lantronix recommends users upgrade to EDS3000PS version 3.2.0.0R2. The patch can be found here: https://ltrxdev.atlassian.net/wiki/spaces/LTRXTS/pages/1349189633/Latest+Firmware+for+the+EDS3000PS+series.</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/620.html">CWE-620 Unverified Password Change</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>2.7</td> <td>LOW</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N">CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2025-67041</a></h3> <div class="csaf-accordion-content"> <p>An issue was discovered in Lantronix EDS3000PS 3.1.0.0R2. The host parameter of the TFTP client in the Filesystem Browser page is not properly sanitized. This can be exploited to escape from the original command and execute an arbitrary one with root privileges.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-67041">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Lantronix EDS3000PS and EDS5000</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Lantronix</div> <div class="ics-version"><strong>Product Version:</strong><br>Lantronix EDS3000PS: 3.1.0.0R2</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>For vulnerabilities CVE-2025-67039, CVE-2025-70082, and CVE-2025-67041, Lantronix recommends users upgrade to EDS3000PS version 3.2.0.0R2. The patch can be found here: https://ltrxdev.atlassian.net/wiki/spaces/LTRXTS/pages/1349189633/Latest+Firmware+for+the+EDS3000PS+series.</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/78.html">CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>7.2</td> <td>HIGH</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H">CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H</a></td> </tr> </tbody> </table> </div> </div> </div> </div> <hr> <h2>Acknowledgments</h2> <ul> <li>Francesco La Spina and Stanislav Dashevskyi of Forescout Technologies reported these vulnerabilities to CISA</li> </ul> <hr> <h2>Legal Notice and Terms of Use</h2> <p>This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy &amp; Use policy (https://www.cisa.gov/privacy-policy).</p> <hr> <h2>Recommended Practices</h2> <p>CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:</p> <p>Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the Internet.</p> <p>Locate control system networks and remote devices behind firewalls and isolating them from business networks.</p> <p>When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.</p> <p>CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.</p> <p>CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.</p> <p>CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.</p> <p>Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.</p> <p>Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.</p> <p>CISA also recommends users take the following measures to protect themselves from social engineering attacks:</p> <p>Do not click web links or open attachments in unsolicited email messages.</p> <p>Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams.</p> <p>Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.</p> <p>No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.</p> <hr> <h2>Revision History</h2> <ul> <li><strong>Initial Release Date: </strong>2026-03-10</li> </ul> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">Date</th> <th role="columnheader">Revision</th> <th role="columnheader">Summary</th> </tr> </thead> <tbody> <tr> <td>2026-03-10</td> <td>1</td> <td>Initial Publication</td> </tr> </tbody> </table> <hr> <h2>Legal Notice and Terms of Use</h2>

<p><a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-041-03.json"><strong>View CSAF</strong></a></p> <h2>Summary</h2> <p><strong>Successful exploitation of this vulnerability could result in a denial-of-service condition.</strong></p> <p>The following versions of AVEVA PI Data Archive are affected:</p> <ul> <li>PI Data Archive PI Server &lt;=2018_SP3_Patch_7 (CVE-2026-1507)</li> <li>PI Data Archive PI Server 2023 (CVE-2026-1507)</li> <li>PI Data Archive PI Server 2023_Patch_1 (CVE-2026-1507)</li> <li>PI Data Archive PI Server 2024 (CVE-2026-1507)</li> </ul> <div class="csaf-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS</th> <th role="columnheader">Vendor</th> <th role="columnheader">Equipment</th> <th role="columnheader">Vulnerabilities</th> </tr> </thead> <tbody> <tr> <td>v3 7.5</td> <td>AVEVA</td> <td>AVEVA PI Data Archive</td> <td>Uncaught Exception</td> </tr> </tbody> </table> </div> <h3>Background</h3> <ul> <li><strong>Critical Infrastructure Sectors: </strong>Critical Manufacturing</li> <li><strong>Countries/Areas Deployed: </strong>Worldwide</li> <li><strong>Company Headquarters Location: </strong>United Kingdom</li> </ul> <hr> <h2>Vulnerabilities</h2> <div class="csaf-accordion"> <p><a class="csaf-accordion-toggle-all" href="#">Expand All +</a></p> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2026-1507</a></h3> <div class="csaf-accordion-content"> <p>The affected products are vulnerable to an uncaught exception that could allow an unauthenticated attacker to remotely crash core PI services resulting in a denial of service.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-1507">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>AVEVA PI Data Archive</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>AVEVA</div> <div class="ics-version"><strong>Product Version:</strong><br>AVEVA PI Data Archive PI Server: &lt;=2018_SP3_Patch_7, AVEVA PI Data Archive PI Server: 2023, AVEVA PI Data Archive PI Server: 2023_Patch_1, AVEVA PI Data Archive PI Server: 2024</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Mitigation</strong><br>AVEVA recommends that organizations evaluate the impact of this vulnerability based on their operational environment, architecture, and product implementation. Users of affected product versions should apply security updates to mitigate the risk of exploit.</p> <p><strong>Mitigation</strong><br>All impacted versions of PI Data Archive can be fixed by upgrading to PI Server 2024 R2 or later available here: https://softwaresupportsp.aveva.com/en-US/downloads/products/details/8c9b0e8c-eb68-481f-b420-c87a253a4172.</p> <p><strong>Mitigation</strong><br>PI Data Archive delivered by PI Server 2018 SP3 Patch 7 and prior can be fixed by upgrading to PI Server 2018 SP3 Patch 8 or higher available here: https://softwaresupportsp.aveva.com/en-US/downloads/products/details/79492560-7e4c-4800-8bd7-40cce61a17d2.</p> <p><strong>Mitigation</strong><br>The following general defensive measures are recommended:</p> <p><strong>Mitigation</strong><br>Monitor liveness of services listed in your installation's "\PI\adm\pisrvstart.bat".</p> <p><strong>Mitigation</strong><br>Set the PI Data Archive Subsystem services to automatically restart.</p> <p><strong>Mitigation</strong><br>PI Data Archive nodes should limit port 5450 inbound access to trusted workstations, users, and software.</p> <p><strong>Mitigation</strong><br>For additional information please refer to AVEVA-2026-002(https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2026-002.pdf).</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/248.html">CWE-248 Uncaught Exception</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>7.5</td> <td>HIGH</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H</a></td> </tr> </tbody> </table> </div> </div> </div> </div> <hr> <h2>Acknowledgments</h2> <ul> <li>AVEVA reported this vulnerability to CISA</li> </ul> <hr> <h2>Legal Notice and Terms of Use</h2> <p>This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy &amp; Use policy (https://www.cisa.gov/privacy-policy).</p> <hr> <h2>Recommended Practices</h2> <p>CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:</p> <p>Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.</p> <p>Locate control system networks and remote devices behind firewalls and isolating them from business networks.</p> <p>When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.</p> <p>CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.</p> <p>CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.</p> <p>CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.</p> <p>Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.</p> <p>Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.</p> <p>No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time.</p> <hr> <h2>Revision History</h2> <ul> <li><strong>Initial Release Date: </strong>2026-02-10</li> </ul> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">Date</th> <th role="columnheader">Revision</th> <th role="columnheader">Summary</th> </tr> </thead> <tbody> <tr> <td>2026-02-10</td> <td>1</td> <td>Initial Republication of AVEVA-2026-002</td> </tr> </tbody> </table> <hr> <h2>Legal Notice and Terms of Use</h2>

<p><a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-041-04.json"><strong>View CSAF</strong></a></p> <h2>Summary</h2> <p><strong>Successful exploitation of this vulnerability could result in an unauthorized access to the proxy server.</strong></p> <p>The following versions of AVEVA PI to CONNECT Agent are affected:</p> <ul> <li>PI to CONNECT Agent &lt;=v2.4.2520 (CVE-2026-1495)</li> </ul> <div class="csaf-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS</th> <th role="columnheader">Vendor</th> <th role="columnheader">Equipment</th> <th role="columnheader">Vulnerabilities</th> </tr> </thead> <tbody> <tr> <td>v3 6.5</td> <td>AVEVA</td> <td>AVEVA PI to CONNECT Agent</td> <td>Insertion of Sensitive Information into Log File</td> </tr> </tbody> </table> </div> <h3>Background</h3> <ul> <li><strong>Critical Infrastructure Sectors: </strong>Critical Manufacturing</li> <li><strong>Countries/Areas Deployed: </strong>Worldwide</li> <li><strong>Company Headquarters Location: </strong>United Kingdom</li> </ul> <hr> <h2>Vulnerabilities</h2> <div class="csaf-accordion"> <p><a class="csaf-accordion-toggle-all" href="#">Expand All +</a></p> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2026-1495</a></h3> <div class="csaf-accordion-content"> <p>The vulnerability, if exploited, could allow an attacker with Event Log Reader (S-1-5-32-573) privileges to obtain proxy details, including URL and proxy credentials, from the PI to CONNECT event log files. This could enable unauthorized access to the proxy server.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-1495">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>AVEVA PI to CONNECT Agent</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>AVEVA</div> <div class="ics-version"><strong>Product Version:</strong><br>AVEVA PI to CONNECT Agent: &lt;=v2.4.2520</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Mitigation</strong><br>AVEVA recommends that organizations evaluate the impact of this vulnerability based on their operational environment, architecture, and product implementation.</p> <p><strong>Vendor fix</strong><br>Users of affected product versions should apply security updates to mitigate the risk of proxy details exposure in newly generated PI to CONNECT Agent event logs.</p> <p><strong>Vendor fix</strong><br>Users who have used affected product versions, should review existing PI to CONNECT Agent event logs (live/backups/copies) for exposed proxy connection details and consider purging the sensitive data from logs and/or configuring new credentials for access to the proxy service.</p> <p><strong>Mitigation</strong><br>The following general defensive measures are recommended:</p> <p><strong>Mitigation</strong><br>Remove use of plain text passwords in proxy URLs. Alternatively, if passwords are required by the proxy, then use least-privilege credentials.</p> <p><strong>Mitigation</strong><br>Ensure only trusted users are given Event Log Reader (S-1-5-32-573) privileges on hosts where PI to CONNECT is installed.</p> <p><strong>Mitigation</strong><br>Review existing PI to CONNECT event logs (live/backups/copies) for exposed proxy connection details and consider purging the sensitive data from logs and/or configuring new credentials for access to the proxy service.</p> <p><strong>Vendor fix</strong><br>All affected versions can be fixed by upgrading to PI to CONNECT Agent v2.5.2790 or higher. The latestversion of the agent can be downloaded from the CONNECT Data Services Portal here: https://datahub.connect.aveva.com/.</p> <p><strong>Mitigation</strong><br>For additional information please refer to AVEVA-2026-003 https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2026-003.pdf.</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/532.html">CWE-532 Insertion of Sensitive Information into Log File</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>6.5</td> <td>MEDIUM</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N</a></td> </tr> </tbody> </table> </div> </div> </div> </div> <hr> <h2>Acknowledgments</h2> <ul> <li>AVEVA reported this vulnerability to CISA</li> </ul> <hr> <h2>Legal Notice and Terms of Use</h2> <p>This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy &amp; Use policy (https://www.cisa.gov/privacy-policy).</p> <hr> <h2>Recommended Practices</h2> <p>CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:</p> <p>Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.</p> <p>Locate control system networks and remote devices behind firewalls and isolating them from business networks.</p> <p>When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.</p> <p>CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.</p> <p>CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.</p> <p>CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.</p> <p>Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.</p> <p>Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.</p> <p>No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time. This vulnerability is not exploitable remotely.</p> <hr> <h2>Revision History</h2> <ul> <li><strong>Initial Release Date: </strong>2026-02-10</li> </ul> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">Date</th> <th role="columnheader">Revision</th> <th role="columnheader">Summary</th> </tr> </thead> <tbody> <tr> <td>2026-02-10</td> <td>1</td> <td>Initial Republication of AVEVA-2026-003</td> </tr> </tbody> </table> <hr> <h2>Legal Notice and Terms of Use</h2>

<div class="OutlineElement Ltr SCXW169298289 BCX8"> <p>CISA has added six new vulnerabilities to its <a href="https://www.cisa.gov/known-exploited-vulnerabilities-catalog"><u>Known Exploited Vulnerabilities (KEV) Catalog</u></a>, based on evidence of active exploitation.&nbsp;</p> <ul> <li><a href="https://www.cve.org/CVERecord?id=CVE-2026-21510" target="_blank"><u>CVE-2026-21510</u></a> Microsoft Windows Shell Protection Mechanism Failure Vulnerability</li> <li><a href="https://www.cve.org/CVERecord?id=CVE-2026-21513" target="_blank"><u>CVE-2026-21513</u></a> Microsoft MSHTML Framework Security Feature Bypass Vulnerability</li> <li><a href="https://www.cve.org/CVERecord?id=CVE-2026-21514" target="_blank"><u>CVE-2026-21514</u></a> Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability</li> <li><a href="https://www.cve.org/CVERecord?id=CVE-2026-21519" target="_blank"><u>CVE-2026-21519</u></a> Microsoft Windows Type Confusion Vulnerability</li> <li><a href="https://www.cve.org/CVERecord?id=CVE-2026-21525" target="_blank"><u>CVE-2026-21525</u></a> Microsoft Windows NULL Pointer Dereference Vulnerability</li> <li><a href="https://www.cve.org/CVERecord?id=CVE-2026-21533" target="_blank"><u>CVE-2026-21533</u></a> Windows Remote Desktop Services Elevation of Privilege Vulnerability&nbsp;</li> </ul> <p>These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.&nbsp;</p> </div> <div class="OutlineElement Ltr SCXW169298289 BCX8"> <p><a href="https://www.cisa.gov/binding-operational-directive-22-01"><u>Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities</u></a> established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the <a href="https://www.cisa.gov/sites/default/files/publications/Reducing_the_Significant_Risk_of_Known_Exploited_Vulnerabilities_211103.pdf"><u>BOD 22-01 Fact Sheet</u></a> for more information.&nbsp;</p> </div> <div class="OutlineElement Ltr SCXW169298289 BCX8"> <p>Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of <a href="https://www.cisa.gov/known-exploited-vulnerabilities-catalog"><u>KEV Catalog vulnerabilities</u></a> as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the <a href="https://www.cisa.gov/known-exploited-vulnerabilities"><u>specified criteria</u></a>.&nbsp;</p> </div>

<div class="OutlineElement Ltr SCXW155104668 BCX8"> <p><em>The purpose of this Alert is to amplify Poland’s Computer Emergency Response Team (CERT Polska’s) Energy Sector Incident Report published on Jan. 30, 2026, and highlight key mitigations for Energy Sector stakeholders.&nbsp;</em></p> <p>In December 2025, a malicious cyber actor(s) targeted and compromised operational technology (OT) and industrial control systems (ICS) in Poland’s Energy Sector—specifically renewable energy plants, a combined heat and power plant, and a manufacturing sector company—in a cyber incident. The malicious cyber activity highlights the need for critical infrastructure entities with vulnerable edge devices to act now to strengthen their cybersecurity posture against cyber threat activities targeting OT and ICS.</p> <p>A malicious cyber actor(s) gained initial access in this incident through vulnerable internet-facing edge devices, subsequently deploying wiper malware and causing damage to remote terminal units (RTUs). The malicious cyber activity caused loss of view and control between facilities and distribution system operators, destroyed data on human machine interfaces (HMIs), and corrupted system firmware on OT devices. While the affected renewable energy systems continued production, the system operator could not control or monitor them according to their intended design.<a href="#Note1">¹</a></p> <div class="OutlineElement Ltr SCXW38387541 BCX8"> <p>CERT Polska’s incident report highlights:</p> </div> <div class="ListContainerWrapper SCXW38387541 BCX8"> <ul> <li>Vulnerable edge devices remain a prime target for threat actors. <ul> <li>As indicated by CISA’s <a href="https://www.cisa.gov/news-events/directives/bod-26-02-mitigating-risk-end-support-edge-devices">Binding Operational Directive (BOD) 26-02: Mitigating Risk From End-of-Support Edge Devices</a>, end-of-support edge devices pose significant risks.</li> </ul> </li> <li>OT devices without firmware verification can be permanently damaged. <ul> <li>Operators should prioritize updates that allow firmware verification when available; if updates are not immediately feasible, ensure that cyber incident response plans account for inoperative OT devices to mitigate prolonged outages.</li> </ul> </li> <li>Threat actors leveraged default credentials, a vulnerability not limited to specific vendors, to pivot onto the HMI and RTUs. <ul> <li>Operators should immediately change default passwords and establish requirements for integrators or OT suppliers to enforce password changes in the future.</li> </ul> </li> </ul> <p>CISA and the Department of Energy’s Office of Cybersecurity, Energy Security, and Emergency Response (DOE CESER) urge OT asset owners and operators to review the following resources for more information about the malicious activity and mitigations:</p> </div> <div class="ListContainerWrapper SCXW38387541 BCX8"> <ul> <li>CERT Polska’s <a href="https://cert.pl/en/posts/2026/01/incident-report-energy-sector-2025/" target="_blank">Energy Sector Incident Report - 29 December 2025</a>.</li> <li>CISA’s joint fact sheet with FBI, EPA, and DOE <a href="https://www.cisa.gov/resources-tools/resources/primary-mitigations-reduce-cyber-threats-operational-technology">Primary Mitigations to Reduce Cyber Threats to Operational Technology</a>.</li> <li>DOE’s Energy Threat Analysis Center’s threat advisories.</li> </ul> <h2><strong>Acknowledgements</strong></h2> <p>DOE CESER and CERT Polska contributed to this Alert.</p> <div class="OutlineElement Ltr SCXW147436174 BCX8"> <h2><strong>Disclaimer</strong>&nbsp;</h2> <div> <p>The information in this report is being provided “as is” for informational purposes only. CISA does not endorse any commercial entity, product, company, or service, including any entities, products, or services linked within this document. Any reference to specific commercial entities, products, processes, or services by service mark, trademark, manufacturer, or otherwise, does not constitute or imply endorsement, recommendation, or favoring by CISA.&nbsp;</p> </div> <h2><strong>Notes</strong></h2> <ol> <li><a class="ck-anchor" id="Note1"></a>CERT Polska, “Energy Sector Incident Report - 29 December 2025,” Naukowa i Akademicka Sieć Komputerowa Poland<em>,</em> last modified January 30, 2026, <a href="https://cert.pl/en/posts/2026/01/incident-report-energy-sector-2025/" target="_blank">https://cert.pl/en/posts/2026/01/incident-report-energy-sector-2025/</a>.</li> </ol> </div> </div> </div>

<p><a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-041-01.json"><strong>View CSAF</strong></a></p> <h2>Summary</h2> <p><strong>Successful exploitation of these vulnerabilities could allow an attacker to redirected users to malicious sites, decrypt communications, perform a man-in-the-middle (MITM) attack, execute malicious scripts, steal files, and perform other various attacks.</strong></p> <p>The following versions of Yokogawa FAST/TOOLS are affected:</p> <ul> <li>FAST/TOOLS &gt;=R9.01|&lt;=R10.04 (CVE-2025-66594, CVE-2025-66595, CVE-2025-66597, CVE-2025-66598, CVE-2025-66599, CVE-2025-66600, CVE-2025-66601, CVE-2025-66602, CVE-2025-66603, CVE-2025-66604, CVE-2025-66605, CVE-2025-66606, CVE-2025-66607, CVE-2025-66608)</li> </ul> <div class="csaf-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS</th> <th role="columnheader">Vendor</th> <th role="columnheader">Equipment</th> <th role="columnheader">Vulnerabilities</th> </tr> </thead> <tbody> <tr> <td>v3 8.2</td> <td>Yokogawa</td> <td>Yokogawa FAST/TOOLS</td> <td>Generation of Error Message Containing Sensitive Information, Cross-Site Request Forgery (CSRF), Use of a Broken or Risky Cryptographic Algorithm, Exposure of Sensitive System Information to an Unauthorized Control Sphere, Improperly Implemented Security Check for Standard, Reliance on IP Address for Authentication, Cleartext Transmission of Sensitive Information, Exposure of Private Personal Information to an Unauthorized Actor, Improper Neutralization of Invalid Characters in Identifiers in Web Pages, Path Traversal: '\..\filename'</td> </tr> </tbody> </table> </div> <h3>Background</h3> <ul> <li><strong>Critical Infrastructure Sectors: </strong>Critical Manufacturing, Energy, Food and Agriculture</li> <li><strong>Countries/Areas Deployed: </strong>Worldwide</li> <li><strong>Company Headquarters Location: </strong>Japan</li> </ul> <hr> <h2>Vulnerabilities</h2> <div class="csaf-accordion"> <p><a class="csaf-accordion-toggle-all" href="#">Expand All +</a></p> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2025-66594</a></h3> <div class="csaf-accordion-content"> <p>Detailed messages are displayed on the error page. This information could be exploited by an attacker for other attacks.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-66594">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Yokogawa FAST/TOOLS</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Yokogawa</div> <div class="ics-version"><strong>Product Version:</strong><br>Yokogawa FAST/TOOLS: &gt;=R9.01|&lt;=R10.04</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Mitigation</strong><br>Yokogawa recommends users update to revision R10.04 and apply patch software (CS_e12787). After the patch is applied, users should apply R10.04 SP3.</p> <p><strong>Mitigation</strong><br>Yokogawa strongly recommends that all users establish and maintain a comprehensive security program, not just for addressing the vulnerability identified in this YSAR. Security program components include patch updates, antivirus software, backup and recovery solutions, zoning, hardening, whitelisting, firewalls, and other related measures. Yokogawa can assist organizations in setting up and continuously maintaining a security program. As a starting point for developing the most effective risk mitigation plan, Yokogawa offers security risk assessment services.</p> <p><strong>Mitigation</strong><br>For questions related to this report, please contact Yokogawa https://contact.yokogawa.com/cs/gw?c-id=000498.</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/209.html">CWE-209 Generation of Error Message Containing Sensitive Information</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>5.3</td> <td>MEDIUM</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2025-66595</a></h3> <div class="csaf-accordion-content"> <p>This product is vulnerable to cross-site request forgery (CSRF). When a user accesses a link crafted by an attacker, the user's account could be compromised.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-66595">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Yokogawa FAST/TOOLS</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Yokogawa</div> <div class="ics-version"><strong>Product Version:</strong><br>Yokogawa FAST/TOOLS: &gt;=R9.01|&lt;=R10.04</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Mitigation</strong><br>Yokogawa recommends users update to revision R10.04 and apply patch software (CS_e12787). After the patch is applied, users should apply R10.04 SP3.</p> <p><strong>Mitigation</strong><br>Yokogawa strongly recommends that all users establish and maintain a comprehensive security program, not just for addressing the vulnerability identified in this YSAR. Security program components include patch updates, antivirus software, backup and recovery solutions, zoning, hardening, whitelisting, firewalls, and other related measures. Yokogawa can assist organizations in setting up and continuously maintaining a security program. As a starting point for developing the most effective risk mitigation plan, Yokogawa offers security risk assessment services.</p> <p><strong>Mitigation</strong><br>For questions related to this report, please contact Yokogawa https://contact.yokogawa.com/cs/gw?c-id=000498.</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/352.html">CWE-352 Cross-Site Request Forgery (CSRF)</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>5.3</td> <td>MEDIUM</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2025-66597</a></h3> <div class="csaf-accordion-content"> <p>This product supports weak cryptographic algorithms, potentially allowing an attacker to decrypt communications with the web server.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-66597">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Yokogawa FAST/TOOLS</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Yokogawa</div> <div class="ics-version"><strong>Product Version:</strong><br>Yokogawa FAST/TOOLS: &gt;=R9.01|&lt;=R10.04</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Mitigation</strong><br>Yokogawa recommends users update to revision R10.04 and apply patch software (CS_e12787). After the patch is applied, users should apply R10.04 SP3.</p> <p><strong>Mitigation</strong><br>Yokogawa strongly recommends that all users establish and maintain a comprehensive security program, not just for addressing the vulnerability identified in this YSAR. Security program components include patch updates, antivirus software, backup and recovery solutions, zoning, hardening, whitelisting, firewalls, and other related measures. Yokogawa can assist organizations in setting up and continuously maintaining a security program. As a starting point for developing the most effective risk mitigation plan, Yokogawa offers security risk assessment services.</p> <p><strong>Mitigation</strong><br>For questions related to this report, please contact Yokogawa https://contact.yokogawa.com/cs/gw?c-id=000498.</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/327.html">CWE-327 Use of a Broken or Risky Cryptographic Algorithm</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>8.2</td> <td>HIGH</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2025-66598</a></h3> <div class="csaf-accordion-content"> <p>This product supports old SSL/TLS versions, potentially allowing an attacker to decrypt communications with the web server.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-66598">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Yokogawa FAST/TOOLS</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Yokogawa</div> <div class="ics-version"><strong>Product Version:</strong><br>Yokogawa FAST/TOOLS: &gt;=R9.01|&lt;=R10.04</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Mitigation</strong><br>Yokogawa recommends users update to revision R10.04 and apply patch software (CS_e12787). After the patch is applied, users should apply R10.04 SP3.</p> <p><strong>Mitigation</strong><br>Yokogawa strongly recommends that all users establish and maintain a comprehensive security program, not just for addressing the vulnerability identified in this YSAR. Security program components include patch updates, antivirus software, backup and recovery solutions, zoning, hardening, whitelisting, firewalls, and other related measures. Yokogawa can assist organizations in setting up and continuously maintaining a security program. As a starting point for developing the most effective risk mitigation plan, Yokogawa offers security risk assessment services.</p> <p><strong>Mitigation</strong><br>For questions related to this report, please contact Yokogawa https://contact.yokogawa.com/cs/gw?c-id=000498.</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/327.html">CWE-327 Use of a Broken or Risky Cryptographic Algorithm</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>7.1</td> <td>HIGH</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N">CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2025-66599</a></h3> <div class="csaf-accordion-content"> <p>Physical paths could be displayed on web pages. This information could be exploited by an attacker for other attacks.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-66599">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Yokogawa FAST/TOOLS</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Yokogawa</div> <div class="ics-version"><strong>Product Version:</strong><br>Yokogawa FAST/TOOLS: &gt;=R9.01|&lt;=R10.04</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Mitigation</strong><br>Yokogawa recommends users update to revision R10.04 and apply patch software (CS_e12787). After the patch is applied, users should apply R10.04 SP3.</p> <p><strong>Mitigation</strong><br>Yokogawa strongly recommends that all users establish and maintain a comprehensive security program, not just for addressing the vulnerability identified in this YSAR. Security program components include patch updates, antivirus software, backup and recovery solutions, zoning, hardening, whitelisting, firewalls, and other related measures. Yokogawa can assist organizations in setting up and continuously maintaining a security program. As a starting point for developing the most effective risk mitigation plan, Yokogawa offers security risk assessment services.</p> <p><strong>Mitigation</strong><br>For questions related to this report, please contact Yokogawa https://contact.yokogawa.com/cs/gw?c-id=000498.</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/497.html">CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>5.3</td> <td>MEDIUM</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2025-66600</a></h3> <div class="csaf-accordion-content"> <p>This product lacks HSTS (HTTP Strict Transport Security) configuration. When an attacker performs a Man in the middle (MITM) attack, communications with the web server could be sniffed.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-66600">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Yokogawa FAST/TOOLS</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Yokogawa</div> <div class="ics-version"><strong>Product Version:</strong><br>Yokogawa FAST/TOOLS: &gt;=R9.01|&lt;=R10.04</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Mitigation</strong><br>Yokogawa recommends users update to revision R10.04 and apply patch software (CS_e12787). After the patch is applied, users should apply R10.04 SP3.</p> <p><strong>Mitigation</strong><br>Yokogawa strongly recommends that all users establish and maintain a comprehensive security program, not just for addressing the vulnerability identified in this YSAR. Security program components include patch updates, antivirus software, backup and recovery solutions, zoning, hardening, whitelisting, firewalls, and other related measures. Yokogawa can assist organizations in setting up and continuously maintaining a security program. As a starting point for developing the most effective risk mitigation plan, Yokogawa offers security risk assessment services.</p> <p><strong>Mitigation</strong><br>For questions related to this report, please contact Yokogawa https://contact.yokogawa.com/cs/gw?c-id=000498.</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/358.html">CWE-358 Improperly Implemented Security Check for Standard</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>8.2</td> <td>HIGH</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2025-66601</a></h3> <div class="csaf-accordion-content"> <p>This product does not specify MIME types. When an attacker performs a content sniffing attack, malicious scripts could be executed.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-66601">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Yokogawa FAST/TOOLS</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Yokogawa</div> <div class="ics-version"><strong>Product Version:</strong><br>Yokogawa FAST/TOOLS: &gt;=R9.01|&lt;=R10.04</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Mitigation</strong><br>Yokogawa recommends users update to revision R10.04 and apply patch software (CS_e12787). After the patch is applied, users should apply R10.04 SP3.</p> <p><strong>Mitigation</strong><br>Yokogawa strongly recommends that all users establish and maintain a comprehensive security program, not just for addressing the vulnerability identified in this YSAR. Security program components include patch updates, antivirus software, backup and recovery solutions, zoning, hardening, whitelisting, firewalls, and other related measures. Yokogawa can assist organizations in setting up and continuously maintaining a security program. As a starting point for developing the most effective risk mitigation plan, Yokogawa offers security risk assessment services.</p> <p><strong>Mitigation</strong><br>For questions related to this report, please contact Yokogawa https://contact.yokogawa.com/cs/gw?c-id=000498.</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/358.html">CWE-358 Improperly Implemented Security Check for Standard</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>6.5</td> <td>MEDIUM</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2025-66602</a></h3> <div class="csaf-accordion-content"> <p>The web server accepts access by IP address. When a worm that randomly searches for IP addresses intrudes into the network, it could potentially be attacked by the worm.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-66602">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Yokogawa FAST/TOOLS</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Yokogawa</div> <div class="ics-version"><strong>Product Version:</strong><br>Yokogawa FAST/TOOLS: &gt;=R9.01|&lt;=R10.04</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Mitigation</strong><br>Yokogawa recommends users update to revision R10.04 and apply patch software (CS_e12787). After the patch is applied, users should apply R10.04 SP3.</p> <p><strong>Mitigation</strong><br>Yokogawa strongly recommends that all users establish and maintain a comprehensive security program, not just for addressing the vulnerability identified in this YSAR. Security program components include patch updates, antivirus software, backup and recovery solutions, zoning, hardening, whitelisting, firewalls, and other related measures. Yokogawa can assist organizations in setting up and continuously maintaining a security program. As a starting point for developing the most effective risk mitigation plan, Yokogawa offers security risk assessment services.</p> <p><strong>Mitigation</strong><br>For questions related to this report, please contact Yokogawa https://contact.yokogawa.com/cs/gw?c-id=000498.</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/291.html">CWE-291 Reliance on IP Address for Authentication</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>5.3</td> <td>MEDIUM</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2025-66603</a></h3> <div class="csaf-accordion-content"> <p>The web server accepts the OPTIONS method. An attacker could potentially use this information to carry out other attacks.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-66603">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Yokogawa FAST/TOOLS</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Yokogawa</div> <div class="ics-version"><strong>Product Version:</strong><br>Yokogawa FAST/TOOLS: &gt;=R9.01|&lt;=R10.04</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Mitigation</strong><br>Yokogawa recommends users update to revision R10.04 and apply patch software (CS_e12787). After the patch is applied, users should apply R10.04 SP3.</p> <p><strong>Mitigation</strong><br>Yokogawa strongly recommends that all users establish and maintain a comprehensive security program, not just for addressing the vulnerability identified in this YSAR. Security program components include patch updates, antivirus software, backup and recovery solutions, zoning, hardening, whitelisting, firewalls, and other related measures. Yokogawa can assist organizations in setting up and continuously maintaining a security program. As a starting point for developing the most effective risk mitigation plan, Yokogawa offers security risk assessment services.</p> <p><strong>Mitigation</strong><br>For questions related to this report, please contact Yokogawa https://contact.yokogawa.com/cs/gw?c-id=000498.</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/358.html">CWE-358 Improperly Implemented Security Check for Standard</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>3.1</td> <td>LOW</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N">CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2025-66604</a></h3> <div class="csaf-accordion-content"> <p>The library version could be displayed on the web page. This information could be exploited by an attacker for other attacks.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-66604">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Yokogawa FAST/TOOLS</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Yokogawa</div> <div class="ics-version"><strong>Product Version:</strong><br>Yokogawa FAST/TOOLS: &gt;=R9.01|&lt;=R10.04</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Mitigation</strong><br>Yokogawa recommends users update to revision R10.04 and apply patch software (CS_e12787). After the patch is applied, users should apply R10.04 SP3.</p> <p><strong>Mitigation</strong><br>Yokogawa strongly recommends that all users establish and maintain a comprehensive security program, not just for addressing the vulnerability identified in this YSAR. Security program components include patch updates, antivirus software, backup and recovery solutions, zoning, hardening, whitelisting, firewalls, and other related measures. Yokogawa can assist organizations in setting up and continuously maintaining a security program. As a starting point for developing the most effective risk mitigation plan, Yokogawa offers security risk assessment services.</p> <p><strong>Mitigation</strong><br>For questions related to this report, please contact Yokogawa https://contact.yokogawa.com/cs/gw?c-id=000498.</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/319.html">CWE-319 Cleartext Transmission of Sensitive Information</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>3.1</td> <td>LOW</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N">CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2025-66605</a></h3> <div class="csaf-accordion-content"> <p>Since there are input fields on this web page with the autocomplete attribute enabled, the input content could be saved in the browser the user is using.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-66605">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Yokogawa FAST/TOOLS</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Yokogawa</div> <div class="ics-version"><strong>Product Version:</strong><br>Yokogawa FAST/TOOLS: &gt;=R9.01|&lt;=R10.04</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Mitigation</strong><br>Yokogawa recommends users update to revision R10.04 and apply patch software (CS_e12787). After the patch is applied, users should apply R10.04 SP3.</p> <p><strong>Mitigation</strong><br>Yokogawa strongly recommends that all users establish and maintain a comprehensive security program, not just for addressing the vulnerability identified in this YSAR. Security program components include patch updates, antivirus software, backup and recovery solutions, zoning, hardening, whitelisting, firewalls, and other related measures. Yokogawa can assist organizations in setting up and continuously maintaining a security program. As a starting point for developing the most effective risk mitigation plan, Yokogawa offers security risk assessment services.</p> <p><strong>Mitigation</strong><br>For questions related to this report, please contact Yokogawa https://contact.yokogawa.com/cs/gw?c-id=000498.</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/359.html">CWE-359 Exposure of Private Personal Information to an Unauthorized Actor</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>3.1</td> <td>LOW</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N">CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2025-66606</a></h3> <div class="csaf-accordion-content"> <p>This product does not properly encode URLs. An attacker could tamper with web pages or execute malicious scripts.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-66606">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Yokogawa FAST/TOOLS</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Yokogawa</div> <div class="ics-version"><strong>Product Version:</strong><br>Yokogawa FAST/TOOLS: &gt;=R9.01|&lt;=R10.04</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Mitigation</strong><br>Yokogawa recommends users update to revision R10.04 and apply patch software (CS_e12787). After the patch is applied, users should apply R10.04 SP3.</p> <p><strong>Mitigation</strong><br>Yokogawa strongly recommends that all users establish and maintain a comprehensive security program, not just for addressing the vulnerability identified in this YSAR. Security program components include patch updates, antivirus software, backup and recovery solutions, zoning, hardening, whitelisting, firewalls, and other related measures. Yokogawa can assist organizations in setting up and continuously maintaining a security program. As a starting point for developing the most effective risk mitigation plan, Yokogawa offers security risk assessment services.</p> <p><strong>Mitigation</strong><br>For questions related to this report, please contact Yokogawa https://contact.yokogawa.com/cs/gw?c-id=000498.</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/86.html">CWE-86 Improper Neutralization of Invalid Characters in Identifiers in Web Pages</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>3.4</td> <td>LOW</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N">CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2025-66607</a></h3> <div class="csaf-accordion-content"> <p>The response header contains an insecure setting. Users could be redirected to malicious sites by an attacker.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-66607">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Yokogawa FAST/TOOLS</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Yokogawa</div> <div class="ics-version"><strong>Product Version:</strong><br>Yokogawa FAST/TOOLS: &gt;=R9.01|&lt;=R10.04</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Mitigation</strong><br>Yokogawa recommends users update to revision R10.04 and apply patch software (CS_e12787). After the patch is applied, users should apply R10.04 SP3.</p> <p><strong>Mitigation</strong><br>Yokogawa strongly recommends that all users establish and maintain a comprehensive security program, not just for addressing the vulnerability identified in this YSAR. Security program components include patch updates, antivirus software, backup and recovery solutions, zoning, hardening, whitelisting, firewalls, and other related measures. Yokogawa can assist organizations in setting up and continuously maintaining a security program. As a starting point for developing the most effective risk mitigation plan, Yokogawa offers security risk assessment services.</p> <p><strong>Mitigation</strong><br>For questions related to this report, please contact Yokogawa https://contact.yokogawa.com/cs/gw?c-id=000498.</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/358.html">CWE-358 Improperly Implemented Security Check for Standard</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>3.7</td> <td>LOW</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N">CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2025-66608</a></h3> <div class="csaf-accordion-content"> <p>This product fails to adequately validate URLs. An attacker could send maliciously crafted requests to gain unauthorized access to files on the web server.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-66608">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Yokogawa FAST/TOOLS</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Yokogawa</div> <div class="ics-version"><strong>Product Version:</strong><br>Yokogawa FAST/TOOLS: &gt;=R9.01|&lt;=R10.04</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Mitigation</strong><br>Yokogawa recommends users update to revision R10.04 and apply patch software (CS_e12787). After the patch is applied, users should apply R10.04 SP3.</p> <p><strong>Mitigation</strong><br>Yokogawa strongly recommends that all users establish and maintain a comprehensive security program, not just for addressing the vulnerability identified in this YSAR. Security program components include patch updates, antivirus software, backup and recovery solutions, zoning, hardening, whitelisting, firewalls, and other related measures. Yokogawa can assist organizations in setting up and continuously maintaining a security program. As a starting point for developing the most effective risk mitigation plan, Yokogawa offers security risk assessment services.</p> <p><strong>Mitigation</strong><br>For questions related to this report, please contact Yokogawa https://contact.yokogawa.com/cs/gw?c-id=000498.</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/29.html">CWE-29 Path Traversal: '\..\filename'</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>7.5</td> <td>HIGH</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N</a></td> </tr> </tbody> </table> </div> </div> </div> </div> <hr> <h2>Acknowledgments</h2> <ul> <li>Yokogawa reported these vulnerabilities to CISA</li> </ul> <hr> <h2>Legal Notice and Terms of Use</h2> <p>This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy &amp; Use policy (https://www.cisa.gov/privacy-policy).</p> <hr> <h2>Recommended Practices</h2> <p>CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:</p> <p>Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the Internet.</p> <p>Locate control system networks and remote devices behind firewalls and isolating them from business networks.</p> <p>When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.</p> <p>CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.</p> <p>CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.</p> <p>CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.</p> <p>Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.</p> <p>Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.</p> <p>CISA also recommends users take the following measures to protect themselves from social engineering attacks:</p> <p>Do not click web links or open attachments in unsolicited email messages.</p> <p>Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams.</p> <p>Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.</p> <p>No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.</p> <hr> <h2>Revision History</h2> <ul> <li><strong>Initial Release Date: </strong>2026-02-10</li> </ul> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">Date</th> <th role="columnheader">Revision</th> <th role="columnheader">Summary</th> </tr> </thead> <tbody> <tr> <td>2026-02-10</td> <td>1</td> <td>Initial Republication of YSAR-26-0001-E</td> </tr> </tbody> </table> <hr> <h2>Legal Notice and Terms of Use</h2>

<p><a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-041-02.json"><strong>View CSAF</strong></a></p> <h2>Summary</h2> <p><strong>Successful exploitation of these vulnerabilities could result in an attacker bypassing authentication, or resetting the device password.</strong></p> <p>The following versions of ZLAN Information Technology Co. ZLAN5143D are affected:</p> <ul> <li>ZLAN5143D v1.600 (CVE-2026-25084, CVE-2026-24789)</li> </ul> <div class="csaf-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS</th> <th role="columnheader">Vendor</th> <th role="columnheader">Equipment</th> <th role="columnheader">Vulnerabilities</th> </tr> </thead> <tbody> <tr> <td>v3 9.8</td> <td>ZLAN Information Technology Co.</td> <td>ZLAN Information Technology Co. ZLAN5143D</td> <td>Missing Authentication for Critical Function</td> </tr> </tbody> </table> </div> <h3>Background</h3> <ul> <li><strong>Critical Infrastructure Sectors: </strong>Critical Manufacturing</li> <li><strong>Countries/Areas Deployed: </strong>Worldwide</li> <li><strong>Company Headquarters Location: </strong>China</li> </ul> <hr> <h2>Vulnerabilities</h2> <div class="csaf-accordion"> <p><a class="csaf-accordion-toggle-all" href="#">Expand All +</a></p> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2026-25084</a></h3> <div class="csaf-accordion-content"> <p>Authentication for the device can be bypassed by directly accessing internal URLs.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-25084">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>ZLAN Information Technology Co. ZLAN5143D</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>ZLAN Information Technology Co.</div> <div class="ics-version"><strong>Product Version:</strong><br>ZLAN Information Technology Co. ZLAN5143D: v1.600</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>ZLAN Information Technology Co. did not respond to CISA's attempts at coordination. Users of ZLAN5143D devices are encouraged to contact ZLAN and keep their systems up to date. https://www.zlmcu.com/en/contatct_us.htm</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/306.html">CWE-306 Missing Authentication for Critical Function</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>9.8</td> <td>CRITICAL</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2026-24789</a></h3> <div class="csaf-accordion-content"> <p>An unprotected API endpoint allows an attacker to remotely change the device password without providing authentication.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-24789">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>ZLAN Information Technology Co. ZLAN5143D</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>ZLAN Information Technology Co.</div> <div class="ics-version"><strong>Product Version:</strong><br>ZLAN Information Technology Co. ZLAN5143D: v1.600</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>ZLAN Information Technology Co. did not respond to CISA's attempts at coordination. Users of ZLAN5143D devices are encouraged to contact ZLAN and keep their systems up to date. https://www.zlmcu.com/en/contatct_us.htm</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/306.html">CWE-306 Missing Authentication for Critical Function</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>9.8</td> <td>CRITICAL</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H</a></td> </tr> </tbody> </table> </div> </div> </div> </div> <hr> <h2>Acknowledgments</h2> <ul> <li>Shorabh Karir and Deepak Singh reported these vulnerabilities to CISA</li> </ul> <hr> <h2>Legal Notice and Terms of Use</h2> <p>This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy &amp; Use policy (https://www.cisa.gov/privacy-policy).</p> <hr> <h2>Recommended Practices</h2> <p>CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:</p> <p>Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.</p> <p>Locate control system networks and remote devices behind firewalls and isolating them from business networks.</p> <p>When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.</p> <p>CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.</p> <p>CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.</p> <p>CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.</p> <p>Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.</p> <p>Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.</p> <p>No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.</p> <hr> <h2>Revision History</h2> <ul> <li><strong>Initial Release Date: </strong>2026-02-10</li> </ul> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">Date</th> <th role="columnheader">Revision</th> <th role="columnheader">Summary</th> </tr> </thead> <tbody> <tr> <td>2026-02-10</td> <td>1</td> <td>Initial Publication</td> </tr> </tbody> </table> <hr> <h2>Legal Notice and Terms of Use</h2>

<p><a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsma-26-041-01.json"><strong>View CSAF</strong></a></p> <h2>Summary</h2> <p><strong>Successful exploitation of this vulnerability could allow an attacker to gain unauthorized access to protected health information (PHI) or device telemetry.</strong></p> <p>The following versions of ZOLL ePCR IOS Mobile Application are affected:</p> <ul> <li>ePCR IOS Mobile Application 2.6.7 (CVE-2025-12699)</li> </ul> <div class="csaf-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS</th> <th role="columnheader">Vendor</th> <th role="columnheader">Equipment</th> <th role="columnheader">Vulnerabilities</th> </tr> </thead> <tbody> <tr> <td>v3 5.5</td> <td>ZOLL</td> <td>ZOLL ePCR IOS Mobile Application</td> <td>Insertion of Sensitive Information into Externally-Accessible File or Directory</td> </tr> </tbody> </table> </div> <h3>Background</h3> <ul> <li><strong>Critical Infrastructure Sectors: </strong>Healthcare and Public Health</li> <li><strong>Countries/Areas Deployed: </strong>Worldwide</li> <li><strong>Company Headquarters Location: </strong>United States</li> </ul> <hr> <h2>Vulnerabilities</h2> <div class="csaf-accordion"> <p><a class="csaf-accordion-toggle-all" href="#">Expand All +</a></p> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2025-12699</a></h3> <div class="csaf-accordion-content"> <p>The ZOLL ePCR IOS application reflects unsanitized user input into a WebView. Attacker-controlled strings placed into PCR fields (run number, incident, call sign, notes) are interpreted as HTML/JS when the app prints or renders that content. In the proof of concept (POC), injected scripts return local file content, which would allow arbitrary local file reads from the app's runtime context. These local files contain device and user data within the ePCR medical application, and if exposed, would allow an attacker to access protected health information (PHI) or device telemetry.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-12699">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>ZOLL ePCR IOS Mobile Application</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>ZOLL</div> <div class="ics-version"><strong>Product Version:</strong><br>ZOLL ePCR IOS Mobile Application: 2.6.7</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Mitigation</strong><br>ZOLL ePCR IOS application was decommissioned in May 2025. ZOLL has no current plans to provide a replacement application. If users have questions or concerns, they are encouraged to reach out directly to ZOLL Support. https://www.zolldata.com/contact-us.</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/538.html">CWE-538 Insertion of Sensitive Information into Externally-Accessible File or Directory</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>5.5</td> <td>MEDIUM</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N">CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N</a></td> </tr> </tbody> </table> </div> </div> </div> </div> <hr> <h2>Acknowledgments</h2> <ul> <li>Bryan Riggins reported this vulnerability to ZOLL</li> </ul> <hr> <h2>Legal Notice and Terms of Use</h2> <p>This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy &amp; Use policy (https://www.cisa.gov/privacy-policy).</p> <hr> <h2>Recommended Practices</h2> <p>CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:</p> <p>Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.</p> <p>Locate control system networks and remote devices behind firewalls and isolating them from business networks.</p> <p>When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.</p> <p>CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.</p> <p>CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.</p> <p>CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.</p> <p>Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.</p> <p>Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.</p> <p>CISA also recommends users take the following measures to protect themselves from social engineering attacks:</p> <p>Do not click web links or open attachments in unsolicited email messages.</p> <p>Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams.</p> <p>Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.</p> <p>No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time. This vulnerability is not exploitable remotely.</p> <hr> <h2>Revision History</h2> <ul> <li><strong>Initial Release Date: </strong>2026-02-10</li> </ul> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">Date</th> <th role="columnheader">Revision</th> <th role="columnheader">Summary</th> </tr> </thead> <tbody> <tr> <td>2026-02-10</td> <td>1</td> <td>Initial Publication</td> </tr> </tbody> </table> <hr> <h2>Legal Notice and Terms of Use</h2>

<p>CISA released the guidance, <em>Barriers to Secure OT Communication: Why Johnny Can’t Authenticate</em>, which highlights the known issues with insecure-by-design legacy industrial protocols and seeks to understand why the technology to secure these protocols is not widely adopted. CISA developed this guidance in partnership with operational technology (OT) equipment manufacturers and standard development organizations, by interviewing OT asset owners and operators to understand:&nbsp;&nbsp;</p> <ol> <li>What motivates owners and operators to secure communication, and</li> <li>What barriers prevent successful adoption from design through deployment and operations.&nbsp;</li> </ol> <p>Legacy OT protocols lack strong protections against data alteration, device impersonation, and unauthorized access, making critical infrastructure vulnerable to cyber threats. Securing these protocols requires solutions that are practical for current operators as well as cyber experts. Based on the research conducted, CISA provides recommendations for how owners and operators can avoid the negative experiences of their peers, as well as recommendations to OT manufacturers to drive sustainable, more usable capabilities.&nbsp;</p> <div class="c-file"> <div class="c-file__download"> <a href="https://www.cisa.gov/sites/default/files/2026-02/Barriers-to-Secure-Communication-Why-OT-Johnny-Cant-Authenticate_508_2.pdf" class="c-file__link" target="_blank">Barriers to Secure Communication: Why Johnny Can't Authenticate</a> <span class="c-file__size">(PDF, 907.41 KB )</span> </div> </div> <div class="c-text-cta"> <div class="l-constrain c-text-cta__inner"> <div class="c-text-cta__content"> <h2>Please share your thoughts!</h2> <div class="c-text-cta__summary"> <div class="c-text-cta__summary"> <p>We welcome your feedback.</p> </div> </div> <p><a class="c-button c-button--on-dark" href="https://cisasurvey.gov1.qualtrics.com/jfe/form/SV_9n4TtB8uttUPaM6?product=https://cisa.gov/resources-tools/resources/barriers-secure-ot-communication-why-johnny-cant-authenticate">CISA Product Survey</a></p> </div> </div> </div>

Updates to Cyber Command's challenge problems<br/>

U.S. and Allies Identify and Expose Russian Intelligence-Gathering “Snake” Malware<br/> <img src='https://media.defense.gov/2023/May/09/2003218742/150/150/0/230509-D-D0451-0001.PNG' alt='Snake Malware' /> <br />

POSTURE STATEMENT OF GENERAL PAUL M. NAKASONE<br/>

Gen. Paul M. Nakasone, commander, U.S. Cyber Command, on Tuesday, April 5, 2022 will testify in front of the Senate Committee on Armed Services and the House Committee on Armed Services, Cyber, Innovative Technologies, and Information Systems Subcommittees.<br/>

U.S. Cyber Command has concluded CYBER FLAG 24-2, marking a significant milestone as the first iteration of the exercise to incorporate Offensive Cyberspace Operations, August 30.<br/> <img src='https://media.defense.gov/2024/Sep/04/2003537203/150/150/0/240829-A-Q1826-1002.JPG' alt='Soldier works behind keyboard.' /> <br />

The European Union’s Disinformation Lab (EU DisinfoLab) has recently exposed a sophisticated Russian influence campaign known as “DoppelGänger.” <br/>

Integrated deterrence starts at the lowest level and at 16th Air Force’s (AFCYBER) 67th Cyberspace Wing A39, the Information Operations team is making a global impact at their level. <br/> <img src='https://media.defense.gov/2023/Oct/03/2003315561/150/150/0/210101-F-IY571-1006.JPG' alt='A photo of people working together at the Emerald Warrior exercise.' /> <br />

<p>CISA has added two new vulnerabilities to its <a href="https://www.cisa.gov/known-exploited-vulnerabilities-catalog" data-entity-type="node" data-entity-uuid="79453b83-86b9-4e2f-b1ec-abf73c6eb291" data-entity-substitution="canonical" title="Known Exploited Vulnerabilities Catalog">Known Exploited Vulnerabilities (KEV) Catalog</a>, based on evidence of active exploitation.</p> <ul> <li><a href="https://www.cve.org/CVERecord?id=CVE-2026-21385" target="_blank">CVE-2026-21385</a> Qualcomm Multiple Chipsets Memory Corruption Vulnerability</li> <li><a href="https://www.cve.org/CVERecord?id=CVE-2026-22719" target="_blank">CVE-2026-22719</a> Broadcom VMware Aria Operations Command Injection Vulnerability</li> </ul> <p>These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.</p> <p><a href="https://www.cisa.gov/binding-operational-directive-22-01">Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities</a> established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the <a href="https://www.cisa.gov/sites/default/files/publications/Reducing_the_Significant_Risk_of_Known_Exploited_Vulnerabilities_211103.pdf">BOD 22-01 Fact Sheet</a> for more information.</p> <p>Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of <a href="https://www.cisa.gov/known-exploited-vulnerabilities-catalog" data-entity-type="node" data-entity-uuid="79453b83-86b9-4e2f-b1ec-abf73c6eb291" data-entity-substitution="canonical" title="Known Exploited Vulnerabilities Catalog">KEV Catalog vulnerabilities</a> as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the <a href="https://www.cisa.gov/known-exploited-vulnerabilities" data-entity-type="node" data-entity-uuid="f2adba9a-0404-494c-a90c-4363a4a5c934" data-entity-substitution="canonical" title="Reducing the Significant Risk of Known Exploited Vulnerabilities">specified criteria</a>.</p>

<p><a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-062-08.json"><strong>View CSAF</strong></a></p> <h2>Summary</h2> <p><strong>Successful exploitation of these vulnerabilities could enable attackers to gain unauthorized administrative control over vulnerable charging stations or disrupt charging services through denial-of-service attacks.</strong></p> <p>The following versions of Everon OCPP Backends are affected:</p> <ul> <li>api.everon.io vers:all/*&nbsp;</li> </ul> <div class="csaf-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS</th> <th role="columnheader">Vendor</th> <th role="columnheader">Equipment</th> <th role="columnheader">Vulnerabilities</th> </tr> </thead> <tbody> <tr> <td>v3 9.4</td> <td>Everon</td> <td>Everon OCPP Backends</td> <td>Missing Authentication for Critical Function, Improper Restriction of Excessive Authentication Attempts, Insufficient Session Expiration, Insufficiently Protected Credentials</td> </tr> </tbody> </table> </div> <h3>Background</h3> <ul> <li><strong>Critical Infrastructure Sectors: </strong>Energy, Transportation Systems</li> <li><strong>Countries/Areas Deployed: </strong>Worldwide</li> <li><strong>Company Headquarters Location: </strong>Netherlands</li> </ul> <hr> <h2>Vulnerabilities</h2> <div class="csaf-accordion"> <p><a class="csaf-accordion-toggle-all" href="#">Expand All +</a></p> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2026-26288</a></h3> <div class="csaf-accordion-content"> <p>WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then issue or receive OCPP commands as a legitimate charger. Given that no authentication is required, this can lead to privilege escalation, unauthorized control of charging infrastructure, and corruption of charging network data reported to the backend.</p> <p><a href="https://www.cve.org/CVERecord?id=CVE-2026-26288">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Everon OCPP Backends</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Everon</div> <div class="ics-version"><strong>Product Version:</strong><br>Everon api.everon.io: vers:all/*</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Mitigation</strong><br>Everon has shut down their platform on December 1st, 2025.</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/306.html">CWE-306 Missing Authentication for Critical Function</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>9.4</td> <td>CRITICAL</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2026-24696</a></h3> <div class="csaf-accordion-content"> <p>The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing or mis-routing legitimate charger telemetry, or conduct brute-force attacks to gain unauthorized access.</p> <p><a href="https://www.cve.org/CVERecord?id=CVE-2026-24696">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Everon OCPP Backends</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Everon</div> <div class="ics-version"><strong>Product Version:</strong><br>Everon api.everon.io: vers:all/*</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Mitigation</strong><br>Everon has shut down their platform on December 1st, 2025.</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/307.html">CWE-307 Improper Restriction of Excessive Authentication Attempts</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>7.5</td> <td>HIGH</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2026-20748</a></h3> <div class="csaf-accordion-content"> <p>The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent connection displaces the legitimate charging station and receives backend commands intended for that station. This vulnerability may allow unauthorized users to authenticate as other users or enable a malicious actor to cause a denial-of-service condition by overwhelming the backend with valid session requests.</p> <p><a href="https://www.cve.org/CVERecord?id=CVE-2026-20748">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Everon OCPP Backends</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Everon</div> <div class="ics-version"><strong>Product Version:</strong><br>Everon api.everon.io: vers:all/*</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Mitigation</strong><br>Everon has shut down their platform on December 1st, 2025.</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/613.html">CWE-613 Insufficient Session Expiration</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>7.3</td> <td>HIGH</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2026-27027</a></h3> <div class="csaf-accordion-content"> <p>Charging station authentication identifiers are publicly accessible via web-based mapping platforms.</p> <p><a href="https://www.cve.org/CVERecord?id=CVE-2026-27027">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Everon OCPP Backends</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Everon</div> <div class="ics-version"><strong>Product Version:</strong><br>Everon api.everon.io: vers:all/*</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Mitigation</strong><br>Everon has shut down their platform on December 1st, 2025.</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/522.html">CWE-522 Insufficiently Protected Credentials</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>6.5</td> <td>MEDIUM</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N</a></td> </tr> </tbody> </table> </div> </div> </div> </div> <hr> <h2>Acknowledgments</h2> <ul> <li>Khaled Sarieddine and Mohammad Ali Sayed reported these vulnerabilities to CISA</li> </ul> <hr> <h2>Legal Notice and Terms of Use</h2> <p>This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy &amp; Use policy (https://www.cisa.gov/privacy-policy).</p> <hr> <h2>Recommended Practices</h2> <p>CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:</p> <p>Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the Internet.</p> <p>Locate control system networks and remote devices behind firewalls and isolating them from business networks.</p> <p>When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.</p> <p>CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.</p> <p>CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.</p> <p>CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.</p> <p>Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.</p> <p>Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.</p> <p>No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.</p> <hr> <h2>Revision History</h2> <ul> <li><strong>Initial Release Date: </strong>2026-03-03</li> </ul> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">Date</th> <th role="columnheader">Revision</th> <th role="columnheader">Summary</th> </tr> </thead> <tbody> <tr> <td>2026-03-03</td> <td>1</td> <td>Initial Publication</td> </tr> </tbody> </table> <hr> <h2>Legal Notice and Terms of Use</h2>

<p><a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-062-03.json"><strong>View CSAF</strong></a></p> <h2>Summary</h2> <p><strong>Hitachi Energy is aware of vulnerabilities that affect RTU500 product versions listed in this document. Successful exploitation of these vulnerabilities can result in the exposure of low-value user management information and device outage. Please refer to the Recommended Immediate Actions for information about the mitigation/remediation.</strong></p> <p>The following versions of Hitachi Energy RTU500 Product are affected:</p> <ul> <li>RTU500 series CMU Firmware vers:RTU500_series_CMU_Firmware/&gt;=12.7.1|&lt;=12.7.7, vers:RTU500_series_CMU_Firmware/&gt;=13.5.1|&lt;=13.5.4, vers:RTU500_series_CMU_Firmware/&gt;=13.6.1|&lt;=13.6.2, vers:RTU500_series_CMU_Firmware/&gt;=13.7.1|&lt;=13.7.7, 13.8.1&nbsp;</li> </ul> <div class="csaf-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS</th> <th role="columnheader">Vendor</th> <th role="columnheader">Equipment</th> <th role="columnheader">Vulnerabilities</th> </tr> </thead> <tbody> <tr> <td>v3 7.5</td> <td>Hitachi Energy</td> <td>Hitachi Energy RTU500 Product</td> <td>Improper Handling of Insufficient Permissions or Privileges , Incomplete List of Disallowed Inputs, Uncontrolled Recursion, Allocation of Resources Without Limits or Throttling</td> </tr> </tbody> </table> </div> <h3>Background</h3> <ul> <li><strong>Critical Infrastructure Sectors: </strong>Critical Manufacturing</li> <li><strong>Countries/Areas Deployed: </strong>Worldwide</li> <li><strong>Company Headquarters Location: </strong>Switzerland</li> </ul> <hr> <h2>Vulnerabilities</h2> <div class="csaf-accordion"> <p><a class="csaf-accordion-toggle-all" href="#">Expand All +</a></p> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2026-1772</a></h3> <div class="csaf-accordion-content"> <p>RTU500 web interface: An unprivileged user can read user management information. The information cannot be accessed via the RTU500 web user interface but requires further tools like browser development utilities to access them without required privileges.</p> <p><a href="https://www.cve.org/CVERecord?id=CVE-2026-1772">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Hitachi Energy RTU500 Product</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Hitachi Energy</div> <div class="ics-version"><strong>Product Version:</strong><br>RTU500 series CMU Firmware version 12.7.1 through 12.7.7, RTU500 series CMU Firmware version 13.5.1 through 13.5.4, RTU500 series CMU Firmware version 13.6.1 through 13.6.2, RTU500 series CMU Firmware version 13.7.1 through 13.7.7, RTU500 series CMU Firmware version 13.8.1</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>Update to CMU Firmware version 12.7.8</p> <p><strong>Mitigation</strong><br>Follow general mitigation factors/workarounds</p> <p><strong>Vendor fix</strong><br>Update to CMU Firmware version 13.7.8 or latest</p> <p><strong>Vendor fix</strong><br>Update to CMU Firmware version 13.8.2</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/280.html">CWE-280 Improper Handling of Insufficient Permissions or Privileges</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>4.3</td> <td>MEDIUM</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N">CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2026-1773</a></h3> <div class="csaf-accordion-content"> <p>IEC 60870-5-104: Potential Denial of Service impact on reception of invalid U-format frame. Product is only affected if IEC 60870-5-104 bi-directional functionality is configured. Enabling secure communication following IEC 62351-3 does not remediate the vulnerability but mitigates the risk of exploitation.</p> <p><a href="https://www.cve.org/CVERecord?id=CVE-2026-1773">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Hitachi Energy RTU500 Product</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Hitachi Energy</div> <div class="ics-version"><strong>Product Version:</strong><br>RTU500 series CMU Firmware version 12.7.1 through 12.7.7, RTU500 series CMU Firmware version 13.5.1 through 13.5.4, RTU500 series CMU Firmware version 13.6.1 through 13.6.2, RTU500 series CMU Firmware version 13.7.1 through 13.7.7, RTU500 series CMU Firmware version 13.8.1</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>Update to CMU Firmware version 12.7.8</p> <p><strong>Mitigation</strong><br>Follow general mitigation factors/workarounds</p> <p><strong>Vendor fix</strong><br>Update to CMU Firmware version 13.7.8 or latest</p> <p><strong>Vendor fix</strong><br>Update to CMU Firmware version 13.8.2</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/184.html">CWE-184 Incomplete List of Disallowed Inputs</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>7.5</td> <td>HIGH</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2024-8176</a></h3> <div class="csaf-accordion-content"> <p>A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash. This issue could lead to denial of service (DoS) or, in some cases, exploitable memory corruption, depending on the environment and library usage. Product is only affected if IEC61850 functionality is configured.</p> <p><a href="https://www.cve.org/CVERecord?id=CVE-2024-8176">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Hitachi Energy RTU500 Product</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Hitachi Energy</div> <div class="ics-version"><strong>Product Version:</strong><br>RTU500 series CMU Firmware version 12.7.1 through 12.7.7, RTU500 series CMU Firmware version 13.5.1 through 13.5.4, RTU500 series CMU Firmware version 13.6.1 through 13.6.2, RTU500 series CMU Firmware version 13.7.1 through 13.7.7, RTU500 series CMU Firmware version 13.8.1</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>Update to CMU Firmware version 12.7.8</p> <p><strong>Mitigation</strong><br>Follow general mitigation factors/workarounds</p> <p><strong>Vendor fix</strong><br>Update to CMU Firmware version 13.7.8 or latest</p> <p><strong>Vendor fix</strong><br>Update to CMU Firmware version 13.8.2</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/674.html">CWE-674 Uncontrolled Recursion</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>7.5</td> <td>HIGH</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2025-59375</a></h3> <div class="csaf-accordion-content"> <p>libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing. Product is only affected if IEC61850 functionality is configured.</p> <p><a href="https://www.cve.org/CVERecord?id=CVE-2025-59375">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Hitachi Energy RTU500 Product</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Hitachi Energy</div> <div class="ics-version"><strong>Product Version:</strong><br>RTU500 series CMU Firmware version 12.7.1 through 12.7.7, RTU500 series CMU Firmware version 13.5.1 through 13.5.4, RTU500 series CMU Firmware version 13.6.1 through 13.6.2, RTU500 series CMU Firmware version 13.7.1 through 13.7.7, RTU500 series CMU Firmware version 13.8.1</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>Update to CMU Firmware version 12.7.8</p> <p><strong>Mitigation</strong><br>Follow general mitigation factors/workarounds</p> <p><strong>Vendor fix</strong><br>Update to CMU Firmware version 13.7.8 or latest</p> <p><strong>Vendor fix</strong><br>Update to CMU Firmware version 13.8.2</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/770.html">CWE-770 Allocation of Resources Without Limits or Throttling</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>7.5</td> <td>HIGH</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H</a></td> </tr> </tbody> </table> </div> </div> </div> </div> <hr> <h2>Acknowledgments</h2> <ul> <li>Hitachi Energy PSIRT reported these vulnerabilities to CISA.</li> </ul> <hr> <h2>Notice</h2> <p>The information in this document is subject to change without notice and should not be construed as a commitment by Hitachi Energy. Hitachi Energy provides no warranty, express or implied, including warranties of merchantability and fitness for a particular purpose, for the information contained in this document, and assumes no responsibility for any errors that may appear in this document. In no event shall Hitachi Energy or any of its suppliers be liable for direct, indirect, special, incidental or consequential damages of any nature or kind arising from the use of this document, or from the use of any hardware or software described in this document, even if Hitachi Energy or its suppliers have been advised of the possibility of such damages. This document and parts hereof must not be reproduced or copied without written permission from Hitachi Energy and the contents hereof must not be imparted to a third party nor used for any unauthorized purpose. All rights to registrations and trademarks reside with their respective owners.</p> <hr> <h2>Support</h2> <p>For additional information and support please contact your product provider or Hitachi Energy service organization. For contact information, see https://www.hitachienergy.com/contact-us/ for Hitachi Energy contact-centers.</p> <hr> <h2>General Mitigation Factors</h2> <p>Recommended security practices and firewall configurations can help protect a process control network from attacks that originate from outside the network. Such practices include that process control systems are physically protected from direct access by unauthorized personnel, have no direct connections to the Internet, and are separated from other networks by means of a firewall system that has a minimal number of ports exposed, and others that have to be evaluated case by case. Process control systems should not be used for Internet surfing, instant messaging, or receiving e-mails. Portable computers and removable storage media should be carefully scanned for viruses before they are connected to a control system. Proper password policies and processes should be followed.</p> <hr> <h2>Legal Notice and Terms of Use</h2> <p>This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy &amp; Use policy (https://www.cisa.gov/privacy-policy).</p> <hr> <h2>Recommended Practices</h2> <p>CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.</p> <p>Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.</p> <p>Locate control system networks and remote devices behind firewalls and isolate them from business networks.</p> <p>When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.</p> <p>CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.</p> <p>CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.</p> <p>CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.</p> <p>Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.</p> <hr> <h2>Advisory Conversion Disclaimer</h2> <p>This ICSA is a verbatim republication of Hitachi Energy PSIRT 8DBD000237 from a direct conversion of the vendor's Common Security Advisory Framework (CSAF) advisory. This is republished to CISA's website as a means of increasing visibility and is provided "as-is" for informational purposes only. CISA is not responsible for the editorial or technical accuracy of republished advisories and provides no warranties of any kind regarding any information contained within this advisory. Further, CISA does not endorse any commercial product or service. Please contact Hitachi Energy PSIRT directly for any questions regarding this advisory.</p> <h2>Revision History</h2> <ul> <li><strong>Initial Release Date: </strong>2026-02-24</li> </ul> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">Date</th> <th role="columnheader">Revision</th> <th role="columnheader">Summary</th> </tr> </thead> <tbody> <tr> <td>2026-02-24</td> <td>1</td> <td>Initial public release</td> </tr> <tr> <td>2026-03-03</td> <td>2</td> <td>Initial CISA Republication of Hitachi Energy PSIRT 8DBD000237 advisory</td> </tr> </tbody> </table> <hr> <h2>Legal Notice and Terms of Use</h2>

<p><a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-062-02.json"><strong>View CSAF</strong></a></p> <h2>Summary</h2> <p><strong>Hitachi Energy is aware of vulnerabilities that affect the Relion REB500 product versions listed in this document. Authenticated users with certain roles can exploit the vulnerabilities to access and modify the directory contents they are not authorized to do so. Please refer to the Recommended Immediate Actions for information about the mitigation/remediation.</strong></p> <p>The following versions of Hitachi Energy Relion REB500 Product are affected:</p> <ul> <li>Relion REB500 vers:Relion_REB500/&lt;=8.3.3.0 (CVE-2026-2459, CVE-2026-2460)</li> </ul> <div class="csaf-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS</th> <th role="columnheader">Vendor</th> <th role="columnheader">Equipment</th> <th role="columnheader">Vulnerabilities</th> </tr> </thead> <tbody> <tr> <td>v3 6.8</td> <td>Hitachi Energy</td> <td>Hitachi Energy Relion REB500 Product</td> <td>Privilege Defined With Unsafe Actions</td> </tr> </tbody> </table> </div> <h3>Background</h3> <ul> <li><strong>Critical Infrastructure Sectors: </strong>Energy</li> <li><strong>Countries/Areas Deployed: </strong>Worldwide</li> <li><strong>Company Headquarters Location: </strong>Switzerland</li> </ul> <hr> <h2>Vulnerabilities</h2> <div class="csaf-accordion"> <p><a class="csaf-accordion-toggle-all" href="#">Expand All +</a></p> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2026-2459</a></h3> <div class="csaf-accordion-content"> <p>A vulnerability exists in REB500 for an authenticated user with Installer role to access and alter the contents of directories that the role is not authorized to do so.</p> <p><a href="https://www.cve.org/CVERecord?id=CVE-2026-2459">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Hitachi Energy Relion REB500 Product</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Hitachi Energy</div> <div class="ics-version"><strong>Product Version:</strong><br>REB500 versions 8.3.3.0 and prior</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>Hitachi Energy recommends that users update to version 8.3.3.1.</p> <p><strong>Mitigation</strong><br>For CVE-2026-2459, as a mitigation strategy, users may also disable the Installer role and enable it only during the firmware update process.</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/267.html">CWE-267 Privilege Defined With Unsafe Actions</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>6.5</td> <td>MEDIUM</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N">CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2026-2460</a></h3> <div class="csaf-accordion-content"> <p>A vulnerability exists in REB500 for an authenticated user with low-level privileges to access and alter the content of directories by using the DAC protocol that the user is not authorized to do so.</p> <p><a href="https://www.cve.org/CVERecord?id=CVE-2026-2460">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Hitachi Energy Relion REB500 Product</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Hitachi Energy</div> <div class="ics-version"><strong>Product Version:</strong><br>REB500 versions 8.3.3.0 and prior</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>Update to version 8.3.3.1</p> <p><strong>Mitigation</strong><br>Apply general mitigation factors</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/267.html">CWE-267 Privilege Defined With Unsafe Actions</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>6.8</td> <td>MEDIUM</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N">CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N</a></td> </tr> </tbody> </table> </div> </div> </div> </div> <hr> <h2>Acknowledgments</h2> <ul> <li>Hitachi Energy reported this vulnerability to CISA.</li> </ul> <hr> <h2>Notice</h2> <p>The information in this document is subject to change without notice and should not be construed as a commitment by Hitachi Energy. Hitachi Energy provides no warranty, express or implied, including warranties of merchantability and fitness for a particular purpose, for the information contained in this document, and assumes no responsibility for any errors that may appear in this document. In no event shall Hitachi Energy or any of its suppliers be liable for direct, indirect, special, incidental or consequential damages of any nature or kind arising from the use of this document, or from the use of any hardware or software described in this document, even if Hitachi Energy or its suppliers have been advised of the possibility of such damages. This document and parts hereof must not be reproduced or copied without written permission from Hitachi Energy and the contents hereof must not be imparted to a third party nor used for any unauthorized purpose. All rights to registrations and trademarks reside with their respective owners.</p> <hr> <h2>Support</h2> <p>For additional information and support please contact your product provider or Hitachi Energy service organization. For contact information, see https://www.hitachienergy.com/contact-us/ for Hitachi Energy contact-centers.</p> <hr> <h2>General Mitigation Factors</h2> <p>Recommended security practices and firewall configurations can help protect a process control network from attacks that originate from outside the network. Such practices include that process control systems are physically protected from direct access by unauthorized personnel, have no direct connections to the Internet, and are separated from other networks by means of a firewall system that has a minimal number of ports exposed, and others that have to be evaluated case by case. Process control systems should not be used for Internet surfing, instant messaging, or receiving e-mails. Portable computers and removable storage media should be carefully scanned for viruses before they are connected to a control system. Proper password policies and processes should be followed.</p> <hr> <h2>Legal Notice and Terms of Use</h2> <p>This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy &amp; Use policy (https://www.cisa.gov/privacy-policy).</p> <hr> <h2>Recommended Practices</h2> <p>CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.</p> <p>Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.</p> <p>Locate control system networks and remote devices behind firewalls and isolate them from business networks.</p> <p>When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.</p> <p>CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.</p> <p>CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.</p> <p>CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.</p> <p>Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.</p> <hr> <h2>Advisory Conversion Disclaimer</h2> <p>This ICSA is a verbatim republication of Hitachi Energy PSIRT 8DBD000217 from a direct conversion of the vendor's Common Security Advisory Framework (CSAF) advisory. This is republished to CISA's website as a means of increasing visibility and is provided "as-is" for informational purposes only. CISA is not responsible for the editorial or technical accuracy of republished advisories and provides no warranties of any kind regarding any information contained within this advisory. Further, CISA does not endorse any commercial product or service. Please contact Hitachi Energy PSIRT directly for any questions regarding this advisory.</p> <h2>Revision History</h2> <ul> <li><strong>Initial Release Date: </strong>2026-02-24</li> </ul> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">Date</th> <th role="columnheader">Revision</th> <th role="columnheader">Summary</th> </tr> </thead> <tbody> <tr> <td>2026-02-24</td> <td>1</td> <td>Initial public release</td> </tr> <tr> <td>2026-03-03</td> <td>2</td> <td>Initial CISA Republication of Hitachi Energy PSIRT 8DBD000217 advisory</td> </tr> </tbody> </table> <hr> <h2>Legal Notice and Terms of Use</h2>

<p><a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-062-05.json"><strong>View CSAF</strong></a></p> <h2>Summary</h2> <p><strong>Successful exploitation of this vulnerability could allow attackers to gain unauthorized control over system operations, leading to disruption of normal functionality and potential safety hazards.</strong></p> <p>The following versions of Labkotec LID-3300IP are affected:</p> <ul> <li>LID-3300IP vers:all/*</li> <li>LID-3300IP Type 2</li> </ul> <div class="csaf-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS</th> <th role="columnheader">Vendor</th> <th role="columnheader">Equipment</th> <th role="columnheader">Vulnerabilities</th> </tr> </thead> <tbody> <tr> <td>v3 9.4</td> <td>Labkotec</td> <td>Labkotec LID-3300IP</td> <td>Missing Authentication for Critical Function</td> </tr> </tbody> </table> </div> <h3>Background</h3> <ul> <li><strong>Critical Infrastructure Sectors: </strong>Communications, Energy</li> <li><strong>Countries/Areas Deployed: </strong>Worldwide</li> <li><strong>Company Headquarters Location: </strong>Finland</li> </ul> <hr> <h2>Vulnerabilities</h2> <div class="csaf-accordion"> <p><a class="csaf-accordion-toggle-all" href="#">Expand All +</a></p> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2026-1775</a></h3> <div class="csaf-accordion-content"> <p>The Labkotec LID-3300IP has an existing vulnerability in the ice detector software that enables an unauthenticated attacker to alter device parameters and run operational commands when specially crafted packets are sent to the device.</p> <p><a href="https://www.cve.org/CVERecord?id=CVE-2026-1775">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Labkotec LID-3300IP</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Labkotec</div> <div class="ics-version"><strong>Product Version:</strong><br>Labkotec LID-3300IP: vers:all/*, Labkotec LID-3300IP Type 2: &lt;V2.20</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>Labkotec reports that it is not possible to implement secure and encrypted network traffic on the LID-3300IP. For this reason, Labkotec recommends updating ice detectors to the LID-3300IP Type 2 model and installing the latest firmware version V2.40. It is also highly recommended to activate HTTPS for network traffic. The device type and software version can be verified in the web interface.</p> <p><strong>Mitigation</strong><br>Devices not connected to an Ethernet network are not susceptible to this attack. Ice detectors operating on secure internal networks that adhere to modern security standards, where only authorized devices and users have access, are protected against external threats.</p> <p><strong>Mitigation</strong><br>Labkotec recommends implementing the following additional security controls:<br>Do not connect the device to the public Internet<br>Follow good security practices<br>Change Default Credentials<br>Enable Secure Management Access<br>Network Segmentation<br>Implement Firewall and Access Controls<br>Restrict Protocols<br>Monitor and Alert<br>Avoid Direct Internet Exposure<br>Keep Firmware Updated<br>Control Physical Access<br>Maintain Inventory and Access Reviews</p> <p><strong>Mitigation</strong><br>Users can find more information in Labkotec's security advisory (https://labkotec.fi/wp-content/uploads/CA-000001-Cybersecurity-Advisory.pdf).</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/306.html">CWE-306 Missing Authentication for Critical Function</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>9.4</td> <td>CRITICAL</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H</a></td> </tr> </tbody> </table> </div> </div> </div> </div> <hr> <h2>Acknowledgments</h2> <ul> <li>Souvik Kandar reported this vulnerability to CISA</li> </ul> <hr> <h2>Legal Notice and Terms of Use</h2> <p>This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy &amp; Use policy (https://www.cisa.gov/privacy-policy).</p> <hr> <h2>Recommended Practices</h2> <p>CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:</p> <p>Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.</p> <p>Locate control system networks and remote devices behind firewalls and isolating them from business networks.</p> <p>When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.</p> <p>CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.</p> <p>CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.</p> <p>CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.</p> <p>Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.</p> <p>Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.</p> <p>No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time.</p> <hr> <h2>Revision History</h2> <ul> <li><strong>Initial Release Date: </strong>2026-03-03</li> </ul> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">Date</th> <th role="columnheader">Revision</th> <th role="columnheader">Summary</th> </tr> </thead> <tbody> <tr> <td>2026-03-03</td> <td>1</td> <td>Initial Publication</td> </tr> </tbody> </table> <hr> <h2>Legal Notice and Terms of Use</h2>

<p><a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-062-01.json"><strong>View CSAF</strong></a></p> <h2>Summary</h2> <p><strong>Successful exploitation of these vulnerabilities could allow a remote attacker to cause a denial-of-service condition by continuously sending UDP packets to the affected products.</strong></p> <p>The following versions of Mitsubishi Electric MELSEC iQ-F Series EtherNet/IP module and Ethernet module are affected:</p> <ul> <li>MELSEC iQ-F Series FX5-ENET/IP Ethernet Module FX5-ENET/IP &lt;=1.106, vers:all/* (CVE-2026-1874, CVE-2026-1876)</li> <li>MELSEC iQ-F Series FX5-EIP EtherNet/IP Module FX5-EIP vers:all/* (CVE-2026-1874, CVE-2026-1875)</li> </ul> <div class="csaf-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS</th> <th role="columnheader">Vendor</th> <th role="columnheader">Equipment</th> <th role="columnheader">Vulnerabilities</th> </tr> </thead> <tbody> <tr> <td>v3 7.5</td> <td>Mitsubishi Electric</td> <td>Mitsubishi Electric MELSEC iQ-F Series EtherNet/IP module and Ethernet module</td> <td>Always-Incorrect Control Flow Implementation, Improper Resource Shutdown or Release</td> </tr> </tbody> </table> </div> <h3>Background</h3> <ul> <li><strong>Critical Infrastructure Sectors: </strong>Critical Manufacturing</li> <li><strong>Countries/Areas Deployed: </strong>Worldwide</li> <li><strong>Company Headquarters Location: </strong>Japan</li> </ul> <hr> <h2>Vulnerabilities</h2> <div class="csaf-accordion"> <p><a class="csaf-accordion-toggle-all" href="#">Expand All +</a></p> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2026-1874</a></h3> <div class="csaf-accordion-content"> <p>An always-incorrect control flow implementation vulnerability may allow a remote attacker to cause a denial-of-service condition by continuously sending UDP packets to the affected products.</p> <p><a href="https://www.cve.org/CVERecord?id=CVE-2026-1874">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Mitsubishi Electric MELSEC iQ-F Series EtherNet/IP module and Ethernet module</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Mitsubishi Electric</div> <div class="ics-version"><strong>Product Version:</strong><br>Mitsubishi Electric MELSEC iQ-F Series FX5-ENET/IP Ethernet Module FX5-ENET/IP: &lt;=1.106, Mitsubishi Electric MELSEC iQ-F Series FX5-EIP EtherNet/IP Module FX5-EIP: vers:all/*</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>Users of FX5-ENET/IP versions 1.106 and prior should download the update file for version 1.107 or later and apply it. The update file is available at: https://www.mitsubishielectric.com/fa/download/index.html.</p> <p><strong>Mitigation</strong><br>The fixed version for the FX5-EIP is scheduled to be released in the near future. In the meantime, users should apply mitigations or workarounds.</p> <p><strong>Mitigation</strong><br>For users of products that do not have a fixed version or who cannot immediately update the product, Mitsubishi Electric recommends using a firewall, virtual private network (VPN), etc. and preventing unauthorized access when internet access is required, to minimize the risk of exploiting this vulnerability.</p> <p><strong>Mitigation</strong><br>For users of products that do not have a fixed version or who cannot immediately update the product, Mitsubishi Electric recommends using the affected product within a LAN and blocking access from untrusted networks and hosts through firewalls, to minimize the risk of exploiting this vulnerability.</p> <p><strong>Mitigation</strong><br>For users of products that do not have a fixed version or who cannot immediately update the product, Mitsubishi Electric recommends using the IP filter function of the affected product and blocking access from untrusted hosts, to minimize the risk of exploiting this vulnerability. For details on the IP filter function, refer to “13.1 IP Filter Function” in the MELSEC iQ-F FX5 User’s Manual (Communication).</p> <p><strong>Mitigation</strong><br>For users of products that do not have a fixed version or who cannot immediately update the product, Mitsubishi Electric recommends restricting physical access to the affected product, as well as to PCs and network devices to which it is connected, to minimize the risk of exploiting this vulnerability.</p> <p><strong>Mitigation</strong><br>For users of products that do not have a fixed version or who cannot immediately update the product, Mitsubishi Electric recommends installing anti-virus software on PCs that can access the affected product, to minimize the risk of exploiting this vulnerability.</p> <p><strong>Mitigation</strong><br>For more information, see Mitsubishi Electric 2025-021. https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2025-021_en.pdf</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/670.html">CWE-670 Always-Incorrect Control Flow Implementation</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>7.5</td> <td>HIGH</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2026-1875</a></h3> <div class="csaf-accordion-content"> <p>An improper resource shutdown or release vulnerability in the affected products may allow a remote attacker to cause a denial-of-service condition by continuously sending UDP packets.</p> <p><a href="https://www.cve.org/CVERecord?id=CVE-2026-1875">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Mitsubishi Electric MELSEC iQ-F Series EtherNet/IP module and Ethernet module</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Mitsubishi Electric</div> <div class="ics-version"><strong>Product Version:</strong><br>Mitsubishi Electric MELSEC iQ-F Series FX5-EIP EtherNet/IP Module FX5-EIP: vers:all/*</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Mitigation</strong><br>The fixed version for the FX5-EIP is scheduled to be released in the near future. In the meantime, users should apply mitigations or workarounds.</p> <p><strong>Mitigation</strong><br>For users of products that do not have a fixed version or who cannot immediately update the product, Mitsubishi Electric recommends using a firewall, virtual private network (VPN), etc. and preventing unauthorized access when internet access is required, to minimize the risk of exploiting this vulnerability.</p> <p><strong>Mitigation</strong><br>For users of products that do not have a fixed version or who cannot immediately update the product, Mitsubishi Electric recommends using the affected product within a LAN and blocking access from untrusted networks and hosts through firewalls, to minimize the risk of exploiting this vulnerability.</p> <p><strong>Mitigation</strong><br>For users of products that do not have a fixed version or who cannot immediately update the product, Mitsubishi Electric recommends using the IP filter function of the affected product and blocking access from untrusted hosts, to minimize the risk of exploiting this vulnerability. For details on the IP filter function, refer to “13.1 IP Filter Function” in the MELSEC iQ-F FX5 User’s Manual (Communication).</p> <p><strong>Mitigation</strong><br>For users of products that do not have a fixed version or who cannot immediately update the product, Mitsubishi Electric recommends restricting physical access to the affected product, as well as to PCs and network devices to which it is connected, to minimize the risk of exploiting this vulnerability.</p> <p><strong>Mitigation</strong><br>For users of products that do not have a fixed version or who cannot immediately update the product, Mitsubishi Electric recommends installing anti-virus software on PCs that can access the affected product, to minimize the risk of exploiting this vulnerability.</p> <p><strong>Mitigation</strong><br>For more information, see Mitsubishi Electric 2025-021. https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2025-021_en.pdf</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/404.html">CWE-404 Improper Resource Shutdown or Release</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>7.5</td> <td>HIGH</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2026-1876</a></h3> <div class="csaf-accordion-content"> <p>An improper resource shutdown or release vulnerability may allow a remote attacker to cause a denial-of-service condition in the affected products by continuously sending UDP packets.</p> <p><a href="https://www.cve.org/CVERecord?id=CVE-2026-1876">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Mitsubishi Electric MELSEC iQ-F Series EtherNet/IP module and Ethernet module</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Mitsubishi Electric</div> <div class="ics-version"><strong>Product Version:</strong><br>Mitsubishi Electric MELSEC iQ-F Series FX5-ENET/IP Ethernet Module FX5-ENET/IP: vers:all/*</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>No fix planned</strong><br>Users should apply mitigations or workarounds since there are no plans to release a fixed version.</p> <p><strong>Mitigation</strong><br>For users of products that do not have a fixed version, Mitsubishi Electric recommends using a firewall, virtual private network (VPN), etc. and preventing unauthorized access when internet access is required, to minimize the risk of exploiting this vulnerability.</p> <p><strong>Mitigation</strong><br>For users of products that do not have a fixed version, Mitsubishi Electric recommends using the affected product within a LAN and blocking access from untrusted networks and hosts through firewalls, to minimize the risk of exploiting this vulnerability.</p> <p><strong>Mitigation</strong><br>For users of products that do not have a fixed version, Mitsubishi Electric recommends using the IP filter function of the affected product and blocking access from untrusted hosts, to minimize the risk of exploiting this vulnerability. For details on the IP filter function, refer to “13.1 IP Filter Function” in the MELSEC iQ-F FX5 User’s Manual (Communication).</p> <p><strong>Mitigation</strong><br>For users of products that do not have a fixed version, Mitsubishi Electric recommends restricting physical access to the affected product, as well as to PCs and network devices to which it is connected, to minimize the risk of exploiting this vulnerability.</p> <p><strong>Mitigation</strong><br>For users of products that do not have a fixed version, Mitsubishi Electric recommends installing anti-virus software on PCs that can access the affected product, to minimize the risk of exploiting this vulnerability.</p> <p><strong>Mitigation</strong><br>For more information, see Mitsubishi Electric 2025-021. https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2025-021_en.pdf</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/404.html">CWE-404 Improper Resource Shutdown or Release</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>7.5</td> <td>HIGH</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H</a></td> </tr> </tbody> </table> </div> </div> </div> </div> <hr> <h2>Acknowledgments</h2> <ul> <li>Mitsubishi Electric reported these vulnerabilities to CISA</li> </ul> <hr> <h2>Legal Notice and Terms of Use</h2> <p>This product is provided subject to this notification (https://www.cisa.gov/notification) and this privacy &amp; use policy (https://www.cisa.gov/privacy-policy).</p> <hr> <h2>Recommended Practices</h2> <p>CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.</p> <p>CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.</p> <p>CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.</p> <p>Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.</p> <hr> <h2>Advisory Conversion Disclaimer</h2> <p>This ICSA is a republication of Mitsubishi Electric security advisory "2025-021 Multiple denial-of-service vulnerabilities in Ethernet function of MELSEC iQ-F Series EtherNet/IP module and Ethernet module" from a direct conversion of the vendor's Common Security Advisory Framework (CSAF) advisory. This is republished to CISA's website as a means of increasing visibility and is provided "as-is" for informational purposes only. CISA is not responsible for the editorial or technical accuracy of republished advisories and provides no warranties of any kind regarding any information contained within this advisory. Further, CISA does not endorse any commercial product or service. Please contact CISA directly for any questions regarding this advisory.</p> <h2>Revision History</h2> <ul> <li><strong>Initial Release Date: </strong>2026-03-03</li> </ul> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">Date</th> <th role="columnheader">Revision</th> <th role="columnheader">Summary</th> </tr> </thead> <tbody> <tr> <td>2026-03-03</td> <td>1</td> <td>Initial Publication</td> </tr> <tr> <td>2026-03-03</td> <td>2</td> <td>Initial CISA Republication of Mitsubishi Electric security advisory 2025-021</td> </tr> </tbody> </table> <hr> <h2>Legal Notice and Terms of Use</h2>

<p><a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-062-06.json"><strong>View CSAF</strong></a></p> <h2>Summary</h2> <p><strong>Successful exploitation of these vulnerabilities could enable attackers to gain unauthorized administrative control over vulnerable charging stations or disrupt charging services through denial-of-service attacks.</strong></p> <p>The following versions of Mobiliti e-mobi.hu are affected:</p> <ul> <li>e-mobi.hu vers:all/*</li> </ul> <div class="csaf-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS</th> <th role="columnheader">Vendor</th> <th role="columnheader">Equipment</th> <th role="columnheader">Vulnerabilities</th> </tr> </thead> <tbody> <tr> <td>v3 9.4</td> <td>Mobiliti</td> <td>Mobiliti e-mobi.hu</td> <td>Missing Authentication for Critical Function, Improper Restriction of Excessive Authentication Attempts, Insufficient Session Expiration, Insufficiently Protected Credentials</td> </tr> </tbody> </table> </div> <h3>Background</h3> <ul> <li><strong>Critical Infrastructure Sectors: </strong>Energy, Transportation Systems</li> <li><strong>Countries/Areas Deployed: </strong>Worldwide</li> <li><strong>Company Headquarters Location: </strong>Hungary</li> </ul> <hr> <h2>Vulnerabilities</h2> <div class="csaf-accordion"> <p><a class="csaf-accordion-toggle-all" href="#">Expand All +</a></p> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2026-26051</a></h3> <div class="csaf-accordion-content"> <p>WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then issue or receive OCPP commands as a legitimate charger. Given that no authentication is required, this can lead to privilege escalation, unauthorized control of charging infrastructure, and corruption of charging network data reported to the backend.</p> <p><a href="https://www.cve.org/CVERecord?id=CVE-2026-26051">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Mobiliti e-mobi.hu</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Mobiliti</div> <div class="ics-version"><strong>Product Version:</strong><br>Mobiliti e-mobi.hu: vers:all/*</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Mitigation</strong><br>Mobiliti did not respond to CISA's request for coordination. Contact Mobiliti using their contact page here: https://www.mobiliti.hu/emobilitas/ugyfeltamogatas/ugyfelszolgalat for more information.</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/306.html">CWE-306 Missing Authentication for Critical Function</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>9.4</td> <td>CRITICAL</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2026-20882</a></h3> <div class="csaf-accordion-content"> <p>The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing or mis-routing legitimate charger telemetry, or conduct brute-force attacks to gain unauthorized access.</p> <p><a href="https://www.cve.org/CVERecord?id=CVE-2026-20882">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Mobiliti e-mobi.hu</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Mobiliti</div> <div class="ics-version"><strong>Product Version:</strong><br>Mobiliti e-mobi.hu: vers:all/*</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Mitigation</strong><br>Mobiliti did not respond to CISA's request for coordination. Contact Mobiliti using their contact page here: https://www.mobiliti.hu/emobilitas/ugyfeltamogatas/ugyfelszolgalat for more information.</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/307.html">CWE-307 Improper Restriction of Excessive Authentication Attempts</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>7.5</td> <td>HIGH</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2026-27764</a></h3> <div class="csaf-accordion-content"> <p>The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent connection displaces the legitimate charging station and receives backend commands intended for that station. This vulnerability may allow unauthorized users to authenticate as other users or enable a malicious actor to cause a denial-of-service condition by overwhelming the backend with valid session requests.</p> <p><a href="https://www.cve.org/CVERecord?id=CVE-2026-27764">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Mobiliti e-mobi.hu</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Mobiliti</div> <div class="ics-version"><strong>Product Version:</strong><br>Mobiliti e-mobi.hu: vers:all/*</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Mitigation</strong><br>Mobiliti did not respond to CISA's request for coordination. Contact Mobiliti using their contact page here: https://www.mobiliti.hu/emobilitas/ugyfeltamogatas/ugyfelszolgalat for more information.</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/613.html">CWE-613 Insufficient Session Expiration</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>7.3</td> <td>HIGH</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2026-27777</a></h3> <div class="csaf-accordion-content"> <p>Charging station authentication identifiers are publicly accessible via web-based mapping platforms.</p> <p><a href="https://www.cve.org/CVERecord?id=CVE-2026-27777">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Mobiliti e-mobi.hu</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Mobiliti</div> <div class="ics-version"><strong>Product Version:</strong><br>Mobiliti e-mobi.hu: vers:all/*</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Mitigation</strong><br>Mobiliti did not respond to CISA's request for coordination. Contact Mobiliti using their contact page here: https://www.mobiliti.hu/emobilitas/ugyfeltamogatas/ugyfelszolgalat for more information.</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/522.html">CWE-522 Insufficiently Protected Credentials</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>6.5</td> <td>MEDIUM</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N</a></td> </tr> </tbody> </table> </div> </div> </div> </div> <hr> <h2>Acknowledgments</h2> <ul> <li>Khaled Sarieddine and Mohammad Ali Sayed reported these vulnerabilities to CISA</li> </ul> <hr> <h2>Legal Notice and Terms of Use</h2> <p>This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy &amp; Use policy (https://www.cisa.gov/privacy-policy).</p> <hr> <h2>Recommended Practices</h2> <p>CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:</p> <p>Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the Internet.</p> <p>Locate control system networks and remote devices behind firewalls and isolating them from business networks.</p> <p>When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.</p> <p>CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.</p> <p>CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.</p> <p>CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.</p> <p>Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.</p> <p>Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.</p> <p>No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.</p> <hr> <h2>Revision History</h2> <ul> <li><strong>Initial Release Date: </strong>2026-03-03</li> </ul> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">Date</th> <th role="columnheader">Revision</th> <th role="columnheader">Summary</th> </tr> </thead> <tbody> <tr> <td>2026-03-03</td> <td>1</td> <td>Initial Publication</td> </tr> </tbody> </table> <hr> <h2>Legal Notice and Terms of Use</h2>

<p><a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-062-04.json"><strong>View CSAF</strong></a></p> <h2>Summary</h2> <p><strong>Successful exploitation of this vulnerability could allow a local attacker to escalate privileges or cause a denial-of-service condition.</strong></p> <p>The following versions of Portwell Engineering Toolkits are affected:</p> <ul> <li>Portwell Engineering Toolkits 4.8.2</li> </ul> <div class="csaf-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS</th> <th role="columnheader">Vendor</th> <th role="columnheader">Equipment</th> <th role="columnheader">Vulnerabilities</th> </tr> </thead> <tbody> <tr> <td>v3 8.8</td> <td>Portwell</td> <td>Portwell Engineering Toolkits</td> <td>Improper Restriction of Operations within the Bounds of a Memory Buffer</td> </tr> </tbody> </table> </div> <h3>Background</h3> <ul> <li><strong>Critical Infrastructure Sectors: </strong>Critical Manufacturing, Energy</li> <li><strong>Countries/Areas Deployed: </strong>Worldwide</li> <li><strong>Company Headquarters Location: </strong>Taiwan</li> </ul> <hr> <h2>Vulnerabilities</h2> <div class="csaf-accordion"> <p><a class="csaf-accordion-toggle-all" href="#">Expand All +</a></p> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2026-3437</a></h3> <div class="csaf-accordion-content"> <p>An Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Portwell Engineering Toolkits version 4.8.2 could allow a local authenticated attacker to read and write to arbitrary memory via the Portwell Engineering Toolkits driver. Successful exploitation of this vulnerability could result in escalation of privileges or cause a denial-of-service condition.</p> <p><a href="https://www.cve.org/CVERecord?id=CVE-2026-3437">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Portwell Engineering Toolkits</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Portwell</div> <div class="ics-version"><strong>Product Version:</strong><br>Portwell Portwell Engineering Toolkits: 4.8.2</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>Portwell has not responded to requests to work with CISA to mitigate this vulnerability. Users of affected versions of Portwell Engineering Toolkits are invited to contact Portwell customer support (https://portwell.com/support.php) for additional information.</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/119.html">CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>8.8</td> <td>HIGH</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H</a></td> </tr> </tbody> </table> </div> </div> </div> </div> <hr> <h2>Acknowledgments</h2> <ul> <li>Jason Huang of Cyber Threat &amp; Product Defense Center of TXOne Networks Inc. reported this vulnerability to CISA</li> </ul> <hr> <h2>Legal Notice and Terms of Use</h2> <p>This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy &amp; Use policy (https://www.cisa.gov/privacy-policy).</p> <hr> <h2>Recommended Practices</h2> <p>CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:</p> <p>Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.</p> <p>Locate control system networks and remote devices behind firewalls and isolating them from business networks.</p> <p>When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.</p> <p>CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.</p> <p>CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.</p> <p>CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.</p> <p>Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.</p> <p>Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.</p> <p>CISA also recommends users take the following measures to protect themselves from social engineering attacks:</p> <p>Do not click web links or open attachments in unsolicited email messages.</p> <p>Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams.</p> <p>Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.</p> <p>No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time. This vulnerability is not exploitable remotely.</p> <hr> <h2>Revision History</h2> <ul> <li><strong>Initial Release Date: </strong>2026-03-03</li> </ul> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">Date</th> <th role="columnheader">Revision</th> <th role="columnheader">Summary</th> </tr> </thead> <tbody> <tr> <td>2026-03-03</td> <td>1</td> <td>Initial Publication</td> </tr> </tbody> </table> <hr> <h2>Legal Notice and Terms of Use</h2>

<p><a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-062-07.json"><strong>View CSAF</strong></a></p> <h2>Summary</h2> <p><strong>Successful exploitation of these vulnerabilities could enable attackers to gain unauthorized administrative control over vulnerable charging stations or disrupt charging services through denial-of-service attacks.</strong></p> <p>The following versions of ePower epower.ie are affected:</p> <ul> <li>epower.ie vers:all/*&nbsp;</li> </ul> <div class="csaf-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS</th> <th role="columnheader">Vendor</th> <th role="columnheader">Equipment</th> <th role="columnheader">Vulnerabilities</th> </tr> </thead> <tbody> <tr> <td>v3 9.4</td> <td>ePower</td> <td>ePower epower.ie</td> <td>Missing Authentication for Critical Function, Improper Restriction of Excessive Authentication Attempts, Insufficient Session Expiration, Insufficiently Protected Credentials</td> </tr> </tbody> </table> </div> <h3>Background</h3> <ul> <li><strong>Critical Infrastructure Sectors: </strong>Energy, Transportation Systems</li> <li><strong>Countries/Areas Deployed: </strong>Worldwide</li> <li><strong>Company Headquarters Location: </strong>Ireland</li> </ul> <hr> <h2>Vulnerabilities</h2> <div class="csaf-accordion"> <p><a class="csaf-accordion-toggle-all" href="#">Expand All +</a></p> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2026-22552</a></h3> <div class="csaf-accordion-content"> <p>WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then issue or receive OCPP commands as a legitimate charger. Given that no authentication is required, this can lead to privilege escalation, unauthorized control of charging infrastructure, and corruption of charging network data reported to the backend.</p> <p><a href="https://www.cve.org/CVERecord?id=CVE-2026-22552">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>ePower epower.ie</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>ePower</div> <div class="ics-version"><strong>Product Version:</strong><br>ePower epower.ie: vers:all/*</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>ePower did not respond to CISA's request for coordination. Contact ePower using their contact page here: https://www.epower.ie/support/ for more information.</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/306.html">CWE-306 Missing Authentication for Critical Function</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>9.4</td> <td>CRITICAL</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2026-27778</a></h3> <div class="csaf-accordion-content"> <p>The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing or mis-routing legitimate charger telemetry, or conduct brute-force attacks to gain unauthorized access.</p> <p><a href="https://www.cve.org/CVERecord?id=CVE-2026-27778">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>ePower epower.ie</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>ePower</div> <div class="ics-version"><strong>Product Version:</strong><br>ePower epower.ie: vers:all/*</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>ePower did not respond to CISA's request for coordination. Contact ePower using their contact page here: https://www.epower.ie/support/ for more information.</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/307.html">CWE-307 Improper Restriction of Excessive Authentication Attempts</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>7.5</td> <td>HIGH</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2026-24912</a></h3> <div class="csaf-accordion-content"> <p>The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent connection displaces the legitimate charging station and receives backend commands intended for that station. This vulnerability may allow unauthorized users to authenticate as other users or enable a malicious actor to cause a denial-of-service condition by overwhelming the backend with valid session requests.</p> <p><a href="https://www.cve.org/CVERecord?id=CVE-2026-24912">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>ePower epower.ie</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>ePower</div> <div class="ics-version"><strong>Product Version:</strong><br>ePower epower.ie: vers:all/*</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>ePower did not respond to CISA's request for coordination. Contact ePower using their contact page here: https://www.epower.ie/support/ for more information.</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/613.html">CWE-613 Insufficient Session Expiration</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>7.3</td> <td>HIGH</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2026-27770</a></h3> <div class="csaf-accordion-content"> <p>Charging station authentication identifiers are publicly accessible via web-based mapping platforms.</p> <p><a href="https://www.cve.org/CVERecord?id=CVE-2026-27770">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>ePower epower.ie</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>ePower</div> <div class="ics-version"><strong>Product Version:</strong><br>ePower epower.ie: vers:all/*</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>ePower did not respond to CISA's request for coordination. Contact ePower using their contact page here: https://www.epower.ie/support/ for more information.</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/522.html">CWE-522 Insufficiently Protected Credentials</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>6.5</td> <td>MEDIUM</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N</a></td> </tr> </tbody> </table> </div> </div> </div> </div> <hr> <h2>Acknowledgments</h2> <ul> <li>Khaled Sarieddine and Mohammad Ali Sayed reported these vulnerabilities to CISA</li> </ul> <hr> <h2>Legal Notice and Terms of Use</h2> <p>This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy &amp; Use policy (https://www.cisa.gov/privacy-policy).</p> <hr> <h2>Recommended Practices</h2> <p>CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:</p> <p>Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the Internet.</p> <p>Locate control system networks and remote devices behind firewalls and isolating them from business networks.</p> <p>When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.</p> <p>CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.</p> <p>CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.</p> <p>CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.</p> <p>Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.</p> <p>Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.</p> <p>No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.</p> <hr> <h2>Revision History</h2> <ul> <li><strong>Initial Release Date: </strong>2026-03-03</li> </ul> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">Date</th> <th role="columnheader">Revision</th> <th role="columnheader">Summary</th> </tr> </thead> <tbody> <tr> <td>2026-03-03</td> <td>1</td> <td>Initial Publication</td> </tr> </tbody> </table> <hr> <h2>Legal Notice and Terms of Use</h2>

U.S. service members worked alongside cyber defenders within the Government of Montenegro over the past few weeks to build cyber defense capabilities. U.S. Cyber Command Airmen, in cooperation with U.S. European Command, have worked closely with NATO ally Montenegro conducting Cyber Defense Security Cooperation to increase interoperability, build partner capacity, and deter malign influence on the democratic processes of our allies, partners and the U.S. <br/> <img src='https://media.defense.gov/2018/Oct/02/2002047604/150/150/0/180928-A-JA380-018.JPG' alt='A member of the Ministry of Defense of Montenegro and a U.S. Cyber Command Airman, pose for a photo during Defensive Cooperation at Podgorica, Montenegro, Sept. 28, 2018. The U.S. and NATO Allies and partners are working together to provide agile forces to respond to 21st century security challenges – including cyber, hybrid and unconventional threats. Defensive Cyber cooperation is part of U.S. Cyber Command and U.S. European Command effort to support NATO allies and European partners by helping build their cyber defense capabilities. This collaboration builds cyber defense capabilities while enabling the teams to learn from one another and demonstrates that we will not tolerate foreign malign influence on the democratic processes of our allies and partners or in the U.S (U.S. Army photo by Spc. Craig Jensen)' /> <br />

DYESS AIR FORCE BASE, Texas – The 7th Communications Squadron infrastructure team completed a base-wide network improvement at Dyess Air Force Base, May 24, 2024. During the planning phase, the infrastructure team worked with Air Force Global Strike Command for over three months to procure almost 400 network switches for Dyess. Additionally, the team had to survey the physical network capabilities of the base to ensure they could install the new system.<br/> <img src='https://media.defense.gov/2024/Jul/02/2003543313/150/150/0/240626-F-BO786-1003.JPG' alt='U.S. Air Force Airmen with the 7th Communications Squadron infrastructure section pose for a team photo at Dyess Air Force Base, Texas, June 26, 2024. The team was recognized for their completion of a base-wide network improvement, spanning over nine months. The team overcame the challenge of the manpower and workload involved with maintaining normal base operations while simultaneously replacing and improving network hardware. (U.S. Air Force photo by Airman 1st Class Jade M. Caldwell)' /> <br />

The Cyber Mission Force (CMF) is U.S. Cyber Command’s (USCYBERCOM) action arm. CMF teams execute the command’s mission to direct, synchronize and coordinate cyberspace operations in defense of U.S. national interests. Members of the CMF work to ensure commanders across the Joint Force can operate freely in the cyber domain and accomplish their assigned missions.<br/>

USCYBERCOM’s “Under Advisement” to increase private sector partnerships, industry data-sharing in 2023<br/> <img src='https://media.defense.gov/2023/Jun/29/2003251190/150/150/0/230629-D-D0451-0002.JPG' alt='UNAD Logo 2' /> <br />

U.S. Army Gen. Paul M. Nakasone, commander of U.S. Cyber Command, director of the National Security Agency and chief of the Central Security Service, speaks with U.S. Space Force Brig. Gen. Dennis Bythewood, deputy commander of the Joint Task Force-Space Defense at Schriever Space Force Base, Colorado, July 26, 2022. Nakasone visited the organization to better understand how intelligence supports the JTF-SD mission. The JTF-SD, and its National Space Defense Center, provide unprecedented unity of effort with the Department of Defense, Intelligence Community and National Reconnaissance Office to protect and defend against threats in the space domain. Through this partnering, the JTF-SD brings to bear the full force of the U.S. Government and synchronizes space superiority planning and operations. (U.S. Space Force photo by Lekendrick Stallworth)<br/> <img src='https://media.defense.gov/2022/Jul/28/2003048665/150/150/0/220726-F-NO007-0003.JPG' alt='Two military men walking in uniform' /> <br />

<p><a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-057-05.json"><strong>View CSAF</strong></a></p> <h2>Summary</h2> <p><strong>Successful exploitation of these vulnerabilities could enable attackers to gain unauthorized administrative control over vulnerable charging stations or disrupt charging services through denial-of-service attacks.</strong></p> <p>The following versions of Chargemap chargemap.com are affected:</p> <ul> <li>chargemap.com vers:all/* (CVE-2026-25851, CVE-2026-20792, CVE-2026-25711, CVE-2026-20791)</li> </ul> <div class="csaf-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS</th> <th role="columnheader">Vendor</th> <th role="columnheader">Equipment</th> <th role="columnheader">Vulnerabilities</th> </tr> </thead> <tbody> <tr> <td>v3 9.4</td> <td>Chargemap</td> <td>Chargemap chargemap.com</td> <td>Missing Authentication for Critical Function, Improper Restriction of Excessive Authentication Attempts, Insufficient Session Expiration, Insufficiently Protected Credentials</td> </tr> </tbody> </table> </div> <h3>Background</h3> <ul> <li><strong>Critical Infrastructure Sectors: </strong>Energy, Transportation Systems</li> <li><strong>Countries/Areas Deployed: </strong>Worldwide</li> <li><strong>Company Headquarters Location: </strong>France</li> </ul> <hr> <h2>Vulnerabilities</h2> <div class="csaf-accordion"> <p><a class="csaf-accordion-toggle-all" href="#">Expand All +</a></p> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2026-25851</a></h3> <div class="csaf-accordion-content"> <p>WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then issue or receive OCPP commands as a legitimate charger. Given that no authentication is required, this can lead to privilege escalation, unauthorized control of charging infrastructure, and corruption of charging network data reported to the backend.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-25851">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Chargemap chargemap.com</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Chargemap</div> <div class="ics-version"><strong>Product Version:</strong><br>Chargemap chargemap.com: vers:all/*</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>Chargemap did not respond to CISA's request for coordination. Contact Chargemap using their contact page here: https://chargemap.com/en-us/support for more information.</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/306.html">CWE-306 Missing Authentication for Critical Function</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>9.4</td> <td>CRITICAL</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2026-20792</a></h3> <div class="csaf-accordion-content"> <p>The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing or misrouting legitimate charger telemetry, or conduct brute-force attacks to gain unauthorized access.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-20792">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Chargemap chargemap.com</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Chargemap</div> <div class="ics-version"><strong>Product Version:</strong><br>Chargemap chargemap.com: vers:all/*</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>Chargemap did not respond to CISA's request for coordination. Contact Chargemap using their contact page here: https://chargemap.com/en-us/support for more information.</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/307.html">CWE-307 Improper Restriction of Excessive Authentication Attempts</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>7.5</td> <td>HIGH</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2026-25711</a></h3> <div class="csaf-accordion-content"> <p>The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent connection displaces the legitimate charging station and receives backend commands intended for that station. This vulnerability may allow unauthorized users to authenticate as other users or enable a malicious actor to cause a denial-of-service condition by overwhelming the backend with valid session requests.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-25711">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Chargemap chargemap.com</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Chargemap</div> <div class="ics-version"><strong>Product Version:</strong><br>Chargemap chargemap.com: vers:all/*</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>Chargemap did not respond to CISA's request for coordination. Contact Chargemap using their contact page here: https://chargemap.com/en-us/support for more information.</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/613.html">CWE-613 Insufficient Session Expiration</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>7.3</td> <td>HIGH</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2026-20791</a></h3> <div class="csaf-accordion-content"> <p>Charging station authentication identifiers are publicly accessible via web-based mapping platforms.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-20791">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Chargemap chargemap.com</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Chargemap</div> <div class="ics-version"><strong>Product Version:</strong><br>Chargemap chargemap.com: vers:all/*</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>Chargemap did not respond to CISA's request for coordination. Contact Chargemap using their contact page here: https://chargemap.com/en-us/support for more information.</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/522.html">CWE-522 Insufficiently Protected Credentials</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>6.5</td> <td>MEDIUM</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N</a></td> </tr> </tbody> </table> </div> </div> </div> </div> <hr> <h2>Acknowledgments</h2> <ul> <li>Khaled Sarieddine and Mohammad Ali Sayed reported these vulnerabilities to CISA</li> </ul> <hr> <h2>Legal Notice and Terms of Use</h2> <p>This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy &amp; Use policy (https://www.cisa.gov/privacy-policy).</p> <hr> <h2>Recommended Practices</h2> <p>CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:</p> <p>Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the Internet.</p> <p>Locate control system networks and remote devices behind firewalls and isolating them from business networks.</p> <p>When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.</p> <p>CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.</p> <p>CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.</p> <p>CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.</p> <p>Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.</p> <p>Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.</p> <p>No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.</p> <hr> <h2>Revision History</h2> <ul> <li><strong>Initial Release Date: </strong>2026-02-26</li> </ul> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">Date</th> <th role="columnheader">Revision</th> <th role="columnheader">Summary</th> </tr> </thead> <tbody> <tr> <td>2026-02-26</td> <td>1</td> <td>Initial Publication</td> </tr> </tbody> </table> <hr> <h2>Legal Notice and Terms of Use</h2>

<p><a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-057-03.json"><strong>View CSAF</strong></a></p> <h2>Summary</h2> <p><strong>Successful exploitation of these vulnerabilities could allow attackers to impersonate charging stations, hijack sessions, suppress or misroute legitimate traffic to cause large-scale denial of service, and manipulate data sent to the backend.</strong></p> <p>The following versions of CloudCharge cloudcharge.se are affected:</p> <ul> <li>cloudcharge.se vers:all/* (CVE-2026-20781, CVE-2026-25114, CVE-2026-27652, CVE-2026-20733)</li> </ul> <div class="csaf-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS</th> <th role="columnheader">Vendor</th> <th role="columnheader">Equipment</th> <th role="columnheader">Vulnerabilities</th> </tr> </thead> <tbody> <tr> <td>v3 9.4</td> <td>CloudCharge</td> <td>CloudCharge cloudcharge.se</td> <td>Missing Authentication for Critical Function, Improper Restriction of Excessive Authentication Attempts, Insufficient Session Expiration, Insufficiently Protected Credentials</td> </tr> </tbody> </table> </div> <h3>Background</h3> <ul> <li><strong>Critical Infrastructure Sectors: </strong>Energy, Transportation Systems</li> <li><strong>Countries/Areas Deployed: </strong>Worldwide</li> <li><strong>Company Headquarters Location: </strong>Sweden</li> </ul> <hr> <h2>Vulnerabilities</h2> <div class="csaf-accordion"> <p><a class="csaf-accordion-toggle-all" href="#">Expand All +</a></p> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2026-20781</a></h3> <div class="csaf-accordion-content"> <p>WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then issue or receive OCPP commands as a legitimate charger. Given that no authentication is required, this can lead to privilege escalation, unauthorized control of charging infrastructure, and corruption of charging network data reported to the backend.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-20781">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>CloudCharge cloudcharge.se</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>CloudCharge</div> <div class="ics-version"><strong>Product Version:</strong><br>CloudCharge cloudcharge.se: vers:all/*</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Mitigation</strong><br>CloudCharge did not respond to CISA's request for coordination. Contact CloudCharge using their contact page here: https://cloudcharge.tech/support/contact/ for more information.</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/306.html">CWE-306 Missing Authentication for Critical Function</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>9.4</td> <td>CRITICAL</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2026-25114</a></h3> <div class="csaf-accordion-content"> <p>The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing or mis-routing legitimate charger telemetry, or conduct brute-force attacks to gain unauthorized access.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-25114">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>CloudCharge cloudcharge.se</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>CloudCharge</div> <div class="ics-version"><strong>Product Version:</strong><br>CloudCharge cloudcharge.se: vers:all/*</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Mitigation</strong><br>CloudCharge did not respond to CISA's request for coordination. Contact CloudCharge using their contact page here: https://cloudcharge.tech/support/contact/ for more information.</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/307.html">CWE-307 Improper Restriction of Excessive Authentication Attempts</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>7.5</td> <td>HIGH</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2026-27652</a></h3> <div class="csaf-accordion-content"> <p>The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent connection displaces the legitimate charging station and receives backend commands intended for that station. This vulnerability may allow unauthorized users to authenticate as other users or enable a malicious actor to cause a denial-of-service condition by overwhelming the backend with valid session requests.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-27652">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>CloudCharge cloudcharge.se</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>CloudCharge</div> <div class="ics-version"><strong>Product Version:</strong><br>CloudCharge cloudcharge.se: vers:all/*</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Mitigation</strong><br>CloudCharge did not respond to CISA's request for coordination. Contact CloudCharge using their contact page here: https://cloudcharge.tech/support/contact/ for more information.</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/613.html">CWE-613 Insufficient Session Expiration</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>7.3</td> <td>HIGH</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2026-20733</a></h3> <div class="csaf-accordion-content"> <p>Charging station authentication identifiers are publicly accessible via web-based mapping platforms.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-20733">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>CloudCharge cloudcharge.se</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>CloudCharge</div> <div class="ics-version"><strong>Product Version:</strong><br>CloudCharge cloudcharge.se: vers:all/*</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Mitigation</strong><br>CloudCharge did not respond to CISA's request for coordination. Contact CloudCharge using their contact page here: https://cloudcharge.tech/support/contact/ for more information.</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/522.html">CWE-522 Insufficiently Protected Credentials</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>6.5</td> <td>MEDIUM</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N</a></td> </tr> </tbody> </table> </div> </div> </div> </div> <hr> <h2>Acknowledgments</h2> <ul> <li>Khaled Sarieddine and Mohammad Ali Sayed reported these vulnerabilities to CISA</li> </ul> <hr> <h2>Legal Notice and Terms of Use</h2> <p>This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy &amp; Use policy (https://www.cisa.gov/privacy-policy).</p> <hr> <h2>Recommended Practices</h2> <p>CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:</p> <p>Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the Internet.</p> <p>Locate control system networks and remote devices behind firewalls and isolating them from business networks.</p> <p>When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.</p> <p>CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.</p> <p>CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.</p> <p>CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.</p> <p>Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.</p> <p>Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.</p> <p>No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.</p> <hr> <h2>Revision History</h2> <ul> <li><strong>Initial Release Date: </strong>2026-02-26</li> </ul> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">Date</th> <th role="columnheader">Revision</th> <th role="columnheader">Summary</th> </tr> </thead> <tbody> <tr> <td>2026-02-26</td> <td>1</td> <td>Initial Publication</td> </tr> </tbody> </table> <hr> <h2>Legal Notice and Terms of Use</h2>

<p><a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-057-10.json"><strong>View CSAF</strong></a></p> <h2>Summary</h2> <p><strong>Successful exploitation of these vulnerabilities could allow an attacker to bypass authentication, cause a denial-of-service condition, cause memory corruption, and execute arbitrary code.</strong></p> <p>The following versions of Copeland XWEB and XWEB Pro are affected:</p> <ul> <li>XWEB 300D PRO &lt;=1.12.1 (CVE-2026-25085, CVE-2026-21718, CVE-2026-24663, CVE-2026-21389, CVE-2026-25111, CVE-2026-20742, CVE-2026-24517, CVE-2026-25195, CVE-2026-20910, CVE-2026-24689, CVE-2026-25109, CVE-2026-20902, CVE-2026-24695, CVE-2026-25105, CVE-2026-24452, CVE-2026-23702, CVE-2026-25721, CVE-2026-20764, CVE-2026-25196, CVE-2026-25037, CVE-2026-22877, CVE-2026-20797, CVE-2026-3037)</li> <li>XWEB 500D PRO &lt;=1.12.1 (CVE-2026-25085, CVE-2026-21718, CVE-2026-24663, CVE-2026-21389, CVE-2026-25111, CVE-2026-20742, CVE-2026-24517, CVE-2026-25195, CVE-2026-20910, CVE-2026-24689, CVE-2026-25109, CVE-2026-20902, CVE-2026-24695, CVE-2026-25105, CVE-2026-24452, CVE-2026-23702, CVE-2026-25721, CVE-2026-20764, CVE-2026-25196, CVE-2026-25037, CVE-2026-22877, CVE-2026-20797, CVE-2026-3037)</li> <li>XWEB 500B PRO &lt;=1.12.1 (CVE-2026-25085, CVE-2026-21718, CVE-2026-24663, CVE-2026-21389, CVE-2026-25111, CVE-2026-20742, CVE-2026-24517, CVE-2026-25195, CVE-2026-20910, CVE-2026-24689, CVE-2026-25109, CVE-2026-20902, CVE-2026-24695, CVE-2026-25105, CVE-2026-24452, CVE-2026-23702, CVE-2026-25721, CVE-2026-20764, CVE-2026-25196, CVE-2026-25037, CVE-2026-22877, CVE-2026-20797, CVE-2026-3037)</li> </ul> <div class="csaf-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS</th> <th role="columnheader">Vendor</th> <th role="columnheader">Equipment</th> <th role="columnheader">Vulnerabilities</th> </tr> </thead> <tbody> <tr> <td>v3 10</td> <td>Copeland</td> <td>Copeland XWEB and XWEB Pro</td> <td>Unexpected Status Code or Return Value, Use of a Broken or Risky Cryptographic Algorithm, Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'), Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Stack-based Buffer Overflow</td> </tr> </tbody> </table> </div> <h3>Background</h3> <ul> <li><strong>Critical Infrastructure Sectors: </strong>Commercial Facilities</li> <li><strong>Countries/Areas Deployed: </strong>Worldwide</li> <li><strong>Company Headquarters Location: </strong>United States</li> </ul> <hr> <h2>Vulnerabilities</h2> <div class="csaf-accordion"> <p><a class="csaf-accordion-toggle-all" href="#">Expand All +</a></p> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2026-25085</a></h3> <div class="csaf-accordion-content"> <p>A vulnerability exists in Copeland XWEB Pro version 1.12.1 and prior, in which an unexpected return value from the authentication routine is later on processed as a legitimate value, resulting in an authentication bypass.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-25085">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Copeland XWEB and XWEB Pro</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Copeland</div> <div class="ics-version"><strong>Product Version:</strong><br>Copeland XWEB 300D PRO: &lt;=1.12.1, Copeland XWEB 500D PRO: &lt;=1.12.1, Copeland XWEB 500B PRO: &lt;=1.12.1</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Mitigation</strong><br>Copeland has provided a fix for the vulnerabilities and recommends users update the XWEB Pro to the latest version by going to their software update page https://webapps.copeland.com/Dixell/Pages/SystemSoftwareUpdate in the sections dedicated to the different XWEBPRO models page.</p> <p><strong>Mitigation</strong><br>Alternatively, a user logged into an XWEB Pro with internet access can update XWEB Pro directly from Copeland servers via the menu SYSTEM -- Updates | Network.</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/394.html">CWE-394 Unexpected Status Code or Return Value</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>8.6</td> <td>HIGH</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2026-21718</a></h3> <div class="csaf-accordion-content"> <p>An authentication bypass vulnerability exists in Copeland XWEB Pro version 1.12.1 and prior, enabling any attackers to bypass the authentication requirement and achieve pre-authenticated code execution on the system.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-21718">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Copeland XWEB and XWEB Pro</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Copeland</div> <div class="ics-version"><strong>Product Version:</strong><br>Copeland XWEB 300D PRO: &lt;=1.12.1, Copeland XWEB 500D PRO: &lt;=1.12.1, Copeland XWEB 500B PRO: &lt;=1.12.1</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Mitigation</strong><br>Copeland has provided a fix for the vulnerabilities and recommends users update the XWEB Pro to the latest version by going to their software update page https://webapps.copeland.com/Dixell/Pages/SystemSoftwareUpdate in the sections dedicated to the different XWEBPRO models page.</p> <p><strong>Mitigation</strong><br>Alternatively, a user logged into an XWEB Pro with internet access can update XWEB Pro directly from Copeland servers via the menu SYSTEM -- Updates | Network.</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/327.html">CWE-327 Use of a Broken or Risky Cryptographic Algorithm</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>10</td> <td>CRITICAL</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2026-24663</a></h3> <div class="csaf-accordion-content"> <p>An OS Command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an unauthenticated attacker to achieve remote code execution on the system by sending a crafted request to the libraries installation route and injecting malicious input into the request body.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-24663">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Copeland XWEB and XWEB Pro</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Copeland</div> <div class="ics-version"><strong>Product Version:</strong><br>Copeland XWEB 300D PRO: &lt;=1.12.1, Copeland XWEB 500D PRO: &lt;=1.12.1, Copeland XWEB 500B PRO: &lt;=1.12.1</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Mitigation</strong><br>Copeland has provided a fix for the vulnerabilities and recommends users update the XWEB Pro to the latest version by going to their software update page https://webapps.copeland.com/Dixell/Pages/SystemSoftwareUpdate in the sections dedicated to the different XWEBPRO models page.</p> <p><strong>Mitigation</strong><br>Alternatively, a user logged into an XWEB Pro with internet access can update XWEB Pro directly from Copeland servers via the menu SYSTEM -- Updates | Network.</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/78.html">CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>9</td> <td>CRITICAL</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H">CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2026-21389</a></h3> <div class="csaf-accordion-content"> <p>An OS Command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the request body sent to the contacts import route.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-21389">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Copeland XWEB and XWEB Pro</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Copeland</div> <div class="ics-version"><strong>Product Version:</strong><br>Copeland XWEB 300D PRO: &lt;=1.12.1, Copeland XWEB 500D PRO: &lt;=1.12.1, Copeland XWEB 500B PRO: &lt;=1.12.1</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Mitigation</strong><br>Copeland has provided a fix for the vulnerabilities and recommends users update the XWEB Pro to the latest version by going to their software update page https://webapps.copeland.com/Dixell/Pages/SystemSoftwareUpdate in the sections dedicated to the different XWEBPRO models page.</p> <p><strong>Mitigation</strong><br>Alternatively, a user logged into an XWEB Pro with internet access can update XWEB Pro directly from Copeland servers via the menu SYSTEM -- Updates | Network.</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/78.html">CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>8</td> <td>HIGH</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H">CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2026-25111</a></h3> <div class="csaf-accordion-content"> <p>An OS Command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into requests sent to the restore route.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-25111">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Copeland XWEB and XWEB Pro</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Copeland</div> <div class="ics-version"><strong>Product Version:</strong><br>Copeland XWEB 300D PRO: &lt;=1.12.1, Copeland XWEB 500D PRO: &lt;=1.12.1, Copeland XWEB 500B PRO: &lt;=1.12.1</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Mitigation</strong><br>Copeland has provided a fix for the vulnerabilities and recommends users update the XWEB Pro to the latest version by going to their software update page https://webapps.copeland.com/Dixell/Pages/SystemSoftwareUpdate in the sections dedicated to the different XWEBPRO models page.</p> <p><strong>Mitigation</strong><br>Alternatively, a user logged into an XWEB Pro with internet access can update XWEB Pro directly from Copeland servers via the menu SYSTEM -- Updates | Network.</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/78.html">CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>8</td> <td>HIGH</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H">CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2026-20742</a></h3> <div class="csaf-accordion-content"> <p>An OS Command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into requests sent to the templates route.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-20742">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Copeland XWEB and XWEB Pro</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Copeland</div> <div class="ics-version"><strong>Product Version:</strong><br>Copeland XWEB 300D PRO: &lt;=1.12.1, Copeland XWEB 500D PRO: &lt;=1.12.1, Copeland XWEB 500B PRO: &lt;=1.12.1</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Mitigation</strong><br>Copeland has provided a fix for the vulnerabilities and recommends users update the XWEB Pro to the latest version by going to their software update page https://webapps.copeland.com/Dixell/Pages/SystemSoftwareUpdate in the sections dedicated to the different XWEBPRO models page.</p> <p><strong>Mitigation</strong><br>Alternatively, a user logged into an XWEB Pro with internet access can update XWEB Pro directly from Copeland servers via the menu SYSTEM -- Updates | Network.</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/78.html">CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>8</td> <td>HIGH</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H">CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2026-24517</a></h3> <div class="csaf-accordion-content"> <p>An OS Command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into requests sent to the firmware update route.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-24517">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Copeland XWEB and XWEB Pro</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Copeland</div> <div class="ics-version"><strong>Product Version:</strong><br>Copeland XWEB 300D PRO: &lt;=1.12.1, Copeland XWEB 500D PRO: &lt;=1.12.1, Copeland XWEB 500B PRO: &lt;=1.12.1</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Mitigation</strong><br>Copeland has provided a fix for the vulnerabilities and recommends users update the XWEB Pro to the latest version by going to their software update page https://webapps.copeland.com/Dixell/Pages/SystemSoftwareUpdate in the sections dedicated to the different XWEBPRO models page.</p> <p><strong>Mitigation</strong><br>Alternatively, a user logged into an XWEB Pro with internet access can update XWEB Pro directly from Copeland servers via the menu SYSTEM -- Updates | Network.</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/78.html">CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>8</td> <td>HIGH</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H">CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2026-25195</a></h3> <div class="csaf-accordion-content"> <p>An OS Command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by supplying a crafted firmware update file via the firmware update route.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-25195">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Copeland XWEB and XWEB Pro</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Copeland</div> <div class="ics-version"><strong>Product Version:</strong><br>Copeland XWEB 300D PRO: &lt;=1.12.1, Copeland XWEB 500D PRO: &lt;=1.12.1, Copeland XWEB 500B PRO: &lt;=1.12.1</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Mitigation</strong><br>Copeland has provided a fix for the vulnerabilities and recommends users update the XWEB Pro to the latest version by going to their software update page https://webapps.copeland.com/Dixell/Pages/SystemSoftwareUpdate in the sections dedicated to the different XWEBPRO models page.</p> <p><strong>Mitigation</strong><br>Alternatively, a user logged into an XWEB Pro with internet access can update XWEB Pro directly from Copeland servers via the menu SYSTEM -- Updates | Network.</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/78.html">CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>8</td> <td>HIGH</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H">CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2026-20910</a></h3> <div class="csaf-accordion-content"> <p>An OS Command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the devices field of the firmware update update action to achieve remote code execution.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-20910">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Copeland XWEB and XWEB Pro</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Copeland</div> <div class="ics-version"><strong>Product Version:</strong><br>Copeland XWEB 300D PRO: &lt;=1.12.1, Copeland XWEB 500D PRO: &lt;=1.12.1, Copeland XWEB 500B PRO: &lt;=1.12.1</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Mitigation</strong><br>Copeland has provided a fix for the vulnerabilities and recommends users update the XWEB Pro to the latest version by going to their software update page https://webapps.copeland.com/Dixell/Pages/SystemSoftwareUpdate in the sections dedicated to the different XWEBPRO models page.</p> <p><strong>Mitigation</strong><br>Alternatively, a user logged into an XWEB Pro with internet access can update XWEB Pro directly from Copeland servers via the menu SYSTEM -- Updates | Network.</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/78.html">CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>8</td> <td>HIGH</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H">CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2026-24689</a></h3> <div class="csaf-accordion-content"> <p>An OS Command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the devices field of the firmware update apply action.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-24689">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Copeland XWEB and XWEB Pro</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Copeland</div> <div class="ics-version"><strong>Product Version:</strong><br>Copeland XWEB 300D PRO: &lt;=1.12.1, Copeland XWEB 500D PRO: &lt;=1.12.1, Copeland XWEB 500B PRO: &lt;=1.12.1</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Mitigation</strong><br>Copeland has provided a fix for the vulnerabilities and recommends users update the XWEB Pro to the latest version by going to their software update page https://webapps.copeland.com/Dixell/Pages/SystemSoftwareUpdate in the sections dedicated to the different XWEBPRO models page.</p> <p><strong>Mitigation</strong><br>Alternatively, a user logged into an XWEB Pro with internet access can update XWEB Pro directly from Copeland servers via the menu SYSTEM -- Updates | Network.</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/78.html">CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>8</td> <td>HIGH</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H">CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2026-25109</a></h3> <div class="csaf-accordion-content"> <p>An OS Command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the devices field when accessing the get setup route, leading to remote code execution.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-25109">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Copeland XWEB and XWEB Pro</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Copeland</div> <div class="ics-version"><strong>Product Version:</strong><br>Copeland XWEB 300D PRO: &lt;=1.12.1, Copeland XWEB 500D PRO: &lt;=1.12.1, Copeland XWEB 500B PRO: &lt;=1.12.1</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Mitigation</strong><br>Copeland has provided a fix for the vulnerabilities and recommends users update the XWEB Pro to the latest version by going to their software update page https://webapps.copeland.com/Dixell/Pages/SystemSoftwareUpdate in the sections dedicated to the different XWEBPRO models page.</p> <p><strong>Mitigation</strong><br>Alternatively, a user logged into an XWEB Pro with internet access can update XWEB Pro directly from Copeland servers via the menu SYSTEM -- Updates | Network.</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/78.html">CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>8</td> <td>HIGH</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H">CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2026-20902</a></h3> <div class="csaf-accordion-content"> <p>An OS Command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the map filename field during the map upload action of the parameters route.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-20902">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Copeland XWEB and XWEB Pro</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Copeland</div> <div class="ics-version"><strong>Product Version:</strong><br>Copeland XWEB 300D PRO: &lt;=1.12.1, Copeland XWEB 500D PRO: &lt;=1.12.1, Copeland XWEB 500B PRO: &lt;=1.12.1</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Mitigation</strong><br>Copeland has provided a fix for the vulnerabilities and recommends users update the XWEB Pro to the latest version by going to their software update page https://webapps.copeland.com/Dixell/Pages/SystemSoftwareUpdate in the sections dedicated to the different XWEBPRO models page.</p> <p><strong>Mitigation</strong><br>Alternatively, a user logged into an XWEB Pro with internet access can update XWEB Pro directly from Copeland servers via the menu SYSTEM -- Updates | Network.</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/78.html">CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>8</td> <td>HIGH</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H">CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2026-24695</a></h3> <div class="csaf-accordion-content"> <p>An OS Command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into OpenSSL argument fields within requests sent to the utility route, leading to remote code execution.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-24695">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Copeland XWEB and XWEB Pro</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Copeland</div> <div class="ics-version"><strong>Product Version:</strong><br>Copeland XWEB 300D PRO: &lt;=1.12.1, Copeland XWEB 500D PRO: &lt;=1.12.1, Copeland XWEB 500B PRO: &lt;=1.12.1</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Mitigation</strong><br>Copeland has provided a fix for the vulnerabilities and recommends users update the XWEB Pro to the latest version by going to their software update page https://webapps.copeland.com/Dixell/Pages/SystemSoftwareUpdate in the sections dedicated to the different XWEBPRO models page.</p> <p><strong>Mitigation</strong><br>Alternatively, a user logged into an XWEB Pro with internet access can update XWEB Pro directly from Copeland servers via the menu SYSTEM -- Updates | Network.</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/78.html">CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>8</td> <td>HIGH</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H">CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2026-25105</a></h3> <div class="csaf-accordion-content"> <p>An OS Command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into parameters of the Modbus command tool in the debug route.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-25105">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Copeland XWEB and XWEB Pro</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Copeland</div> <div class="ics-version"><strong>Product Version:</strong><br>Copeland XWEB 300D PRO: &lt;=1.12.1, Copeland XWEB 500D PRO: &lt;=1.12.1, Copeland XWEB 500B PRO: &lt;=1.12.1</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Mitigation</strong><br>Copeland has provided a fix for the vulnerabilities and recommends users update the XWEB Pro to the latest version by going to their software update page https://webapps.copeland.com/Dixell/Pages/SystemSoftwareUpdate in the sections dedicated to the different XWEBPRO models page.</p> <p><strong>Mitigation</strong><br>Alternatively, a user logged into an XWEB Pro with internet access can update XWEB Pro directly from Copeland servers via the menu SYSTEM -- Updates | Network.</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/78.html">CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>8</td> <td>HIGH</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H">CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2026-24452</a></h3> <div class="csaf-accordion-content"> <p>An OS Command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by supplying a crafted template file to the devices route.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-24452">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Copeland XWEB and XWEB Pro</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Copeland</div> <div class="ics-version"><strong>Product Version:</strong><br>Copeland XWEB 300D PRO: &lt;=1.12.1, Copeland XWEB 500D PRO: &lt;=1.12.1, Copeland XWEB 500B PRO: &lt;=1.12.1</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Mitigation</strong><br>Copeland has provided a fix for the vulnerabilities and recommends users update the XWEB Pro to the latest version by going to their software update page https://webapps.copeland.com/Dixell/Pages/SystemSoftwareUpdate in the sections dedicated to the different XWEBPRO models page.</p> <p><strong>Mitigation</strong><br>Alternatively, a user logged into an XWEB Pro with internet access can update XWEB Pro directly from Copeland servers via the menu SYSTEM -- Updates | Network.</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/78.html">CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>8</td> <td>HIGH</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H">CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2026-23702</a></h3> <div class="csaf-accordion-content"> <p>An OS Command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by sending malicious input injected into the server username field of the import preconfiguration action in the API V1 route.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-23702">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Copeland XWEB and XWEB Pro</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Copeland</div> <div class="ics-version"><strong>Product Version:</strong><br>Copeland XWEB 300D PRO: &lt;=1.12.1, Copeland XWEB 500D PRO: &lt;=1.12.1, Copeland XWEB 500B PRO: &lt;=1.12.1</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Mitigation</strong><br>Copeland has provided a fix for the vulnerabilities and recommends users update the XWEB Pro to the latest version by going to their software update page https://webapps.copeland.com/Dixell/Pages/SystemSoftwareUpdate in the sections dedicated to the different XWEBPRO models page.</p> <p><strong>Mitigation</strong><br>Alternatively, a user logged into an XWEB Pro with internet access can update XWEB Pro directly from Copeland servers via the menu SYSTEM -- Updates | Network.</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/78.html">CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>8</td> <td>HIGH</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H">CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2026-25721</a></h3> <div class="csaf-accordion-content"> <p>An OS Command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the server username and/or password fields of the restore action in the API V1 route.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-25721">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Copeland XWEB and XWEB Pro</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Copeland</div> <div class="ics-version"><strong>Product Version:</strong><br>Copeland XWEB 300D PRO: &lt;=1.12.1, Copeland XWEB 500D PRO: &lt;=1.12.1, Copeland XWEB 500B PRO: &lt;=1.12.1</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Mitigation</strong><br>Copeland has provided a fix for the vulnerabilities and recommends users update the XWEB Pro to the latest version by going to their software update page https://webapps.copeland.com/Dixell/Pages/SystemSoftwareUpdate in the sections dedicated to the different XWEBPRO models page.</p> <p><strong>Mitigation</strong><br>Alternatively, a user logged into an XWEB Pro with internet access can update XWEB Pro directly from Copeland servers via the menu SYSTEM -- Updates | Network.</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/78.html">CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>8</td> <td>HIGH</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H">CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2026-20764</a></h3> <div class="csaf-accordion-content"> <p>An OS Command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by providing malicious input via the device hostname configuration which is later processed during system setup, resulting in remote code execution.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-20764">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Copeland XWEB and XWEB Pro</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Copeland</div> <div class="ics-version"><strong>Product Version:</strong><br>Copeland XWEB 300D PRO: &lt;=1.12.1, Copeland XWEB 500D PRO: &lt;=1.12.1, Copeland XWEB 500B PRO: &lt;=1.12.1</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Mitigation</strong><br>Copeland has provided a fix for the vulnerabilities and recommends users update the XWEB Pro to the latest version by going to their software update page https://webapps.copeland.com/Dixell/Pages/SystemSoftwareUpdate in the sections dedicated to the different XWEBPRO models page.</p> <p><strong>Mitigation</strong><br>Alternatively, a user logged into an XWEB Pro with internet access can update XWEB Pro directly from Copeland servers via the menu SYSTEM -- Updates | Network.</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/78.html">CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>8</td> <td>HIGH</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H">CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2026-25196</a></h3> <div class="csaf-accordion-content"> <p>An OS Command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the Wi-Fi SSID and/or password fields can lead to remote code execution when the configuration is processed.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-25196">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Copeland XWEB and XWEB Pro</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Copeland</div> <div class="ics-version"><strong>Product Version:</strong><br>Copeland XWEB 300D PRO: &lt;=1.12.1, Copeland XWEB 500D PRO: &lt;=1.12.1, Copeland XWEB 500B PRO: &lt;=1.12.1</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Mitigation</strong><br>Copeland has provided a fix for the vulnerabilities and recommends users update the XWEB Pro to the latest version by going to their software update page https://webapps.copeland.com/Dixell/Pages/SystemSoftwareUpdate in the sections dedicated to the different XWEBPRO models page.</p> <p><strong>Mitigation</strong><br>Alternatively, a user logged into an XWEB Pro with internet access can update XWEB Pro directly from Copeland servers via the menu SYSTEM -- Updates | Network.</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/78.html">CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>8</td> <td>HIGH</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H">CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2026-25037</a></h3> <div class="csaf-accordion-content"> <p>An OS Command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by configuring a maliciously crafted LCD state which is later processed during system setup, enabling remote code execution.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-25037">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Copeland XWEB and XWEB Pro</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Copeland</div> <div class="ics-version"><strong>Product Version:</strong><br>Copeland XWEB 300D PRO: &lt;=1.12.1, Copeland XWEB 500D PRO: &lt;=1.12.1, Copeland XWEB 500B PRO: &lt;=1.12.1</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Mitigation</strong><br>Copeland has provided a fix for the vulnerabilities and recommends users update the XWEB Pro to the latest version by going to their software update page https://webapps.copeland.com/Dixell/Pages/SystemSoftwareUpdate in the sections dedicated to the different XWEBPRO models page.</p> <p><strong>Mitigation</strong><br>Alternatively, a user logged into an XWEB Pro with internet access can update XWEB Pro directly from Copeland servers via the menu SYSTEM -- Updates | Network.</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/78.html">CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>8</td> <td>HIGH</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H">CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2026-22877</a></h3> <div class="csaf-accordion-content"> <p>An arbitrary file-read vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling unauthenticated attackers to read arbitrary files on the system, and potentially causing a denial-of-service attack.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-22877">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Copeland XWEB and XWEB Pro</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Copeland</div> <div class="ics-version"><strong>Product Version:</strong><br>Copeland XWEB 300D PRO: &lt;=1.12.1, Copeland XWEB 500D PRO: &lt;=1.12.1, Copeland XWEB 500B PRO: &lt;=1.12.1</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Mitigation</strong><br>Copeland has provided a fix for the vulnerabilities and recommends users update the XWEB Pro to the latest version by going to their software update page https://webapps.copeland.com/Dixell/Pages/SystemSoftwareUpdate in the sections dedicated to the different XWEBPRO models page.</p> <p><strong>Mitigation</strong><br>Alternatively, a user logged into an XWEB Pro with internet access can update XWEB Pro directly from Copeland servers via the menu SYSTEM -- Updates | Network.</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/22.html">CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>3.7</td> <td>LOW</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N">CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2026-20797</a></h3> <div class="csaf-accordion-content"> <p>A stack based buffer overflow exists in an API route of XWEB Pro version 1.12.1 and prior, enabling unauthenticated attackers to cause stack corruption and a termination of the program.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-20797">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Copeland XWEB and XWEB Pro</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Copeland</div> <div class="ics-version"><strong>Product Version:</strong><br>Copeland XWEB 300D PRO: &lt;=1.12.1, Copeland XWEB 500D PRO: &lt;=1.12.1, Copeland XWEB 500B PRO: &lt;=1.12.1</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Mitigation</strong><br>Copeland has provided a fix for the vulnerabilities and recommends users update the XWEB Pro to the latest version by going to their software update page https://webapps.copeland.com/Dixell/Pages/SystemSoftwareUpdate in the sections dedicated to the different XWEBPRO models page.</p> <p><strong>Mitigation</strong><br>Alternatively, a user logged into an XWEB Pro with internet access can update XWEB Pro directly from Copeland servers via the menu SYSTEM -- Updates | Network.</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/121.html">CWE-121 Stack-based Buffer Overflow</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>4.3</td> <td>MEDIUM</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L">CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2026-3037</a></h3> <div class="csaf-accordion-content"> <p>An OS Command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by modifying malicious input injected into the MBird SMS service URL and/or code via the utility route which is later processed during system setup, leading to remote code execution.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-3037">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Copeland XWEB and XWEB Pro</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Copeland</div> <div class="ics-version"><strong>Product Version:</strong><br>Copeland XWEB 300D PRO: &lt;=1.12.1, Copeland XWEB 500D PRO: &lt;=1.12.1, Copeland XWEB 500B PRO: &lt;=1.12.1</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Mitigation</strong><br>Copeland has provided a fix for the vulnerabilities and recommends users update the XWEB Pro to the latest version by going to their software update page https://webapps.copeland.com/Dixell/Pages/SystemSoftwareUpdate in the sections dedicated to the different XWEBPRO models page.</p> <p><strong>Mitigation</strong><br>Alternatively, a user logged into an XWEB Pro with internet access can update XWEB Pro directly from Copeland servers via the menu SYSTEM -- Updates | Network.</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/78.html">CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>8</td> <td>HIGH</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H">CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H</a></td> </tr> </tbody> </table> </div> </div> </div> </div> <hr> <h2>Acknowledgments</h2> <ul> <li>Amir Zaltzman and Noam Moshe of Claroty Team82 reported these vulnerabilities to CISA</li> </ul> <hr> <h2>Legal Notice and Terms of Use</h2> <p>This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy &amp; Use policy (https://www.cisa.gov/privacy-policy).</p> <hr> <h2>Recommended Practices</h2> <p>CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:</p> <p>Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.</p> <p>Locate control system networks and remote devices behind firewalls and isolating them from business networks.</p> <p>When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.</p> <p>CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.</p> <p>CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.</p> <p>CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.</p> <p>Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.</p> <p>Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.</p> <p>CISA also recommends users take the following measures to protect themselves from social engineering attacks:</p> <p>Do not click web links or open attachments in unsolicited email messages.</p> <p>Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams.</p> <p>Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.</p> <p>No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.</p> <hr> <h2>Revision History</h2> <ul> <li><strong>Initial Release Date: </strong>2026-02-26</li> </ul> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">Date</th> <th role="columnheader">Revision</th> <th role="columnheader">Summary</th> </tr> </thead> <tbody> <tr> <td>2026-02-26</td> <td>1</td> <td>Initial Publication</td> </tr> </tbody> </table> <hr> <h2>Legal Notice and Terms of Use</h2>

<p><a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-057-07.json"><strong>View CSAF</strong></a></p> <h2>Summary</h2> <p><strong>Successful exploitation of these vulnerabilities could enable attackers to gain unauthorized administrative control over vulnerable charging stations or disrupt charging services through denial-of-service attacks.</strong></p> <p>The following versions of EV Energy ev.energy are affected:</p> <ul> <li>ev.energy vers:all/* (CVE-2026-27772, CVE-2026-24445, CVE-2026-26290, CVE-2026-25774)</li> </ul> <div class="csaf-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS</th> <th role="columnheader">Vendor</th> <th role="columnheader">Equipment</th> <th role="columnheader">Vulnerabilities</th> </tr> </thead> <tbody> <tr> <td>v3 9.4</td> <td>EV Energy</td> <td>EV Energy ev.energy</td> <td>Missing Authentication for Critical Function, Improper Restriction of Excessive Authentication Attempts, Insufficient Session Expiration, Insufficiently Protected Credentials</td> </tr> </tbody> </table> </div> <h3>Background</h3> <ul> <li><strong>Critical Infrastructure Sectors: </strong>Energy, Transportation Systems</li> <li><strong>Countries/Areas Deployed: </strong>Worldwide</li> <li><strong>Company Headquarters Location: </strong>United Kingdom</li> </ul> <hr> <h2>Vulnerabilities</h2> <div class="csaf-accordion"> <p><a class="csaf-accordion-toggle-all" href="#">Expand All +</a></p> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2026-27772</a></h3> <div class="csaf-accordion-content"> <p>WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then issue or receive OCPP commands as a legitimate charger. Given that no authentication is required, this can lead to privilege escalation, unauthorized control of charging infrastructure, and corruption of charging network data reported to the backend.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-27772">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>EV Energy ev.energy</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>EV Energy</div> <div class="ics-version"><strong>Product Version:</strong><br>EV Energy ev.energy: vers:all/*</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>EV Energy did not respond to CISA's request for coordination. Contact EV Energy using their contact page here: https://www.ev.energy/en-us for more information.</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/306.html">CWE-306 Missing Authentication for Critical Function</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>9.4</td> <td>CRITICAL</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2026-24445</a></h3> <div class="csaf-accordion-content"> <p>The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing or mis-routing legitimate charger telemetry, or conduct brute-force attacks to gain unauthorized access.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-24445">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>EV Energy ev.energy</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>EV Energy</div> <div class="ics-version"><strong>Product Version:</strong><br>EV Energy ev.energy: vers:all/*</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>EV Energy did not respond to CISA's request for coordination. Contact EV Energy using their contact page here: https://www.ev.energy/en-us for more information.</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/307.html">CWE-307 Improper Restriction of Excessive Authentication Attempts</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>7.5</td> <td>HIGH</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2026-26290</a></h3> <div class="csaf-accordion-content"> <p>The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent connection displaces the legitimate charging station and receives backend commands intended for that station. This vulnerability may allow unauthorized users to authenticate as other users or enable a malicious actor to cause a denial-of-service condition by overwhelming the backend with valid session requests.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-26290">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>EV Energy ev.energy</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>EV Energy</div> <div class="ics-version"><strong>Product Version:</strong><br>EV Energy ev.energy: vers:all/*</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>EV Energy did not respond to CISA's request for coordination. Contact EV Energy using their contact page here: https://www.ev.energy/en-us for more information.</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/613.html">CWE-613 Insufficient Session Expiration</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>7.3</td> <td>HIGH</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2026-25774</a></h3> <div class="csaf-accordion-content"> <p>Charging station authentication identifiers are publicly accessible via web-based mapping platforms.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-25774">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>EV Energy ev.energy</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>EV Energy</div> <div class="ics-version"><strong>Product Version:</strong><br>EV Energy ev.energy: vers:all/*</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>EV Energy did not respond to CISA's request for coordination. Contact EV Energy using their contact page here: https://www.ev.energy/en-us for more information.</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/522.html">CWE-522 Insufficiently Protected Credentials</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>6.5</td> <td>MEDIUM</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N</a></td> </tr> </tbody> </table> </div> </div> </div> </div> <hr> <h2>Acknowledgments</h2> <ul> <li>Khaled Sarieddine and Mohammad Ali Sayed reported these vulnerabilities to CISA</li> </ul> <hr> <h2>Legal Notice and Terms of Use</h2> <p>This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy &amp; Use policy (https://www.cisa.gov/privacy-policy).</p> <hr> <h2>Recommended Practices</h2> <p>CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:</p> <p>Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the Internet.</p> <p>Locate control system networks and remote devices behind firewalls and isolating them from business networks.</p> <p>When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.</p> <p>CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.</p> <p>CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.</p> <p>CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.</p> <p>Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.</p> <p>Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.</p> <p>No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.</p> <hr> <h2>Revision History</h2> <ul> <li><strong>Initial Release Date: </strong>2026-02-26</li> </ul> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">Date</th> <th role="columnheader">Revision</th> <th role="columnheader">Summary</th> </tr> </thead> <tbody> <tr> <td>2026-02-26</td> <td>1</td> <td>Initial Publication</td> </tr> </tbody> </table> <hr> <h2>Legal Notice and Terms of Use</h2>

<p><a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-057-04.json"><strong>View CSAF</strong></a></p> <h2>Summary</h2> <p><strong>Successful exploitation of these vulnerabilities could allow attackers to impersonate charging stations, hijack sessions, suppress or misroute legitimate traffic to cause large-scale denial of service, and manipulate data sent to the backend.</strong></p> <p>The following versions of EV2GO ev2go.io are affected:</p> <ul> <li>ev2go.io vers:all/* (CVE-2026-24731, CVE-2026-25945, CVE-2026-20895, CVE-2026-22890)</li> </ul> <div class="csaf-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS</th> <th role="columnheader">Vendor</th> <th role="columnheader">Equipment</th> <th role="columnheader">Vulnerabilities</th> </tr> </thead> <tbody> <tr> <td>v3 9.4</td> <td>EV2GO</td> <td>EV2GO ev2go.io</td> <td>Missing Authentication for Critical Function, Improper Restriction of Excessive Authentication Attempts, Insufficient Session Expiration, Insufficiently Protected Credentials</td> </tr> </tbody> </table> </div> <h3>Background</h3> <ul> <li><strong>Critical Infrastructure Sectors: </strong>Energy, Transportation Systems</li> <li><strong>Countries/Areas Deployed: </strong>Worldwide</li> <li><strong>Company Headquarters Location: </strong>United Kingdom</li> </ul> <hr> <h2>Vulnerabilities</h2> <div class="csaf-accordion"> <p><a class="csaf-accordion-toggle-all" href="#">Expand All +</a></p> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2026-24731</a></h3> <div class="csaf-accordion-content"> <p>WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then issue or receive OCPP commands as a legitimate charger. Given that no authentication is required, this can lead to privilege escalation, unauthorized control of charging infrastructure, and corruption of charging network data reported to the backend.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-24731">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>EV2GO ev2go.io</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>EV2GO</div> <div class="ics-version"><strong>Product Version:</strong><br>EV2GO ev2go.io: vers:all/*</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>EV2GO did not respond to CISA's request for coordination. Contact EV2GO using their contact page here: https://ev2go.io/ for more information.</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/306.html">CWE-306 Missing Authentication for Critical Function</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>9.4</td> <td>CRITICAL</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2026-25945</a></h3> <div class="csaf-accordion-content"> <p>The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing or mis-routing legitimate charger telemetry, or conduct brute-force attacks to gain unauthorized access.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-25945">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>EV2GO ev2go.io</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>EV2GO</div> <div class="ics-version"><strong>Product Version:</strong><br>EV2GO ev2go.io: vers:all/*</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>EV2GO did not respond to CISA's request for coordination. Contact EV2GO using their contact page here: https://ev2go.io/ for more information.</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/307.html">CWE-307 Improper Restriction of Excessive Authentication Attempts</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>7.5</td> <td>HIGH</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2026-20895</a></h3> <div class="csaf-accordion-content"> <p>The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent connection displaces the legitimate charging station and receives backend commands intended for that station. This vulnerability may allow unauthorized users to authenticate as other users or enable a malicious actor to cause a denial-of-service condition by overwhelming the backend with valid session requests.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-20895">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>EV2GO ev2go.io</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>EV2GO</div> <div class="ics-version"><strong>Product Version:</strong><br>EV2GO ev2go.io: vers:all/*</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>EV2GO did not respond to CISA's request for coordination. Contact EV2GO using their contact page here: https://ev2go.io/ for more information.</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/613.html">CWE-613 Insufficient Session Expiration</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>7.3</td> <td>HIGH</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2026-22890</a></h3> <div class="csaf-accordion-content"> <p>Charging station authentication identifiers are publicly accessible via web-based mapping platforms.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-22890">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>EV2GO ev2go.io</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>EV2GO</div> <div class="ics-version"><strong>Product Version:</strong><br>EV2GO ev2go.io: vers:all/*</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>EV2GO did not respond to CISA's request for coordination. Contact EV2GO using their contact page here: https://ev2go.io/ for more information.</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/522.html">CWE-522 Insufficiently Protected Credentials</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>6.5</td> <td>MEDIUM</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N</a></td> </tr> </tbody> </table> </div> </div> </div> </div> <hr> <h2>Acknowledgments</h2> <ul> <li>Khaled Sarieddine and Mohammad Ali Sayed reported these vulnerabilities to CISA</li> </ul> <hr> <h2>Legal Notice and Terms of Use</h2> <p>This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy &amp; Use policy (https://www.cisa.gov/privacy-policy).</p> <hr> <h2>Recommended Practices</h2> <p>CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:</p> <p>Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the Internet.</p> <p>Locate control system networks and remote devices behind firewalls and isolating them from business networks.</p> <p>When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.</p> <p>CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.</p> <p>CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.</p> <p>CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.</p> <p>Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.</p> <p>Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.</p> <p>No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.</p> <hr> <h2>Revision History</h2> <ul> <li><strong>Initial Release Date: </strong>2026-02-26</li> </ul> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">Date</th> <th role="columnheader">Revision</th> <th role="columnheader">Summary</th> </tr> </thead> <tbody> <tr> <td>2026-02-26</td> <td>1</td> <td>Initial Publication</td> </tr> </tbody> </table> <hr> <h2>Legal Notice and Terms of Use</h2>

<p><a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-057-01.json"><strong>View CSAF</strong></a></p> <h2>Summary</h2> <p><strong>Successful exploitation of these vulnerabilities can lead to pre-authentication remote code execution, information leak or denial of service.</strong></p> <p>The following versions of Johnson Controls, Inc. Frick Controls Quantum HD are affected:</p> <ul> <li>Frick Controls Quantum HD &lt;=10.22 (CVE-2026-21654, CVE-2026-21656, CVE-2026-21657, CVE-2026-21658, CVE-2026-21659, CVE-2026-21660)</li> </ul> <div class="csaf-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS</th> <th role="columnheader">Vendor</th> <th role="columnheader">Equipment</th> <th role="columnheader">Vulnerabilities</th> </tr> </thead> <tbody> <tr> <td>v3 9.1</td> <td>Johnson Controls, Inc.</td> <td>Johnson Controls, Inc. Frick Controls Quantum HD</td> <td>Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'), Improper Control of Generation of Code ('Code Injection'), Relative Path Traversal, Plaintext Storage of a Password</td> </tr> </tbody> </table> </div> <h3>Background</h3> <ul> <li><strong>Critical Infrastructure Sectors: </strong>Food and Agriculture</li> <li><strong>Countries/Areas Deployed: </strong>Worldwide</li> <li><strong>Company Headquarters Location: </strong>Ireland</li> </ul> <hr> <h2>Vulnerabilities</h2> <div class="csaf-accordion"> <p><a class="csaf-accordion-toggle-all" href="#">Expand All +</a></p> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2026-21654</a></h3> <div class="csaf-accordion-content"> <p>The Frick Controls Quantum HD is vulnerable due to insufficient validation of input in certain parameters that may permit unexpected actions, which could impact the security of the device before authentication occurs.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-21654">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Johnson Controls, Inc. Frick Controls Quantum HD</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Johnson Controls, Inc.</div> <div class="ics-version"><strong>Product Version:</strong><br>Johnson Controls, Inc. Frick Controls Quantum HD: &lt;=10.22</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>The Frick Controls Quantum HD, versions 10.22 through 11, are legacy platforms that have reached end of support. Johnson Controls, Inc. recommends upgrading to the latest platform, Quantum HD Unity, version 12 or higher. The update procedure can be found here (https://frickcontrolsblob.file.core.windows.net/frickweb1/Quantum-HD-Unity/Quantum_HD_Unity_Software_Update_Procedure.pdf?sv=2018-03-28&amp;si=frickweb1-174C1294FA7&amp;sr=f&amp;sig=us0dhk6IWmCvmDvBs02yJvC%2BjnzbxqZmb4QEpVVDkxY%3D).</p> <p><strong>Mitigation</strong><br>After completing the upgrade to version 12, verify full compliance with the hardening guide and apply all recommended security configurations.</p> <p><strong>Mitigation</strong><br>For more detailed mitigation instructions, please see Johnson Controls Product Security Advisory JCI-PSA-2026-05 at https://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories.</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/78.html">CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>9.1</td> <td>CRITICAL</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2026-21656</a></h3> <div class="csaf-accordion-content"> <p>The Frick Controls Quantum HD is vulnerable due to insufficient validation of input in certain parameters that may permit unexpected actions, which could impact the security of the device before authentication occurs.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-21656">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Johnson Controls, Inc. Frick Controls Quantum HD</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Johnson Controls, Inc.</div> <div class="ics-version"><strong>Product Version:</strong><br>Johnson Controls, Inc. Frick Controls Quantum HD: &lt;=10.22</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>The Frick Controls Quantum HD, versions 10.22 through 11, are legacy platforms that have reached end of support. Johnson Controls, Inc. recommends upgrading to the latest platform, Quantum HD Unity, version 12 or higher. The update procedure can be found here (https://frickcontrolsblob.file.core.windows.net/frickweb1/Quantum-HD-Unity/Quantum_HD_Unity_Software_Update_Procedure.pdf?sv=2018-03-28&amp;si=frickweb1-174C1294FA7&amp;sr=f&amp;sig=us0dhk6IWmCvmDvBs02yJvC%2BjnzbxqZmb4QEpVVDkxY%3D).</p> <p><strong>Mitigation</strong><br>After completing the upgrade to version 12, verify full compliance with the hardening guide and apply all recommended security configurations.</p> <p><strong>Mitigation</strong><br>For more detailed mitigation instructions, please see Johnson Controls Product Security Advisory JCI-PSA-2026-05 at https://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories.</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/94.html">CWE-94 Improper Control of Generation of Code ('Code Injection')</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>9.1</td> <td>CRITICAL</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2026-21657</a></h3> <div class="csaf-accordion-content"> <p>The Frick Controls Quantum HD is vulnerable due to insufficient validation of input in certain parameters that may permit unexpected actions, which could impact the security of the device before authentication occurs.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-21657">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Johnson Controls, Inc. Frick Controls Quantum HD</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Johnson Controls, Inc.</div> <div class="ics-version"><strong>Product Version:</strong><br>Johnson Controls, Inc. Frick Controls Quantum HD: &lt;=10.22</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>The Frick Controls Quantum HD, versions 10.22 through 11, are legacy platforms that have reached end of support. Johnson Controls, Inc. recommends upgrading to the latest platform, Quantum HD Unity, version 12 or higher. The update procedure can be found here (https://frickcontrolsblob.file.core.windows.net/frickweb1/Quantum-HD-Unity/Quantum_HD_Unity_Software_Update_Procedure.pdf?sv=2018-03-28&amp;si=frickweb1-174C1294FA7&amp;sr=f&amp;sig=us0dhk6IWmCvmDvBs02yJvC%2BjnzbxqZmb4QEpVVDkxY%3D).</p> <p><strong>Mitigation</strong><br>After completing the upgrade to version 12, verify full compliance with the hardening guide and apply all recommended security configurations.</p> <p><strong>Mitigation</strong><br>For more detailed mitigation instructions, please see Johnson Controls Product Security Advisory JCI-PSA-2026-05 at https://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories.</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/94.html">CWE-94 Improper Control of Generation of Code ('Code Injection')</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>9.1</td> <td>CRITICAL</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2026-21658</a></h3> <div class="csaf-accordion-content"> <p>The Frick Controls Quantum HD is vulnerable due to insufficient validation of input in certain parameters that may permit unexpected actions, which could impact the security of the device before authentication occurs.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-21658">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Johnson Controls, Inc. Frick Controls Quantum HD</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Johnson Controls, Inc.</div> <div class="ics-version"><strong>Product Version:</strong><br>Johnson Controls, Inc. Frick Controls Quantum HD: &lt;=10.22</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>The Frick Controls Quantum HD, versions 10.22 through 11, are legacy platforms that have reached end of support. Johnson Controls, Inc. recommends upgrading to the latest platform, Quantum HD Unity, version 12 or higher. The update procedure can be found here (https://frickcontrolsblob.file.core.windows.net/frickweb1/Quantum-HD-Unity/Quantum_HD_Unity_Software_Update_Procedure.pdf?sv=2018-03-28&amp;si=frickweb1-174C1294FA7&amp;sr=f&amp;sig=us0dhk6IWmCvmDvBs02yJvC%2BjnzbxqZmb4QEpVVDkxY%3D).</p> <p><strong>Mitigation</strong><br>After completing the upgrade to version 12, verify full compliance with the hardening guide and apply all recommended security configurations.</p> <p><strong>Mitigation</strong><br>For more detailed mitigation instructions, please see Johnson Controls Product Security Advisory JCI-PSA-2026-05 at https://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories.</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/94.html">CWE-94 Improper Control of Generation of Code ('Code Injection')</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>9.1</td> <td>CRITICAL</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2026-21659</a></h3> <div class="csaf-accordion-content"> <p>The Frick Controls Quantum HD contains a vulnerability that allows an unauthenticated attacker to execute arbitrary code on the affected device, leading to full system compromise.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-21659">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Johnson Controls, Inc. Frick Controls Quantum HD</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Johnson Controls, Inc.</div> <div class="ics-version"><strong>Product Version:</strong><br>Johnson Controls, Inc. Frick Controls Quantum HD: &lt;=10.22</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>The Frick Controls Quantum HD, versions 10.22 through 11, are legacy platforms that have reached end of support. Johnson Controls, Inc. recommends upgrading to the latest platform, Quantum HD Unity, version 12 or higher. The update procedure can be found here (https://frickcontrolsblob.file.core.windows.net/frickweb1/Quantum-HD-Unity/Quantum_HD_Unity_Software_Update_Procedure.pdf?sv=2018-03-28&amp;si=frickweb1-174C1294FA7&amp;sr=f&amp;sig=us0dhk6IWmCvmDvBs02yJvC%2BjnzbxqZmb4QEpVVDkxY%3D).</p> <p><strong>Mitigation</strong><br>After completing the upgrade to version 12, verify full compliance with the hardening guide and apply all recommended security configurations.</p> <p><strong>Mitigation</strong><br>For more detailed mitigation instructions, please see Johnson Controls Product Security Advisory JCI-PSA-2026-05 at https://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories.</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/23.html">CWE-23 Relative Path Traversal</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>7.5</td> <td>HIGH</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2026-21660</a></h3> <div class="csaf-accordion-content"> <p>Hardcoded credentials in the Frick Controls Quantum HD create a vulnerability that leads to unauthorized access, exposure of sensitive information, and potential misuse or system compromise.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-21660">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Johnson Controls, Inc. Frick Controls Quantum HD</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Johnson Controls, Inc.</div> <div class="ics-version"><strong>Product Version:</strong><br>Johnson Controls, Inc. Frick Controls Quantum HD: &lt;=10.22</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>The Frick Controls Quantum HD, versions 10.22 through 11, are legacy platforms that have reached end of support. Johnson Controls, Inc. recommends upgrading to the latest platform, Quantum HD Unity, version 12 or higher. The update procedure can be found here (https://frickcontrolsblob.file.core.windows.net/frickweb1/Quantum-HD-Unity/Quantum_HD_Unity_Software_Update_Procedure.pdf?sv=2018-03-28&amp;si=frickweb1-174C1294FA7&amp;sr=f&amp;sig=us0dhk6IWmCvmDvBs02yJvC%2BjnzbxqZmb4QEpVVDkxY%3D).</p> <p><strong>Mitigation</strong><br>After completing the upgrade to version 12, verify full compliance with the hardening guide and apply all recommended security configurations.</p> <p><strong>Mitigation</strong><br>For more detailed mitigation instructions, please see Johnson Controls Product Security Advisory JCI-PSA-2026-05 at https://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories.</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/256.html">CWE-256 Plaintext Storage of a Password</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>6.2</td> <td>MEDIUM</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N">CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N</a></td> </tr> </tbody> </table> </div> </div> </div> </div> <hr> <h2>Acknowledgments</h2> <ul> <li>Noam Moshe of Claroty Research Team 82 reported these vulnerabilities to CISA</li> </ul> <hr> <h2>Legal Notice and Terms of Use</h2> <p>This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy &amp; Use policy (https://www.cisa.gov/privacy-policy).</p> <hr> <h2>Recommended Practices</h2> <p>CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:</p> <p>Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.</p> <p>Locate control system networks and remote devices behind firewalls and isolating them from business networks.</p> <p>When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.</p> <p>CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.</p> <p>CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.</p> <p>CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.</p> <p>Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.</p> <p>Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.</p> <p>No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.</p> <hr> <h2>Revision History</h2> <ul> <li><strong>Initial Release Date: </strong>2026-02-26</li> </ul> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">Date</th> <th role="columnheader">Revision</th> <th role="columnheader">Summary</th> </tr> </thead> <tbody> <tr> <td>2026-02-26</td> <td>1</td> <td>Initial Publication</td> </tr> </tbody> </table> <hr> <h2>Legal Notice and Terms of Use</h2>

<p><a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-057-08.json"><strong>View CSAF</strong></a></p> <h2>Summary</h2> <p><strong>Successful exploitation of these vulnerabilities could enable attackers to gain unauthorized administrative control over vulnerable charging stations or disrupt charging services through denial-of-service attacks.</strong></p> <p>The following versions of Mobility46 mobility46.se are affected:</p> <ul> <li>mobility46.se vers:all/* (CVE-2026-27028, CVE-2026-26305, CVE-2026-27647, CVE-2026-22878)</li> </ul> <div class="csaf-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS</th> <th role="columnheader">Vendor</th> <th role="columnheader">Equipment</th> <th role="columnheader">Vulnerabilities</th> </tr> </thead> <tbody> <tr> <td>v3 9.4</td> <td>Mobility46</td> <td>Mobility46 mobility46.se</td> <td>Missing Authentication for Critical Function, Improper Restriction of Excessive Authentication Attempts, Insufficient Session Expiration, Insufficiently Protected Credentials</td> </tr> </tbody> </table> </div> <h3>Background</h3> <ul> <li><strong>Critical Infrastructure Sectors: </strong>Energy, Transportation Systems</li> <li><strong>Countries/Areas Deployed: </strong>Worldwide</li> <li><strong>Company Headquarters Location: </strong>Sweden</li> </ul> <hr> <h2>Vulnerabilities</h2> <div class="csaf-accordion"> <p><a class="csaf-accordion-toggle-all" href="#">Expand All +</a></p> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2026-27028</a></h3> <div class="csaf-accordion-content"> <p>WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then issue or receive OCPP commands as a legitimate charger. Given that no authentication is required, this can lead to privilege escalation, unauthorized control of charging infrastructure, and corruption of charging network data reported to the backend.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-27028">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Mobility46 mobility46.se</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Mobility46</div> <div class="ics-version"><strong>Product Version:</strong><br>Mobility46 mobility46.se: vers:all/*</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>Mobility46 did not respond to CISA's request for coordination. Contact Mobility46 using their contact page here: https://www.mobility46.se/en/contact-us for more information.</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/306.html">CWE-306 Missing Authentication for Critical Function</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>9.4</td> <td>CRITICAL</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2026-26305</a></h3> <div class="csaf-accordion-content"> <p>The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing or mis-routing legitimate charger telemetry, or conduct brute-force attacks to gain unauthorized access.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-26305">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Mobility46 mobility46.se</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Mobility46</div> <div class="ics-version"><strong>Product Version:</strong><br>Mobility46 mobility46.se: vers:all/*</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>Mobility46 did not respond to CISA's request for coordination. Contact Mobility46 using their contact page here: https://www.mobility46.se/en/contact-us for more information.</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/307.html">CWE-307 Improper Restriction of Excessive Authentication Attempts</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>7.5</td> <td>HIGH</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2026-27647</a></h3> <div class="csaf-accordion-content"> <p>The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent connection displaces the legitimate charging station and receives backend commands intended for that station. This vulnerability may allow unauthorized users to authenticate as other users or enable a malicious actor to cause a denial-of-service condition by overwhelming the backend with valid session requests.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-27647">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Mobility46 mobility46.se</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Mobility46</div> <div class="ics-version"><strong>Product Version:</strong><br>Mobility46 mobility46.se: vers:all/*</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>Mobility46 did not respond to CISA's request for coordination. Contact Mobility46 using their contact page here: https://www.mobility46.se/en/contact-us for more information.</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/613.html">CWE-613 Insufficient Session Expiration</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>7.3</td> <td>HIGH</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2026-22878</a></h3> <div class="csaf-accordion-content"> <p>Charging station authentication identifiers are publicly accessible via web-based mapping platforms.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-22878">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Mobility46 mobility46.se</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Mobility46</div> <div class="ics-version"><strong>Product Version:</strong><br>Mobility46 mobility46.se: vers:all/*</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>Mobility46 did not respond to CISA's request for coordination. Contact Mobility46 using their contact page here: https://www.mobility46.se/en/contact-us for more information.</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/522.html">CWE-522 Insufficiently Protected Credentials</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>6.5</td> <td>MEDIUM</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N</a></td> </tr> </tbody> </table> </div> </div> </div> </div> <hr> <h2>Acknowledgments</h2> <ul> <li>Khaled Sarieddine and Mohammad Ali Sayed reported these vulnerabilities to CISA</li> </ul> <hr> <h2>Legal Notice and Terms of Use</h2> <p>This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy &amp; Use policy (https://www.cisa.gov/privacy-policy).</p> <hr> <h2>Recommended Practices</h2> <p>CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:</p> <p>Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the Internet.</p> <p>Locate control system networks and remote devices behind firewalls and isolating them from business networks.</p> <p>When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.</p> <p>CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.</p> <p>CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.</p> <p>CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.</p> <p>Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.</p> <p>Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.</p> <p>No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.</p> <hr> <h2>Revision History</h2> <ul> <li><strong>Initial Release Date: </strong>2026-02-26</li> </ul> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">Date</th> <th role="columnheader">Revision</th> <th role="columnheader">Summary</th> </tr> </thead> <tbody> <tr> <td>2026-02-26</td> <td>1</td> <td>Initial Publication</td> </tr> </tbody> </table> <hr> <h2>Legal Notice and Terms of Use</h2>

<p><a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-057-02.json"><strong>View CSAF</strong></a></p> <h2>Summary</h2> <p><strong>Successful exploitation of this vulnerability could allow attackers to gain unauthorized access to sensitive device data, bypass surveillance controls, and expose facilities to privacy breaches, operational risks, and regulatory compliance issues.</strong></p> <p>The following versions of Pelco, Inc. Sarix Pro 3 Series IP Cameras are affected:</p> <ul> <li>Sarix Professional IMP 3 Series &lt;=02.52 (CVE-2026-1241)</li> <li>Sarix Professional IXP 3 Series &lt;=02.52 (CVE-2026-1241)</li> <li>Sarix Professional IBP 3 Series &lt;=02.52 (CVE-2026-1241)</li> <li>Sarix Professional IWP 3 Series &lt;=02.52 (CVE-2026-1241)</li> </ul> <div class="csaf-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS</th> <th role="columnheader">Vendor</th> <th role="columnheader">Equipment</th> <th role="columnheader">Vulnerabilities</th> </tr> </thead> <tbody> <tr> <td>v3 7.5</td> <td>Pelco, Inc.</td> <td>Pelco, Inc. Sarix Pro 3 Series IP Cameras</td> <td>Authentication Bypass Using an Alternate Path or Channel</td> </tr> </tbody> </table> </div> <h3>Background</h3> <ul> <li><strong>Critical Infrastructure Sectors: </strong>Commercial Facilities, Defense Industrial Base, Energy, Government Services and Facilities, Healthcare and Public Health, Transportation Systems</li> <li><strong>Countries/Areas Deployed: </strong>Worldwide</li> <li><strong>Company Headquarters Location: </strong>United States</li> </ul> <hr> <h2>Vulnerabilities</h2> <div class="csaf-accordion"> <p><a class="csaf-accordion-toggle-all" href="#">Expand All +</a></p> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2026-1241</a></h3> <div class="csaf-accordion-content"> <p>The Pelco, Inc. Sarix Professional 3 Series Cameras are vulnerable to an authentication bypass issue in their web management interface. The flaw stems from inadequate enforcement of access controls, allowing certain functionality to be accessed without proper authentication. This weakness can lead to unauthorized viewing of live video streams, creating privacy concerns and operational risks for organizations relying on these cameras. Additionally, it may expose operators to regulatory and compliance challenges.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-1241">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Pelco, Inc. Sarix Pro 3 Series IP Cameras</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Pelco, Inc.</div> <div class="ics-version"><strong>Product Version:</strong><br>Pelco, Inc. Sarix Professional IMP 3 Series: &lt;=02.52, Pelco, Inc. Sarix Professional IXP 3 Series: &lt;=02.52, Pelco, Inc. Sarix Professional IBP 3 Series: &lt;=02.52, Pelco, Inc. Sarix Professional IWP 3 Series: &lt;=02.52</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Mitigation</strong><br>Pelco, Inc. recommends that all Sarix Professional 3 Series Camera users update their camera firmware to version 02.53 or later. Installing the latest firmware ensures your device receives the most up-to-date bug fixes and critical security enhancements.</p> <p><strong>Mitigation</strong><br>More information can be found by visiting Pelco, Inc's technical support page (https://www.pelco.com/support) for assistance.</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/288.html">CWE-288 Authentication Bypass Using an Alternate Path or Channel</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>7.5</td> <td>HIGH</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N</a></td> </tr> </tbody> </table> </div> </div> </div> </div> <hr> <h2>Acknowledgments</h2> <ul> <li>Souvik Kandar reported this vulnerability to CISA</li> </ul> <hr> <h2>Legal Notice and Terms of Use</h2> <p>This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy &amp; Use policy (https://www.cisa.gov/privacy-policy).</p> <hr> <h2>Recommended Practices</h2> <p>CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:</p> <p>Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.</p> <p>Locate control system networks and remote devices behind firewalls and isolating them from business networks.</p> <p>When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.</p> <p>CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.</p> <p>CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.</p> <p>CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.</p> <p>Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.</p> <p>Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.</p> <p>No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time.</p> <hr> <h2>Revision History</h2> <ul> <li><strong>Initial Release Date: </strong>2026-02-26</li> </ul> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">Date</th> <th role="columnheader">Revision</th> <th role="columnheader">Summary</th> </tr> </thead> <tbody> <tr> <td>2026-02-26</td> <td>1</td> <td>Initial Publication</td> </tr> </tbody> </table> <hr> <h2>Legal Notice and Terms of Use</h2>

<p><a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-057-06.json"><strong>View CSAF</strong></a></p> <h2>Summary</h2> <p><strong>Successful exploitation of these vulnerabilities could allow attackers to impersonate charging stations, hijack sessions, suppress or misroute legitimate traffic to cause large-scale denial of service, and manipulate data sent to the backend.</strong></p> <p>The following versions of SWITCH EV swtchenergy.com are affected:</p> <ul> <li>swtchenergy.com vers:all/* (CVE-2026-27767, CVE-2026-25113, CVE-2026-25778, CVE-2026-27773)</li> </ul> <div class="csaf-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS</th> <th role="columnheader">Vendor</th> <th role="columnheader">Equipment</th> <th role="columnheader">Vulnerabilities</th> </tr> </thead> <tbody> <tr> <td>v3 9.4</td> <td>SWITCH EV</td> <td>SWITCH EV swtchenergy.com</td> <td>Missing Authentication for Critical Function, Improper Restriction of Excessive Authentication Attempts, Insufficient Session Expiration, Insufficiently Protected Credentials</td> </tr> </tbody> </table> </div> <h3>Background</h3> <ul> <li><strong>Critical Infrastructure Sectors: </strong>Energy, Transportation Systems</li> <li><strong>Countries/Areas Deployed: </strong>Worldwide</li> <li><strong>Company Headquarters Location: </strong>United States</li> </ul> <hr> <h2>Vulnerabilities</h2> <div class="csaf-accordion"> <p><a class="csaf-accordion-toggle-all" href="#">Expand All +</a></p> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2026-27767</a></h3> <div class="csaf-accordion-content"> <p>WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then issue or receive OCPP commands as a legitimate charger. Given that no authentication is required, this can lead to privilege escalation, unauthorized control of charging infrastructure, and corruption of charging network data reported to the backend.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-27767">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>SWITCH EV swtchenergy.com</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>SWITCH EV</div> <div class="ics-version"><strong>Product Version:</strong><br>SWITCH EV swtchenergy.com: vers:all/*</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>SWITCH EV did not respond to CISA's request for coordination. Contact SWITCH EV using their contact page here: https://swtchenergy.com/contact/ for more information.</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/306.html">CWE-306 Missing Authentication for Critical Function</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>9.4</td> <td>CRITICAL</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2026-25113</a></h3> <div class="csaf-accordion-content"> <p>The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing or mis-routing legitimate charger telemetry, or conduct brute-force attacks to gain unauthorized access.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-25113">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>SWITCH EV swtchenergy.com</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>SWITCH EV</div> <div class="ics-version"><strong>Product Version:</strong><br>SWITCH EV swtchenergy.com: vers:all/*</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>SWITCH EV did not respond to CISA's request for coordination. Contact SWITCH EV using their contact page here: https://swtchenergy.com/contact/ for more information.</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/307.html">CWE-307 Improper Restriction of Excessive Authentication Attempts</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>7.5</td> <td>HIGH</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2026-25778</a></h3> <div class="csaf-accordion-content"> <p>The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent connection displaces the legitimate charging station and receives backend commands intended for that station. This vulnerability may allow unauthorized users to authenticate as other users or enable a malicious actor to cause a denial-of-service condition by overwhelming the backend with valid session requests.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-25778">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>SWITCH EV swtchenergy.com</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>SWITCH EV</div> <div class="ics-version"><strong>Product Version:</strong><br>SWITCH EV swtchenergy.com: vers:all/*</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>SWITCH EV did not respond to CISA's request for coordination. Contact SWITCH EV using their contact page here: https://swtchenergy.com/contact/ for more information.</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/613.html">CWE-613 Insufficient Session Expiration</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>7.3</td> <td>HIGH</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2026-27773</a></h3> <div class="csaf-accordion-content"> <p>Charging station authentication identifiers are publicly accessible via web-based mapping platforms.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-27773">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>SWITCH EV swtchenergy.com</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>SWITCH EV</div> <div class="ics-version"><strong>Product Version:</strong><br>SWITCH EV swtchenergy.com: vers:all/*</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>SWITCH EV did not respond to CISA's request for coordination. Contact SWITCH EV using their contact page here: https://swtchenergy.com/contact/ for more information.</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/522.html">CWE-522 Insufficiently Protected Credentials</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>6.5</td> <td>MEDIUM</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N</a></td> </tr> </tbody> </table> </div> </div> </div> </div> <hr> <h2>Acknowledgments</h2> <ul> <li>Khaled Sarieddine and Mohammad Ali Sayed reported these vulnerabilities to CISA</li> </ul> <hr> <h2>Legal Notice and Terms of Use</h2> <p>This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy &amp; Use policy (https://www.cisa.gov/privacy-policy).</p> <hr> <h2>Recommended Practices</h2> <p>CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:</p> <p>Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the Internet.</p> <p>Locate control system networks and remote devices behind firewalls and isolating them from business networks.</p> <p>When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.</p> <p>CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.</p> <p>CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.</p> <p>CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.</p> <p>Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.</p> <p>Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.</p> <p>No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.</p> <hr> <h2>Revision History</h2> <ul> <li><strong>Initial Release Date: </strong>2026-02-26</li> </ul> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">Date</th> <th role="columnheader">Revision</th> <th role="columnheader">Summary</th> </tr> </thead> <tbody> <tr> <td>2026-02-26</td> <td>1</td> <td>Initial Publication</td> </tr> </tbody> </table> <hr> <h2>Legal Notice and Terms of Use</h2>

<p><a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-057-09.json"><strong>View CSAF</strong></a></p> <h2>Summary</h2> <p><strong>Successful exploitation of these vulnerabilities could allow an attacker to terminate the software stack process, cause a denial-of-service condition, or execute arbitrary code.</strong></p> <p>The following versions of Yokogawa CENTUM VP R6, R7 are affected:</p> <ul> <li>Vnet/IP Interface Package for CENTUM VP R6 (VP6C3300) &lt;=R1.07.00 (CVE-2025-1924, CVE-2025-48019, CVE-2025-48020, CVE-2025-48021, CVE-2025-48022, CVE-2025-48023)</li> <li>Vnet/IP Interface Package for CENTUM VP R7 (VP7C3300) &lt;=R1.07.00 (CVE-2025-1924, CVE-2025-48019, CVE-2025-48020, CVE-2025-48021, CVE-2025-48022, CVE-2025-48023)</li> </ul> <div class="csaf-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS</th> <th role="columnheader">Vendor</th> <th role="columnheader">Equipment</th> <th role="columnheader">Vulnerabilities</th> </tr> </thead> <tbody> <tr> <td>v3 6.9</td> <td>Yokogawa</td> <td>Yokogawa CENTUM VP R6, R7</td> <td>Out-of-bounds Write, Reachable Assertion, Integer Underflow (Wrap or Wraparound), Improper Handling of Length Parameter Inconsistency</td> </tr> </tbody> </table> </div> <h3>Background</h3> <ul> <li><strong>Critical Infrastructure Sectors: </strong>Critical Manufacturing, Energy, Food and Agriculture</li> <li><strong>Countries/Areas Deployed: </strong>Worldwide</li> <li><strong>Company Headquarters Location: </strong>Japan</li> </ul> <hr> <h2>Vulnerabilities</h2> <div class="csaf-accordion"> <p><a class="csaf-accordion-toggle-all" href="#">Expand All +</a></p> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2025-1924</a></h3> <div class="csaf-accordion-content"> <p>If the affected product receives maliciously crafted packets, a DoS attack may cause Vnet/IP communication functions to stop or arbitrary programs to be executed.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-1924">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Yokogawa CENTUM VP R6, R7</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Yokogawa</div> <div class="ics-version"><strong>Product Version:</strong><br>Yokogawa Vnet/IP Interface Package for CENTUM VP R6 (VP6C3300): &lt;=R1.07.00, Yokogawa Vnet/IP Interface Package for CENTUM VP R7 (VP7C3300): &lt;=R1.07.00</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Mitigation</strong><br>Yokogawa recommends users apply patch software (R1.08.00).</p> <p><strong>Mitigation</strong><br>Yokogawa recommends users contact a local supporting office for further information or support. https://contact.yokogawa.com/cs/gw?c-id=000498</p> <p><strong>Mitigation</strong><br>For more information and details on implementing these mitigations, users should see the Yokogawa advisory YSAR-26-0002 at https://web-material3.yokogawa.com/1/39281/files/YSAR-26-0002-E.pdf</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/787.html">CWE-787 Out-of-bounds Write</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>6.9</td> <td>MEDIUM</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:H">CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:H</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2025-48019</a></h3> <div class="csaf-accordion-content"> <p>If the affected product receives maliciously crafted packets, Vnet/IP software stack process may be terminated.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-48019">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Yokogawa CENTUM VP R6, R7</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Yokogawa</div> <div class="ics-version"><strong>Product Version:</strong><br>Yokogawa Vnet/IP Interface Package for CENTUM VP R6 (VP6C3300): &lt;=R1.07.00, Yokogawa Vnet/IP Interface Package for CENTUM VP R7 (VP7C3300): &lt;=R1.07.00</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Mitigation</strong><br>Yokogawa recommends users apply patch software (R1.08.00).</p> <p><strong>Mitigation</strong><br>Yokogawa recommends users contact a local supporting office for further information or support. https://contact.yokogawa.com/cs/gw?c-id=000498</p> <p><strong>Mitigation</strong><br>For more information and details on implementing these mitigations, users should see the Yokogawa advisory YSAR-26-0002 at https://web-material3.yokogawa.com/1/39281/files/YSAR-26-0002-E.pdf</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/617.html">CWE-617 Reachable Assertion</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>5.3</td> <td>MEDIUM</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H">CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2025-48020</a></h3> <div class="csaf-accordion-content"> <p>If the affected product receives maliciously crafted packets, Vnet/IP software stack process may be terminated.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-48020">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Yokogawa CENTUM VP R6, R7</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Yokogawa</div> <div class="ics-version"><strong>Product Version:</strong><br>Yokogawa Vnet/IP Interface Package for CENTUM VP R6 (VP6C3300): &lt;=R1.07.00, Yokogawa Vnet/IP Interface Package for CENTUM VP R7 (VP7C3300): &lt;=R1.07.00</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Mitigation</strong><br>Yokogawa recommends users apply patch software (R1.08.00).</p> <p><strong>Mitigation</strong><br>Yokogawa recommends users contact a local supporting office for further information or support. https://contact.yokogawa.com/cs/gw?c-id=000498</p> <p><strong>Mitigation</strong><br>For more information and details on implementing these mitigations, users should see the Yokogawa advisory YSAR-26-0002 at https://web-material3.yokogawa.com/1/39281/files/YSAR-26-0002-E.pdf</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/617.html">CWE-617 Reachable Assertion</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>5.3</td> <td>MEDIUM</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H">CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2025-48021</a></h3> <div class="csaf-accordion-content"> <p>If theaffected product receives maliciously crafted packets, Vnet/IP software stack process may be terminated.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-48021">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Yokogawa CENTUM VP R6, R7</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Yokogawa</div> <div class="ics-version"><strong>Product Version:</strong><br>Yokogawa Vnet/IP Interface Package for CENTUM VP R6 (VP6C3300): &lt;=R1.07.00, Yokogawa Vnet/IP Interface Package for CENTUM VP R7 (VP7C3300): &lt;=R1.07.00</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Mitigation</strong><br>Yokogawa recommends users apply patch software (R1.08.00).</p> <p><strong>Mitigation</strong><br>Yokogawa recommends users contact a local supporting office for further information or support. https://contact.yokogawa.com/cs/gw?c-id=000498</p> <p><strong>Mitigation</strong><br>For more information and details on implementing these mitigations, users should see the Yokogawa advisory YSAR-26-0002 at https://web-material3.yokogawa.com/1/39281/files/YSAR-26-0002-E.pdf</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/191.html">CWE-191 Integer Underflow (Wrap or Wraparound)</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>5.3</td> <td>MEDIUM</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H">CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2025-48022</a></h3> <div class="csaf-accordion-content"> <p>If the affected product receives maliciously crafted packets, Vnet/IP software stack process may be terminated.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-48022">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Yokogawa CENTUM VP R6, R7</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Yokogawa</div> <div class="ics-version"><strong>Product Version:</strong><br>Yokogawa Vnet/IP Interface Package for CENTUM VP R6 (VP6C3300): &lt;=R1.07.00, Yokogawa Vnet/IP Interface Package for CENTUM VP R7 (VP7C3300): &lt;=R1.07.00</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Mitigation</strong><br>Yokogawa recommends users apply patch software (R1.08.00).</p> <p><strong>Mitigation</strong><br>Yokogawa recommends users contact a local supporting office for further information or support. https://contact.yokogawa.com/cs/gw?c-id=000498</p> <p><strong>Mitigation</strong><br>For more information and details on implementing these mitigations, users should see the Yokogawa advisory YSAR-26-0002 at https://web-material3.yokogawa.com/1/39281/files/YSAR-26-0002-E.pdf</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/130.html">CWE-130 Improper Handling of Length Parameter Inconsistency</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>5.3</td> <td>MEDIUM</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H">CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2025-48023</a></h3> <div class="csaf-accordion-content"> <p>If the affected product receives maliciously crafted packets, Vnet/IP software stack process may be terminated.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-48023">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Yokogawa CENTUM VP R6, R7</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Yokogawa</div> <div class="ics-version"><strong>Product Version:</strong><br>Yokogawa Vnet/IP Interface Package for CENTUM VP R6 (VP6C3300): &lt;=R1.07.00, Yokogawa Vnet/IP Interface Package for CENTUM VP R7 (VP7C3300): &lt;=R1.07.00</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Mitigation</strong><br>Yokogawa recommends users apply patch software (R1.08.00).</p> <p><strong>Mitigation</strong><br>Yokogawa recommends users contact a local supporting office for further information or support. https://contact.yokogawa.com/cs/gw?c-id=000498</p> <p><strong>Mitigation</strong><br>For more information and details on implementing these mitigations, users should see the Yokogawa advisory YSAR-26-0002 at https://web-material3.yokogawa.com/1/39281/files/YSAR-26-0002-E.pdf</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/617.html">CWE-617 Reachable Assertion</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>5.3</td> <td>MEDIUM</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H">CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H</a></td> </tr> </tbody> </table> </div> </div> </div> </div> <hr> <h2>Acknowledgments</h2> <ul> <li>Dmitry Sklyar and Demid Uzenkov of Positive Technologies reported these vulnerabilities to Yokogawa</li> </ul> <hr> <h2>Legal Notice and Terms of Use</h2> <p>This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy &amp; Use policy (https://www.cisa.gov/privacy-policy).</p> <hr> <h2>Recommended Practices</h2> <p>CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:</p> <p>Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.</p> <p>Locate control system networks and remote devices behind firewalls and isolating them from business networks.</p> <p>When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.</p> <p>CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.</p> <p>CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.</p> <p>CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.</p> <p>Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.</p> <p>Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.</p> <p>CISA also recommends users take the following measures to protect themselves from social engineering attacks:</p> <p>Do not click web links or open attachments in unsolicited email messages.</p> <p>Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams.</p> <p>Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.</p> <p>No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time. These vulnerabilities are not exploitable remotely. These vulnerabilities have a high attack complexity.</p> <hr> <h2>Revision History</h2> <ul> <li><strong>Initial Release Date: </strong>2026-02-26</li> </ul> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">Date</th> <th role="columnheader">Revision</th> <th role="columnheader">Summary</th> </tr> </thead> <tbody> <tr> <td>2026-02-26</td> <td>1</td> <td>Initial Republication of YSAR-26-0002</td> </tr> </tbody> </table> <hr> <h2>Legal Notice and Terms of Use</h2>

Summary Actions to Take Today to Protect Against Malicious<br/>

“Committed Partners in Cyberspace”: US concludes first defensive Hunt Operation in Albania<br/> <img src='https://media.defense.gov/2023/Mar/22/2003184543/150/150/0/230322-D-D0451-0001.JPG' alt='Hunt Forward Albania' /> <br />

U.S. Cyber Command concluded the first phase of its 11th annual command exercise, Cyber Guard, on March 18, 2025. The U.S. Cyber Command Cyber Guard exercise, in coordination with the Joint Staff, is part of a larger joint force exercise series designed to simulate real-world scenarios, to enable participants to practice internal and external staff processes for total force integration. <br/> <img src='https://media.defense.gov/2025/Mar/20/2003673113/150/150/0/250317-A-Q1826-1001.JPG' alt='A uniformed military member sits at their computer while answering the phone.' /> <br />

Cyber Protection Teams from Fleet Cyber Command, 16th Air Force (Air Forces Cyber) and Army Threat Systems Management Office strengthened computer networks during a joint Hunt Operation on Department of Defense systems in Hawaii, Aug. 4-12, 2023.<br/> <img src='https://media.defense.gov/2023/Oct/19/2003325443/150/150/0/190402-N-KB349-1001.JPG' alt='A graphic of .S. Navy Fleet Cyber Command&#39;s logos.' /> <br />

<p><a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-050-01.json"><strong>View CSAF</strong></a></p> <h2>Summary</h2> <p><strong>Successful exploitation of these vulnerabilities could allow an attacker to remotely execute arbitrary code and bypass ASLR.</strong></p> <p>The following versions of EnOcean SmartServer IoT are affected:</p> <ul> <li>SmartServer IoT &lt;=4.60.009 (CVE-2026-20761, CVE-2026-22885)</li> </ul> <div class="csaf-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS</th> <th role="columnheader">Vendor</th> <th role="columnheader">Equipment</th> <th role="columnheader">Vulnerabilities</th> </tr> </thead> <tbody> <tr> <td>v3 8.1</td> <td>EnOcean Edge Inc</td> <td>EnOcean SmartServer IoT</td> <td>Improper Neutralization of Special Elements used in a Command ('Command Injection'), Out-of-bounds Read</td> </tr> </tbody> </table> </div> <h3>Background</h3> <ul> <li><strong>Critical Infrastructure Sectors: </strong>Information Technology</li> <li><strong>Countries/Areas Deployed: </strong>Worldwide</li> <li><strong>Company Headquarters Location: </strong>United States</li> </ul> <hr> <h2>Vulnerabilities</h2> <div class="csaf-accordion"> <p><a class="csaf-accordion-toggle-all" href="#">Expand All +</a></p> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2026-20761</a></h3> <div class="csaf-accordion-content"> <p>A vulnerability exists in EnOcean SmartServer IoT version 4.60.009 and prior, which would allow remote attackers, in the LON IP-852 management messages, to send specially crafted IP-852 messages resulting in arbitrary OS command execution on the device.</p> <p><a href="https://www.cve.org/CVERecord?id=CVE-2026-20761">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>EnOcean SmartServer IoT</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>EnOcean Edge Inc</div> <div class="ics-version"><strong>Product Version:</strong><br>EnOcean Edge Inc SmartServer IoT: &lt;=4.60.009</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Mitigation</strong><br>EnOcean recommends users update the SmartServer platform software to SmartServer 4.6 Update 2 (v4.60.023) or a later release at https://enoceanwiki.atlassian.net/wiki/spaces/DrftSSIoT/pages/1475410/SmartServer+IoT+Release+Notes#Current-Stable-Release.<br>For additional mitigations and workarounds, refer to EnOcean's hardening guide at https://enoceanwiki.atlassian.net/wiki/spaces/IEC/pages/288063529/Enhancing+Security.</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/77.html">CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>8.1</td> <td>HIGH</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H">CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2026-22885</a></h3> <div class="csaf-accordion-content"> <p>A vulnerability exists in EnOcean SmartServer IoT version 4.60.009 and prior, which would allow remote attackers, in the LON IP-852 management messages, to send specially crafted IP-852 messages resulting in a memory leak from the program's memory.</p> <p><a href="https://www.cve.org/CVERecord?id=CVE-2026-22885">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>EnOcean SmartServer IoT</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>EnOcean Edge Inc</div> <div class="ics-version"><strong>Product Version:</strong><br>EnOcean Edge Inc SmartServer IoT: &lt;=4.60.009</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Mitigation</strong><br>EnOcean recommends users update the SmartServer platform software to SmartServer 4.6 Update 2 (v4.60.023) or a later release at https://enoceanwiki.atlassian.net/wiki/spaces/DrftSSIoT/pages/1475410/SmartServer+IoT+Release+Notes#Current-Stable-Release.<br>For additional mitigations and workarounds, refer to EnOcean's hardening guide at https://enoceanwiki.atlassian.net/wiki/spaces/IEC/pages/288063529/Enhancing+Security.</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/125.html">CWE-125 Out-of-bounds Read</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>3.7</td> <td>LOW</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N">CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N</a></td> </tr> </tbody> </table> </div> </div> </div> </div> <hr> <h2>Acknowledgments</h2> <ul> <li>Amir Zaltzman of Claroty Team82 reported these vulnerabilities to CISA</li> </ul> <hr> <h2>Legal Notice and Terms of Use</h2> <p>This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy &amp; Use policy (https://www.cisa.gov/privacy-policy).</p> <hr> <h2>Recommended Practices</h2> <p>CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:</p> <p>Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.</p> <p>Locate control system networks and remote devices behind firewalls and isolating them from business networks.</p> <p>When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.</p> <p>CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.</p> <p>CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.</p> <p>CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.</p> <p>Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.</p> <p>Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.</p> <p>CISA also recommends users take the following measures to protect themselves from social engineering attacks:</p> <p>Do not click web links or open attachments in unsolicited email messages.</p> <p>Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams.</p> <p>Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.</p> <p>No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time. These vulnerabilities have a high attack complexity.</p> <hr> <h2>Revision History</h2> <ul> <li><strong>Initial Release Date: </strong>2026-02-19</li> </ul> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">Date</th> <th role="columnheader">Revision</th> <th role="columnheader">Summary</th> </tr> </thead> <tbody> <tr> <td>2026-02-19</td> <td>1</td> <td>Initial Publication</td> </tr> </tbody> </table> <hr> <h2>Legal Notice and Terms of Use</h2>

<p><a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-050-03.json"><strong>View CSAF</strong></a></p> <h2>Summary</h2> <p><strong>Successful exploitation of these vulnerabilities could result in authentication being disabled, a denial-of-service condition, or an attacker stealing valid user credentials, including administrator credentials.</strong></p> <p>The following versions of Jinan USR IOT Technology Limited (PUSR) USR-W610 are affected:</p> <ul> <li>USR-W610 &lt;=3.1.1.0 (CVE-2026-25715, CVE-2026-24455, CVE-2026-26049, CVE-2026-26048)</li> </ul> <div class="csaf-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS</th> <th role="columnheader">Vendor</th> <th role="columnheader">Equipment</th> <th role="columnheader">Vulnerabilities</th> </tr> </thead> <tbody> <tr> <td>v3 9.8</td> <td>Jinan USR IOT Technology Limited (PUSR)</td> <td>Jinan USR IOT Technology Limited (PUSR) USR-W610</td> <td>Weak Password Requirements, Cleartext Transmission of Sensitive Information, Insufficiently Protected Credentials, Missing Authentication for Critical Function</td> </tr> </tbody> </table> </div> <h3>Background</h3> <ul> <li><strong>Critical Infrastructure Sectors: </strong>Critical Manufacturing</li> <li><strong>Countries/Areas Deployed: </strong>Worldwide</li> <li><strong>Company Headquarters Location: </strong>China</li> </ul> <hr> <h2>Vulnerabilities</h2> <div class="csaf-accordion"> <p><a class="csaf-accordion-toggle-all" href="#">Expand All +</a></p> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2026-25715</a></h3> <div class="csaf-accordion-content"> <p>The web management interface of the device allows the administrator username and password to be set to blank values. Once applied, the device permits authentication with empty credentials over the web management interface and Telnet service. This effectively disables authentication across all critical management channels, allowing any network-adjacent attacker to gain full administrative control without credentials.</p> <p><a href="https://www.cve.org/CVERecord?id=CVE-2026-25715">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Jinan USR IOT Technology Limited (PUSR) USR-W610</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Jinan USR IOT Technology Limited (PUSR)</div> <div class="ics-version"><strong>Product Version:</strong><br>Jinan USR IOT Technology Limited (PUSR) USR-W610: &lt;=3.1.1.0</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>Jinan USR IOT Technology Limited (PUSR) has stated that the product is end-of-life, and there are no plans to patch. Users of PUSR USR-W610 devices are encouraged to contact PUSR and keep their systems up to date.</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/521.html">CWE-521 Weak Password Requirements</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>9.8</td> <td>CRITICAL</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2026-24455</a></h3> <div class="csaf-accordion-content"> <p>The embedded web interface of the device does not support HTTPS/TLS for authentication and uses HTTP Basic Authentication. Traffic is encoded but not encrypted, exposing user credentials to passive interception by attackers on the same network.</p> <p><a href="https://www.cve.org/CVERecord?id=CVE-2026-24455">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Jinan USR IOT Technology Limited (PUSR) USR-W610</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Jinan USR IOT Technology Limited (PUSR)</div> <div class="ics-version"><strong>Product Version:</strong><br>Jinan USR IOT Technology Limited (PUSR) USR-W610: &lt;=3.1.1.0</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>Jinan USR IOT Technology Limited (PUSR) has stated that the product is end-of-life, and there are no plans to patch. Users of PUSR USR-W610 devices are encouraged to contact PUSR and keep their systems up to date.</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/319.html">CWE-319 Cleartext Transmission of Sensitive Information</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>7.5</td> <td>HIGH</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2026-26049</a></h3> <div class="csaf-accordion-content"> <p>The web management interface of the device renders the passwords in a plaintext input field. The current password is directly visible to anyone with access to the UI, potentially exposing administrator credentials to unauthorized observation via shoulder surfing, screenshots, or browser form caching.</p> <p><a href="https://www.cve.org/CVERecord?id=CVE-2026-26049">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Jinan USR IOT Technology Limited (PUSR) USR-W610</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Jinan USR IOT Technology Limited (PUSR)</div> <div class="ics-version"><strong>Product Version:</strong><br>Jinan USR IOT Technology Limited (PUSR) USR-W610: &lt;=3.1.1.0</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>Jinan USR IOT Technology Limited (PUSR) has stated that the product is end-of-life, and there are no plans to patch. Users of PUSR USR-W610 devices are encouraged to contact PUSR and keep their systems up to date.</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/522.html">CWE-522 Insufficiently Protected Credentials</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>5.7</td> <td>MEDIUM</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N">CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2026-26048</a></h3> <div class="csaf-accordion-content"> <p>The Wi-Fi router is vulnerable to de-authentication attacks due to the absence of Management Frame Protection, allowing forged deauthentication and disassociation frames to be broadcast without authentication or encryption. An attacker can use this to cause unauthorized disruptions and create a denial-of-service condition.</p> <p><a href="https://www.cve.org/CVERecord?id=CVE-2026-26048">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Jinan USR IOT Technology Limited (PUSR) USR-W610</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Jinan USR IOT Technology Limited (PUSR)</div> <div class="ics-version"><strong>Product Version:</strong><br>Jinan USR IOT Technology Limited (PUSR) USR-W610: &lt;=3.1.1.0</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>Jinan USR IOT Technology Limited (PUSR) has stated that the product is end-of-life, and there are no plans to patch. Users of PUSR USR-W610 devices are encouraged to contact PUSR and keep their systems up to date.</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/306.html">CWE-306 Missing Authentication for Critical Function</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>7.5</td> <td>HIGH</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H</a></td> </tr> </tbody> </table> </div> </div> </div> </div> <hr> <h2>Acknowledgments</h2> <ul> <li>Abhishek Pandey of Payatu Security Consulting reported CVE-2026-25715, CVE-2026-24455, and CVE-2026-26049 to CISA</li> <li>Abhishek Pandey and Ranit Pradhan of Payatu Security Consulting reported CVE-2026-26048 to CISA</li> </ul> <hr> <h2>Legal Notice and Terms of Use</h2> <p>This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy &amp; Use policy (https://www.cisa.gov/privacy-policy).</p> <hr> <h2>Recommended Practices</h2> <p>CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:</p> <p>Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.</p> <p>Locate control system networks and remote devices behind firewalls and isolating them from business networks.</p> <p>When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.</p> <p>CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.</p> <p>CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.</p> <p>CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.</p> <p>Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.</p> <p>Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.</p> <p>No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.</p> <hr> <h2>Revision History</h2> <ul> <li><strong>Initial Release Date: </strong>2026-02-19</li> </ul> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">Date</th> <th role="columnheader">Revision</th> <th role="columnheader">Summary</th> </tr> </thead> <tbody> <tr> <td>2026-02-19</td> <td>1</td> <td>Initial Publication</td> </tr> </tbody> </table> <hr> <h2>Legal Notice and Terms of Use</h2>

<p><a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-050-02.json"><strong>View CSAF</strong></a></p> <h2>Summary</h2> <p><strong>Successful exploitation of this vulnerability could allow an unauthenticated attacker to manipulate the web maintenance services URL to achieve arbitrary file read access.</strong></p> <p>The following versions of Valmet DNA Engineering Web Tools are affected:</p> <ul> <li>Valmet DNA Engineering Web Tools &lt;=C2022 (CVE-2025-15577)</li> </ul> <div class="csaf-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS</th> <th role="columnheader">Vendor</th> <th role="columnheader">Equipment</th> <th role="columnheader">Vulnerabilities</th> </tr> </thead> <tbody> <tr> <td>v3 8.6</td> <td>Valmet</td> <td>Valmet DNA Engineering Web Tools</td> <td>Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')</td> </tr> </tbody> </table> </div> <h3>Background</h3> <ul> <li><strong>Critical Infrastructure Sectors: </strong>Critical Manufacturing, Energy</li> <li><strong>Countries/Areas Deployed: </strong>Worldwide</li> <li><strong>Company Headquarters Location: </strong>Finland</li> </ul> <hr> <h2>Vulnerabilities</h2> <div class="csaf-accordion"> <p><a class="csaf-accordion-toggle-all" href="#">Expand All +</a></p> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2025-15577</a></h3> <div class="csaf-accordion-content"> <p>An unauthenticated attacker can exploit this vulnerability by manipulating URL to achieve arbitrary file read access.</p> <p><a href="https://www.cve.org/CVERecord?id=CVE-2025-15577">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Valmet DNA Engineering Web Tools</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Valmet</div> <div class="ics-version"><strong>Product Version:</strong><br>Valmet Valmet DNA Engineering Web Tools: &lt;=C2022</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Mitigation</strong><br>Valmet has issued a fix for the reported vulnerability. Valmet recommends users reach out directly to their automation customer service group to obtain assistance with the fix: <a href="https://www.valmet.com/contact/.">https://www.valmet.com/contact/.</a></p> <p><br>For additional information, refer to Valmet's security advisory regarding this issue: https://www.valmet.com/company/innovation/advisories/CVE-2025-15577/.</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/22.html">CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>8.6</td> <td>HIGH</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N</a></td> </tr> </tbody> </table> </div> </div> </div> </div> <hr> <h2>Acknowledgments</h2> <ul> <li>Denis Samotuga reported this vulnerability to Valmet</li> </ul> <hr> <h2>Legal Notice and Terms of Use</h2> <p>This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy &amp; Use policy (https://www.cisa.gov/privacy-policy).</p> <hr> <h2>Recommended Practices</h2> <p>CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:</p> <p>Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.</p> <p>Locate control system networks and remote devices behind firewalls and isolating them from business networks.</p> <p>When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.</p> <p>CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.</p> <p>CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.</p> <p>CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.</p> <p>Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.</p> <p>Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.</p> <p>CISA also recommends users take the following measures to protect themselves from social engineering attacks:</p> <p>Do not click web links or open attachments in unsolicited email messages.</p> <p>Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams.</p> <p>Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.</p> <p>No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time.</p> <hr> <h2>Revision History</h2> <ul> <li><strong>Initial Release Date: </strong>2026-02-19</li> </ul> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">Date</th> <th role="columnheader">Revision</th> <th role="columnheader">Summary</th> </tr> </thead> <tbody> <tr> <td>2026-02-19</td> <td>1</td> <td>Initial Publication</td> </tr> </tbody> </table> <hr> <h2>Legal Notice and Terms of Use</h2>

<p><a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-050-04.json"><strong>View CSAF</strong></a></p> <h2>Summary</h2> <p><strong>Successful exploitation of this vulnerability could result in an over- or under-odorization event.</strong></p> <p>The following versions of Welker OdorEyes EcoSystem Pulse Bypass System with XL4 Controller are affected:</p> <ul> <li>OdorEyes EcoSystem Pulse Bypass System with XL4 Controller vers:all/* (CVE-2026-24790)</li> </ul> <div class="csaf-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS</th> <th role="columnheader">Vendor</th> <th role="columnheader">Equipment</th> <th role="columnheader">Vulnerabilities</th> </tr> </thead> <tbody> <tr> <td>v3 8.2</td> <td>Welker</td> <td>Welker OdorEyes EcoSystem Pulse Bypass System with XL4 Controller</td> <td>Missing Authentication for Critical Function</td> </tr> </tbody> </table> </div> <h3>Background</h3> <ul> <li><strong>Critical Infrastructure Sectors: </strong>Chemical, Critical Manufacturing, Energy, Food and Agriculture</li> <li><strong>Countries/Areas Deployed: </strong>Worldwide</li> <li><strong>Company Headquarters Location: </strong>United States</li> </ul> <hr> <h2>Vulnerabilities</h2> <div class="csaf-accordion"> <p><a class="csaf-accordion-toggle-all" href="#">Expand All +</a></p> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2026-24790</a></h3> <div class="csaf-accordion-content"> <p>The underlying PLC of the device can be remotely influenced, without proper safeguards or authentication.</p> <p><a href="https://www.cve.org/CVERecord?id=CVE-2026-24790">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Welker OdorEyes EcoSystem Pulse Bypass System with XL4 Controller</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Welker</div> <div class="ics-version"><strong>Product Version:</strong><br>Welker OdorEyes EcoSystem Pulse Bypass System with XL4 Controller: vers:all/*</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Mitigation</strong><br>Welker did not respond to CISA's attempts at coordination. Users of Welker OdorEyes devices are encouraged to contact Welker and keep their systems up to date.</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/306.html">CWE-306 Missing Authentication for Critical Function</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>8.2</td> <td>HIGH</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L</a></td> </tr> </tbody> </table> </div> </div> </div> </div> <hr> <h2>Acknowledgments</h2> <ul> <li>A project sponsored by DHS S&amp;T reported this vulnerability to CISA</li> </ul> <hr> <h2>Legal Notice and Terms of Use</h2> <p>This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy &amp; Use policy (https://www.cisa.gov/privacy-policy).</p> <hr> <h2>Recommended Practices</h2> <p>CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:</p> <p>Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.</p> <p>Locate control system networks and remote devices behind firewalls and isolating them from business networks.</p> <p>When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.</p> <p>CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.</p> <p>CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.</p> <p>CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.</p> <p>Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.</p> <p>Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.</p> <p>No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time.</p> <hr> <h2>Revision History</h2> <ul> <li><strong>Initial Release Date: </strong>2026-02-19</li> </ul> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">Date</th> <th role="columnheader">Revision</th> <th role="columnheader">Summary</th> </tr> </thead> <tbody> <tr> <td>2026-02-19</td> <td>1</td> <td>Initial Publication</td> </tr> </tbody> </table> <hr> <h2>Legal Notice and Terms of Use</h2>

For the first time in two years, the United Kingdom and United States militaries conducted an in-person headquarters-level forum to discuss combined cyberspace campaigns and capabilities, called the Cyber Management Review, Nov. 9, 2021.<br/>

Commander, U.S. Cyber Command rolls out new Strategic Priorities<br/> <img src='https://media.defense.gov/2023/May/18/2003225392/150/150/0/230518-D-D0451-0001.JPG' alt='Commander&#39;s priorities' /> <br />

All 133 of U.S. Cyber Command’s Cyber Mission Force teams achieved Full Operational Capability (FOC), USCYBERCOM officials announced today.<br/>

U.S. Cyber Command and the Department of Homeland Security - Cybersecurity and Infrastructure Security Agency released eight files attributed to the Russian Foreign Intelligence Service (SVR)/APT 29 to enable public defense against further compromise.<br/> <img src='https://media.defense.gov/2021/Apr/15/2002621550/150/150/0/210415-D-LA132-0001.JPG' alt='CNMF and CISA release Malware Analysis Report on multiple samples linked to SolarWinds supply chain attack by Russia.' /> <br />

U.S. Cyber Command has begun executing its new "limited acquisition authority" to speed up the acquisitions process for cyber-specific tools, officials here said. <br/> <img src='https://media.defense.gov/2016/Sep/30/2001733907/150/150/0/160930-F-00000-002.JPG' alt='USCYBERCOM Seal' /> <br />

<p><a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-071-06.json"><strong>View CSAF</strong></a></p> <h2>Summary</h2> <p><strong>Successful exploitation of this vulnerability could allow an attacker to execute malicious code with OS application service account permissions that the authenticated, privileged application user did not intend on running.</strong></p> <p>The following versions of Inductive Automation Ignition Software are affected:</p> <ul> <li>Ignition Software &lt;8.3.0 (CVE-2025-13913)</li> </ul> <div class="csaf-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS</th> <th role="columnheader">Vendor</th> <th role="columnheader">Equipment</th> <th role="columnheader">Vulnerabilities</th> </tr> </thead> <tbody> <tr> <td>v3 6.3</td> <td>Inductive Automation</td> <td>Inductive Automation Ignition Software</td> <td>Deserialization of Untrusted Data</td> </tr> </tbody> </table> </div> <h3>Background</h3> <ul> <li><strong>Critical Infrastructure Sectors: </strong>Information Technology</li> <li><strong>Countries/Areas Deployed: </strong>Worldwide</li> <li><strong>Company Headquarters Location: </strong>United States</li> </ul> <hr> <h2>Vulnerabilities</h2> <div class="csaf-accordion"> <p><a class="csaf-accordion-toggle-all" href="#">Expand All +</a></p> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2025-13913</a></h3> <div class="csaf-accordion-content"> <p>A privileged Ignition user, intentionally or otherwise, imports an external file with a specially crafted payload, which executes embedded malicious code during deserialization.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-13913">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Inductive Automation Ignition Software</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Inductive Automation</div> <div class="ics-version"><strong>Product Version:</strong><br>Inductive Automation Ignition Software: &lt;8.3.0</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Mitigation</strong><br>Fix - upgrade Ignition software from 8.1.x to 8.3.0 or greater.</p> <p><strong>Mitigation</strong><br>MITIGATION (8.1.x Linux). Implement Ignition Security Hardening Guide Appendix A. https://inductiveautomation.com/resources/article/ignition-security-hardening-guide</p> <p><strong>Mitigation</strong><br>MITIGATION (8.1.x Windows). Covered in Ignition Security Hardening Guide Appendix A. 1. Create a new dedicated local Windows account that will be used exclusively for the Ignition service (e.g. svc-ign). a. The best security practice is that the Ignition service should not be a domain account (unless otherwise needed). b. Remove all group memberships from the service account (including Users and Administrators). c. Add to security policy to log in as a service. d. Add to "Deny log on locally" security policy. 2. Provide full read/write access only to the Ignition installation directory for the service account created in #1. a. Add read/write permissions to other directories in the local filesystem as needed (e.g.: if configured to use optional Enterprise Administration Module to write automated backups to the file system). 3. Set deny access settings for service account on other directories not needed by the Ignition service. a. Specifically the C:\Windows, C:\Users, and directories for any other applications in the Program Files or Program Files(x86) directories. b. Use java param to change temp directory to a location within the Ignition install directory so the Users folder can be denied access to the Ignition service account.</p> <p><strong>Mitigation</strong><br>BEST PRACTICES (8.1.x and 8.3.x)4. Restrict project imports to verified and trusted sources only, ideally using checksums or digital signatures.5. Use multiple environments (e.g. Dev, Test, Prod) with a staging workflow so that new data is never introduced directly to Production environments. See Ignition Deployment Best Practices.6. When feasible, segment or isolate Ignition gateways from corporate resources and Windows Domains.a. The Ignition service account or AD server object should never need Windows Domain or Windows Active Directory privileges. This would only be needed if an Asset Owners IT or OT department uses this for management outside Ignition.b. Ignition may be federated with Active Directory environments (e.g. OT domains) by entering "Authentication Profile" credentials within the Ignition gateway itself. This could use secure LDAP, SAML, or OpenID Connect.7. When feasible, enforce strong credential management and MFA for all users with Designer permissions (8.1.x and 8.3.x), Config Page permissions (8.1.x), and Config Write permissions (8.3.x).8. When feasible, deploy Ignition within hardened or containerized environments.</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/502.html">CWE-502 Deserialization of Untrusted Data</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>6.3</td> <td>MEDIUM</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H">CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H</a></td> </tr> </tbody> </table> </div> </div> </div> </div> <hr> <h2>Acknowledgments</h2> <ul> <li>Nik Tsytsarkin, Ismail Aydemir, and Ryan Hall of Meta reported this vulnerability to Inductive Automation</li> <li>Nathan Boeger and Joel Specht of Inductive Automation (security@inductiveautomation.com) reported this vulnerability to CISA</li> </ul> <hr> <h2>Legal Notice and Terms of Use</h2> <p>This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy &amp; Use policy (https://www.cisa.gov/privacy-policy).</p> <hr> <h2>Recommended Practices</h2> <p>CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:</p> <p>Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the Internet.</p> <p>Locate control system networks and remote devices behind firewalls and isolating them from business networks.</p> <p>When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.</p> <p>CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.</p> <p>CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.</p> <p>CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.</p> <p>Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.</p> <p>Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.</p> <p>CISA also recommends users take the following measures to protect themselves from social engineering attacks:</p> <p>Do not click web links or open attachments in unsolicited email messages.</p> <p>Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams.</p> <p>Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.</p> <p>No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time. This vulnerability is not exploitable remotely.</p> <hr> <h2>Revision History</h2> <ul> <li><strong>Initial Release Date: </strong>2026-03-12</li> </ul> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">Date</th> <th role="columnheader">Revision</th> <th role="columnheader">Summary</th> </tr> </thead> <tbody> <tr> <td>2026-03-12</td> <td>1</td> <td>Initial Publication</td> </tr> </tbody> </table> <hr> <h2>Legal Notice and Terms of Use</h2>

<p><a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-071-05.json"><strong>View CSAF</strong></a></p> <h2>Summary</h2> <p><strong>Heliox EV Chargers listed below contain improper access control vulnerability that could allow an attacker to reach unauthorized services via the charging cable. Siemens has released new versions for the affected products and recommends to update to the latest versions.</strong></p> <p>The following versions of Siemens Heliox EV Chargers are affected:</p> <ul> <li>Heliox Flex 180 kW EV Charging Station</li> <li>Heliox Mobile DC 40 kW EV Charging Station</li> </ul> <div class="csaf-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS</th> <th role="columnheader">Vendor</th> <th role="columnheader">Equipment</th> <th role="columnheader">Vulnerabilities</th> </tr> </thead> <tbody> <tr> <td>v3 2.6</td> <td>Siemens</td> <td>Siemens Heliox EV Chargers</td> <td>Improper Restriction of Communication Channel to Intended Endpoints</td> </tr> </tbody> </table> </div> <h3>Background</h3> <ul> <li><strong>Critical Infrastructure Sectors: </strong>Critical Manufacturing</li> <li><strong>Countries/Areas Deployed: </strong>Worldwide</li> <li><strong>Company Headquarters Location: </strong>Germany</li> </ul> <hr> <h2>Vulnerabilities</h2> <div class="csaf-accordion"> <p><a class="csaf-accordion-toggle-all" href="#">Expand All +</a></p> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2025-27769</a></h3> <div class="csaf-accordion-content"> <p>Affected devices contain improper access control that could allow an attacker to reach unauthorized services via the charging cable.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-27769">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Siemens Heliox EV Chargers</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Siemens</div> <div class="ics-version"><strong>Product Version:</strong><br>Heliox Flex 180 kW EV Charging Station, Heliox Mobile DC 40 kW EV Charging Station</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>Contact customer support for patch information via OTA update</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/923.html">CWE-923 Improper Restriction of Communication Channel to Intended Endpoints</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>2.6</td> <td>LOW</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N">CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N</a></td> </tr> </tbody> </table> </div> </div> </div> </div> <hr> <h2>Acknowledgments</h2> <ul> <li>Siemens ProductCERT reported this vulnerability to CISA.</li> </ul> <hr> <h2>General Recommendations</h2> <p>As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals. Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity</p> <hr> <h2>Additional Resources</h2> <p>For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories</p> <hr> <h2>Terms of Use</h2> <p>The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.</p> <hr> <h2>Legal Notice and Terms of Use</h2> <p>This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy &amp; Use policy (https://www.cisa.gov/privacy-policy).</p> <hr> <h2>Recommended Practices</h2> <p>CISA recommends users take defensive measures to minimize the exploitation risk of these vulnerabilities.</p> <p>Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.</p> <p>Locate control system networks and remote devices behind firewalls and isolate them from business networks.</p> <p>When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.</p> <p>CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.</p> <p>CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.</p> <p>CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.</p> <p>Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.</p> <hr> <h2>Advisory Conversion Disclaimer</h2> <p>This ICSA is a verbatim republication of Siemens ProductCERT SSA-126399 from a direct conversion of the vendor's Common Security Advisory Framework (CSAF) advisory. This is republished to CISA's website as a means of increasing visibility and is provided "as-is" for informational purposes only. CISA is not responsible for the editorial or technical accuracy of republished advisories and provides no warranties of any kind regarding any information contained within this advisory. Further, CISA does not endorse any commercial product or service. Please contact Siemens ProductCERT directly for any questions regarding this advisory.</p> <h2>Revision History</h2> <ul> <li><strong>Initial Release Date: </strong>2026-03-10</li> </ul> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">Date</th> <th role="columnheader">Revision</th> <th role="columnheader">Summary</th> </tr> </thead> <tbody> <tr> <td>2026-03-10</td> <td>1</td> <td>Publication Date</td> </tr> <tr> <td>2026-03-12</td> <td>2</td> <td>Initial CISA Republication of Siemens ProductCERT SSA-126399 advisory</td> </tr> </tbody> </table> <hr> <h2>Legal Notice and Terms of Use</h2>

<p><a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-071-02.json"><strong>View CSAF</strong></a></p> <h2>Summary</h2> <p><strong>Fortinet has published information on vulnerabilities in FORTIOS. This advisory lists the related Siemens Industrial products. Siemens has released a new version for RUGGEDCOM APE1808 and recommends to update to the latest version.</strong></p> <p>The following versions of Siemens RUGGEDCOM APE1808 Devices are affected:</p> <ul> <li>RUGGEDCOM APE1808 vers:all/*, vers:all/* (CVE-2026-24858, CVE-2025-55018, CVE-2025-62439, CVE-2025-64157)</li> </ul> <div class="csaf-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS</th> <th role="columnheader">Vendor</th> <th role="columnheader">Equipment</th> <th role="columnheader">Vulnerabilities</th> </tr> </thead> <tbody> <tr> <td>v3 9.8</td> <td>Siemens</td> <td>Siemens RUGGEDCOM APE1808 Devices</td> <td>Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling'), Improper Verification of Source of a Communication Channel, Use of Externally-Controlled Format String, Authentication Bypass Using an Alternate Path or Channel</td> </tr> </tbody> </table> </div> <h3>Background</h3> <ul> <li><strong>Critical Infrastructure Sectors: </strong>Critical Manufacturing, Energy, Transportation Systems</li> <li><strong>Countries/Areas Deployed: </strong>Worldwide</li> <li><strong>Company Headquarters Location: </strong>Germany</li> </ul> <hr> <h2>Vulnerabilities</h2> <div class="csaf-accordion"> <p><a class="csaf-accordion-toggle-all" href="#">Expand All +</a></p> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2025-55018</a></h3> <div class="csaf-accordion-content"> <p>An inconsistent interpretation of http requests ('http request smuggling') vulnerability in Fortinet FortiOS 7.6.0, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4.3 through 6.4.16 may allow an unauthenticated attacker to smuggle an unlogged http request through the firewall policies via a specially crafted header</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-55018">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Siemens RUGGEDCOM APE1808 Devices</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Siemens</div> <div class="ics-version"><strong>Product Version:</strong><br>RUGGEDCOM APE1808</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>Update Fortigate NGFW to V7.4.10 or later version. Contact customer support to receive patch and update information.</p> <p><strong>Mitigation</strong><br>For more information see the associated Siemens security advisory SSA-975644 in HTML https://cert-portal.siemens.com/productcert/html/ssa-975644.html</p> <p><strong>Mitigation</strong><br>For more information see the associated Siemens security advisory SSA-975644 in CSAF https://cert-portal.siemens.com/productcert/csaf/ssa-975644.json</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/444.html">CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>5.8</td> <td>MEDIUM</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2025-62439</a></h3> <div class="csaf-accordion-content"> <p>An inconsistent interpretation of http requests ('http request smuggling') vulnerability in Fortinet FortiOS 7.6.0, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4.3 through 6.4.16 may allow an unauthenticated attacker to smuggle an unlogged http request through the firewall policies via a specially crafted header.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-62439">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Siemens RUGGEDCOM APE1808 Devices</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Siemens</div> <div class="ics-version"><strong>Product Version:</strong><br>RUGGEDCOM APE1808</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>Update Fortigate NGFW to V7.4.10 or later version with FSSO TS Agent version 5.0 build 0324 or later version. Contact customer support to receive patch and update information.</p> <p><strong>Mitigation</strong><br>For more information see the associated Siemens security advisory SSA-975644 in HTML https://cert-portal.siemens.com/productcert/html/ssa-975644.html</p> <p><strong>Mitigation</strong><br>For more information see the associated Siemens security advisory SSA-975644 in CSAF https://cert-portal.siemens.com/productcert/csaf/ssa-975644.json</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/940.html">CWE-940 Improper Verification of Source of a Communication Channel</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>4.2</td> <td>MEDIUM</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N">CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2025-64157</a></h3> <div class="csaf-accordion-content"> <p>A use of externally-controlled format string vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0 all versions allows an authenticated admin to execute unauthorized code or commands via specifically crafted configuration.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-64157">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Siemens RUGGEDCOM APE1808 Devices</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Siemens</div> <div class="ics-version"><strong>Product Version:</strong><br>RUGGEDCOM APE1808</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>Update Fortigate NGFW to V7.4.10 or later version. Contact customer support to receive patch and update information.</p> <p><strong>Mitigation</strong><br>For more information see the associated Siemens security advisory SSA-975644 in HTML https://cert-portal.siemens.com/productcert/html/ssa-975644.html</p> <p><strong>Mitigation</strong><br>For more information see the associated Siemens security advisory SSA-975644 in CSAF https://cert-portal.siemens.com/productcert/csaf/ssa-975644.json</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/134.html">CWE-134 Use of Externally-Controlled Format String</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>6.7</td> <td>MEDIUM</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H">CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2026-24858</a></h3> <div class="csaf-accordion-content"> <p>An authentication bypass using an alternate path or channel vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.5, FortiAnalyzer 7.4.0 through 7.4.9, FortiAnalyzer 7.2.0 through 7.2.11, FortiAnalyzer 7.0.0 through 7.0.15, FortiManager 7.6.0 through 7.6.5, FortiManager 7.4.0 through 7.4.9, FortiManager 7.2.0 through 7.2.11, FortiManager 7.0.0 through 7.0.15, FortiOS 7.6.0 through 7.6.5, FortiOS 7.4.0 through 7.4.10, FortiOS 7.2.0 through 7.2.12, FortiOS 7.0.0 through 7.0.18 may allow an attacker with a FortiCloud account and a registered device to log into other devices registered to other accounts, if FortiCloud SSO authentication is enabled on those devices.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-24858">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Siemens RUGGEDCOM APE1808 Devices</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Siemens</div> <div class="ics-version"><strong>Product Version:</strong><br>RUGGEDCOM APE1808</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>Update Fortigate NGFW to V7.4.11 or later version. Contact customer support to receive patch and update information.</p> <p><strong>Mitigation</strong><br>For more information see the associated Siemens security advisory SSA-975644 in HTML https://cert-portal.siemens.com/productcert/html/ssa-975644.html</p> <p><strong>Mitigation</strong><br>For more information see the associated Siemens security advisory SSA-975644 in CSAF https://cert-portal.siemens.com/productcert/csaf/ssa-975644.json</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/288.html">CWE-288 Authentication Bypass Using an Alternate Path or Channel</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>9.8</td> <td>CRITICAL</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H</a></td> </tr> </tbody> </table> </div> </div> </div> </div> <hr> <h2>Acknowledgments</h2> <ul> <li>Siemens reported these vulnerabilities to CISA.</li> </ul> <hr> <h2>General Recommendations</h2> <p>As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals. Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity</p> <hr> <h2>Additional Resources</h2> <p>For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories</p> <hr> <h2>Terms of Use</h2> <p>The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.</p> <hr> <h2>Legal Notice and Terms of Use</h2> <p>This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy &amp; Use policy (https://www.cisa.gov/privacy-policy).</p> <hr> <h2>Recommended Practices</h2> <p>CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.</p> <p>Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.</p> <p>Locate control system networks and remote devices behind firewalls and isolate them from business networks.</p> <p>When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.</p> <p>CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.</p> <p>CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.</p> <p>CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.</p> <p>Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.</p> <hr> <h2>Advisory Conversion Disclaimer</h2> <p>This ICSA is a verbatim republication of Siemens ProductCERT SSA-975644 from a direct conversion of the vendor's Common Security Advisory Framework (CSAF) advisory. This is republished to CISA's website as a means of increasing visibility and is provided "as-is" for informational purposes only. CISA is not responsible for the editorial or technical accuracy of republished advisories and provides no warranties of any kind regarding any information contained within this advisory. Further, CISA does not endorse any commercial product or service. Please contact Siemens ProductCERT directly for any questions regarding this advisory.</p> <h2>Revision History</h2> <ul> <li><strong>Initial Release Date: </strong>2026-03-10</li> </ul> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">Date</th> <th role="columnheader">Revision</th> <th role="columnheader">Summary</th> </tr> </thead> <tbody> <tr> <td>2026-03-10</td> <td>1</td> <td>Publication Date</td> </tr> <tr> <td>2026-03-12</td> <td>2</td> <td>Initial CISA Republication of Siemens ProductCERT SSA-975644 advisory</td> </tr> </tbody> </table> <hr> <h2>Legal Notice and Terms of Use</h2>

<p><a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-071-03.json"><strong>View CSAF</strong></a></p> <h2>Summary</h2> <p><strong>SIDIS Prime before V4.0.800 is affected by multiple vulnerabilities in the components OpenSSL, SQLite, and several Node.js packages as described below. Siemens has released a new version of SIDIS Prime and recommends to update to the latest version.</strong></p> <p>The following versions of Siemens SIDIS Prime are affected:</p> <ul> <li>SIDIS Prime vers:intdot/&lt;4.0.800 (CVE-2024-29857, CVE-2024-30171, CVE-2024-30172, CVE-2024-41996, CVE-2025-6965, CVE-2025-7783, CVE-2025-9230, CVE-2025-9232, CVE-2025-9670, CVE-2025-12816, CVE-2025-15284, CVE-2025-58751, CVE-2025-58752, CVE-2025-58754, CVE-2025-62522, CVE-2025-64718, CVE-2025-64756, CVE-2025-66030, CVE-2025-66031, CVE-2025-66035, CVE-2025-66412, CVE-2025-69277, CVE-2026-22610)</li> </ul> <div class="csaf-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS</th> <th role="columnheader">Vendor</th> <th role="columnheader">Equipment</th> <th role="columnheader">Vulnerabilities</th> </tr> </thead> <tbody> <tr> <td>v3 8.7</td> <td>Siemens</td> <td>Siemens SIDIS Prime</td> <td>Out-of-bounds Read, Observable Discrepancy, Improper Input Validation, Improper Certificate Validation, Numeric Truncation Error, Use of Insufficiently Random Values, Out-of-bounds Write, Inefficient Regular Expression Complexity, Interpretation Conflict, Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Relative Path Traversal, Allocation of Resources Without Limits or Throttling, Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution'), Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'), Integer Overflow or Wraparound, Uncontrolled Recursion, Insertion of Sensitive Information Into Sent Data, Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), Incomplete List of Disallowed Inputs</td> </tr> </tbody> </table> </div> <h3>Background</h3> <ul> <li><strong>Critical Infrastructure Sectors: </strong>Critical Manufacturing</li> <li><strong>Countries/Areas Deployed: </strong>Worldwide</li> <li><strong>Company Headquarters Location: </strong>Germany</li> </ul> <hr> <h2>Vulnerabilities</h2> <div class="csaf-accordion"> <p><a class="csaf-accordion-toggle-all" href="#">Expand All +</a></p> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2024-29857</a></h3> <div class="csaf-accordion-content"> <p>An issue was discovered in ECCurve.java and ECCurve.cs in Bouncy Castle Java (BC Java) before 1.78, BC Java LTS before 2.73.6, BC-FJA before 1.0.2.5, and BC C# .Net before 2.3.1. Importing an EC certificate with crafted F2m parameters can lead to excessive CPU consumption during the evaluation of the curve parameters.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2024-29857">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Siemens SIDIS Prime</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Siemens</div> <div class="ics-version"><strong>Product Version:</strong><br>SIDIS Prime</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>Update to V4.0.800 or later version</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/125.html">CWE-125 Out-of-bounds Read</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>7.5</td> <td>HIGH</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2024-30171</a></h3> <div class="csaf-accordion-content"> <p>An issue was discovered in Bouncy Castle Java TLS API and JSSE Provider before 1.78. Timing-based leakage may occur in RSA based handshakes because of exception processing.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2024-30171">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Siemens SIDIS Prime</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Siemens</div> <div class="ics-version"><strong>Product Version:</strong><br>SIDIS Prime</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>Update to V4.0.800 or later version</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/203.html">CWE-203 Observable Discrepancy</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>5.9</td> <td>MEDIUM</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N">CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2024-30172</a></h3> <div class="csaf-accordion-content"> <p>An issue was discovered in Bouncy Castle Java Cryptography APIs before 1.78. An Ed25519 verification code infinite loop can occur via a crafted signature and public key.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2024-30172">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Siemens SIDIS Prime</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Siemens</div> <div class="ics-version"><strong>Product Version:</strong><br>SIDIS Prime</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>Update to V4.0.800 or later version</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/20.html">CWE-20 Improper Input Validation</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>7.5</td> <td>HIGH</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2024-41996</a></h3> <div class="csaf-accordion-content"> <p>Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2024-41996">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Siemens SIDIS Prime</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Siemens</div> <div class="ics-version"><strong>Product Version:</strong><br>SIDIS Prime</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>Update to V4.0.800 or later version</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/295.html">CWE-295 Improper Certificate Validation</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>7.5</td> <td>HIGH</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2025-6965</a></h3> <div class="csaf-accordion-content"> <p>There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-6965">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Siemens SIDIS Prime</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Siemens</div> <div class="ics-version"><strong>Product Version:</strong><br>SIDIS Prime</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>Update to V4.0.800 or later version</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/197.html">CWE-197 Numeric Truncation Error</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>7.7</td> <td>HIGH</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L">CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2025-7783</a></h3> <div class="csaf-accordion-content"> <p>Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution (HPP). This vulnerability is associated with program files lib/form_data.Js. This issue affects form-data: &lt; 2.5.4, 3.0.0 - 3.0.3, 4.0.0 - 4.0.3.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-7783">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Siemens SIDIS Prime</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Siemens</div> <div class="ics-version"><strong>Product Version:</strong><br>SIDIS Prime</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>Update to V4.0.800 or later version</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/330.html">CWE-330 Use of Insufficiently Random Values</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>8.7</td> <td>HIGH</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N">CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2025-9230</a></h3> <div class="csaf-accordion-content"> <p>An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write. Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service for an application. The out-of-bounds write can cause a memory corruption which can have various consequences including a Denial of Service or Execution of attacker-supplied code. Although the consequences of a successful exploit of this vulnerability could be severe, the probability that the attacker would be able to perform it is low. Besides, password based (PWRI) encryption support in CMS messages is very rarely used. For that reason the issue was assessed as Moderate severity according to our Security Policy. The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue, as the CMS implementation is outside the OpenSSL FIPS module boundary.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-9230">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Siemens SIDIS Prime</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Siemens</div> <div class="ics-version"><strong>Product Version:</strong><br>SIDIS Prime</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>Update to V4.0.800 or later version</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/787.html">CWE-787 Out-of-bounds Write</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>5.6</td> <td>MEDIUM</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L">CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2025-9232</a></h3> <div class="csaf-accordion-content"> <p>Issue summary: An application using the OpenSSL HTTP client API functions may trigger an out-of-bounds read if the 'no_proxy' environment variable is set and the host portion of the authority component of the HTTP URL is an IPv6 address. Impact summary: An out-of-bounds read can trigger a crash which leads to Denial of Service for an application. The OpenSSL HTTP client API functions can be used directly by applications but they are also used by the OCSP client functions and CMP (Certificate Management Protocol) client implementation in OpenSSL. However the URLs used by these implementations are unlikely to be controlled by an attacker. In this vulnerable code the out of bounds read can only trigger a crash. Furthermore the vulnerability requires an attacker-controlled URL to be passed from an application to the OpenSSL function and the user has to have a 'no_proxy' environment variable set. For the aforementioned reasons the issue was assessed as Low severity. The vulnerable code was introduced in the following patch releases: 3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0. The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue, as the HTTP client implementation is outside the OpenSSL FIPS module boundary.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-9232">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Siemens SIDIS Prime</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Siemens</div> <div class="ics-version"><strong>Product Version:</strong><br>SIDIS Prime</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>Update to V4.0.800 or later version</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/125.html">CWE-125 Out-of-bounds Read</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>5.9</td> <td>MEDIUM</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H">CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2025-9670</a></h3> <div class="csaf-accordion-content"> <p>A security flaw has been discovered in mixmark-io turndown up to 7.2.1. This affects an unknown function of the file src/commonmark-rules.js. Performing manipulation results in inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit has been released to the public and may be exploited.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-9670">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Siemens SIDIS Prime</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Siemens</div> <div class="ics-version"><strong>Product Version:</strong><br>SIDIS Prime</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>Update to V4.0.800 or later version</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/1333.html">CWE-1333 Inefficient Regular Expression Complexity</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>5.3</td> <td>MEDIUM</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2025-12816</a></h3> <div class="csaf-accordion-content"> <p>An interpretation-conflict (CWE-436) vulnerability in node-forge versions 1.3.1 and earlier enables unauthenticated attackers to craft ASN.1 structures to desynchronize schema validations, yielding a semantic divergence that may bypass downstream cryptographic verifications and security decisions.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-12816">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Siemens SIDIS Prime</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Siemens</div> <div class="ics-version"><strong>Product Version:</strong><br>SIDIS Prime</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>Update to V4.0.800 or later version</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/436.html">CWE-436 Interpretation Conflict</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>8.6</td> <td>HIGH</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2025-15284</a></h3> <div class="csaf-accordion-content"> <p>Improper Input Validation vulnerability in qs (parse modules) allows HTTP DoS.This issue affects qs: &lt; 6.14.1. SummaryThe arrayLimit&nbsp;option in qs does not enforce limits for bracket notation (a[]=1&amp;a[]=2), allowing attackers to cause denial-of-service via memory exhaustion. Applications using arrayLimit&nbsp;for DoS protection are vulnerable. DetailsThe arrayLimit&nbsp;option only checks limits for indexed notation (a[0]=1&amp;a[1]=2) but completely bypasses it for bracket notation (a[]=1&amp;a[]=2). Vulnerable code&nbsp;(lib/parse.js:159-162): if (root === '[]' &amp;&amp; options.parseArrays) { obj = utils.combine([], leaf); // No arrayLimit check } Working code&nbsp;(lib/parse.js:175): else if (index &lt;= options.arrayLimit) { // Limit checked here obj = []; obj[index] = leaf; } The bracket notation handler at line 159 uses utils.combine([], leaf)&nbsp;without validating against options.arrayLimit, while indexed notation at line 175 checks index &lt;= options.arrayLimit&nbsp;before creating arrays. PoCTest 1 - Basic bypass: npm install qs const qs = require('qs'); const result = qs.parse('a[]=1&amp;a[]=2&amp;a[]=3&amp;a[]=4&amp;a[]=5&amp;a[]=6', { arrayLimit: 5 }); console.log(result.a.length); // Output: 6 (should be max 5) Test 2 - DoS demonstration: const qs = require('qs'); const attack = 'a[]=' + Array(10000).fill('x').join('&amp;a[]='); const result = qs.parse(attack, { arrayLimit: 100 }); console.log(result.a.length); // Output: 10000 (should be max 100) Configuration: * arrayLimit: 5&nbsp;(test 1) or arrayLimit: 100&nbsp;(test 2) * Use bracket notation: a[]=value&nbsp;(not indexed a[0]=value) ImpactDenial of Service via memory exhaustion. Affects applications using qs.parse()&nbsp;with user-controlled input and arrayLimit&nbsp;for protection. Attack scenario: * Attacker sends HTTP request: GET /api/search?filters[]=x&amp;filters[]=x&amp;...&amp;filters[]=x&nbsp;(100,000+ times) * Application parses with qs.parse(query, { arrayLimit: 100 }) * qs ignores limit, parses all 100,000 elements into array * Server memory exhausted → application crashes or becomes unresponsive * Service unavailable for all users Real-world impact: * Single malicious request can crash server * No authentication required * Easy to automate and scale * Affects any endpoint parsing query strings with bracket notation</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-15284">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Siemens SIDIS Prime</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Siemens</div> <div class="ics-version"><strong>Product Version:</strong><br>SIDIS Prime</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>Update to V4.0.800 or later version</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/20.html">CWE-20 Improper Input Validation</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>7.5</td> <td>HIGH</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2025-58751</a></h3> <div class="csaf-accordion-content"> <p>Vite is a frontend tooling framework for JavaScript. Prior to versions 7.1.5, 7.0.7, 6.3.6, and 5.4.20, files starting with the same name with the public directory were served bypassing the `server.fs` settings. Only apps that explicitly expose the Vite dev server to the network (using --host or `server.host` config option), use the public directory feature (enabled by default), and have a symlink in the public directory are affected. Versions 7.1.5, 7.0.7, 6.3.6, and 5.4.20 fix the issue.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-58751">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Siemens SIDIS Prime</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Siemens</div> <div class="ics-version"><strong>Product Version:</strong><br>SIDIS Prime</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>Update to V4.0.800 or later version</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/22.html">CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>4.3</td> <td>MEDIUM</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N">CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2025-58752</a></h3> <div class="csaf-accordion-content"> <p>Vite is a frontend tooling framework for JavaScript. Prior to versions 7.1.5, 7.0.7, 6.3.6, and 5.4.20, any HTML files on the machine were served regardless of the `server.fs` settings. Only apps that explicitly expose the Vite dev server to the network (using --host or server.host config option) and use `appType: 'spa'` (default) or `appType: 'mpa'` are affected. This vulnerability also affects the preview server. The preview server allowed HTML files not under the output directory to be served. Versions 7.1.5, 7.0.7, 6.3.6, and 5.4.20 fix the issue.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-58752">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Siemens SIDIS Prime</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Siemens</div> <div class="ics-version"><strong>Product Version:</strong><br>SIDIS Prime</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>Update to V4.0.800 or later version</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/23.html">CWE-23 Relative Path Traversal</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>4.3</td> <td>MEDIUM</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N">CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2025-58754</a></h3> <div class="csaf-accordion-content"> <p>Axios is a promise based HTTP client for the browser and Node.js. When Axios starting in version 0.28.0 and prior to versions 0.30.2 and 1.12.0 runs on Node.js and is given a URL with the `data:` scheme, it does not perform HTTP. Instead, its Node http adapter decodes the entire payload into memory (`Buffer`/`Blob`) and returns a synthetic 200 response. This path ignores `maxContentLength` / `maxBodyLength` (which only protect HTTP responses), so an attacker can supply a very large `data:` URI and cause the process to allocate unbounded memory and crash (DoS), even if the caller requested `responseType: 'stream'`. Versions 0.30.2 and 1.12.0 contain a patch for the issue.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-58754">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Siemens SIDIS Prime</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Siemens</div> <div class="ics-version"><strong>Product Version:</strong><br>SIDIS Prime</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>Update to V4.0.800 or later version</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/770.html">CWE-770 Allocation of Resources Without Limits or Throttling</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>7.5</td> <td>HIGH</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2025-62522</a></h3> <div class="csaf-accordion-content"> <p>Vite is a frontend tooling framework for JavaScript. In versions from 2.9.18 to before 3.0.0, 3.2.9 to before 4.0.0, 4.5.3 to before 5.0.0, 5.2.6 to before 5.4.21, 6.0.0 to before 6.4.1, 7.0.0 to before 7.0.8, and 7.1.0 to before 7.1.11, files denied by server.fs.deny were sent if the URL ended with \ when the dev server is running on Windows. Only apps explicitly exposing the Vite dev server to the network and running the dev server on Windows were affected. This issue has been patched in versions 5.4.21, 6.4.1, 7.0.8, and 7.1.11.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-62522">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Siemens SIDIS Prime</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Siemens</div> <div class="ics-version"><strong>Product Version:</strong><br>SIDIS Prime</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>Update to V4.0.800 or later version</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/22.html">CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>6.5</td> <td>MEDIUM</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N">CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2025-64718</a></h3> <div class="csaf-accordion-content"> <p>js-yaml is a JavaScript YAML parser and dumper. In js-yaml before 4.1.1 and 3.14.2, it's possible for an attacker to modify the prototype of the result of a parsed yaml document via prototype pollution (`__proto__`). All users who parse untrusted yaml documents may be impacted. The problem is patched in js-yaml 4.1.1 and 3.14.2. Users can protect against this kind of attack on the server by using `node --disable-proto=delete` or `deno` (in Deno, pollution protection is on by default).</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-64718">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Siemens SIDIS Prime</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Siemens</div> <div class="ics-version"><strong>Product Version:</strong><br>SIDIS Prime</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>Update to V4.0.800 or later version</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/1321.html">CWE-1321 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>5.3</td> <td>MEDIUM</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2025-64756</a></h3> <div class="csaf-accordion-content"> <p>Glob matches files using patterns the shell uses. Starting in version 10.2.0 and prior to versions 10.5.0 and 11.1.0, the glob CLI contains a command injection vulnerability in its -c/--cmd option that allows arbitrary command execution when processing files with malicious names. When glob -c are used, matched filenames are passed to a shell with shell: true, enabling shell metacharacters in filenames to trigger command injection and achieve arbitrary code execution under the user or CI account privileges. This issue has been patched in versions 10.5.0 and 11.1.0.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-64756">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Siemens SIDIS Prime</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Siemens</div> <div class="ics-version"><strong>Product Version:</strong><br>SIDIS Prime</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>Update to V4.0.800 or later version</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/78.html">CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>7.5</td> <td>HIGH</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H">CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2025-66030</a></h3> <div class="csaf-accordion-content"> <p>Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Integer Overflow vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be decoded as smaller, trusted OIDs due to 32-bit bitwise truncation, enabling the bypass of downstream OID-based security decisions. This issue has been patched in version 1.3.2.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-66030">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Siemens SIDIS Prime</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Siemens</div> <div class="ics-version"><strong>Product Version:</strong><br>SIDIS Prime</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>Update to V4.0.800 or later version</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/190.html">CWE-190 Integer Overflow or Wraparound</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>5.3</td> <td>MEDIUM</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2025-66031</a></h3> <div class="csaf-accordion-content"> <p>Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-66031">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Siemens SIDIS Prime</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Siemens</div> <div class="ics-version"><strong>Product Version:</strong><br>SIDIS Prime</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>Update to V4.0.800 or later version</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/674.html">CWE-674 Uncontrolled Recursion</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>7.5</td> <td>HIGH</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2025-66035</a></h3> <div class="csaf-accordion-content"> <p>Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.16, 20.3.14, and 21.0.1, there is a XSRF token leakage via protocol-relative URLs in angular HTTP clients. The vulnerability is a Credential Leak by App Logic that leads to the unauthorized disclosure of the Cross-Site Request Forgery (XSRF) token to an attacker-controlled domain. Angular's HttpClient has a built-in XSRF protection mechanism that works by checking if a request URL starts with a protocol (http:// or https://) to determine if it is cross-origin. If the URL starts with protocol-relative URL (//), it is incorrectly treated as a same-origin request, and the XSRF token is automatically added to the X-XSRF-TOKEN header. This issue has been patched in versions 19.2.16, 20.3.14, and 21.0.1. A workaround for this issue involves avoiding using protocol-relative URLs (URLs starting with //) in HttpClient requests. All backend communication URLs should be hardcoded as relative paths (starting with a single /) or fully qualified, trusted absolute URLs.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-66035">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Siemens SIDIS Prime</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Siemens</div> <div class="ics-version"><strong>Product Version:</strong><br>SIDIS Prime</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>Update to V4.0.800 or later version</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/201.html">CWE-201 Insertion of Sensitive Information Into Sent Data</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>8.6</td> <td>HIGH</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2025-66412</a></h3> <div class="csaf-accordion-content"> <p>Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 21.0.2, 20.3.15, and 19.2.17, A Stored Cross-Site Scripting (XSS) vulnerability has been identified in the Angular Template Compiler. It occurs because the compiler's internal security schema is incomplete, allowing attackers to bypass Angular's built-in security sanitization. Specifically, the schema fails to classify certain URL-holding attributes (e.g., those that could contain javascript: URLs) as requiring strict URL security, enabling the injection of malicious scripts. This vulnerability is fixed in 21.0.2, 20.3.15, and 19.2.17.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-66412">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Siemens SIDIS Prime</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Siemens</div> <div class="ics-version"><strong>Product Version:</strong><br>SIDIS Prime</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>Update to V4.0.800 or later version</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/79.html">CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>8</td> <td>HIGH</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H">CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2025-69277</a></h3> <div class="csaf-accordion-content"> <p>libsodium before ad3004e, in atypical use cases involving certain custom cryptography or untrusted data to crypto_core_ed25519_is_valid_point, mishandles checks for whether an elliptic curve point is valid because it sometimes allows points that aren't in the main cryptographic group.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-69277">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Siemens SIDIS Prime</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Siemens</div> <div class="ics-version"><strong>Product Version:</strong><br>SIDIS Prime</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>Update to V4.0.800 or later version</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/184.html">CWE-184 Incomplete List of Disallowed Inputs</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>4.5</td> <td>MEDIUM</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N">CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2026-22610</a></h3> <div class="csaf-accordion-content"> <p>Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.18, 20.3.16, 21.0.7, and 21.1.0-rc.0, a cross-site scripting (XSS) vulnerability has been identified in the Angular Template Compiler. The vulnerability exists because Angular’s internal sanitization schema fails to recognize the href and xlink:href attributes of SVG elements as a Resource URL context. This issue has been patched in versions 19.2.18, 20.3.16, 21.0.7, and 21.1.0-rc.0.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-22610">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Siemens SIDIS Prime</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Siemens</div> <div class="ics-version"><strong>Product Version:</strong><br>SIDIS Prime</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>Update to V4.0.800 or later version</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/79.html">CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>8</td> <td>HIGH</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H">CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H</a></td> </tr> </tbody> </table> </div> </div> </div> </div> <hr> <h2>Acknowledgments</h2> <ul> <li>Siemens ProductCERT reported these vulnerabilities to CISA.</li> </ul> <hr> <h2>General Recommendations</h2> <p>As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals. Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity</p> <hr> <h2>Additional Resources</h2> <p>For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories</p> <hr> <h2>Terms of Use</h2> <p>The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.</p> <hr> <h2>Legal Notice and Terms of Use</h2> <p>This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy &amp; Use policy (https://www.cisa.gov/privacy-policy).</p> <hr> <h2>Recommended Practices</h2> <p>CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.</p> <p>Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.</p> <p>Locate control system networks and remote devices behind firewalls and isolate them from business networks.</p> <p>When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.</p> <p>CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.</p> <p>CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.</p> <p>CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.</p> <p>Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.</p> <hr> <h2>Advisory Conversion Disclaimer</h2> <p>This ICSA is a verbatim republication of Siemens ProductCERT SSA-485750 from a direct conversion of the vendor's Common Security Advisory Framework (CSAF) advisory. This is republished to CISA's website as a means of increasing visibility and is provided "as-is" for informational purposes only. CISA is not responsible for the editorial or technical accuracy of republished advisories and provides no warranties of any kind regarding any information contained within this advisory. Further, CISA does not endorse any commercial product or service. Please contact Siemens ProductCERT directly for any questions regarding this advisory.</p> <h2>Revision History</h2> <ul> <li><strong>Initial Release Date: </strong>2026-03-10</li> </ul> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">Date</th> <th role="columnheader">Revision</th> <th role="columnheader">Summary</th> </tr> </thead> <tbody> <tr> <td>2026-03-10</td> <td>1</td> <td>Publication Date</td> </tr> <tr> <td>2026-03-12</td> <td>2</td> <td>Initial CISA Republication of Siemens ProductCERT SSA-485750 advisory</td> </tr> </tbody> </table> <hr> <h2>Legal Notice and Terms of Use</h2>

<p><a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-071-04.json"><strong>View CSAF</strong></a></p> <h2>Summary</h2> <p><strong>SIMATIC S7-1500 devices contain a vulnerability that could allow an attacker to inject code by tricking a legitimate user into importing a specially crafted trace file in the web interface. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends specific countermeasures for products where fixes are not, or not yet available.</strong></p> <p>The following versions of Siemens SIMATIC are affected:</p> <ul> <li>SIMATIC Drive Controller CPU 1504D TF (6ES7615-4DF10-0AB0) vers:all/* (CVE-2025-40943)</li> <li>SIMATIC Drive Controller CPU 1507D TF (6ES7615-7DF10-0AB0) vers:all/* (CVE-2025-40943)</li> <li>SIMATIC ET 200SP CPU 1510SP F-1 PN (6ES7510-1SJ01-0AB0) vers:all/* (CVE-2025-40943)</li> <li>SIMATIC ET 200SP CPU 1510SP F-1 PN (6ES7510-1SK03-0AB0) vers:intdot/&lt;4.1.2 (CVE-2025-40943)</li> <li>SIMATIC ET 200SP CPU 1510SP-1 PN (6ES7510-1DJ01-0AB0) vers:all/* (CVE-2025-40943)</li> <li>SIMATIC ET 200SP CPU 1510SP-1 PN (6ES7510-1DK03-0AB0) vers:intdot/&lt;4.1.2 (CVE-2025-40943)</li> <li>SIMATIC ET 200SP CPU 1512SP F-1 PN (6ES7512-1SK01-0AB0) vers:all/* (CVE-2025-40943)</li> <li>SIMATIC ET 200SP CPU 1512SP F-1 PN (6ES7512-1SM03-0AB0) vers:intdot/&lt;4.1.2 (CVE-2025-40943)</li> <li>SIMATIC ET 200SP CPU 1512SP-1 PN (6ES7512-1DK01-0AB0) vers:all/* (CVE-2025-40943)</li> <li>SIMATIC ET 200SP CPU 1512SP-1 PN (6ES7512-1DM03-0AB0) vers:intdot/&lt;4.1.2 (CVE-2025-40943)</li> <li>SIMATIC ET 200SP CPU 1514SP F-2 PN (6ES7514-2SN03-0AB0) vers:intdot/&lt;4.1.2 (CVE-2025-40943)</li> <li>SIMATIC ET 200SP CPU 1514SP-2 PN (6ES7514-2DN03-0AB0) vers:intdot/&lt;4.1.2 (CVE-2025-40943)</li> <li>SIMATIC ET 200SP CPU 1514SPT F-2 PN (6ES7514-2WN03-0AB0) vers:intdot/&lt;4.1.2 (CVE-2025-40943)</li> <li>SIMATIC ET 200SP CPU 1514SPT-2 PN (6ES7514-2VN03-0AB0) vers:intdot/&lt;4.1.2 (CVE-2025-40943)</li> <li>SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) vers:all/* (CVE-2025-40943)</li> <li>SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V2 CPUs - Windows OS vers:all/* (CVE-2025-40943)</li> <li>SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V3 CPUs - Industrial OS vers:all/* (CVE-2025-40943)</li> <li>SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V3 CPUs - Windows OS vers:all/* (CVE-2025-40943)</li> <li>SIMATIC ET 200SP Open Controller CPU 1515SP PC3 (incl. SIPLUS variants) V2 CPUs - Windows OS vers:all/* (CVE-2025-40943)</li> <li>SIMATIC ET 200SP Open Controller CPU 1515SP PC3 (incl. SIPLUS variants) V3 CPUs - Industrial OS vers:all/* (CVE-2025-40943)</li> <li>SIMATIC ET 200SP Open Controller CPU 1515SP PC3 (incl. SIPLUS variants) V3 CPUs - Windows OS vers:all/* (CVE-2025-40943)</li> <li>SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK00-0AB0) vers:all/* (CVE-2025-40943)</li> <li>SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK01-0AB0) vers:all/* (CVE-2025-40943)</li> <li>SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK02-0AB0) vers:all/* (CVE-2025-40943)</li> <li>SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AL03-0AB0) vers:intdot/&lt;4.1.2 (CVE-2025-40943)</li> <li>SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CK00-0AB0) vers:all/* (CVE-2025-40943)</li> <li>SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CK01-0AB0) vers:all/* (CVE-2025-40943)</li> <li>SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CL03-0AB0) vers:intdot/&lt;4.1.2 (CVE-2025-40943)</li> <li>SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FK01-0AB0) vers:all/* (CVE-2025-40943)</li> <li>SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FK02-0AB0) vers:all/* (CVE-2025-40943)</li> <li>SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FL03-0AB0) vers:intdot/&lt;4.1.2 (CVE-2025-40943)</li> <li>SIMATIC S7-1500 CPU 1511T-1 PN (6ES7511-1TK01-0AB0) vers:all/* (CVE-2025-40943)</li> <li>SIMATIC S7-1500 CPU 1511T-1 PN (6ES7511-1TL03-0AB0) vers:intdot/&lt;4.1.2 (CVE-2025-40943)</li> <li>SIMATIC S7-1500 CPU 1511TF-1 PN (6ES7511-1UK01-0AB0) vers:all/* (CVE-2025-40943)</li> <li>SIMATIC S7-1500 CPU 1511TF-1 PN (6ES7511-1UL03-0AB0) vers:intdot/&lt;4.1.2 (CVE-2025-40943)</li> <li>SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CK00-0AB0) vers:all/* (CVE-2025-40943)</li> <li>SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CK01-0AB0) vers:all/* (CVE-2025-40943)</li> <li>SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CM03-0AB0) vers:intdot/&lt;4.1.2 (CVE-2025-40943)</li> <li>SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AL01-0AB0) vers:all/* (CVE-2025-40943)</li> <li>SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AL02-0AB0) vers:all/* (CVE-2025-40943)</li> <li>SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AM03-0AB0) vers:intdot/&lt;4.1.2 (CVE-2025-40943)</li> <li>SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FL01-0AB0) vers:all/* (CVE-2025-40943)</li> <li>SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FL02-0AB0) vers:all/* (CVE-2025-40943)</li> <li>SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FM03-0AB0) vers:intdot/&lt;4.1.2 (CVE-2025-40943)</li> <li>SIMATIC S7-1500 CPU 1513pro F-2 PN (6ES7513-2GM03-0AB0) vers:intdot/&lt;4.1.2 (CVE-2025-40943)</li> <li>SIMATIC S7-1500 CPU 1513pro-2 PN (6ES7513-2PM03-0AB0) vers:intdot/&lt;4.1.2 (CVE-2025-40943)</li> <li>SIMATIC S7-1500 CPU 1513R-1 PN (6ES7513-1RL00-0AB0) vers:all/* (CVE-2025-40943)</li> <li>SIMATIC S7-1500 CPU 1513R-1 PN (6ES7513-1RM03-0AB0) vers:intdot/&lt;4.1.2 (CVE-2025-40943)</li> <li>SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AM01-0AB0) vers:all/* (CVE-2025-40943)</li> <li>SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AM02-0AB0) vers:all/* (CVE-2025-40943)</li> <li>SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AN03-0AB0) vers:intdot/&lt;4.1.2 (CVE-2025-40943)</li> <li>SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FM01-0AB0) vers:all/* (CVE-2025-40943)</li> <li>SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FM02-0AB0) vers:all/* (CVE-2025-40943)</li> <li>SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FN03-0AB0) vers:intdot/&lt;4.1.2 (CVE-2025-40943)</li> <li>SIMATIC S7-1500 CPU 1515R-2 PN (6ES7515-2RM00-0AB0) vers:all/* (CVE-2025-40943)</li> <li>SIMATIC S7-1500 CPU 1515R-2 PN (6ES7515-2RN03-0AB0) vers:intdot/&lt;4.1.2 (CVE-2025-40943)</li> <li>SIMATIC S7-1500 CPU 1515T-2 PN (6ES7515-2TM01-0AB0) vers:all/* (CVE-2025-40943)</li> <li>SIMATIC S7-1500 CPU 1515T-2 PN (6ES7515-2TN03-0AB0) vers:intdot/&lt;4.1.2 (CVE-2025-40943)</li> <li>SIMATIC S7-1500 CPU 1515TF-2 PN (6ES7515-2UM01-0AB0) vers:all/* (CVE-2025-40943)</li> <li>SIMATIC S7-1500 CPU 1515TF-2 PN (6ES7515-2UN03-0AB0) vers:intdot/&lt;4.1.2 (CVE-2025-40943)</li> <li>SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AN01-0AB0) vers:all/* (CVE-2025-40943)</li> <li>SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AN02-0AB0) vers:all/* (CVE-2025-40943)</li> <li>SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AP03-0AB0) vers:intdot/&lt;4.1.2 (CVE-2025-40943)</li> <li>SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FN01-0AB0) vers:all/* (CVE-2025-40943)</li> <li>SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FN02-0AB0) vers:all/* (CVE-2025-40943)</li> <li>SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FP03-0AB0) vers:intdot/&lt;4.1.2 (CVE-2025-40943)</li> <li>SIMATIC S7-1500 CPU 1516pro F-2 PN (6ES7516-2GP03-0AB0) vers:intdot/&lt;4.1.2 (CVE-2025-40943)</li> <li>SIMATIC S7-1500 CPU 1516pro-2 PN (6ES7516-2PP03-0AB0) vers:intdot/&lt;4.1.2 (CVE-2025-40943)</li> <li>SIMATIC S7-1500 CPU 1516T-3 PN (6ES7516-3TP10-0AB0) vers:intdot/&lt;4.1.2 (CVE-2025-40943)</li> <li>SIMATIC S7-1500 CPU 1516T-3 PN/DP (6ES7516-3TN00-0AB0) vers:all/* (CVE-2025-40943)</li> <li>SIMATIC S7-1500 CPU 1516TF-3 PN (6ES7516-3UP10-0AB0) vers:intdot/&lt;4.1.2 (CVE-2025-40943)</li> <li>SIMATIC S7-1500 CPU 1516TF-3 PN/DP (6ES7516-3UN00-0AB0) vers:all/* (CVE-2025-40943)</li> <li>SIMATIC S7-1500 CPU 1517-3 PN (6ES7517-3AQ10-0AB0) vers:intdot/&lt;4.1.2 (CVE-2025-40943)</li> <li>SIMATIC S7-1500 CPU 1517-3 PN/DP (6ES7517-3AP00-0AB0) vers:all/* (CVE-2025-40943)</li> <li>SIMATIC S7-1500 CPU 1517F-3 PN (6ES7517-3FQ10-0AB0) vers:intdot/&lt;4.1.2 (CVE-2025-40943)</li> <li>SIMATIC S7-1500 CPU 1517F-3 PN/DP (6ES7517-3FP00-0AB0) vers:all/* (CVE-2025-40943)</li> <li>SIMATIC S7-1500 CPU 1517F-3 PN/DP (6ES7517-3FP01-0AB0) vers:all/* (CVE-2025-40943)</li> <li>SIMATIC S7-1500 CPU 1517H-3 PN (6ES7517-3HP00-0AB0) vers:all/* (CVE-2025-40943)</li> <li>SIMATIC S7-1500 CPU 1517H-4 PN (6ES7517-4HQ10-0AB0) vers:intdot/&lt;4.1.2 (CVE-2025-40943)</li> <li>SIMATIC S7-1500 CPU 1517T-3 PN (6ES7517-3TQ10-0AB0) vers:intdot/&lt;4.1.2 (CVE-2025-40943)</li> <li>SIMATIC S7-1500 CPU 1517T-3 PN/DP (6ES7517-3TP00-0AB0) vers:all/* (CVE-2025-40943)</li> <li>SIMATIC S7-1500 CPU 1517TF-3 PN (6ES7517-3UQ10-0AB0) vers:intdot/&lt;4.1.2 (CVE-2025-40943)</li> <li>SIMATIC S7-1500 CPU 1517TF-3 PN/DP (6ES7517-3UP00-0AB0) vers:all/* (CVE-2025-40943)</li> <li>SIMATIC S7-1500 CPU 1518-3 PN (6ES7518-3AT10-0AB0) vers:intdot/&lt;4.1.2 (CVE-2025-40943)</li> <li>SIMATIC S7-1500 CPU 1518-4 PN/DP (6ES7518-4AP00-0AB0) vers:all/* (CVE-2025-40943)</li> <li>SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0) vers:all/* (CVE-2025-40943)</li> <li>SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0) vers:all/* (CVE-2025-40943)</li> <li>SIMATIC S7-1500 CPU 1518F-3 PN (6ES7518-3FT10-0AB0) vers:intdot/&lt;4.1.2 (CVE-2025-40943)</li> <li>SIMATIC S7-1500 CPU 1518F-4 PN/DP (6ES7518-4FP00-0AB0) vers:all/* (CVE-2025-40943)</li> <li>SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0) vers:all/* (CVE-2025-40943)</li> <li>SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0) vers:all/* (CVE-2025-40943)</li> <li>SIMATIC S7-1500 CPU 1518HF-4 PN (6ES7518-4JP00-0AB0) vers:all/* (CVE-2025-40943)</li> <li>SIMATIC S7-1500 CPU 1518HF-4 PN (6ES7518-4JT10-0AB0) vers:intdot/&lt;4.1.2 (CVE-2025-40943)</li> <li>SIMATIC S7-1500 CPU 1518T-3 PN (6ES7518-3TT10-0AB0) vers:intdot/&lt;4.1.2 (CVE-2025-40943)</li> <li>SIMATIC S7-1500 CPU 1518T-4 PN/DP (6ES7518-4TP00-0AB0) vers:all/* (CVE-2025-40943)</li> <li>SIMATIC S7-1500 CPU 1518TF-3 PN (6ES7518-3UT10-0AB0) vers:intdot/&lt;4.1.2 (CVE-2025-40943)</li> <li>SIMATIC S7-1500 CPU 1518TF-4 PN/DP (6ES7518-4UP00-0AB0) vers:all/* (CVE-2025-40943)</li> <li>SIMATIC S7-1500 CPU S7-1518-4 PN/DP ODK (6ES7518-4AP00-3AB0) vers:all/* (CVE-2025-40943)</li> <li>SIMATIC S7-1500 CPU S7-1518F-4 PN/DP ODK (6ES7518-4FP00-3AB0) vers:all/* (CVE-2025-40943)</li> <li>SIMATIC S7-1500 ET 200pro: CPU 1513PRO F-2 PN (6ES7513-2GL00-0AB0) vers:all/* (CVE-2025-40943)</li> <li>SIMATIC S7-1500 ET 200pro: CPU 1513PRO-2 PN (6ES7513-2PL00-0AB0) vers:all/* (CVE-2025-40943)</li> <li>SIMATIC S7-1500 ET 200pro: CPU 1516PRO F-2 PN (6ES7516-2GN00-0AB0) vers:all/* (CVE-2025-40943)</li> <li>SIMATIC S7-1500 ET 200pro: CPU 1516PRO-2 PN (6ES7516-2PN00-0AB0) vers:all/* (CVE-2025-40943)</li> <li>SIMATIC S7-1500 Software Controller CPU 1507S F V2 vers:all/* (CVE-2025-40943)</li> <li>SIMATIC S7-1500 Software Controller CPU 1507S F V3 vers:all/* (CVE-2025-40943)</li> <li>SIMATIC S7-1500 Software Controller CPU 1507S F V4 vers:all/* (CVE-2025-40943)</li> <li>SIMATIC S7-1500 Software Controller CPU 1507S V2 vers:all/* (CVE-2025-40943)</li> <li>SIMATIC S7-1500 Software Controller CPU 1507S V3 vers:all/* (CVE-2025-40943)</li> <li>SIMATIC S7-1500 Software Controller CPU 1507S V4 vers:all/* (CVE-2025-40943)</li> <li>SIMATIC S7-1500 Software Controller CPU 1508S F V2 vers:all/* (CVE-2025-40943)</li> <li>SIMATIC S7-1500 Software Controller CPU 1508S F V3 vers:all/* (CVE-2025-40943)</li> <li>SIMATIC S7-1500 Software Controller CPU 1508S F V4 vers:all/* (CVE-2025-40943)</li> <li>SIMATIC S7-1500 Software Controller CPU 1508S T V3 vers:all/* (CVE-2025-40943)</li> <li>SIMATIC S7-1500 Software Controller CPU 1508S TF V3 vers:all/* (CVE-2025-40943)</li> <li>SIMATIC S7-1500 Software Controller CPU 1508S V2 vers:all/* (CVE-2025-40943)</li> <li>SIMATIC S7-1500 Software Controller CPU 1508S V3 vers:all/* (CVE-2025-40943)</li> <li>SIMATIC S7-1500 Software Controller CPU 1508S V4 vers:all/* (CVE-2025-40943)</li> <li>SIMATIC S7-1500 Software Controller Linux V2 vers:all/* (CVE-2025-40943)</li> <li>SIMATIC S7-1500 Software Controller Linux V3 vers:all/* (CVE-2025-40943)</li> <li>SIMATIC S7-PLCSIM Advanced vers:all/* (CVE-2025-40943)</li> <li>SIPLUS ET 200SP CPU 1510SP F-1 PN (6AG1510-1SJ01-2AB0) vers:all/* (CVE-2025-40943)</li> <li>SIPLUS ET 200SP CPU 1510SP F-1 PN RAIL (6AG2510-1SJ01-1AB0) vers:all/* (CVE-2025-40943)</li> <li>SIPLUS ET 200SP CPU 1510SP-1 PN (6AG1510-1DJ01-2AB0) vers:all/* (CVE-2025-40943)</li> <li>SIPLUS ET 200SP CPU 1510SP-1 PN (6AG1510-1DJ01-7AB0) vers:all/* (CVE-2025-40943)</li> <li>SIPLUS ET 200SP CPU 1510SP-1 PN RAIL (6AG2510-1DJ01-1AB0) vers:all/* (CVE-2025-40943)</li> <li>SIPLUS ET 200SP CPU 1510SP-1 PN RAIL (6AG2510-1DJ01-4AB0) vers:all/* (CVE-2025-40943)</li> <li>SIPLUS ET 200SP CPU 1512SP F-1 PN (6AG1512-1SK01-2AB0) vers:all/* (CVE-2025-40943)</li> <li>SIPLUS ET 200SP CPU 1512SP F-1 PN (6AG1512-1SK01-7AB0) vers:all/* (CVE-2025-40943)</li> <li>SIPLUS ET 200SP CPU 1512SP F-1 PN RAIL (6AG2512-1SK01-1AB0) vers:all/* (CVE-2025-40943)</li> <li>SIPLUS ET 200SP CPU 1512SP F-1 PN RAIL (6AG2512-1SK01-4AB0) vers:all/* (CVE-2025-40943)</li> <li>SIPLUS ET 200SP CPU 1512SP-1 PN (6AG1512-1DK01-2AB0) vers:all/* (CVE-2025-40943)</li> <li>SIPLUS ET 200SP CPU 1512SP-1 PN (6AG1512-1DK01-7AB0) vers:all/* (CVE-2025-40943)</li> <li>SIPLUS ET 200SP CPU 1512SP-1 PN RAIL (6AG2512-1DK01-1AB0) vers:all/* (CVE-2025-40943)</li> <li>SIPLUS ET 200SP CPU 1512SP-1 PN RAIL (6AG2512-1DK01-4AB0) vers:all/* (CVE-2025-40943)</li> <li>SIPLUS S7-1500 CPU 1511-1 PN (6AG1511-1AK01-2AB0) vers:all/* (CVE-2025-40943)</li> <li>SIPLUS S7-1500 CPU 1511-1 PN (6AG1511-1AK01-7AB0) vers:all/* (CVE-2025-40943)</li> <li>SIPLUS S7-1500 CPU 1511-1 PN (6AG1511-1AK02-2AB0) vers:all/* (CVE-2025-40943)</li> <li>SIPLUS S7-1500 CPU 1511-1 PN (6AG1511-1AK02-7AB0) vers:all/* (CVE-2025-40943)</li> <li>SIPLUS S7-1500 CPU 1511-1 PN T1 RAIL (6AG2511-1AK01-1AB0) vers:all/* (CVE-2025-40943)</li> <li>SIPLUS S7-1500 CPU 1511-1 PN T1 RAIL (6AG2511-1AK02-1AB0) vers:all/* (CVE-2025-40943)</li> <li>SIPLUS S7-1500 CPU 1511-1 PN TX RAIL (6AG2511-1AK01-4AB0) vers:all/* (CVE-2025-40943)</li> <li>SIPLUS S7-1500 CPU 1511-1 PN TX RAIL (6AG2511-1AK02-4AB0) vers:all/* (CVE-2025-40943)</li> <li>SIPLUS S7-1500 CPU 1511F-1 PN (6AG1511-1FK01-2AB0) vers:all/* (CVE-2025-40943)</li> <li>SIPLUS S7-1500 CPU 1511F-1 PN (6AG1511-1FK02-2AB0) vers:all/* (CVE-2025-40943)</li> <li>SIPLUS S7-1500 CPU 1513-1 PN (6AG1513-1AL01-2AB0) vers:all/* (CVE-2025-40943)</li> <li>SIPLUS S7-1500 CPU 1513-1 PN (6AG1513-1AL01-7AB0) vers:all/* (CVE-2025-40943)</li> <li>SIPLUS S7-1500 CPU 1513-1 PN (6AG1513-1AL02-2AB0) vers:all/* (CVE-2025-40943)</li> <li>SIPLUS S7-1500 CPU 1513-1 PN (6AG1513-1AL02-7AB0) vers:all/* (CVE-2025-40943)</li> <li>SIPLUS S7-1500 CPU 1513F-1 PN (6AG1513-1FL01-2AB0) vers:all/* (CVE-2025-40943)</li> <li>SIPLUS S7-1500 CPU 1513F-1 PN (6AG1513-1FL02-2AB0) vers:all/* (CVE-2025-40943)</li> <li>SIPLUS S7-1500 CPU 1515F-2 PN (6AG1515-2FM01-2AB0) vers:all/* (CVE-2025-40943)</li> <li>SIPLUS S7-1500 CPU 1515F-2 PN (6AG1515-2FM02-2AB0) vers:all/* (CVE-2025-40943)</li> <li>SIPLUS S7-1500 CPU 1515F-2 PN RAIL (6AG2515-2FM02-4AB0) vers:all/* (CVE-2025-40943)</li> <li>SIPLUS S7-1500 CPU 1515F-2 PN T2 RAIL (6AG2515-2FM01-2AB0) vers:all/* (CVE-2025-40943)</li> <li>SIPLUS S7-1500 CPU 1515R-2 PN (6AG1515-2RM00-7AB0) vers:all/* (CVE-2025-40943)</li> <li>SIPLUS S7-1500 CPU 1515R-2 PN TX RAIL (6AG2515-2RM00-4AB0) vers:all/* (CVE-2025-40943)</li> <li>SIPLUS S7-1500 CPU 1516-3 PN/DP (6AG1516-3AN01-2AB0) vers:all/* (CVE-2025-40943)</li> <li>SIPLUS S7-1500 CPU 1516-3 PN/DP (6AG1516-3AN01-7AB0) vers:all/* (CVE-2025-40943)</li> <li>SIPLUS S7-1500 CPU 1516-3 PN/DP (6AG1516-3AN02-2AB0) vers:all/* (CVE-2025-40943)</li> <li>SIPLUS S7-1500 CPU 1516-3 PN/DP (6AG1516-3AN02-7AB0) vers:all/* (CVE-2025-40943)</li> <li>SIPLUS S7-1500 CPU 1516-3 PN/DP RAIL (6AG2516-3AN02-4AB0) vers:all/* (CVE-2025-40943)</li> <li>SIPLUS S7-1500 CPU 1516-3 PN/DP TX RAIL (6AG2516-3AN01-4AB0) vers:all/* (CVE-2025-40943)</li> <li>SIPLUS S7-1500 CPU 1516F-3 PN/DP (6AG1516-3FN01-2AB0) vers:all/* (CVE-2025-40943)</li> <li>SIPLUS S7-1500 CPU 1516F-3 PN/DP (6AG1516-3FN02-2AB0) vers:all/* (CVE-2025-40943)</li> <li>SIPLUS S7-1500 CPU 1516F-3 PN/DP RAIL (6AG2516-3FN02-2AB0) vers:all/* (CVE-2025-40943)</li> <li>SIPLUS S7-1500 CPU 1516F-3 PN/DP RAIL (6AG2516-3FN02-4AB0) vers:all/* (CVE-2025-40943)</li> <li>SIPLUS S7-1500 CPU 1517H-3 PN (6AG1517-3HP00-4AB0) vers:all/* (CVE-2025-40943)</li> <li>SIPLUS S7-1500 CPU 1518-4 PN/DP (6AG1518-4AP00-4AB0) vers:all/* (CVE-2025-40943)</li> <li>SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0) vers:all/* (CVE-2025-40943)</li> <li>SIPLUS S7-1500 CPU 1518F-4 PN/DP (6AG1518-4FP00-4AB0) vers:all/* (CVE-2025-40943)</li> <li>SIPLUS S7-1500 CPU 1518HF-4 PN (6AG1518-4JP00-4AB0) vers:all/* (CVE-2025-40943)</li> </ul> <div class="csaf-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS</th> <th role="columnheader">Vendor</th> <th role="columnheader">Equipment</th> <th role="columnheader">Vulnerabilities</th> </tr> </thead> <tbody> <tr> <td>v3 9.6</td> <td>Siemens</td> <td>Siemens SIMATIC</td> <td>Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')</td> </tr> </tbody> </table> </div> <h3>Background</h3> <ul> <li><strong>Critical Infrastructure Sectors: </strong>Critical Manufacturing</li> <li><strong>Countries/Areas Deployed: </strong>Worldwide</li> <li><strong>Company Headquarters Location: </strong>Germany</li> </ul> <hr> <h2>Vulnerabilities</h2> <div class="csaf-accordion"> <p><a class="csaf-accordion-toggle-all" href="#">Expand All +</a></p> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2025-40943</a></h3> <div class="csaf-accordion-content"> <p>Affected devices do not properly sanitize contents of trace files. This could allow an attacker to inject code through social engineering a legitimate user to import a specially crafted trace file</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-40943">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Siemens SIMATIC</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Siemens</div> <div class="ics-version"><strong>Product Version:</strong><br>SIMATIC Drive Controller CPU 1504D TF (6ES7615-4DF10-0AB0), SIMATIC Drive Controller CPU 1507D TF (6ES7615-7DF10-0AB0), SIMATIC ET 200SP CPU 1510SP F-1 PN (6ES7510-1SJ01-0AB0), SIMATIC ET 200SP CPU 1510SP F-1 PN (6ES7510-1SK03-0AB0), SIMATIC ET 200SP CPU 1510SP-1 PN (6ES7510-1DJ01-0AB0), SIMATIC ET 200SP CPU 1510SP-1 PN (6ES7510-1DK03-0AB0), SIMATIC ET 200SP CPU 1512SP F-1 PN (6ES7512-1SK01-0AB0), SIMATIC ET 200SP CPU 1512SP F-1 PN (6ES7512-1SM03-0AB0), SIMATIC ET 200SP CPU 1512SP-1 PN (6ES7512-1DK01-0AB0), SIMATIC ET 200SP CPU 1512SP-1 PN (6ES7512-1DM03-0AB0), SIMATIC ET 200SP CPU 1514SP F-2 PN (6ES7514-2SN03-0AB0), SIMATIC ET 200SP CPU 1514SP-2 PN (6ES7514-2DN03-0AB0), SIMATIC ET 200SP CPU 1514SPT F-2 PN (6ES7514-2WN03-0AB0), SIMATIC ET 200SP CPU 1514SPT-2 PN (6ES7514-2VN03-0AB0), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V2 CPUs - Windows OS, SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V3 CPUs - Industrial OS, SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V3 CPUs - Windows OS, SIMATIC ET 200SP Open Controller CPU 1515SP PC3 (incl. SIPLUS variants) V2 CPUs - Windows OS, SIMATIC ET 200SP Open Controller CPU 1515SP PC3 (incl. SIPLUS variants) V3 CPUs - Industrial OS, SIMATIC ET 200SP Open Controller CPU 1515SP PC3 (incl. SIPLUS variants) V3 CPUs - Windows OS, SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK00-0AB0), SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK01-0AB0), SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AK02-0AB0), SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AL03-0AB0), SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CK00-0AB0), SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CK01-0AB0), SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CL03-0AB0), SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FK01-0AB0), SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FK02-0AB0), SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FL03-0AB0), SIMATIC S7-1500 CPU 1511T-1 PN (6ES7511-1TK01-0AB0), SIMATIC S7-1500 CPU 1511T-1 PN (6ES7511-1TL03-0AB0), SIMATIC S7-1500 CPU 1511TF-1 PN (6ES7511-1UK01-0AB0), SIMATIC S7-1500 CPU 1511TF-1 PN (6ES7511-1UL03-0AB0), SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CK00-0AB0), SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CK01-0AB0), SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CM03-0AB0), SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AL01-0AB0), SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AL02-0AB0), SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AM03-0AB0), SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FL01-0AB0), SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FL02-0AB0), SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FM03-0AB0), SIMATIC S7-1500 CPU 1513pro F-2 PN (6ES7513-2GM03-0AB0), SIMATIC S7-1500 CPU 1513pro-2 PN (6ES7513-2PM03-0AB0), SIMATIC S7-1500 CPU 1513R-1 PN (6ES7513-1RL00-0AB0), SIMATIC S7-1500 CPU 1513R-1 PN (6ES7513-1RM03-0AB0), SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AM01-0AB0), SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AM02-0AB0), SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AN03-0AB0), SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FM01-0AB0), SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FM02-0AB0), SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FN03-0AB0), SIMATIC S7-1500 CPU 1515R-2 PN (6ES7515-2RM00-0AB0), SIMATIC S7-1500 CPU 1515R-2 PN (6ES7515-2RN03-0AB0), SIMATIC S7-1500 CPU 1515T-2 PN (6ES7515-2TM01-0AB0), SIMATIC S7-1500 CPU 1515T-2 PN (6ES7515-2TN03-0AB0), SIMATIC S7-1500 CPU 1515TF-2 PN (6ES7515-2UM01-0AB0), SIMATIC S7-1500 CPU 1515TF-2 PN (6ES7515-2UN03-0AB0), SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AN01-0AB0), SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AN02-0AB0), SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AP03-0AB0), SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FN01-0AB0), SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FN02-0AB0), SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FP03-0AB0), SIMATIC S7-1500 CPU 1516pro F-2 PN (6ES7516-2GP03-0AB0), SIMATIC S7-1500 CPU 1516pro-2 PN (6ES7516-2PP03-0AB0), SIMATIC S7-1500 CPU 1516T-3 PN (6ES7516-3TP10-0AB0), SIMATIC S7-1500 CPU 1516T-3 PN/DP (6ES7516-3TN00-0AB0), SIMATIC S7-1500 CPU 1516TF-3 PN (6ES7516-3UP10-0AB0), SIMATIC S7-1500 CPU 1516TF-3 PN/DP (6ES7516-3UN00-0AB0), SIMATIC S7-1500 CPU 1517-3 PN (6ES7517-3AQ10-0AB0), SIMATIC S7-1500 CPU 1517-3 PN/DP (6ES7517-3AP00-0AB0), SIMATIC S7-1500 CPU 1517F-3 PN (6ES7517-3FQ10-0AB0), SIMATIC S7-1500 CPU 1517F-3 PN/DP (6ES7517-3FP00-0AB0), SIMATIC S7-1500 CPU 1517F-3 PN/DP (6ES7517-3FP01-0AB0), SIMATIC S7-1500 CPU 1517H-3 PN (6ES7517-3HP00-0AB0), SIMATIC S7-1500 CPU 1517H-4 PN (6ES7517-4HQ10-0AB0), SIMATIC S7-1500 CPU 1517T-3 PN (6ES7517-3TQ10-0AB0), SIMATIC S7-1500 CPU 1517T-3 PN/DP (6ES7517-3TP00-0AB0), SIMATIC S7-1500 CPU 1517TF-3 PN (6ES7517-3UQ10-0AB0), SIMATIC S7-1500 CPU 1517TF-3 PN/DP (6ES7517-3UP00-0AB0), SIMATIC S7-1500 CPU 1518-3 PN (6ES7518-3AT10-0AB0), SIMATIC S7-1500 CPU 1518-4 PN/DP (6ES7518-4AP00-0AB0), SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0), SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AC0), SIMATIC S7-1500 CPU 1518F-3 PN (6ES7518-3FT10-0AB0), SIMATIC S7-1500 CPU 1518F-4 PN/DP (6ES7518-4FP00-0AB0), SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0), SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0), SIMATIC S7-1500 CPU 1518HF-4 PN (6ES7518-4JP00-0AB0), SIMATIC S7-1500 CPU 1518HF-4 PN (6ES7518-4JT10-0AB0), SIMATIC S7-1500 CPU 1518T-3 PN (6ES7518-3TT10-0AB0), SIMATIC S7-1500 CPU 1518T-4 PN/DP (6ES7518-4TP00-0AB0), SIMATIC S7-1500 CPU 1518TF-3 PN (6ES7518-3UT10-0AB0), SIMATIC S7-1500 CPU 1518TF-4 PN/DP (6ES7518-4UP00-0AB0), SIMATIC S7-1500 CPU S7-1518-4 PN/DP ODK (6ES7518-4AP00-3AB0), SIMATIC S7-1500 CPU S7-1518F-4 PN/DP ODK (6ES7518-4FP00-3AB0), SIMATIC S7-1500 ET 200pro: CPU 1513PRO F-2 PN (6ES7513-2GL00-0AB0), SIMATIC S7-1500 ET 200pro: CPU 1513PRO-2 PN (6ES7513-2PL00-0AB0), SIMATIC S7-1500 ET 200pro: CPU 1516PRO F-2 PN (6ES7516-2GN00-0AB0), SIMATIC S7-1500 ET 200pro: CPU 1516PRO-2 PN (6ES7516-2PN00-0AB0), SIMATIC S7-1500 Software Controller CPU 1507S F V2, SIMATIC S7-1500 Software Controller CPU 1507S F V3, SIMATIC S7-1500 Software Controller CPU 1507S F V4, SIMATIC S7-1500 Software Controller CPU 1507S V2, SIMATIC S7-1500 Software Controller CPU 1507S V3, SIMATIC S7-1500 Software Controller CPU 1507S V4, SIMATIC S7-1500 Software Controller CPU 1508S F V2, SIMATIC S7-1500 Software Controller CPU 1508S F V3, SIMATIC S7-1500 Software Controller CPU 1508S F V4, SIMATIC S7-1500 Software Controller CPU 1508S T V3, SIMATIC S7-1500 Software Controller CPU 1508S TF V3, SIMATIC S7-1500 Software Controller CPU 1508S V2, SIMATIC S7-1500 Software Controller CPU 1508S V3, SIMATIC S7-1500 Software Controller CPU 1508S V4, SIMATIC S7-1500 Software Controller Linux V2, SIMATIC S7-1500 Software Controller Linux V3, SIMATIC S7-PLCSIM Advanced, SIPLUS ET 200SP CPU 1510SP F-1 PN (6AG1510-1SJ01-2AB0), SIPLUS ET 200SP CPU 1510SP F-1 PN RAIL (6AG2510-1SJ01-1AB0), SIPLUS ET 200SP CPU 1510SP-1 PN (6AG1510-1DJ01-2AB0), SIPLUS ET 200SP CPU 1510SP-1 PN (6AG1510-1DJ01-7AB0), SIPLUS ET 200SP CPU 1510SP-1 PN RAIL (6AG2510-1DJ01-1AB0), SIPLUS ET 200SP CPU 1510SP-1 PN RAIL (6AG2510-1DJ01-4AB0), SIPLUS ET 200SP CPU 1512SP F-1 PN (6AG1512-1SK01-2AB0), SIPLUS ET 200SP CPU 1512SP F-1 PN (6AG1512-1SK01-7AB0), SIPLUS ET 200SP CPU 1512SP F-1 PN RAIL (6AG2512-1SK01-1AB0), SIPLUS ET 200SP CPU 1512SP F-1 PN RAIL (6AG2512-1SK01-4AB0), SIPLUS ET 200SP CPU 1512SP-1 PN (6AG1512-1DK01-2AB0), SIPLUS ET 200SP CPU 1512SP-1 PN (6AG1512-1DK01-7AB0), SIPLUS ET 200SP CPU 1512SP-1 PN RAIL (6AG2512-1DK01-1AB0), SIPLUS ET 200SP CPU 1512SP-1 PN RAIL (6AG2512-1DK01-4AB0), SIPLUS S7-1500 CPU 1511-1 PN (6AG1511-1AK01-2AB0), SIPLUS S7-1500 CPU 1511-1 PN (6AG1511-1AK01-7AB0), SIPLUS S7-1500 CPU 1511-1 PN (6AG1511-1AK02-2AB0), SIPLUS S7-1500 CPU 1511-1 PN (6AG1511-1AK02-7AB0), SIPLUS S7-1500 CPU 1511-1 PN T1 RAIL (6AG2511-1AK01-1AB0), SIPLUS S7-1500 CPU 1511-1 PN T1 RAIL (6AG2511-1AK02-1AB0), SIPLUS S7-1500 CPU 1511-1 PN TX RAIL (6AG2511-1AK01-4AB0), SIPLUS S7-1500 CPU 1511-1 PN TX RAIL (6AG2511-1AK02-4AB0), SIPLUS S7-1500 CPU 1511F-1 PN (6AG1511-1FK01-2AB0), SIPLUS S7-1500 CPU 1511F-1 PN (6AG1511-1FK02-2AB0), SIPLUS S7-1500 CPU 1513-1 PN (6AG1513-1AL01-2AB0), SIPLUS S7-1500 CPU 1513-1 PN (6AG1513-1AL01-7AB0), SIPLUS S7-1500 CPU 1513-1 PN (6AG1513-1AL02-2AB0), SIPLUS S7-1500 CPU 1513-1 PN (6AG1513-1AL02-7AB0), SIPLUS S7-1500 CPU 1513F-1 PN (6AG1513-1FL01-2AB0), SIPLUS S7-1500 CPU 1513F-1 PN (6AG1513-1FL02-2AB0), SIPLUS S7-1500 CPU 1515F-2 PN (6AG1515-2FM01-2AB0), SIPLUS S7-1500 CPU 1515F-2 PN (6AG1515-2FM02-2AB0), SIPLUS S7-1500 CPU 1515F-2 PN RAIL (6AG2515-2FM02-4AB0), SIPLUS S7-1500 CPU 1515F-2 PN T2 RAIL (6AG2515-2FM01-2AB0), SIPLUS S7-1500 CPU 1515R-2 PN (6AG1515-2RM00-7AB0), SIPLUS S7-1500 CPU 1515R-2 PN TX RAIL (6AG2515-2RM00-4AB0), SIPLUS S7-1500 CPU 1516-3 PN/DP (6AG1516-3AN01-2AB0), SIPLUS S7-1500 CPU 1516-3 PN/DP (6AG1516-3AN01-7AB0), SIPLUS S7-1500 CPU 1516-3 PN/DP (6AG1516-3AN02-2AB0), SIPLUS S7-1500 CPU 1516-3 PN/DP (6AG1516-3AN02-7AB0), SIPLUS S7-1500 CPU 1516-3 PN/DP RAIL (6AG2516-3AN02-4AB0), SIPLUS S7-1500 CPU 1516-3 PN/DP TX RAIL (6AG2516-3AN01-4AB0), SIPLUS S7-1500 CPU 1516F-3 PN/DP (6AG1516-3FN01-2AB0), SIPLUS S7-1500 CPU 1516F-3 PN/DP (6AG1516-3FN02-2AB0), SIPLUS S7-1500 CPU 1516F-3 PN/DP RAIL (6AG2516-3FN02-2AB0), SIPLUS S7-1500 CPU 1516F-3 PN/DP RAIL (6AG2516-3FN02-4AB0), SIPLUS S7-1500 CPU 1517H-3 PN (6AG1517-3HP00-4AB0), SIPLUS S7-1500 CPU 1518-4 PN/DP (6AG1518-4AP00-4AB0), SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0), SIPLUS S7-1500 CPU 1518F-4 PN/DP (6AG1518-4FP00-4AB0), SIPLUS S7-1500 CPU 1518HF-4 PN (6AG1518-4JP00-4AB0)</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Mitigation</strong><br>Disable the webserver if not required on the affected systems. Restrict the access to Port 80/tcp and 443/tcp to trusted IP address only</p> <p><strong>Mitigation</strong><br>Only upload trusted trace files</p> <p><strong>None available</strong><br>Currently no fix is available</p> <p><strong>Vendor fix</strong><br>Update to V4.1.2 or later version</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/79.html">CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>9.6</td> <td>CRITICAL</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H">CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H</a></td> </tr> </tbody> </table> </div> </div> </div> </div> <hr> <h2>Acknowledgments</h2> <ul> <li>Siemens ProductCERT reported this vulnerability to CISA.</li> </ul> <hr> <h2>General Recommendations</h2> <p>As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals. Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity</p> <hr> <h2>Additional Resources</h2> <p>For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories</p> <hr> <h2>Terms of Use</h2> <p>The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.</p> <hr> <h2>Legal Notice and Terms of Use</h2> <p>This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy &amp; Use policy (https://www.cisa.gov/privacy-policy).</p> <hr> <h2>Recommended Practices</h2> <p>CISA recommends users take defensive measures to minimize the exploitation risk of these vulnerabilities.</p> <p>Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.</p> <p>Locate control system networks and remote devices behind firewalls and isolate them from business networks.</p> <p>When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.</p> <p>CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.</p> <p>CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.</p> <p>CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.</p> <p>Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.</p> <hr> <h2>Advisory Conversion Disclaimer</h2> <p>This ICSA is a verbatim republication of Siemens ProductCERT SSA-452276 from a direct conversion of the vendor's Common Security Advisory Framework (CSAF) advisory. This is republished to CISA's website as a means of increasing visibility and is provided "as-is" for informational purposes only. CISA is not responsible for the editorial or technical accuracy of republished advisories and provides no warranties of any kind regarding any information contained within this advisory. Further, CISA does not endorse any commercial product or service. Please contact Siemens ProductCERT directly for any questions regarding this advisory.</p> <h2>Revision History</h2> <ul> <li><strong>Initial Release Date: </strong>2026-03-10</li> </ul> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">Date</th> <th role="columnheader">Revision</th> <th role="columnheader">Summary</th> </tr> </thead> <tbody> <tr> <td>2026-03-10</td> <td>1</td> <td>Publication Date</td> </tr> <tr> <td>2026-03-12</td> <td>2</td> <td>Initial CISA Republication of Siemens ProductCERT SSA-452276 advisory</td> </tr> </tbody> </table> <hr> <h2>Legal Notice and Terms of Use</h2>

<p><a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-071-01.json"><strong>View CSAF</strong></a></p> <h2>Summary</h2> <p><strong>Successful exploitation of these vulnerabilities could allow an attacker to disclose sensitive information, execute arbitrary commands, or perform a denial-of-service on the product.</strong></p> <p>The following versions of Trane Tracer SC, Tracer SC+, and Tracer Concierge are affected:</p> <ul> <li>Tracer SC</li> <li>Tracer SC+</li> <li>Tracer Concierge</li> </ul> <div class="csaf-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS</th> <th role="columnheader">Vendor</th> <th role="columnheader">Equipment</th> <th role="columnheader">Vulnerabilities</th> </tr> </thead> <tbody> <tr> <td>v3 8.1</td> <td>Trane</td> <td>Trane Tracer SC, Tracer SC+, and Tracer Concierge</td> <td>Use of a Broken or Risky Cryptographic Algorithm, Memory Allocation with Excessive Size Value, Missing Authorization, Use of Hard-coded Credentials, Use of Hard-coded, Security-relevant Constants</td> </tr> </tbody> </table> </div> <h3>Background</h3> <ul> <li><strong>Critical Infrastructure Sectors: </strong>Critical Manufacturing</li> <li><strong>Countries/Areas Deployed: </strong>Worldwide</li> <li><strong>Company Headquarters Location: </strong>Ireland</li> </ul> <hr> <h2>Vulnerabilities</h2> <div class="csaf-accordion"> <p><a class="csaf-accordion-toggle-all" href="#">Expand All +</a></p> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2026-28252</a></h3> <div class="csaf-accordion-content"> <p>A Use of a Broken or Risky Cryptographic Algorithm vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an attacker to bypass authentication and gain root-level access to the device.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-28252">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Trane Tracer SC, Tracer SC+, and Tracer Concierge</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Trane</div> <div class="ics-version"><strong>Product Version:</strong><br>Trane Tracer SC: &lt;v4.4_SP7, Trane Tracer SC+: &lt;v6.3.2310, Trane Tracer Concierge: &lt;v6.3.2310</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>Trane has released the following versions of Tracer SC+ for users to upgrade to:</p> <p><strong>Vendor fix</strong><br>CVE-2026-28252, CVE-2026-28253, CVE-2026-28254: Tracer SC+ version v6.30.2313</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/327.html">CWE-327 Use of a Broken or Risky Cryptographic Algorithm</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.0</td> <td>8.1</td> <td>HIGH</td> <td><a href="https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H">CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2026-28253</a></h3> <div class="csaf-accordion-content"> <p>A Memory Allocation with Excessive Size Value vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an unauthenticated attacker to cause a denial-of-service condition.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-28253">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Trane Tracer SC, Tracer SC+, and Tracer Concierge</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Trane</div> <div class="ics-version"><strong>Product Version:</strong><br>Trane Tracer SC: &lt;v4.4_SP7, Trane Tracer SC+: &lt;v6.3.2310, Trane Tracer Concierge: &lt;v6.3.2310</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>Trane has released the following versions of Tracer SC+ for users to upgrade to:</p> <p><strong>Vendor fix</strong><br>CVE-2026-28252, CVE-2026-28253, CVE-2026-28254: Tracer SC+ version v6.30.2313</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/789.html">CWE-789 Memory Allocation with Excessive Size Value</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.0</td> <td>7.5</td> <td>HIGH</td> <td><a href="https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H">CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2026-28254</a></h3> <div class="csaf-accordion-content"> <p>A Missing Authorization vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an unauthenticated attacker to access sensitive information through unprotected APIs.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-28254">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Trane Tracer SC, Tracer SC+, and Tracer Concierge</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Trane</div> <div class="ics-version"><strong>Product Version:</strong><br>Trane Tracer SC: &lt;v4.4_SP7, Trane Tracer SC+: &lt;v6.3.2310, Trane Tracer Concierge: &lt;v6.3.2310</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>Trane has released the following versions of Tracer SC+ for users to upgrade to:</p> <p><strong>Vendor fix</strong><br>CVE-2026-28252, CVE-2026-28253, CVE-2026-28254: Tracer SC+ version v6.30.2313</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/862.html">CWE-862 Missing Authorization</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.0</td> <td>5.8</td> <td>MEDIUM</td> <td><a href="https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N">CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2026-28255</a></h3> <div class="csaf-accordion-content"> <p>A Use of Hard-coded Credentials vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an attacker to disclose sensitive information and take over accounts.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-28255">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Trane Tracer SC, Tracer SC+, and Tracer Concierge</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Trane</div> <div class="ics-version"><strong>Product Version:</strong><br>Trane Tracer SC: &lt;v4.4_SP7, Trane Tracer SC+: &lt;v6.3.2310, Trane Tracer Concierge: &lt;v6.3.2310</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>Trane has released the following versions of Tracer SC+ for users to upgrade to:</p> <p><strong>Mitigation</strong><br>CVE-2026-28255: Trane has implemented enhanced cloud security controls to mitigate this vulnerability.</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/798.html">CWE-798 Use of Hard-coded Credentials</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>6.8</td> <td>MEDIUM</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N">CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2026-28256</a></h3> <div class="csaf-accordion-content"> <p>A Use of Hard-coded, Security-relevant Constants vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an attacker to disclose sensitive information and take over accounts.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-28256">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Trane Tracer SC, Tracer SC+, and Tracer Concierge</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Trane</div> <div class="ics-version"><strong>Product Version:</strong><br>Trane Tracer SC: &lt;v4.4_SP7, Trane Tracer SC+: &lt;v6.3.2310, Trane Tracer Concierge: &lt;v6.3.2310</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>Trane has released the following versions of Tracer SC+ for users to upgrade to:</p> <p><strong>Mitigation</strong><br>CVE-2026-28256: Trane has implemented enhanced security controls which have been communicated to their customers. For more information, contact Trane.</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/547.html">CWE-547 Use of Hard-coded, Security-relevant Constants</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>5.8</td> <td>MEDIUM</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N">CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N</a></td> </tr> </tbody> </table> </div> </div> </div> </div> <hr> <h2>Acknowledgments</h2> <ul> <li>Noam Moshe of Claroty reported these vulnerabilities to CISA</li> </ul> <hr> <h2>Legal Notice and Terms of Use</h2> <p>This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy &amp; Use policy (https://www.cisa.gov/privacy-policy).</p> <hr> <h2>Recommended Practices</h2> <p>CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:</p> <p>Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.</p> <p>Locate control system networks and remote devices behind firewalls and isolating them from business networks.</p> <p>When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.</p> <p>CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.</p> <p>CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.</p> <p>CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.</p> <p>Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.</p> <p>Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.</p> <p>CISA also recommends users take the following measures to protect themselves from social engineering attacks:</p> <p>Do not click web links or open attachments in unsolicited email messages.</p> <p>Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams.</p> <p>Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.</p> <p>No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.</p> <hr> <h2>Revision History</h2> <ul> <li><strong>Initial Release Date: </strong>2026-03-12</li> </ul> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">Date</th> <th role="columnheader">Revision</th> <th role="columnheader">Summary</th> </tr> </thead> <tbody> <tr> <td>2026-03-12</td> <td>1</td> <td>Initial Publication</td> </tr> </tbody> </table> <hr> <h2>Legal Notice and Terms of Use</h2>

<p><a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-043-10.json"><strong>View CSAF</strong></a></p> <h2>Summary</h2> <p><strong>Successful exploitation of this vulnerability could allow an attacker to obtain remote code execution.</strong></p> <p>The following versions of Airleader Master are affected:</p> <ul> <li>Airleader Master &lt;=6.381 (CVE-2026-1358)</li> </ul> <div class="csaf-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS</th> <th role="columnheader">Vendor</th> <th role="columnheader">Equipment</th> <th role="columnheader">Vulnerabilities</th> </tr> </thead> <tbody> <tr> <td>v3 9.8</td> <td>Airleader GmbH</td> <td>Airleader Master</td> <td>Unrestricted Upload of File with Dangerous Type</td> </tr> </tbody> </table> </div> <h3>Background</h3> <ul> <li><strong>Critical Infrastructure Sectors: </strong>Chemical, Critical Manufacturing, Energy, Food and Agriculture, Healthcare and Public Health, Transportation Systems, Water and Wastewater</li> <li><strong>Countries/Areas Deployed: </strong>Worldwide</li> <li><strong>Company Headquarters Location: </strong>Germany</li> </ul> <hr> <h2>Vulnerabilities</h2> <div class="csaf-accordion"> <p><a class="csaf-accordion-toggle-all" href="#">Expand All +</a></p> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2026-1358</a></h3> <div class="csaf-accordion-content"> <p>Airleader Master versions 6.381 and prior allow for file uploads without restriction to multiple webpages running maximum privileges. This could allow an unauthenticated user to potentially obtain remote code execution on the server.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-1358">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Airleader Master</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Airleader GmbH</div> <div class="ics-version"><strong>Product Version:</strong><br>Airleader GmbH Airleader Master: &lt;=6.381</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>Airleader recommends that users upgrade Airleader Master to version 6.386 or later.</p> <p><strong>Mitigation</strong><br>Users of Airleader Master are encouraged to reach out to Airleader via email or submit a web form for more information and mitigation assistance.</p> <p><strong>Mitigation</strong><br>Users of Airleader Master are encouraged to reach out to Airleader via email or submit a web form for more information and mitigation assistance.</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/434.html">CWE-434 Unrestricted Upload of File with Dangerous Type</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>9.8</td> <td>CRITICAL</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H</a></td> </tr> </tbody> </table> </div> </div> </div> </div> <hr> <h2>Acknowledgments</h2> <ul> <li>Angel Lomeli of SySS GmbH reported this vulnerability to CISA</li> </ul> <hr> <h2>Legal Notice and Terms of Use</h2> <p>This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy &amp; Use policy (https://www.cisa.gov/privacy-policy).</p> <hr> <h2>Recommended Practices</h2> <p>CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:</p> <p>Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.</p> <p>Locate control system networks and remote devices behind firewalls and isolating them from business networks.</p> <p>When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.</p> <p>CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.</p> <p>CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.</p> <p>CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.</p> <p>Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.</p> <p>Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.</p> <p>No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time.</p> <hr> <h2>Revision History</h2> <ul> <li><strong>Initial Release Date: </strong>2026-02-12</li> </ul> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">Date</th> <th role="columnheader">Revision</th> <th role="columnheader">Summary</th> </tr> </thead> <tbody> <tr> <td>2026-02-12</td> <td>1</td> <td>Initial Publication</td> </tr> </tbody> </table> <hr> <h2>Legal Notice and Terms of Use</h2>

<p>CISA has added four new vulnerabilities to its <a href="https://www.cisa.gov/known-exploited-vulnerabilities-catalog" data-entity-type="node" data-entity-uuid="79453b83-86b9-4e2f-b1ec-abf73c6eb291" data-entity-substitution="canonical" title="Known Exploited Vulnerabilities Catalog">Known Exploited Vulnerabilities (KEV) Catalog</a>, based on evidence of active exploitation.</p> <ul> <li><a href="https://www.cve.org/CVERecord?id=CVE-2024-43468" target="_blank">CVE-2024-43468</a> Microsoft Configuration Manager SQL Injection Vulnerability</li> <li><a href="https://www.cve.org/CVERecord?id=CVE-2025-15556" target="_blank">CVE-2025-15556</a> Notepad++ Download of Code Without Integrity Check Vulnerability</li> <li><a href="https://www.cve.org/CVERecord?id=CVE-2025-40536" target="_blank">CVE-2025-40536</a> SolarWinds Web Help Desk Security Control Bypass Vulnerability</li> <li><a href="https://www.cve.org/CVERecord?id=CVE-2026-20700" target="_blank">CVE-2026-20700</a> Apple Multiple Buffer Overflow Vulnerability</li> </ul> <p>These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.</p> <p><a href="https://www.cisa.gov/binding-operational-directive-22-01">Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities</a> established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the <a href="https://www.cisa.gov/sites/default/files/publications/Reducing_the_Significant_Risk_of_Known_Exploited_Vulnerabilities_211103.pdf">BOD 22-01 Fact Sheet</a> for more information.</p> <p>Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of <a href="https://www.cisa.gov/known-exploited-vulnerabilities-catalog" data-entity-type="node" data-entity-uuid="79453b83-86b9-4e2f-b1ec-abf73c6eb291" data-entity-substitution="canonical" title="Known Exploited Vulnerabilities Catalog">KEV Catalog vulnerabilities</a> as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the <a href="https://www.cisa.gov/known-exploited-vulnerabilities" data-entity-type="node" data-entity-uuid="f2adba9a-0404-494c-a90c-4363a4a5c934" data-entity-substitution="canonical" title="Reducing the Significant Risk of Known Exploited Vulnerabilities">specified criteria</a>.&nbsp;</p>

<p><a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-043-09.json"><strong>View CSAF</strong></a></p> <h2>Summary</h2> <p><strong>Hitachi Energy is aware of a vulnerability that affects the SuprOS product versions listed in this document. An attacker successfully exploiting this vulnerability can cause confidentiality, integrity and availability impacts. Please refer to the Recommended Immediate Actions for information about the mitigation/remediation.</strong></p> <p>The following versions of Hitachi Energy SuprOS are affected:</p> <ul> <li>SuprOS vers:SuprOS/&lt;=9.2.1, 9.2.2.0 (CVE-2025-7740, CVE-2025-7740)</li> </ul> <div class="csaf-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS</th> <th role="columnheader">Vendor</th> <th role="columnheader">Equipment</th> <th role="columnheader">Vulnerabilities</th> </tr> </thead> <tbody> <tr> <td>v3 8.8</td> <td>Hitachi Energy</td> <td>Hitachi Energy SuprOS</td> <td>Use of Default Credentials</td> </tr> </tbody> </table> </div> <h3>Background</h3> <ul> <li><strong>Critical Infrastructure Sectors: </strong>Energy, Transportation Systems, Government Services and Facilities</li> <li><strong>Countries/Areas Deployed: </strong>Worldwide</li> <li><strong>Company Headquarters Location: </strong>Switzerland</li> </ul> <hr> <h2>Vulnerabilities</h2> <div class="csaf-accordion"> <p><a class="csaf-accordion-toggle-all" href="#">Expand All +</a></p> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2025-7740</a></h3> <div class="csaf-accordion-content"> <p>A default credentials vulnerability exists in the SuprOS product. If exploited, this could allow an authenticated local attacker to gain access through an admin account created during product deployment.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-7740">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Hitachi Energy SuprOS</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Hitachi Energy</div> <div class="ics-version"><strong>Product Version:</strong><br>SuprOS 9.2.1 and below, SuprOS 9.2.2.0</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Mitigation</strong><br>Remove unwanted accounts and/or change the default passwords. Refer to the Secure Deployment Guidelines document as described in chapter 4.3</p> <p><strong>Mitigation</strong><br>Upon clean install, change the root password</p> <p><strong>Mitigation</strong><br>If updated from previous version, remove unwanted accounts and/or change the default passwords. Refer to the Secure Deployment Guidelines document as described in chapter 4.3</p> <p><strong>Vendor fix</strong><br>Hitachi Energy recommends that customers apply the update and take recommended actions at the earliest convenience</p> <p><strong>Mitigation</strong><br>While reviewing the recommended immediate actions, assess the risk exposure of affected products within the operational environment and update or upgrade if necessary</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/1392.html">CWE-1392 Use of Default Credentials</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>8.8</td> <td>HIGH</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H</a></td> </tr> </tbody> </table> </div> </div> </div> </div> <hr> <h2>Acknowledgments</h2> <ul> <li>Hitachi Energy reported this vulnerability to CISA.</li> </ul> <hr> <h2>Notice</h2> <p>The information in this document is subject to change without notice and should not be construed as a commitment by Hitachi Energy. Hitachi Energy provides no warranty, express or implied, including warranties of merchantability and fitness for a particular purpose, for the information contained in this document, and assumes no responsibility for any errors that may appear in this document. In no event shall Hitachi Energy or any of its suppliers be liable for direct, indirect, special, incidental or consequential damages of any nature or kind arising from the use of this document, or from the use of any hardware or software described in this document, even if Hitachi Energy or its suppliers have been advised of the possibility of such damages. This document and parts hereof must not be reproduced or copied without written permission from Hitachi Energy and the contents hereof must not be imparted to a third party nor used for any unauthorized purpose. All rights to registrations and trademarks reside with their respective owners.</p> <hr> <h2>Support</h2> <p>For additional information and support please contact your product provider or Hitachi Energy service organization. For contact information, see https://www.hitachienergy.com/contact-us/ for Hitachi Energy contact-centers.</p> <hr> <h2>General Mitigation Factors</h2> <p>It is highly recommended to deploy the product following the “SuprOS Security Deployment Guidelines” document. Customers should maintain their systems with products running on supported versions and follow maintenance releases. Recommended security practices and firewall configurations can help protect a process control network from attacks that originate from outside the network. Such practices include that process control systems are physically protected from direct access by unauthorized personnel, have no direct connections to the Internet, and are separated from other networks by means of a firewall system that has a minimal number of ports exposed, and others that have to be evaluated case by case. Process control systems should not be used for Internet surfing, instant messaging, or receiving e-mails. Portable computers and removable storage media should be carefully scanned for viruses before they are connected to a control system.</p> <hr> <h2>Legal Notice and Terms of Use</h2> <p>This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy &amp; Use policy (https://www.cisa.gov/privacy-policy).</p> <hr> <h2>Recommended Practices</h2> <p>CISA recommends users take defensive measures to minimize the exploitation risk of these vulnerabilities.</p> <p>Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.</p> <p>Locate control system networks and remote devices behind firewalls and isolate them from business networks.</p> <p>When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.</p> <p>CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.</p> <p>CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.</p> <p>CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.</p> <p>Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.</p> <hr> <h2>Advisory Conversion Disclaimer</h2> <p>This ICSA is a verbatim republication of Hitachi Energy PSIRT 8DBD000223 from a direct conversion of the vendor's Common Security Advisory Framework (CSAF) advisory. This is republished to CISA's website as a means of increasing visibility and is provided "as-is" for informational purposes only. CISA is not responsible for the editorial or technical accuracy of republished advisories and provides no warranties of any kind regarding any information contained within this advisory. Further, CISA does not endorse any commercial product or service. Please contact Hitachi Energy PSIRT directly for any questions regarding this advisory.</p> <h2>Revision History</h2> <ul> <li><strong>Initial Release Date: </strong>2026-01-27</li> </ul> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">Date</th> <th role="columnheader">Revision</th> <th role="columnheader">Summary</th> </tr> </thead> <tbody> <tr> <td>2026-01-27</td> <td>1</td> <td>Initial public release</td> </tr> <tr> <td>2026-02-12</td> <td>2</td> <td>Initial CISA Republication of Hitachi Energy 8DBD000223 advisory</td> </tr> </tbody> </table> <hr> <h2>Legal Notice and Terms of Use</h2>

<p><a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-043-03.json"><strong>View CSAF</strong></a></p> <h2>Summary</h2> <p><strong>COMOS is affected by multiple vulnerabilities that could allow an attacker to execute arbitrary code or cause denial of service condition, data infiltration or perform access control violations. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends countermeasures for products where fixes are not, or not yet available.</strong></p> <p>The following versions of Siemens COMOS are affected:</p> <ul> <li>COMOS V10.4 vers:intdot/&lt;10.4.5, vers:intdot/&lt;10.4.5 (CVE-2024-47875, CVE-2025-2783)</li> <li>COMOS V10.4.5 vers:intdot/&lt;10.4.5.0.2 (CVE-2024-11053, CVE-2025-10148)</li> <li>COMOS V10.5 vers:intdot/&lt;10.5.2, vers:intdot/&lt;10.5.2 (CVE-2025-2783, CVE-2024-47875)</li> <li>COMOS V10.6 vers:all/* (CVE-2024-11053, CVE-2025-10148, CVE-2025-40800, CVE-2025-40801)</li> </ul> <div class="csaf-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS</th> <th role="columnheader">Vendor</th> <th role="columnheader">Equipment</th> <th role="columnheader">Vulnerabilities</th> </tr> </thead> <tbody> <tr> <td>v3 10</td> <td>Siemens</td> <td>Siemens COMOS</td> <td>Exposure of Sensitive Information to an Unauthorized Actor, Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), Improper Input Validation, Generation of Predictable Numbers or Identifiers, Improper Certificate Validation</td> </tr> </tbody> </table> </div> <h3>Background</h3> <ul> <li><strong>Critical Infrastructure Sectors: </strong>Critical Manufacturing</li> <li><strong>Countries/Areas Deployed: </strong>Worldwide</li> <li><strong>Company Headquarters Location: </strong>Germany</li> </ul> <hr> <h2>Vulnerabilities</h2> <div class="csaf-accordion"> <p><a class="csaf-accordion-toggle-all" href="#">Expand All +</a></p> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2024-11053</a></h3> <div class="csaf-accordion-content"> <p>When asked to both use a `.netrc` file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has an entry that matches the redirect target hostname but the entry either omits just the password or omits both login and password.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2024-11053">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Siemens COMOS</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Siemens</div> <div class="ics-version"><strong>Product Version:</strong><br>COMOS V10.4.5, COMOS V10.6</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>None available</strong><br>Currently no fix is available</p> <p><strong>Vendor fix</strong><br>Contact customer support to receive patch and update information</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/200.html">CWE-200 Exposure of Sensitive Information to an Unauthorized Actor</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>3.7</td> <td>LOW</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N">CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2024-47875</a></h3> <div class="csaf-accordion-content"> <p>DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMpurify was vulnerable to nesting-based mXSS. This vulnerability is fixed in 2.5.0 and 3.1.3.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2024-47875">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Siemens COMOS</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Siemens</div> <div class="ics-version"><strong>Product Version:</strong><br>COMOS V10.4, COMOS V10.5</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>Update to V10.4.5 or later version</p> <p><strong>Vendor fix</strong><br>Update to V10.5.2 or later version</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/79.html">CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>10</td> <td>CRITICAL</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2025-2783</a></h3> <div class="csaf-accordion-content"> <p>Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 134.0.6998.177 allowed a remote attacker to perform a sandbox escape via a malicious file.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-2783">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Siemens COMOS</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Siemens</div> <div class="ics-version"><strong>Product Version:</strong><br>COMOS V10.4, COMOS V10.5</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>Update to V10.4.5 or later version</p> <p><strong>Vendor fix</strong><br>Update to V10.5.2 or later version</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/20.html">CWE-20 Improper Input Validation</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>8.3</td> <td>HIGH</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H">CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2025-10148</a></h3> <div class="csaf-accordion-content"> <p>curl's websocket code did not update the 32 bit mask pattern for each new outgoing frame as the specification says. Instead it used a fixed mask that persisted and was used throughout the entire connection. A predictable mask pattern allows for a malicious server to induce traffic between the two communicating parties that could be interpreted by an involved proxy (configured or transparent) as genuine, real, HTTP traffic with content and thereby poison its cache. That cached poisoned content could then be served to all users of that proxy.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-10148">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Siemens COMOS</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Siemens</div> <div class="ics-version"><strong>Product Version:</strong><br>COMOS V10.4.5, COMOS V10.6</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>None available</strong><br>Currently no fix is available</p> <p><strong>Vendor fix</strong><br>Contact customer support to receive patch and update information</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/340.html">CWE-340 Generation of Predictable Numbers or Identifiers</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>5.3</td> <td>MEDIUM</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2025-40800</a></h3> <div class="csaf-accordion-content"> <p>The IAM client in affected products is missing server certificate validation while establishing TLS connections to the authorization server. This could allow an attacker to perform a man-in-the-middle attack.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-40800">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Siemens COMOS</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Siemens</div> <div class="ics-version"><strong>Product Version:</strong><br>COMOS V10.6</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>None available</strong><br>Currently no fix is available</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/295.html">CWE-295 Improper Certificate Validation</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>7.4</td> <td>HIGH</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N">CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2025-40801</a></h3> <div class="csaf-accordion-content"> <p>The SALT SDK is missing server certificate validation while establishing TLS connections to the authorization server. This could allow an attacker to perform a man-in-the-middle attack.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-40801">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Siemens COMOS</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Siemens</div> <div class="ics-version"><strong>Product Version:</strong><br>COMOS V10.6</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>None available</strong><br>Currently no fix is available</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/295.html">CWE-295 Improper Certificate Validation</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>8.1</td> <td>HIGH</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H">CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H</a></td> </tr> </tbody> </table> </div> </div> </div> </div> <hr> <h2>Acknowledgments</h2> <ul> <li>Siemens ProductCERT reported these vulnerabilities to CISA.</li> </ul> <hr> <h2>General Recommendations</h2> <p>As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals. Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity</p> <hr> <h2>Additional Resources</h2> <p>For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories</p> <hr> <h2>Terms of Use</h2> <p>The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.</p> <hr> <h2>Legal Notice and Terms of Use</h2> <p>This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy &amp; Use policy (https://www.cisa.gov/privacy-policy).</p> <hr> <h2>Recommended Practices</h2> <p>CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.</p> <p>Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.</p> <p>Locate control system networks and remote devices behind firewalls and isolate them from business networks.</p> <p>When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.</p> <p>CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.</p> <p>CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.</p> <p>CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.</p> <p>Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.</p> <hr> <h2>Advisory Conversion Disclaimer</h2> <p>This ICSA is a verbatim republication of Siemens ProductCERT SSA-212953 from a direct conversion of the vendor's Common Security Advisory Framework (CSAF) advisory. This is republished to CISA's website as a means of increasing visibility and is provided "as-is" for informational purposes only. CISA is not responsible for the editorial or technical accuracy of republished advisories and provides no warranties of any kind regarding any information contained within this advisory. Further, CISA does not endorse any commercial product or service. Please contact Siemens ProductCERT directly for any questions regarding this advisory.</p> <h2>Revision History</h2> <ul> <li><strong>Initial Release Date: </strong>2025-12-09</li> </ul> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">Date</th> <th role="columnheader">Revision</th> <th role="columnheader">Summary</th> </tr> </thead> <tbody> <tr> <td>2025-12-09</td> <td>1</td> <td>Publication Date</td> </tr> <tr> <td>2026-01-13</td> <td>2</td> <td>Removed CVE-2024-11053 and CVE-2025-10148 from COMOS V10.5.2 as this version line is not affected</td> </tr> <tr> <td>2026-02-10</td> <td>3</td> <td>Added fix for COMOS V10.4.5</td> </tr> <tr> <td>2026-02-12</td> <td>4</td> <td>Initial CISA Republication of Siemens ProductCERT SSA-212953 advisory</td> </tr> </tbody> </table> <hr> <h2>Legal Notice and Terms of Use</h2>

<p><a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-043-04.json"><strong>View CSAF</strong></a></p> <h2>Summary</h2> <p><strong>Versions V6.0 through V8 QU1 of the Desigo CC product family (Desigo CC, Desigo CC Compact, Desigo CC Connect, Cerberus DMS), as well as the Desigo CC-based SENTRON Powermanager, are affected by a vulnerability in the underlying third-party component WIBU Systems CodeMeter Runtime. Successful exploitation of this vulnerability could lead to code execution in the context of the current process. Siemens has released instructions how to update the CodeMeter Runtime component and recommends to apply the update on affected systems.</strong></p> <p>The following versions of Siemens Desigo CC Product Family and SENTRON Powermanager are affected:</p> <ul> <li>Desigo CC family V6 vers:all/* (CVE-2023-38545)</li> <li>Desigo CC family V7 vers:all/* (CVE-2023-38545)</li> <li>Desigo CC family V8: All versions prior to V8.0 QU2</li> <li>SENTRON Powermanager V6 vers:all/* (CVE-2023-38545)</li> <li>SENTRON Powermanager V7 vers:all/* (CVE-2023-38545)</li> <li>SENTRON Powermanager V8: All versions prior to V8.0 QU2</li> </ul> <div class="csaf-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS</th> <th role="columnheader">Vendor</th> <th role="columnheader">Equipment</th> <th role="columnheader">Vulnerabilities</th> </tr> </thead> <tbody> <tr> <td>v3 8.8</td> <td>Siemens</td> <td>Siemens Desigo CC Product Family and SENTRON Powermanager</td> <td>Heap-based Buffer Overflow</td> </tr> </tbody> </table> </div> <h3>Background</h3> <ul> <li><strong>Critical Infrastructure Sectors: </strong>Critical Manufacturing</li> <li><strong>Countries/Areas Deployed: </strong>Worldwide</li> <li><strong>Company Headquarters Location: </strong>Germany</li> </ul> <hr> <h2>Vulnerabilities</h2> <div class="csaf-accordion"> <p><a class="csaf-accordion-toggle-all" href="#">Expand All +</a></p> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2023-38545</a></h3> <div class="csaf-accordion-content"> <p>This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. When curl is asked to pass along the hostname to the SOCKS5 proxy to allow that to resolve the address instead of it getting done by curl itself, the maximum length that hostname can be is 255 bytes. If the hostname is detected to be longer than 255 bytes, curl switches to local name resolving and instead passes on the resolved address only to the proxy. Due to a bug, the local variable that means "let the host resolve the name" could get the wrong value during a slow SOCKS5 handshake, and contrary to the intention, copy the too long hostname to the target buffer instead of copying just the resolved address there.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2023-38545">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Siemens Desigo CC Product Family and SENTRON Powermanager</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Siemens</div> <div class="ics-version"><strong>Product Version:</strong><br>Desigo CC family V6, Desigo CC family V7, Desigo CC family V8, SENTRON Powermanager V6, SENTRON Powermanager V7, SENTRON Powermanager V8</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>Update to V8.0 QU2 or later version</p> <p><strong>Vendor fix</strong><br>Update to V8.0 QU2 or later version</p> <p><strong>Vendor fix</strong><br>Apply patch as documented in section 'Additional Information'</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/122.html">CWE-122 Heap-based Buffer Overflow</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>8.8</td> <td>HIGH</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H">CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H</a></td> </tr> </tbody> </table> </div> </div> </div> </div> <hr> <h2>Acknowledgments</h2> <ul> <li>Siemens ProductCERT reported this vulnerability to CISA.</li> </ul> <hr> <h2>General Recommendations</h2> <p>As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals. Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity</p> <hr> <h2>Additional Resources</h2> <p>For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories</p> <hr> <h2>Terms of Use</h2> <p>The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.</p> <hr> <h2>Legal Notice and Terms of Use</h2> <p>This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy &amp; Use policy (https://www.cisa.gov/privacy-policy).</p> <hr> <h2>Recommended Practices</h2> <p>CISA recommends users take defensive measures to minimize the exploitation risk of these vulnerabilities.</p> <p>Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.</p> <p>Locate control system networks and remote devices behind firewalls and isolate them from business networks.</p> <p>When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.</p> <p>CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.</p> <p>CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.</p> <p>CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.</p> <p>Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.</p> <hr> <h2>Advisory Conversion Disclaimer</h2> <p>This ICSA is a verbatim republication of Siemens ProductCERT SSA-507364 from a direct conversion of the vendor's Common Security Advisory Framework (CSAF) advisory. This is republished to CISA's website as a means of increasing visibility and is provided "as-is" for informational purposes only. CISA is not responsible for the editorial or technical accuracy of republished advisories and provides no warranties of any kind regarding any information contained within this advisory. Further, CISA does not endorse any commercial product or service. Please contact Siemens ProductCERT directly for any questions regarding this advisory.</p> <h2>Revision History</h2> <ul> <li><strong>Initial Release Date: </strong>2026-02-10</li> </ul> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">Date</th> <th role="columnheader">Revision</th> <th role="columnheader">Summary</th> </tr> </thead> <tbody> <tr> <td>2026-02-10</td> <td>1</td> <td>Publication Date</td> </tr> <tr> <td>2026-02-12</td> <td>2</td> <td>Initial CISA Republication of Siemens ProductCERT SSA-507364 advisory</td> </tr> </tbody> </table> <hr> <h2>Legal Notice and Terms of Use</h2>

<p><a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-043-08.json"><strong>View CSAF</strong></a></p> <h2>Summary</h2> <p><strong>Siemens NX is affected by multiple file parsing vulnerabilities that could be triggered when the application reads files in CGM format. If a user is tricked to open a malicious file with any of the affected products, this could lead the application to crash or potentially lead to arbitrary code execution. Siemens has released a new version for NX and recommends to update to the latest version.</strong></p> <p>The following versions of Siemens NX are affected:</p> <ul> <li>NX vers:intdot/&lt;2512 (CVE-2026-22923, CVE-2026-22924, CVE-2026-22925)</li> </ul> <div class="csaf-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS</th> <th role="columnheader">Vendor</th> <th role="columnheader">Equipment</th> <th role="columnheader">Vulnerabilities</th> </tr> </thead> <tbody> <tr> <td>v3 7.8</td> <td>Siemens</td> <td>Siemens NX</td> <td>Stack-based Buffer Overflow, Out-of-bounds Read</td> </tr> </tbody> </table> </div> <h3>Background</h3> <ul> <li><strong>Critical Infrastructure Sectors: </strong>Critical Manufacturing</li> <li><strong>Countries/Areas Deployed: </strong>Worldwide</li> <li><strong>Company Headquarters Location: </strong>Germany</li> </ul> <hr> <h2>Vulnerabilities</h2> <div class="csaf-accordion"> <p><a class="csaf-accordion-toggle-all" href="#">Expand All +</a></p> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2026-22923</a></h3> <div class="csaf-accordion-content"> <p>The affected application contains a stack-based buffer overflow vulnerability that could be triggered while parsing specially crafted CGM files. This could allow an attacker to execute code in the context of the current process.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-22923">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Siemens NX</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Siemens</div> <div class="ics-version"><strong>Product Version:</strong><br>NX</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Mitigation</strong><br>Do not open untrusted CGM files in affected applications</p> <p><strong>Vendor fix</strong><br>Update to V2512 or later version</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/121.html">CWE-121 Stack-based Buffer Overflow</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>7.8</td> <td>HIGH</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H">CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2026-22924</a></h3> <div class="csaf-accordion-content"> <p>The affected applications contains an out of bounds read vulnerability while parsing specially crafted CGM files. This could allow an attacker to execute code in the context of the current process.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-22924">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Siemens NX</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Siemens</div> <div class="ics-version"><strong>Product Version:</strong><br>NX</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Mitigation</strong><br>Do not open untrusted CGM files in affected applications</p> <p><strong>Vendor fix</strong><br>Update to V2512 or later version</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/125.html">CWE-125 Out-of-bounds Read</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>7.8</td> <td>HIGH</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H">CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2026-22925</a></h3> <div class="csaf-accordion-content"> <p>The affected applications contains an out of bounds read vulnerability while parsing specially crafted CGM files. This could allow an attacker to execute code in the context of the current process.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-22925">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Siemens NX</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Siemens</div> <div class="ics-version"><strong>Product Version:</strong><br>NX</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Mitigation</strong><br>Do not open untrusted CGM files in affected applications</p> <p><strong>Vendor fix</strong><br>Update to V2512 or later version</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/125.html">CWE-125 Out-of-bounds Read</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>7.8</td> <td>HIGH</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H">CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H</a></td> </tr> </tbody> </table> </div> </div> </div> </div> <hr> <h2>Acknowledgments</h2> <ul> <li>Siemens ProductCERT reported these vulnerabilities to CISA.</li> <li>Michael Heinzl reported this vulnerability to Siemens.</li> </ul> <hr> <h2>General Recommendations</h2> <p>As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals. Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity</p> <hr> <h2>Additional Resources</h2> <p>For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories</p> <hr> <h2>Terms of Use</h2> <p>The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.</p> <hr> <h2>Legal Notice and Terms of Use</h2> <p>This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy &amp; Use policy (https://www.cisa.gov/privacy-policy).</p> <hr> <h2>Recommended Practices</h2> <p>CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.</p> <p>Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.</p> <p>Locate control system networks and remote devices behind firewalls and isolate them from business networks.</p> <p>When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.</p> <p>CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.</p> <p>CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.</p> <p>CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.</p> <p>Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.</p> <hr> <h2>Advisory Conversion Disclaimer</h2> <p>This ICSA is a verbatim republication of Siemens ProductCERT SSA-535115 from a direct conversion of the vendor's Common Security Advisory Framework (CSAF) advisory. This is republished to CISA's website as a means of increasing visibility and is provided "as-is" for informational purposes only. CISA is not responsible for the editorial or technical accuracy of republished advisories and provides no warranties of any kind regarding any information contained within this advisory. Further, CISA does not endorse any commercial product or service. Please contact Siemens ProductCERT directly for any questions regarding this advisory.</p> <h2>Revision History</h2> <ul> <li><strong>Initial Release Date: </strong>2026-02-10</li> </ul> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">Date</th> <th role="columnheader">Revision</th> <th role="columnheader">Summary</th> </tr> </thead> <tbody> <tr> <td>2026-02-10</td> <td>1</td> <td>Publication Date</td> </tr> <tr> <td>2026-02-12</td> <td>2</td> <td>Initial CISA Republication of Siemens ProductCERT SSA-535115 advisory</td> </tr> </tbody> </table> <hr> <h2>Legal Notice and Terms of Use</h2>

<p><a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-043-02.json"><strong>View CSAF</strong></a></p> <h2>Summary</h2> <p><strong>Polarion before V2506 contains a vulnerability that could allow authenticated remote attackers to conduct cross-site scripting attacks. Siemens has released new versions for the affected products and recommends to update to the latest versions.</strong></p> <p>The following versions of Siemens Polarion are affected:</p> <ul> <li>Polarion V2404 vers:intdot/&lt;2404.5 (CVE-2025-40587)</li> <li>Polarion V2410 vers:intdot/&lt;2410.2 (CVE-2025-40587)</li> </ul> <div class="csaf-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS</th> <th role="columnheader">Vendor</th> <th role="columnheader">Equipment</th> <th role="columnheader">Vulnerabilities</th> </tr> </thead> <tbody> <tr> <td>v3 7.6</td> <td>Siemens</td> <td>Siemens Polarion</td> <td>Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')</td> </tr> </tbody> </table> </div> <h3>Background</h3> <ul> <li><strong>Critical Infrastructure Sectors: </strong>Energy, Critical Manufacturing</li> <li><strong>Countries/Areas Deployed: </strong>Worldwide</li> <li><strong>Company Headquarters Location: </strong>Germany</li> </ul> <hr> <h2>Vulnerabilities</h2> <div class="csaf-accordion"> <p><a class="csaf-accordion-toggle-all" href="#">Expand All +</a></p> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2025-40587</a></h3> <div class="csaf-accordion-content"> <p>The affected application allows arbitrary JavaScript code be included in document titles. This could allow an authenticated remote attacker to conduct a stored cross-site scripting attack by creating specially crafted document titles that are later viewed by other users of the application.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-40587">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Siemens Polarion</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Siemens</div> <div class="ics-version"><strong>Product Version:</strong><br>Polarion V2404, Polarion V2410</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>Update to V2404.5 or later version</p> <p><strong>Vendor fix</strong><br>Update to V2410.2 or later version</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/79.html">CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>7.6</td> <td>HIGH</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N">CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N</a></td> </tr> </tbody> </table> </div> </div> </div> </div> <hr> <h2>Acknowledgments</h2> <ul> <li>Siemens ProductCERT reported this vulnerability to CISA.</li> <li>Thales Digital Factory reported these vulnerabilities to Siemens.</li> </ul> <hr> <h2>General Recommendations</h2> <p>As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals. Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity</p> <hr> <h2>Additional Resources</h2> <p>For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories</p> <hr> <h2>Terms of Use</h2> <p>The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.</p> <hr> <h2>Legal Notice and Terms of Use</h2> <p>This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy &amp; Use policy (https://www.cisa.gov/privacy-policy).</p> <hr> <h2>Recommended Practices</h2> <p>CISA recommends users take defensive measures to minimize the exploitation risk of these vulnerabilities.</p> <p>Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.</p> <p>Locate control system networks and remote devices behind firewalls and isolate them from business networks.</p> <p>When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.</p> <p>CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.</p> <p>CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.</p> <p>CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.</p> <p>Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.</p> <hr> <h2>Advisory Conversion Disclaimer</h2> <p>This ICSA is a verbatim republication of Siemens ProductCERT SSA-035571 from a direct conversion of the vendor's Common Security Advisory Framework (CSAF) advisory. This is republished to CISA's website as a means of increasing visibility and is provided "as-is" for informational purposes only. CISA is not responsible for the editorial or technical accuracy of republished advisories and provides no warranties of any kind regarding any information contained within this advisory. Further, CISA does not endorse any commercial product or service. Please contact Siemens ProductCERT directly for any questions regarding this advisory.</p> <h2>Revision History</h2> <ul> <li><strong>Initial Release Date: </strong>2026-02-10</li> </ul> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">Date</th> <th role="columnheader">Revision</th> <th role="columnheader">Summary</th> </tr> </thead> <tbody> <tr> <td>2026-02-10</td> <td>1</td> <td>Publication Date</td> </tr> <tr> <td>2026-02-12</td> <td>2</td> <td>Initial CISA Republication of Siemens ProductCERT SSA-035571 advisory</td> </tr> </tbody> </table> <hr> <h2>Legal Notice and Terms of Use</h2>

<p><a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-043-01.json"><strong>View CSAF</strong></a></p> <h2>Summary</h2> <p><strong>Multiple Siemens products are affected by two local privilege escalation vulnerabilities which could allow an low privileged attacker to load malicious DLLs, potentially leading to arbitrary code execution with elevated privileges. Siemens has released new versions for the affected products and recommends to update to the latest versions.</strong></p> <p>The following versions of Siemens SINEC NMS are affected:</p> <ul> <li>SINEC NMS: Versions prior to V4.0 SP2 (CVE-2026-25655)</li> <li>SINEC NMS: All Versions (CVE-2026-25656)</li> <li>User Management Component (UMC) vers:intdot/&lt;2.15.2.1 (CVE-2026-25656)</li> </ul> <div class="csaf-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS</th> <th role="columnheader">Vendor</th> <th role="columnheader">Equipment</th> <th role="columnheader">Vulnerabilities</th> </tr> </thead> <tbody> <tr> <td>v3 7.8</td> <td>Siemens</td> <td>Siemens SINEC NMS</td> <td>Uncontrolled Search Path Element</td> </tr> </tbody> </table> </div> <h3>Background</h3> <ul> <li><strong>Critical Infrastructure Sectors: </strong>Information Technology, Energy, Critical Manufacturing</li> <li><strong>Countries/Areas Deployed: </strong>Worldwide</li> <li><strong>Company Headquarters Location: </strong>Germany</li> </ul> <hr> <h2>Vulnerabilities</h2> <div class="csaf-accordion"> <p><a class="csaf-accordion-toggle-all" href="#">Expand All +</a></p> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2026-25655</a></h3> <div class="csaf-accordion-content"> <p>The affected application permits improper modification of a configuration file by a low-privileged user. This could allow an attacker to load malicious DLLs, potentially leading to arbitrary code execution with administrative privilege.(ZDI-CAN-28107)</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-25655">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Siemens SINEC NMS</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Siemens</div> <div class="ics-version"><strong>Product Version:</strong><br>SINEC NMS</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>Update to V4.0 SP2 or later version</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/427.html">CWE-427 Uncontrolled Search Path Element</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>7.8</td> <td>HIGH</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2026-25656</a></h3> <div class="csaf-accordion-content"> <p>The affected application permits improper modification of a configuration file by a low-privileged user. This could allow an attacker to load malicious DLLs, potentially leading to arbitrary code execution with SYSTEM privileges.(ZDI-CAN-28108)</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-25656">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Siemens SINEC NMS</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Siemens</div> <div class="ics-version"><strong>Product Version:</strong><br>SINEC NMS, User Management Component (UMC)</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>Update to V2.15.2.1 or later version</p> <p><strong>Vendor fix</strong><br>Update UMC to V2.15.2.1 or later compatible version https://support.industry.siemens.com/cs/document/109996127/</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/427.html">CWE-427 Uncontrolled Search Path Element</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>7.8</td> <td>HIGH</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H</a></td> </tr> </tbody> </table> </div> </div> </div> </div> <hr> <h2>Acknowledgments</h2> <ul> <li>Siemens ProductCERT reported these vulnerabilities to CISA.</li> <li>Trend Micro Zero Day Initiative reported these vulnerabilities to Siemens.</li> </ul> <hr> <h2>General Recommendations</h2> <p>As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals. Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity</p> <hr> <h2>Additional Resources</h2> <p>For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories</p> <hr> <h2>Terms of Use</h2> <p>The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.</p> <hr> <h2>Legal Notice and Terms of Use</h2> <p>This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy &amp; Use policy (https://www.cisa.gov/privacy-policy).</p> <hr> <h2>Recommended Practices</h2> <p>CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.</p> <p>Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.</p> <p>Locate control system networks and remote devices behind firewalls and isolate them from business networks.</p> <p>When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.</p> <p>CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.</p> <p>CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.</p> <p>CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.</p> <p>Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.</p> <hr> <h2>Advisory Conversion Disclaimer</h2> <p>This ICSA is a verbatim republication of Siemens ProductCERT SSA-311973 from a direct conversion of the vendor's Common Security Advisory Framework (CSAF) advisory. This is republished to CISA's website as a means of increasing visibility and is provided "as-is" for informational purposes only. CISA is not responsible for the editorial or technical accuracy of republished advisories and provides no warranties of any kind regarding any information contained within this advisory. Further, CISA does not endorse any commercial product or service. Please contact Siemens ProductCERT directly for any questions regarding this advisory.</p> <h2>Revision History</h2> <ul> <li><strong>Initial Release Date: </strong>2026-02-10</li> </ul> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">Date</th> <th role="columnheader">Revision</th> <th role="columnheader">Summary</th> </tr> </thead> <tbody> <tr> <td>2026-02-10</td> <td>1</td> <td>Publication Date</td> </tr> <tr> <td>2026-02-12</td> <td>2</td> <td>Initial CISA Republication of Siemens ProductCERT SSA-311973 advisory</td> </tr> </tbody> </table> <hr> <h2>Legal Notice and Terms of Use</h2>

<p><a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-043-06.json"><strong>View CSAF</strong></a></p> <h2>Summary</h2> <p><strong>SINEC OS before V3.3 contains third-party components with multiple vulnerabilities. Siemens has released new versions for the affected products and recommends to update to the latest versions.</strong></p> <p>The following versions of Siemens SINEC OS are affected:</p> <ul> <li>RUGGEDCOM RST2428P (6GK6242-6PA00) vers:intdot/&lt;3.3 (CVE-2022-48174, CVE-2023-7256, CVE-2023-39810, CVE-2023-42363, CVE-2023-42364, CVE-2023-42365, CVE-2023-42366, CVE-2024-6197, CVE-2024-6874, CVE-2024-7264, CVE-2024-8006, CVE-2024-8096, CVE-2024-9681, CVE-2024-11053, CVE-2024-12718, CVE-2024-41996, CVE-2024-47619, CVE-2024-52533, CVE-2025-0167, CVE-2025-0665, CVE-2025-0725, CVE-2025-1390, CVE-2025-3360, CVE-2025-4138, CVE-2025-4330, CVE-2025-4373, CVE-2025-4435, CVE-2025-4516, CVE-2025-4517, CVE-2025-6141, CVE-2025-9086, CVE-2025-9230, CVE-2025-9231, CVE-2025-9232, CVE-2025-10148, CVE-2025-27587, CVE-2025-32433, CVE-2025-38084, CVE-2025-38085, CVE-2025-38086, CVE-2025-38345, CVE-2025-38350, CVE-2025-38498, CVE-2025-39839, CVE-2025-39841, CVE-2025-39846, CVE-2025-39853, CVE-2025-39860, CVE-2025-39864, CVE-2025-39865, CVE-2025-59375)</li> <li>SCALANCE XCH328 (6GK5328-4TS01-2EC2) vers:intdot/&lt;3.3 (CVE-2022-48174, CVE-2023-7256, CVE-2023-39810, CVE-2023-42363, CVE-2023-42364, CVE-2023-42365, CVE-2023-42366, CVE-2024-6197, CVE-2024-6874, CVE-2024-7264, CVE-2024-8006, CVE-2024-8096, CVE-2024-9681, CVE-2024-11053, CVE-2024-12718, CVE-2024-41996, CVE-2024-47619, CVE-2024-52533, CVE-2025-0167, CVE-2025-0665, CVE-2025-0725, CVE-2025-1390, CVE-2025-3360, CVE-2025-4138, CVE-2025-4330, CVE-2025-4373, CVE-2025-4435, CVE-2025-4516, CVE-2025-4517, CVE-2025-6141, CVE-2025-9086, CVE-2025-9230, CVE-2025-9231, CVE-2025-9232, CVE-2025-10148, CVE-2025-27587, CVE-2025-32433, CVE-2025-38084, CVE-2025-38085, CVE-2025-38086, CVE-2025-38345, CVE-2025-38350, CVE-2025-38498, CVE-2025-39839, CVE-2025-39841, CVE-2025-39846, CVE-2025-39853, CVE-2025-39860, CVE-2025-39864, CVE-2025-39865, CVE-2025-59375)</li> <li>SCALANCE XCM324 (6GK5324-8TS01-2AC2) vers:intdot/&lt;3.3 (CVE-2022-48174, CVE-2023-7256, CVE-2023-39810, CVE-2023-42363, CVE-2023-42364, CVE-2023-42365, CVE-2023-42366, CVE-2024-6197, CVE-2024-6874, CVE-2024-7264, CVE-2024-8006, CVE-2024-8096, CVE-2024-9681, CVE-2024-11053, CVE-2024-12718, CVE-2024-41996, CVE-2024-47619, CVE-2024-52533, CVE-2025-0167, CVE-2025-0665, CVE-2025-0725, CVE-2025-1390, CVE-2025-3360, CVE-2025-4138, CVE-2025-4330, CVE-2025-4373, CVE-2025-4435, CVE-2025-4516, CVE-2025-4517, CVE-2025-6141, CVE-2025-9086, CVE-2025-9230, CVE-2025-9231, CVE-2025-9232, CVE-2025-10148, CVE-2025-27587, CVE-2025-32433, CVE-2025-38084, CVE-2025-38085, CVE-2025-38086, CVE-2025-38345, CVE-2025-38350, CVE-2025-38498, CVE-2025-39839, CVE-2025-39841, CVE-2025-39846, CVE-2025-39853, CVE-2025-39860, CVE-2025-39864, CVE-2025-39865, CVE-2025-59375)</li> <li>SCALANCE XCM328 (6GK5328-4TS01-2AC2) vers:intdot/&lt;3.3 (CVE-2022-48174, CVE-2023-7256, CVE-2023-39810, CVE-2023-42363, CVE-2023-42364, CVE-2023-42365, CVE-2023-42366, CVE-2024-6197, CVE-2024-6874, CVE-2024-7264, CVE-2024-8006, CVE-2024-8096, CVE-2024-9681, CVE-2024-11053, CVE-2024-12718, CVE-2024-41996, CVE-2024-47619, CVE-2024-52533, CVE-2025-0167, CVE-2025-0665, CVE-2025-0725, CVE-2025-1390, CVE-2025-3360, CVE-2025-4138, CVE-2025-4330, CVE-2025-4373, CVE-2025-4435, CVE-2025-4516, CVE-2025-4517, CVE-2025-6141, CVE-2025-9086, CVE-2025-9230, CVE-2025-9231, CVE-2025-9232, CVE-2025-10148, CVE-2025-27587, CVE-2025-32433, CVE-2025-38084, CVE-2025-38085, CVE-2025-38086, CVE-2025-38345, CVE-2025-38350, CVE-2025-38498, CVE-2025-39839, CVE-2025-39841, CVE-2025-39846, CVE-2025-39853, CVE-2025-39860, CVE-2025-39864, CVE-2025-39865, CVE-2025-59375)</li> <li>SCALANCE XCM332 (6GK5332-0GA01-2AC2) vers:intdot/&lt;3.3 (CVE-2022-48174, CVE-2023-7256, CVE-2023-39810, CVE-2023-42363, CVE-2023-42364, CVE-2023-42365, CVE-2023-42366, CVE-2024-6197, CVE-2024-6874, CVE-2024-7264, CVE-2024-8006, CVE-2024-8096, CVE-2024-9681, CVE-2024-11053, CVE-2024-12718, CVE-2024-41996, CVE-2024-47619, CVE-2024-52533, CVE-2025-0167, CVE-2025-0665, CVE-2025-0725, CVE-2025-1390, CVE-2025-3360, CVE-2025-4138, CVE-2025-4330, CVE-2025-4373, CVE-2025-4435, CVE-2025-4516, CVE-2025-4517, CVE-2025-6141, CVE-2025-9086, CVE-2025-9230, CVE-2025-9231, CVE-2025-9232, CVE-2025-10148, CVE-2025-27587, CVE-2025-32433, CVE-2025-38084, CVE-2025-38085, CVE-2025-38086, CVE-2025-38345, CVE-2025-38350, CVE-2025-38498, CVE-2025-39839, CVE-2025-39841, CVE-2025-39846, CVE-2025-39853, CVE-2025-39860, CVE-2025-39864, CVE-2025-39865, CVE-2025-59375)</li> <li>SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3) vers:intdot/&lt;3.3 (CVE-2022-48174, CVE-2023-7256, CVE-2023-39810, CVE-2023-42363, CVE-2023-42364, CVE-2023-42365, CVE-2023-42366, CVE-2024-6197, CVE-2024-6874, CVE-2024-7264, CVE-2024-8006, CVE-2024-8096, CVE-2024-9681, CVE-2024-11053, CVE-2024-12718, CVE-2024-41996, CVE-2024-47619, CVE-2024-52533, CVE-2025-0167, CVE-2025-0665, CVE-2025-0725, CVE-2025-1390, CVE-2025-3360, CVE-2025-4138, CVE-2025-4330, CVE-2025-4373, CVE-2025-4435, CVE-2025-4516, CVE-2025-4517, CVE-2025-6141, CVE-2025-9086, CVE-2025-9230, CVE-2025-9231, CVE-2025-9232, CVE-2025-10148, CVE-2025-27587, CVE-2025-32433, CVE-2025-38084, CVE-2025-38085, CVE-2025-38086, CVE-2025-38345, CVE-2025-38350, CVE-2025-38498, CVE-2025-39839, CVE-2025-39841, CVE-2025-39846, CVE-2025-39853, CVE-2025-39860, CVE-2025-39864, CVE-2025-39865, CVE-2025-59375)</li> <li>SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3) vers:intdot/&lt;3.3 (CVE-2022-48174, CVE-2023-7256, CVE-2023-39810, CVE-2023-42363, CVE-2023-42364, CVE-2023-42365, CVE-2023-42366, CVE-2024-6197, CVE-2024-6874, CVE-2024-7264, CVE-2024-8006, CVE-2024-8096, CVE-2024-9681, CVE-2024-11053, CVE-2024-12718, CVE-2024-41996, CVE-2024-47619, CVE-2024-52533, CVE-2025-0167, CVE-2025-0665, CVE-2025-0725, CVE-2025-1390, CVE-2025-3360, CVE-2025-4138, CVE-2025-4330, CVE-2025-4373, CVE-2025-4435, CVE-2025-4516, CVE-2025-4517, CVE-2025-6141, CVE-2025-9086, CVE-2025-9230, CVE-2025-9231, CVE-2025-9232, CVE-2025-10148, CVE-2025-27587, CVE-2025-32433, CVE-2025-38084, CVE-2025-38085, CVE-2025-38086, CVE-2025-38345, CVE-2025-38350, CVE-2025-38498, CVE-2025-39839, CVE-2025-39841, CVE-2025-39846, CVE-2025-39853, CVE-2025-39860, CVE-2025-39864, CVE-2025-39865, CVE-2025-59375)</li> <li>SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3) vers:intdot/&lt;3.3 (CVE-2022-48174, CVE-2023-7256, CVE-2023-39810, CVE-2023-42363, CVE-2023-42364, CVE-2023-42365, CVE-2023-42366, CVE-2024-6197, CVE-2024-6874, CVE-2024-7264, CVE-2024-8006, CVE-2024-8096, CVE-2024-9681, CVE-2024-11053, CVE-2024-12718, CVE-2024-41996, CVE-2024-47619, CVE-2024-52533, CVE-2025-0167, CVE-2025-0665, CVE-2025-0725, CVE-2025-1390, CVE-2025-3360, CVE-2025-4138, CVE-2025-4330, CVE-2025-4373, CVE-2025-4435, CVE-2025-4516, CVE-2025-4517, CVE-2025-6141, CVE-2025-9086, CVE-2025-9230, CVE-2025-9231, CVE-2025-9232, CVE-2025-10148, CVE-2025-27587, CVE-2025-32433, CVE-2025-38084, CVE-2025-38085, CVE-2025-38086, CVE-2025-38345, CVE-2025-38350, CVE-2025-38498, CVE-2025-39839, CVE-2025-39841, CVE-2025-39846, CVE-2025-39853, CVE-2025-39860, CVE-2025-39864, CVE-2025-39865, CVE-2025-59375)</li> <li>SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3) vers:intdot/&lt;3.3 (CVE-2022-48174, CVE-2023-7256, CVE-2023-39810, CVE-2023-42363, CVE-2023-42364, CVE-2023-42365, CVE-2023-42366, CVE-2024-6197, CVE-2024-6874, CVE-2024-7264, CVE-2024-8006, CVE-2024-8096, CVE-2024-9681, CVE-2024-11053, CVE-2024-12718, CVE-2024-41996, CVE-2024-47619, CVE-2024-52533, CVE-2025-0167, CVE-2025-0665, CVE-2025-0725, CVE-2025-1390, CVE-2025-3360, CVE-2025-4138, CVE-2025-4330, CVE-2025-4373, CVE-2025-4435, CVE-2025-4516, CVE-2025-4517, CVE-2025-6141, CVE-2025-9086, CVE-2025-9230, CVE-2025-9231, CVE-2025-9232, CVE-2025-10148, CVE-2025-27587, CVE-2025-32433, CVE-2025-38084, CVE-2025-38085, CVE-2025-38086, CVE-2025-38345, CVE-2025-38350, CVE-2025-38498, CVE-2025-39839, CVE-2025-39841, CVE-2025-39846, CVE-2025-39853, CVE-2025-39860, CVE-2025-39864, CVE-2025-39865, CVE-2025-59375)</li> <li>SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3) vers:intdot/&lt;3.3 (CVE-2022-48174, CVE-2023-7256, CVE-2023-39810, CVE-2023-42363, CVE-2023-42364, CVE-2023-42365, CVE-2023-42366, CVE-2024-6197, CVE-2024-6874, CVE-2024-7264, CVE-2024-8006, CVE-2024-8096, CVE-2024-9681, CVE-2024-11053, CVE-2024-12718, CVE-2024-41996, CVE-2024-47619, CVE-2024-52533, CVE-2025-0167, CVE-2025-0665, CVE-2025-0725, CVE-2025-1390, CVE-2025-3360, CVE-2025-4138, CVE-2025-4330, CVE-2025-4373, CVE-2025-4435, CVE-2025-4516, CVE-2025-4517, CVE-2025-6141, CVE-2025-9086, CVE-2025-9230, CVE-2025-9231, CVE-2025-9232, CVE-2025-10148, CVE-2025-27587, CVE-2025-32433, CVE-2025-38084, CVE-2025-38085, CVE-2025-38086, CVE-2025-38345, CVE-2025-38350, CVE-2025-38498, CVE-2025-39839, CVE-2025-39841, CVE-2025-39846, CVE-2025-39853, CVE-2025-39860, CVE-2025-39864, CVE-2025-39865, CVE-2025-59375)</li> <li>SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3) vers:intdot/&lt;3.3 (CVE-2022-48174, CVE-2023-7256, CVE-2023-39810, CVE-2023-42363, CVE-2023-42364, CVE-2023-42365, CVE-2023-42366, CVE-2024-6197, CVE-2024-6874, CVE-2024-7264, CVE-2024-8006, CVE-2024-8096, CVE-2024-9681, CVE-2024-11053, CVE-2024-12718, CVE-2024-41996, CVE-2024-47619, CVE-2024-52533, CVE-2025-0167, CVE-2025-0665, CVE-2025-0725, CVE-2025-1390, CVE-2025-3360, CVE-2025-4138, CVE-2025-4330, CVE-2025-4373, CVE-2025-4435, CVE-2025-4516, CVE-2025-4517, CVE-2025-6141, CVE-2025-9086, CVE-2025-9230, CVE-2025-9231, CVE-2025-9232, CVE-2025-10148, CVE-2025-27587, CVE-2025-32433, CVE-2025-38084, CVE-2025-38085, CVE-2025-38086, CVE-2025-38345, CVE-2025-38350, CVE-2025-38498, CVE-2025-39839, CVE-2025-39841, CVE-2025-39846, CVE-2025-39853, CVE-2025-39860, CVE-2025-39864, CVE-2025-39865, CVE-2025-59375)</li> <li>SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3) vers:intdot/&lt;3.3 (CVE-2022-48174, CVE-2023-7256, CVE-2023-39810, CVE-2023-42363, CVE-2023-42364, CVE-2023-42365, CVE-2023-42366, CVE-2024-6197, CVE-2024-6874, CVE-2024-7264, CVE-2024-8006, CVE-2024-8096, CVE-2024-9681, CVE-2024-11053, CVE-2024-12718, CVE-2024-41996, CVE-2024-47619, CVE-2024-52533, CVE-2025-0167, CVE-2025-0665, CVE-2025-0725, CVE-2025-1390, CVE-2025-3360, CVE-2025-4138, CVE-2025-4330, CVE-2025-4373, CVE-2025-4435, CVE-2025-4516, CVE-2025-4517, CVE-2025-6141, CVE-2025-9086, CVE-2025-9230, CVE-2025-9231, CVE-2025-9232, CVE-2025-10148, CVE-2025-27587, CVE-2025-32433, CVE-2025-38084, CVE-2025-38085, CVE-2025-38086, CVE-2025-38345, CVE-2025-38350, CVE-2025-38498, CVE-2025-39839, CVE-2025-39841, CVE-2025-39846, CVE-2025-39853, CVE-2025-39860, CVE-2025-39864, CVE-2025-39865, CVE-2025-59375)</li> <li>SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3) vers:intdot/&lt;3.3 (CVE-2022-48174, CVE-2023-7256, CVE-2023-39810, CVE-2023-42363, CVE-2023-42364, CVE-2023-42365, CVE-2023-42366, CVE-2024-6197, CVE-2024-6874, CVE-2024-7264, CVE-2024-8006, CVE-2024-8096, CVE-2024-9681, CVE-2024-11053, CVE-2024-12718, CVE-2024-41996, CVE-2024-47619, CVE-2024-52533, CVE-2025-0167, CVE-2025-0665, CVE-2025-0725, CVE-2025-1390, CVE-2025-3360, CVE-2025-4138, CVE-2025-4330, CVE-2025-4373, CVE-2025-4435, CVE-2025-4516, CVE-2025-4517, CVE-2025-6141, CVE-2025-9086, CVE-2025-9230, CVE-2025-9231, CVE-2025-9232, CVE-2025-10148, CVE-2025-27587, CVE-2025-32433, CVE-2025-38084, CVE-2025-38085, CVE-2025-38086, CVE-2025-38345, CVE-2025-38350, CVE-2025-38498, CVE-2025-39839, CVE-2025-39841, CVE-2025-39846, CVE-2025-39853, CVE-2025-39860, CVE-2025-39864, CVE-2025-39865, CVE-2025-59375)</li> <li>SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3) vers:intdot/&lt;3.3 (CVE-2022-48174, CVE-2023-7256, CVE-2023-39810, CVE-2023-42363, CVE-2023-42364, CVE-2023-42365, CVE-2023-42366, CVE-2024-6197, CVE-2024-6874, CVE-2024-7264, CVE-2024-8006, CVE-2024-8096, CVE-2024-9681, CVE-2024-11053, CVE-2024-12718, CVE-2024-41996, CVE-2024-47619, CVE-2024-52533, CVE-2025-0167, CVE-2025-0665, CVE-2025-0725, CVE-2025-1390, CVE-2025-3360, CVE-2025-4138, CVE-2025-4330, CVE-2025-4373, CVE-2025-4435, CVE-2025-4516, CVE-2025-4517, CVE-2025-6141, CVE-2025-9086, CVE-2025-9230, CVE-2025-9231, CVE-2025-9232, CVE-2025-10148, CVE-2025-27587, CVE-2025-32433, CVE-2025-38084, CVE-2025-38085, CVE-2025-38086, CVE-2025-38345, CVE-2025-38350, CVE-2025-38498, CVE-2025-39839, CVE-2025-39841, CVE-2025-39846, CVE-2025-39853, CVE-2025-39860, CVE-2025-39864, CVE-2025-39865, CVE-2025-59375)</li> <li>SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3) vers:intdot/&lt;3.3 (CVE-2022-48174, CVE-2023-7256, CVE-2023-39810, CVE-2023-42363, CVE-2023-42364, CVE-2023-42365, CVE-2023-42366, CVE-2024-6197, CVE-2024-6874, CVE-2024-7264, CVE-2024-8006, CVE-2024-8096, CVE-2024-9681, CVE-2024-11053, CVE-2024-12718, CVE-2024-41996, CVE-2024-47619, CVE-2024-52533, CVE-2025-0167, CVE-2025-0665, CVE-2025-0725, CVE-2025-1390, CVE-2025-3360, CVE-2025-4138, CVE-2025-4330, CVE-2025-4373, CVE-2025-4435, CVE-2025-4516, CVE-2025-4517, CVE-2025-6141, CVE-2025-9086, CVE-2025-9230, CVE-2025-9231, CVE-2025-9232, CVE-2025-10148, CVE-2025-27587, CVE-2025-32433, CVE-2025-38084, CVE-2025-38085, CVE-2025-38086, CVE-2025-38345, CVE-2025-38350, CVE-2025-38498, CVE-2025-39839, CVE-2025-39841, CVE-2025-39846, CVE-2025-39853, CVE-2025-39860, CVE-2025-39864, CVE-2025-39865, CVE-2025-59375)</li> </ul> <div class="csaf-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS</th> <th role="columnheader">Vendor</th> <th role="columnheader">Equipment</th> <th role="columnheader">Vulnerabilities</th> </tr> </thead> <tbody> <tr> <td>v3 10</td> <td>Siemens</td> <td>Siemens SINEC OS</td> <td>Out-of-bounds Write, Double Free, Improper Input Validation, Use After Free, Improper Restriction of Operations within the Bounds of a Memory Buffer, Free of Memory not on the Heap, Buffer Over-read, Out-of-bounds Read, NULL Pointer Dereference, Improper Certificate Validation, Incorrect Comparison, Exposure of Sensitive Information to an Unauthorized Actor, Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Multiple Releases of Same Resource or Handle, Integer Overflow to Buffer Overflow, Improper Access Control, Integer Overflow or Wraparound, Buffer Underwrite ('Buffer Underflow'), Incorrect Calculation, Stack-based Buffer Overflow, Covert Timing Channel, Generation of Predictable Numbers or Identifiers, Missing Authentication for Critical Function, Allocation of Resources Without Limits or Throttling</td> </tr> </tbody> </table> </div> <h3>Background</h3> <ul> <li><strong>Critical Infrastructure Sectors: </strong>Energy, Critical Manufacturing, Transportation Systems, Water and Wastewater</li> <li><strong>Countries/Areas Deployed: </strong>Worldwide</li> <li><strong>Company Headquarters Location: </strong>Germany</li> </ul> <hr> <h2>Vulnerabilities</h2> <div class="csaf-accordion"> <p><a class="csaf-accordion-toggle-all" href="#">Expand All +</a></p> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2022-48174</a></h3> <div class="csaf-accordion-content"> <p>There is a stack overflow vulnerability in ash.c:6030 in BusyBox versions prior to 1.35. In the environment of internet of vehicles, this vulnerability can be exploited via crafted commands, potentially leading to arbitrary code execution.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2022-48174">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Siemens SINEC OS</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Siemens</div> <div class="ics-version"><strong>Product Version:</strong><br>RUGGEDCOM RST2428P (6GK6242-6PA00), SCALANCE XCH328 (6GK5328-4TS01-2EC2), SCALANCE XCM324 (6GK5324-8TS01-2AC2), SCALANCE XCM328 (6GK5328-4TS01-2AC2), SCALANCE XCM332 (6GK5332-0GA01-2AC2), SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3), SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3), SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3), SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3), SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3), SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3), SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3), SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3), SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3), SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>Update to V3.3 or later version</p> <p><strong>Vendor fix</strong><br>Update to V3.3 or later version</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/787.html">CWE-787 Out-of-bounds Write</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>7.8</td> <td>HIGH</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H">CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2023-7256</a></h3> <div class="csaf-accordion-content"> <p>In affected libpcap versions, during the setup of a remote packet capture the internal function sock_initaddress() calls getaddrinfo() and possibly freeaddrinfo(), but does not clearly indicate to the caller whether freeaddrinfo() needs to be called after the function returns. This makes it possible in some scenarios that both the function and its caller call freeaddrinfo() for the same allocated memory block. A similar problem was reported in Apple libpcap, to which Apple assigned CVE-2023-40400.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2023-7256">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Siemens SINEC OS</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Siemens</div> <div class="ics-version"><strong>Product Version:</strong><br>RUGGEDCOM RST2428P (6GK6242-6PA00), SCALANCE XCH328 (6GK5328-4TS01-2EC2), SCALANCE XCM324 (6GK5324-8TS01-2AC2), SCALANCE XCM328 (6GK5328-4TS01-2AC2), SCALANCE XCM332 (6GK5332-0GA01-2AC2), SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3), SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3), SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3), SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3), SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3), SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3), SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3), SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3), SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3), SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>Update to V3.3 or later version</p> <p><strong>Vendor fix</strong><br>Update to V3.3 or later version</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/415.html">CWE-415 Double Free</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>4.4</td> <td>MEDIUM</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H">CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2023-39810</a></h3> <div class="csaf-accordion-content"> <p>An issue in the CPIO command of Busybox v1.33.2 may allow an attacker to perform a directory traversal attack.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2023-39810">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Siemens SINEC OS</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Siemens</div> <div class="ics-version"><strong>Product Version:</strong><br>RUGGEDCOM RST2428P (6GK6242-6PA00), SCALANCE XCH328 (6GK5328-4TS01-2EC2), SCALANCE XCM324 (6GK5324-8TS01-2AC2), SCALANCE XCM328 (6GK5328-4TS01-2AC2), SCALANCE XCM332 (6GK5332-0GA01-2AC2), SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3), SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3), SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3), SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3), SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3), SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3), SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3), SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3), SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3), SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>Update to V3.3 or later version</p> <p><strong>Vendor fix</strong><br>Update to V3.3 or later version</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/20.html">CWE-20 Improper Input Validation</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>6.1</td> <td>MEDIUM</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L">CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2023-42363</a></h3> <div class="csaf-accordion-content"> <p>A use-after-free vulnerability was discovered in the xasprintf function located in xfuncs_printf.c:344 in BusyBox v.1.36.1.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2023-42363">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Siemens SINEC OS</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Siemens</div> <div class="ics-version"><strong>Product Version:</strong><br>RUGGEDCOM RST2428P (6GK6242-6PA00), SCALANCE XCH328 (6GK5328-4TS01-2EC2), SCALANCE XCM324 (6GK5324-8TS01-2AC2), SCALANCE XCM328 (6GK5328-4TS01-2AC2), SCALANCE XCM332 (6GK5332-0GA01-2AC2), SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3), SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3), SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3), SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3), SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3), SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3), SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3), SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3), SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3), SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>Update to V3.3 or later version</p> <p><strong>Vendor fix</strong><br>Update to V3.3 or later version</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/416.html">CWE-416 Use After Free</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>5.5</td> <td>MEDIUM</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H">CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2023-42364</a></h3> <div class="csaf-accordion-content"> <p>A use-after-free vulnerability in BusyBox v.1.36.1 may lead to denial of service through a crafted awk pattern processed by the evaluate function in awk.c.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2023-42364">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Siemens SINEC OS</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Siemens</div> <div class="ics-version"><strong>Product Version:</strong><br>RUGGEDCOM RST2428P (6GK6242-6PA00), SCALANCE XCH328 (6GK5328-4TS01-2EC2), SCALANCE XCM324 (6GK5324-8TS01-2AC2), SCALANCE XCM328 (6GK5328-4TS01-2AC2), SCALANCE XCM332 (6GK5332-0GA01-2AC2), SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3), SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3), SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3), SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3), SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3), SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3), SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3), SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3), SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3), SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>Update to V3.3 or later version</p> <p><strong>Vendor fix</strong><br>Update to V3.3 or later version</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/416.html">CWE-416 Use After Free</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>5.5</td> <td>MEDIUM</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H">CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2023-42365</a></h3> <div class="csaf-accordion-content"> <p>A use-after-free vulnerability was identified in BusyBox v.1.36.1 through a crafted awk pattern processed by the copyvar function in awk.c</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2023-42365">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Siemens SINEC OS</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Siemens</div> <div class="ics-version"><strong>Product Version:</strong><br>RUGGEDCOM RST2428P (6GK6242-6PA00), SCALANCE XCH328 (6GK5328-4TS01-2EC2), SCALANCE XCM324 (6GK5324-8TS01-2AC2), SCALANCE XCM328 (6GK5328-4TS01-2AC2), SCALANCE XCM332 (6GK5332-0GA01-2AC2), SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3), SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3), SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3), SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3), SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3), SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3), SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3), SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3), SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3), SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>Update to V3.3 or later version</p> <p><strong>Vendor fix</strong><br>Update to V3.3 or later version</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/416.html">CWE-416 Use After Free</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>7.8</td> <td>HIGH</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H">CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2023-42366</a></h3> <div class="csaf-accordion-content"> <p>A heap buffer overflow was discovered in BusyBox version 1.36.1 in the next_token function at awk.c:1159.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2023-42366">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Siemens SINEC OS</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Siemens</div> <div class="ics-version"><strong>Product Version:</strong><br>RUGGEDCOM RST2428P (6GK6242-6PA00), SCALANCE XCH328 (6GK5328-4TS01-2EC2), SCALANCE XCM324 (6GK5324-8TS01-2AC2), SCALANCE XCM328 (6GK5328-4TS01-2AC2), SCALANCE XCM332 (6GK5332-0GA01-2AC2), SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3), SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3), SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3), SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3), SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3), SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3), SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3), SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3), SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3), SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>Update to V3.3 or later version</p> <p><strong>Vendor fix</strong><br>Update to V3.3 or later version</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/119.html">CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>5.5</td> <td>MEDIUM</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H">CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2024-6197</a></h3> <div class="csaf-accordion-content"> <p>libcurl's ASN1 parser includes the utf8asn1str() function, which is used for parsing an ASN.1 UTF-8 string. It can detect an invalid field and return an error. Unfortunately, when doing so it also invokes free() on a 4-byte local stack buffer. Most modern malloc implementations detect this error and immediately abort. Some, however, accept the input pointer and add that memory to its list of available chunks. This leads to the overwriting of nearby stack memory. The content of the overwrite is decided by the free() implementation; likely to be memory pointers and a set of flags. The most likely outcome of exploiting this flaw is a crash, although it cannot be ruled out that more serious results may occur under special circumstances.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2024-6197">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Siemens SINEC OS</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Siemens</div> <div class="ics-version"><strong>Product Version:</strong><br>RUGGEDCOM RST2428P (6GK6242-6PA00), SCALANCE XCH328 (6GK5328-4TS01-2EC2), SCALANCE XCM324 (6GK5324-8TS01-2AC2), SCALANCE XCM328 (6GK5328-4TS01-2AC2), SCALANCE XCM332 (6GK5332-0GA01-2AC2), SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3), SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3), SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3), SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3), SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3), SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3), SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3), SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3), SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3), SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>Update to V3.3 or later version</p> <p><strong>Vendor fix</strong><br>Update to V3.3 or later version</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/590.html">CWE-590 Free of Memory not on the Heap</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>7.5</td> <td>HIGH</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2024-6874</a></h3> <div class="csaf-accordion-content"> <p>libcurl's URL API function curl_url_get() offers punycode conversions to and from IDN. When converting a name that is exactly 256 bytes, libcurl may read outside of a stack-based buffer when built to use the macidn IDN backend. The conversion function then fills up the provided buffer exactly - but does not null-terminate the string. This flaw can lead to stack contents accidentally getting returned as part of the converted string.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2024-6874">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Siemens SINEC OS</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Siemens</div> <div class="ics-version"><strong>Product Version:</strong><br>RUGGEDCOM RST2428P (6GK6242-6PA00), SCALANCE XCH328 (6GK5328-4TS01-2EC2), SCALANCE XCM324 (6GK5324-8TS01-2AC2), SCALANCE XCM328 (6GK5328-4TS01-2AC2), SCALANCE XCM332 (6GK5332-0GA01-2AC2), SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3), SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3), SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3), SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3), SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3), SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3), SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3), SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3), SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3), SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>Update to V3.3 or later version</p> <p><strong>Vendor fix</strong><br>Update to V3.3 or later version</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/126.html">CWE-126 Buffer Over-read</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>3.1</td> <td>LOW</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N">CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2024-7264</a></h3> <div class="csaf-accordion-content"> <p>libcurl's ASN.1 parser code includes the GTime2str() function, which is used for parsing an ASN.1 generalized time field. If given a syntactically incorrect field, the parser might end up using -1 for the length of the time fraction, leading to a strlen() being performed on a pointer to a heap buffer area that is not intentionally not null-terminated. This flaw most likely leads to a crash, but can also lead to heap contents getting returned to the application when CURLINFO_CERTINFO is used.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2024-7264">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Siemens SINEC OS</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Siemens</div> <div class="ics-version"><strong>Product Version:</strong><br>RUGGEDCOM RST2428P (6GK6242-6PA00), SCALANCE XCH328 (6GK5328-4TS01-2EC2), SCALANCE XCM324 (6GK5324-8TS01-2AC2), SCALANCE XCM328 (6GK5328-4TS01-2AC2), SCALANCE XCM332 (6GK5332-0GA01-2AC2), SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3), SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3), SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3), SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3), SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3), SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3), SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3), SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3), SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3), SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>Update to V3.3 or later version</p> <p><strong>Vendor fix</strong><br>Update to V3.3 or later version</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/125.html">CWE-125 Out-of-bounds Read</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>3.7</td> <td>LOW</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N">CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2024-8006</a></h3> <div class="csaf-accordion-content"> <p>Remote packet capture support is disabled by default in libpcap. When a user builds libpcap with remote packet capture support enabled, one of the functions that becomes available is pcap_findalldevs_ex(). One of the function arguments can accept a filesystem path, which typically refers to a directory containing input data files. When the specified path cannot be used as a directory, the function receives NULL from opendir(). It does not check the return value and passes the NULL value to readdir(), which causes a NULL pointer dereference.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2024-8006">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Siemens SINEC OS</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Siemens</div> <div class="ics-version"><strong>Product Version:</strong><br>RUGGEDCOM RST2428P (6GK6242-6PA00), SCALANCE XCH328 (6GK5328-4TS01-2EC2), SCALANCE XCM324 (6GK5324-8TS01-2AC2), SCALANCE XCM328 (6GK5328-4TS01-2AC2), SCALANCE XCM332 (6GK5332-0GA01-2AC2), SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3), SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3), SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3), SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3), SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3), SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3), SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3), SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3), SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3), SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>Update to V3.3 or later version</p> <p><strong>Vendor fix</strong><br>Update to V3.3 or later version</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/476.html">CWE-476 NULL Pointer Dereference</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>4.4</td> <td>MEDIUM</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H">CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2024-8096</a></h3> <div class="csaf-accordion-content"> <p>When curl is configured to use the certificate status request TLS extension, often referred to as OCSP stapling, to verify that the server certificate is valid, it might fail to detect some OCSP problems and may incorrectly consider the response valid. If the returned status reports an error other than 'revoked' (such as 'unauthorized') it is not treated as a bad certificate.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2024-8096">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Siemens SINEC OS</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Siemens</div> <div class="ics-version"><strong>Product Version:</strong><br>RUGGEDCOM RST2428P (6GK6242-6PA00), SCALANCE XCH328 (6GK5328-4TS01-2EC2), SCALANCE XCM324 (6GK5324-8TS01-2AC2), SCALANCE XCM328 (6GK5328-4TS01-2AC2), SCALANCE XCM332 (6GK5332-0GA01-2AC2), SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3), SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3), SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3), SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3), SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3), SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3), SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3), SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3), SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3), SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>Update to V3.3 or later version</p> <p><strong>Vendor fix</strong><br>Update to V3.3 or later version</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/295.html">CWE-295 Improper Certificate Validation</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>6.5</td> <td>MEDIUM</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2024-9681</a></h3> <div class="csaf-accordion-content"> <p>When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, causing it to expire earlier or later than intended. This affects curl-using applications that enable HSTS and use URLs with the insecure http:// scheme and perform transfers with hosts like x.example.com as well as example.com where the first host is a subdomain of the second host. (The HSTS cache must either have been populated manually or through previous HTTPS requests, as entries for the domains involved are required to trigger this issue.) When x.example.com responds with Strict-Transport-Security: headers, this bug can make the subdomain's expiry timeout bleed over and get set for the parent domain example.com in curl's HSTS cache. The result of a triggered bug is that HTTP accesses to example.com get converted to HTTPS for a different period of time than what was asked for by the origin server. If example.com for example stops supporting HTTPS at its expiry time, curl might then fail to access http://example.com until the (wrongly set) timeout expires. This bug can also expire the parent's entry earlier, thus making curl inadvertently switch back to insecure HTTP earlier than otherwise intended.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2024-9681">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Siemens SINEC OS</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Siemens</div> <div class="ics-version"><strong>Product Version:</strong><br>RUGGEDCOM RST2428P (6GK6242-6PA00), SCALANCE XCH328 (6GK5328-4TS01-2EC2), SCALANCE XCM324 (6GK5324-8TS01-2AC2), SCALANCE XCM328 (6GK5328-4TS01-2AC2), SCALANCE XCM332 (6GK5332-0GA01-2AC2), SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3), SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3), SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3), SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3), SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3), SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3), SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3), SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3), SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3), SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>Update to V3.3 or later version</p> <p><strong>Vendor fix</strong><br>Update to V3.3 or later version</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/697.html">CWE-697 Incorrect Comparison</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>6.5</td> <td>MEDIUM</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L">CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2024-11053</a></h3> <div class="csaf-accordion-content"> <p>When configured to use a .netrc file for credentials and follow HTTP redirects, curl could leak the password from the first host to the redirect target host under certain circumstances. This flaw only manifests itself if the netrc file has an entry that matches the redirect target hostname but the entry either omits the password or both the login and password.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2024-11053">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Siemens SINEC OS</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Siemens</div> <div class="ics-version"><strong>Product Version:</strong><br>RUGGEDCOM RST2428P (6GK6242-6PA00), SCALANCE XCH328 (6GK5328-4TS01-2EC2), SCALANCE XCM324 (6GK5324-8TS01-2AC2), SCALANCE XCM328 (6GK5328-4TS01-2AC2), SCALANCE XCM332 (6GK5332-0GA01-2AC2), SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3), SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3), SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3), SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3), SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3), SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3), SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3), SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3), SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3), SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>Update to V3.3 or later version</p> <p><strong>Vendor fix</strong><br>Update to V3.3 or later version</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/200.html">CWE-200 Exposure of Sensitive Information to an Unauthorized Actor</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>3.7</td> <td>LOW</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N">CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2024-12718</a></h3> <div class="csaf-accordion-content"> <p>This vulnerability allows modifying some file metadata (e.g., last modified) with filter="data" or file permissions (chmod) with filter="tar" for files outside the extraction directory. You are affected by this vulnerability if using the tarfile&nbsp;module to extract untrusted tar archives when extracting untrusted tar archives with TarFile.extractall() or TarFile.extract() and specifying the filter= parameter with a value of "data"&nbsp;or "tar". See the tarfile extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter for more information. Only Python versions 3.12 or later are affected by these vulnerabilities, earlier versions do not include the extraction filter feature. Note that for Python 3.14 or later the default value of filter=&nbsp;changed from "no filtering" to "data", so if you are relying on this new default behavior then your usage is also affected. Note that none of these vulnerabilities significantly affect the installation of source distributions which are tar archives as source distributions already allow arbitrary code execution during the build process. However, when evaluating source distributions it is important to avoid installing source distributions that contain suspicious links.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2024-12718">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Siemens SINEC OS</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Siemens</div> <div class="ics-version"><strong>Product Version:</strong><br>RUGGEDCOM RST2428P (6GK6242-6PA00), SCALANCE XCH328 (6GK5328-4TS01-2EC2), SCALANCE XCM324 (6GK5324-8TS01-2AC2), SCALANCE XCM328 (6GK5328-4TS01-2AC2), SCALANCE XCM332 (6GK5332-0GA01-2AC2), SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3), SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3), SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3), SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3), SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3), SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3), SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3), SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3), SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3), SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>Update to V3.3 or later version</p> <p><strong>Vendor fix</strong><br>Update to V3.3 or later version</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/22.html">CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>5.3</td> <td>MEDIUM</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2024-41996</a></h3> <div class="csaf-accordion-content"> <p>Validating the order of public keys in the Diffie-Hellman Key Agreement Protocol—when an approved safe prime is used—can allow remote attackers (from the client side) to trigger computationally expensive server-side DHE modular-exponentiation calculations. This can result in asymmetric resource consumption. In the basic attack scenario, the client claims that it can only communicate using DHE, and the server must be configured to allow DHE and validate the order of the public keys.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2024-41996">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Siemens SINEC OS</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Siemens</div> <div class="ics-version"><strong>Product Version:</strong><br>RUGGEDCOM RST2428P (6GK6242-6PA00), SCALANCE XCH328 (6GK5328-4TS01-2EC2), SCALANCE XCM324 (6GK5324-8TS01-2AC2), SCALANCE XCM328 (6GK5328-4TS01-2AC2), SCALANCE XCM332 (6GK5332-0GA01-2AC2), SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3), SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3), SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3), SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3), SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3), SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3), SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3), SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3), SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3), SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>Update to V3.3 or later version</p> <p><strong>Vendor fix</strong><br>Update to V3.3 or later version</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/295.html">CWE-295 Improper Certificate Validation</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>7.5</td> <td>HIGH</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2024-47619</a></h3> <div class="csaf-accordion-content"> <p>syslog-ng is an enhanced log daemon. Prior to version 4.8.2, `tls_wildcard_match()` matches certificates such as foo.*.bar, which is not allowed. It is also possible to pass partial wildcards such as `foo.a*c.bar` which glib matches but should be avoided or invalidated. This issue could impact TLS connections and potentially enable man-in-the-middle attacks. Version 4.8.2 contains a fix for the issue.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2024-47619">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Siemens SINEC OS</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Siemens</div> <div class="ics-version"><strong>Product Version:</strong><br>RUGGEDCOM RST2428P (6GK6242-6PA00), SCALANCE XCH328 (6GK5328-4TS01-2EC2), SCALANCE XCM324 (6GK5324-8TS01-2AC2), SCALANCE XCM328 (6GK5328-4TS01-2AC2), SCALANCE XCM332 (6GK5332-0GA01-2AC2), SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3), SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3), SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3), SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3), SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3), SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3), SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3), SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3), SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3), SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>Update to V3.3 or later version</p> <p><strong>Vendor fix</strong><br>Update to V3.3 or later version</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/295.html">CWE-295 Improper Certificate Validation</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>7.5</td> <td>HIGH</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2024-52533</a></h3> <div class="csaf-accordion-content"> <p>gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 is affected by an off-by-one error resulting in a buffer overflow because SOCKS4_CONN_MSG_LEN is insufficient to accommodate a trailing '\0' character.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2024-52533">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Siemens SINEC OS</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Siemens</div> <div class="ics-version"><strong>Product Version:</strong><br>RUGGEDCOM RST2428P (6GK6242-6PA00), SCALANCE XCH328 (6GK5328-4TS01-2EC2), SCALANCE XCM324 (6GK5324-8TS01-2AC2), SCALANCE XCM328 (6GK5328-4TS01-2AC2), SCALANCE XCM332 (6GK5332-0GA01-2AC2), SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3), SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3), SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3), SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3), SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3), SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3), SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3), SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3), SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3), SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>Update to V3.3 or later version</p> <p><strong>Vendor fix</strong><br>Update to V3.3 or later version</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/787.html">CWE-787 Out-of-bounds Write</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>9.8</td> <td>CRITICAL</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2025-0167</a></h3> <div class="csaf-accordion-content"> <p>When asked to use a .netrc file for credentials and to follow HTTP redirects, curl could leak the password from the first host to the redirect target host under certain circumstances. This flaw occurs only if the netrc file contains a default entry that omits both the login and password which is a rare circumstance.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-0167">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Siemens SINEC OS</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Siemens</div> <div class="ics-version"><strong>Product Version:</strong><br>RUGGEDCOM RST2428P (6GK6242-6PA00), SCALANCE XCH328 (6GK5328-4TS01-2EC2), SCALANCE XCM324 (6GK5324-8TS01-2AC2), SCALANCE XCM328 (6GK5328-4TS01-2AC2), SCALANCE XCM332 (6GK5332-0GA01-2AC2), SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3), SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3), SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3), SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3), SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3), SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3), SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3), SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3), SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3), SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>Update to V3.3 or later version</p> <p><strong>Vendor fix</strong><br>Update to V3.3 or later version</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/200.html">CWE-200 Exposure of Sensitive Information to an Unauthorized Actor</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>3.4</td> <td>LOW</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N">CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2025-0665</a></h3> <div class="csaf-accordion-content"> <p>libcurl could incorrectly close the same eventfd file descriptor twice when closing a connection channel after completing a threaded name resolution.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-0665">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Siemens SINEC OS</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Siemens</div> <div class="ics-version"><strong>Product Version:</strong><br>RUGGEDCOM RST2428P (6GK6242-6PA00), SCALANCE XCH328 (6GK5328-4TS01-2EC2), SCALANCE XCM324 (6GK5324-8TS01-2AC2), SCALANCE XCM328 (6GK5328-4TS01-2AC2), SCALANCE XCM332 (6GK5332-0GA01-2AC2), SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3), SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3), SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3), SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3), SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3), SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3), SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3), SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3), SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3), SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>Update to V3.3 or later version</p> <p><strong>Vendor fix</strong><br>Update to V3.3 or later version</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/1341.html">CWE-1341 Multiple Releases of Same Resource or Handle</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>7.3</td> <td>HIGH</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2025-0725</a></h3> <div class="csaf-accordion-content"> <p>When libcurl is configured to perform automatic gzip decompression of content-encoded HTTP responses using the CURLOPT_ACCEPT_ENCODING option with zlib version 1.2.0.3 or older, an attacker-controlled integer overflow could lead to a buffer overflow in libcurl</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-0725">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Siemens SINEC OS</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Siemens</div> <div class="ics-version"><strong>Product Version:</strong><br>RUGGEDCOM RST2428P (6GK6242-6PA00), SCALANCE XCH328 (6GK5328-4TS01-2EC2), SCALANCE XCM324 (6GK5324-8TS01-2AC2), SCALANCE XCM328 (6GK5328-4TS01-2AC2), SCALANCE XCM332 (6GK5332-0GA01-2AC2), SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3), SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3), SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3), SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3), SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3), SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3), SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3), SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3), SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3), SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>Update to V3.3 or later version</p> <p><strong>Vendor fix</strong><br>Update to V3.3 or later version</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/680.html">CWE-680 Integer Overflow to Buffer Overflow</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>7.3</td> <td>HIGH</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2025-1390</a></h3> <div class="csaf-accordion-content"> <p>The PAM module pam_cap.so in libcap configuration supports group names starting with "@". During parsing, configurations not starting with “@” are incorrectly recognized as group names. This may result in unintended users being granted unintended inherited capabilities, potentially leading to security risks. Attackers can exploit this vulnerability to achieve local privilege escalation on systems where /etc/security/capability.conf is used to configure user inherited privileges by creating specially crafted usernames.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-1390">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Siemens SINEC OS</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Siemens</div> <div class="ics-version"><strong>Product Version:</strong><br>RUGGEDCOM RST2428P (6GK6242-6PA00), SCALANCE XCH328 (6GK5328-4TS01-2EC2), SCALANCE XCM324 (6GK5324-8TS01-2AC2), SCALANCE XCM328 (6GK5328-4TS01-2AC2), SCALANCE XCM332 (6GK5332-0GA01-2AC2), SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3), SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3), SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3), SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3), SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3), SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3), SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3), SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3), SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3), SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>Update to V3.3 or later version</p> <p><strong>Vendor fix</strong><br>Update to V3.3 or later version</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/284.html">CWE-284 Improper Access Control</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>6.1</td> <td>MEDIUM</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2025-3360</a></h3> <div class="csaf-accordion-content"> <p>An integer overflow and buffer under-read in GLib occurs when parsing an excessively long or malformed ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-3360">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Siemens SINEC OS</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Siemens</div> <div class="ics-version"><strong>Product Version:</strong><br>RUGGEDCOM RST2428P (6GK6242-6PA00), SCALANCE XCH328 (6GK5328-4TS01-2EC2), SCALANCE XCM324 (6GK5324-8TS01-2AC2), SCALANCE XCM328 (6GK5328-4TS01-2AC2), SCALANCE XCM332 (6GK5332-0GA01-2AC2), SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3), SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3), SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3), SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3), SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3), SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3), SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3), SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3), SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3), SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>Update to V3.3 or later version</p> <p><strong>Vendor fix</strong><br>Update to V3.3 or later version</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/190.html">CWE-190 Integer Overflow or Wraparound</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>3.7</td> <td>LOW</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L">CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2025-4138</a></h3> <div class="csaf-accordion-content"> <p>This vulnerability allows the extraction filter to be ignored, which enables symlink targets to point outside the destination directory and permits modification of some file metadata. You are affected by this vulnerability if you use the tarfile module to extract untrusted tar archives with TarFile.extractall() or TarFile.extract() and specify the filter= parameter with a value of "data" or "tar". See the tarfile extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter for more information. Note that for Python 3.14 or later, the default value of filter= changed from "no filtering" to "data," so if you rely on this new default behavior, your usage is also affected. Note that none of these vulnerabilities significantly affect the installation of source distributions, which are tar archives, as source distributions already allow arbitrary code execution during the build process. However, when evaluating source distributions, it is important to avoid installing those with suspicious links.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-4138">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Siemens SINEC OS</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Siemens</div> <div class="ics-version"><strong>Product Version:</strong><br>RUGGEDCOM RST2428P (6GK6242-6PA00), SCALANCE XCH328 (6GK5328-4TS01-2EC2), SCALANCE XCM324 (6GK5324-8TS01-2AC2), SCALANCE XCM328 (6GK5328-4TS01-2AC2), SCALANCE XCM332 (6GK5332-0GA01-2AC2), SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3), SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3), SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3), SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3), SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3), SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3), SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3), SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3), SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3), SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>Update to V3.3 or later version</p> <p><strong>Vendor fix</strong><br>Update to V3.3 or later version</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/22.html">CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>7.5</td> <td>HIGH</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2025-4330</a></h3> <div class="csaf-accordion-content"> <p>This vulnerability allows the extraction filter to be ignored, enabling symlink targets to point outside the destination directory and permitting modification of some file metadata. You are affected by this vulnerability if you use the tarfile module to extract untrusted tar archives with TarFile.extractall() or TarFile.extract() and specify the filter= parameter with a value of "data" or "tar". See the tarfile extraction filters documentation (https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter) for more information. Note that for Python 3.14 or later, the default value of filter= changed from "no filtering" to "data," so if you rely on this new default behavior, your usage is also affected. Note that none of these vulnerabilities significantly affect the installation of source distributions, which are tar archives, as source distributions already allow arbitrary code execution during the build process. However, when evaluating source distributions, it is important to avoid installing those with suspicious links.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-4330">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Siemens SINEC OS</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Siemens</div> <div class="ics-version"><strong>Product Version:</strong><br>RUGGEDCOM RST2428P (6GK6242-6PA00), SCALANCE XCH328 (6GK5328-4TS01-2EC2), SCALANCE XCM324 (6GK5324-8TS01-2AC2), SCALANCE XCM328 (6GK5328-4TS01-2AC2), SCALANCE XCM332 (6GK5332-0GA01-2AC2), SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3), SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3), SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3), SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3), SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3), SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3), SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3), SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3), SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3), SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>Update to V3.3 or later version</p> <p><strong>Vendor fix</strong><br>Update to V3.3 or later version</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/22.html">CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>7.5</td> <td>HIGH</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2025-4373</a></h3> <div class="csaf-accordion-content"> <p>GLib contains an integer overflow vulnerability in the g_string_insert_unichar() function. If the specified insertion position is excessively large, it may overflow, resulting in a buffer underwrite.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-4373">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Siemens SINEC OS</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Siemens</div> <div class="ics-version"><strong>Product Version:</strong><br>RUGGEDCOM RST2428P (6GK6242-6PA00), SCALANCE XCH328 (6GK5328-4TS01-2EC2), SCALANCE XCM324 (6GK5324-8TS01-2AC2), SCALANCE XCM328 (6GK5328-4TS01-2AC2), SCALANCE XCM332 (6GK5332-0GA01-2AC2), SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3), SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3), SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3), SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3), SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3), SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3), SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3), SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3), SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3), SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>Update to V3.3 or later version</p> <p><strong>Vendor fix</strong><br>Update to V3.3 or later version</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/124.html">CWE-124 Buffer Underwrite ('Buffer Underflow')</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>4.8</td> <td>MEDIUM</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L">CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2025-4435</a></h3> <div class="csaf-accordion-content"> <p>When using TarFile.errorlevel = 0 and extracting with a filter, the documented behavior is that any filtered members should be skipped and not extracted. However, in affected versions, the actual behavior is that the member is still extracted and not skipped.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-4435">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Siemens SINEC OS</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Siemens</div> <div class="ics-version"><strong>Product Version:</strong><br>RUGGEDCOM RST2428P (6GK6242-6PA00), SCALANCE XCH328 (6GK5328-4TS01-2EC2), SCALANCE XCM324 (6GK5324-8TS01-2AC2), SCALANCE XCM328 (6GK5328-4TS01-2AC2), SCALANCE XCM332 (6GK5332-0GA01-2AC2), SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3), SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3), SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3), SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3), SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3), SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3), SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3), SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3), SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3), SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>Update to V3.3 or later version</p> <p><strong>Vendor fix</strong><br>Update to V3.3 or later version</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/682.html">CWE-682 Incorrect Calculation</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>7.5</td> <td>HIGH</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2025-4516</a></h3> <div class="csaf-accordion-content"> <p>An issue exists in CPython when using bytes.decode("unicode_escape", errors="ignore|replace"). If you are not using the "unicode_escape" encoding or an error handler, your usage is not affected. To work around this issue, you may stop using the errors parameter and instead wrap the bytes.decode() call in a try-except block catching UnicodeDecodeError.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-4516">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Siemens SINEC OS</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Siemens</div> <div class="ics-version"><strong>Product Version:</strong><br>RUGGEDCOM RST2428P (6GK6242-6PA00), SCALANCE XCH328 (6GK5328-4TS01-2EC2), SCALANCE XCM324 (6GK5324-8TS01-2AC2), SCALANCE XCM328 (6GK5328-4TS01-2AC2), SCALANCE XCM332 (6GK5332-0GA01-2AC2), SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3), SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3), SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3), SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3), SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3), SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3), SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3), SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3), SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3), SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>Update to V3.3 or later version</p> <p><strong>Vendor fix</strong><br>Update to V3.3 or later version</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/416.html">CWE-416 Use After Free</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>5.1</td> <td>MEDIUM</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H">CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2025-4517</a></h3> <div class="csaf-accordion-content"> <p>This vulnerability allows arbitrary filesystem writes outside the extraction directory during extraction with filter="data". You are affected by this vulnerability if you use the tarfile module to extract untrusted tar archives with TarFile.extractall() or TarFile.extract() and specify the filter= parameter with a value of "data" or "tar". See the tarfile extraction filters documentation (https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter) for more information. Note that for Python 3.14 or later, the default value of filter= changed from "no filtering" to "data," so if you rely on this new default behavior, your usage is also affected. Note that none of these vulnerabilities significantly affect the installation of source distributions, which are tar archives, as source distributions already allow arbitrary code execution during the build process. However, when evaluating source distributions, it is important to avoid installing those with suspicious links.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-4517">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Siemens SINEC OS</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Siemens</div> <div class="ics-version"><strong>Product Version:</strong><br>RUGGEDCOM RST2428P (6GK6242-6PA00), SCALANCE XCH328 (6GK5328-4TS01-2EC2), SCALANCE XCM324 (6GK5324-8TS01-2AC2), SCALANCE XCM328 (6GK5328-4TS01-2AC2), SCALANCE XCM332 (6GK5332-0GA01-2AC2), SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3), SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3), SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3), SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3), SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3), SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3), SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3), SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3), SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3), SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>Update to V3.3 or later version</p> <p><strong>Vendor fix</strong><br>Update to V3.3 or later version</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/22.html">CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>9.4</td> <td>CRITICAL</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2025-6141</a></h3> <div class="csaf-accordion-content"> <p>A vulnerability was discovered in GNU ncurses versions up to 6.5-20250322 and classified as a security issue. This vulnerability affects the postprocess_termcap function in the file tinfo/parse_entry.c. The manipulation leads to a stack-based buffer overflow. Exploitation of this vulnerability requires local access. Upgrading to version 6.5-20250329 addresses this issue. It is recommended to upgrade the affected component.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-6141">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Siemens SINEC OS</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Siemens</div> <div class="ics-version"><strong>Product Version:</strong><br>RUGGEDCOM RST2428P (6GK6242-6PA00), SCALANCE XCH328 (6GK5328-4TS01-2EC2), SCALANCE XCM324 (6GK5324-8TS01-2AC2), SCALANCE XCM328 (6GK5328-4TS01-2AC2), SCALANCE XCM332 (6GK5332-0GA01-2AC2), SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3), SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3), SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3), SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3), SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3), SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3), SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3), SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3), SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3), SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>Update to V3.3 or later version</p> <p><strong>Vendor fix</strong><br>Update to V3.3 or later version</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/121.html">CWE-121 Stack-based Buffer Overflow</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>3.3</td> <td>LOW</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2025-9086</a></h3> <div class="csaf-accordion-content"> <p>First, a cookie is set using the secure keyword for https://target. Second, curl is redirected to, or otherwise made to communicate with, http://target (same hostname, but using clear-text HTTP) using the same cookie. Third, the same cookie name is set, but with just a slash as the path (path='/'). Since this site is not secure, the cookie should be ignored. Fourth, a bug in the path comparison logic causes curl to read outside a heap buffer boundary. The bug may cause a crash or lead to an incorrect comparison, allowing the clear-text site to override the contents of the secure cookie. This behavior depends on the memory contents immediately following the single-byte allocation that holds the path. The expected behavior is to ignore the second cookie, as it was already set as secure on a secure host; overriding it on an insecure host should not be permitted.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-9086">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Siemens SINEC OS</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Siemens</div> <div class="ics-version"><strong>Product Version:</strong><br>RUGGEDCOM RST2428P (6GK6242-6PA00), SCALANCE XCH328 (6GK5328-4TS01-2EC2), SCALANCE XCM324 (6GK5324-8TS01-2AC2), SCALANCE XCM328 (6GK5328-4TS01-2AC2), SCALANCE XCM332 (6GK5332-0GA01-2AC2), SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3), SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3), SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3), SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3), SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3), SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3), SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3), SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3), SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3), SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>Update to V3.3 or later version</p> <p><strong>Vendor fix</strong><br>Update to V3.3 or later version</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/125.html">CWE-125 Out-of-bounds Read</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>7.5</td> <td>HIGH</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2025-9230</a></h3> <div class="csaf-accordion-content"> <p>An application attempting to decrypt CMS messages encrypted using password-based encryption can trigger an out-of-bounds read and write. This out-of-bounds read may trigger a crash, leading to an application denial of service. The out-of-bounds write can cause memory corruption, which may lead to various consequences, including a denial of service or execution of attacker-supplied code. Although the consequences of a successful exploit of this vulnerability could be severe, the probability that an attacker would be able to perform it is low. Additionally, password-based (PWRI) encryption support in CMS messages is very rarely used. For that reason, the issue was assessed as moderate severity. The FIPS modules in versions 3.5, 3.4, 3.3, 3.2, 3.1, and 3.0 are not affected by this issue, as the CMS implementation is outside the OpenSSL FIPS module boundary.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-9230">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Siemens SINEC OS</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Siemens</div> <div class="ics-version"><strong>Product Version:</strong><br>RUGGEDCOM RST2428P (6GK6242-6PA00), SCALANCE XCH328 (6GK5328-4TS01-2EC2), SCALANCE XCM324 (6GK5324-8TS01-2AC2), SCALANCE XCM328 (6GK5328-4TS01-2AC2), SCALANCE XCM332 (6GK5332-0GA01-2AC2), SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3), SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3), SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3), SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3), SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3), SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3), SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3), SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3), SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3), SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>Update to V3.3 or later version</p> <p><strong>Vendor fix</strong><br>Update to V3.3 or later version</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/787.html">CWE-787 Out-of-bounds Write</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>5.6</td> <td>MEDIUM</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L">CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2025-9231</a></h3> <div class="csaf-accordion-content"> <p>A timing side-channel that could allow remote recovery of the private key exists in the SM2 algorithm implementation on 64-bit ARM platforms. A timing side-channel in SM2 signature computations on 64-bit ARM platforms could allow an attacker to recover the private key. While remote key recovery over a network was not attempted by the reporter, timing measurements revealed a signal that may enable such an attack. OpenSSL does not directly support certificates with SM2 keys in TLS; therefore, this CVE is not relevant in most TLS contexts. However, because it is possible to add support for such certificates via a custom provider, and given that the private key may be recoverable through remote timing measurements in that context, this is considered a moderate severity issue. The FIPS modules in versions 3.5, 3.4, 3.3, 3.2, 3.1, and 3.0 are not affected by this issue, as SM2 is not an approved algorithm.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-9231">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Siemens SINEC OS</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Siemens</div> <div class="ics-version"><strong>Product Version:</strong><br>RUGGEDCOM RST2428P (6GK6242-6PA00), SCALANCE XCH328 (6GK5328-4TS01-2EC2), SCALANCE XCM324 (6GK5324-8TS01-2AC2), SCALANCE XCM328 (6GK5328-4TS01-2AC2), SCALANCE XCM332 (6GK5332-0GA01-2AC2), SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3), SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3), SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3), SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3), SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3), SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3), SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3), SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3), SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3), SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>Update to V3.3 or later version</p> <p><strong>Vendor fix</strong><br>Update to V3.3 or later version</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/385.html">CWE-385 Covert Timing Channel</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>6.5</td> <td>MEDIUM</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2025-9232</a></h3> <div class="csaf-accordion-content"> <p>An application using the OpenSSL HTTP client API functions may trigger an out-of-bounds read if the 'no_proxy' environment variable is set, and the host portion of the authority component of the HTTP URL is an IPv6 address. An out-of-bounds read can trigger a crash, leading to an application denial of service. The OpenSSL HTTP client API functions can be used directly by applications, but they are also used by the OCSP client functions and CMP (Certificate Management Protocol) client implementation in OpenSSL. However, the URLs used by these implementations are unlikely to be controlled by an attacker. In this vulnerable code, the out-of-bounds read can only trigger a crash. Furthermore, the vulnerability requires an attacker-controlled URL to be passed from an application to the OpenSSL function, and the user must have a 'no_proxy' environment variable set. For the aforementioned reasons, the issue was assessed as low severity. The vulnerable code was introduced in the following patch releases: 3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0, and 3.5.0. The FIPS modules in versions 3.5, 3.4, 3.3, 3.2, 3.1, and 3.0 are not affected by this issue, as the HTTP client implementation is outside the OpenSSL FIPS module boundary.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-9232">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Siemens SINEC OS</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Siemens</div> <div class="ics-version"><strong>Product Version:</strong><br>RUGGEDCOM RST2428P (6GK6242-6PA00), SCALANCE XCH328 (6GK5328-4TS01-2EC2), SCALANCE XCM324 (6GK5324-8TS01-2AC2), SCALANCE XCM328 (6GK5328-4TS01-2AC2), SCALANCE XCM332 (6GK5332-0GA01-2AC2), SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3), SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3), SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3), SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3), SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3), SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3), SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3), SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3), SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3), SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>Update to V3.3 or later version</p> <p><strong>Vendor fix</strong><br>Update to V3.3 or later version</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/125.html">CWE-125 Out-of-bounds Read</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>5.9</td> <td>MEDIUM</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H">CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2025-10148</a></h3> <div class="csaf-accordion-content"> <p>curl's WebSocket code did not update the 32-bit mask pattern for each new outgoing frame as required by the specification. Instead, it used a fixed mask that persisted throughout the entire connection. A predictable mask pattern allows a malicious server to induce traffic between the two communicating parties. This traffic could be interpreted by an involved proxy (configured or transparent) as genuine HTTP traffic with content, thereby poisoning its cache. The poisoned cache content could then be served to all users of that proxy.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-10148">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Siemens SINEC OS</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Siemens</div> <div class="ics-version"><strong>Product Version:</strong><br>RUGGEDCOM RST2428P (6GK6242-6PA00), SCALANCE XCH328 (6GK5328-4TS01-2EC2), SCALANCE XCM324 (6GK5324-8TS01-2AC2), SCALANCE XCM328 (6GK5328-4TS01-2AC2), SCALANCE XCM332 (6GK5332-0GA01-2AC2), SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3), SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3), SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3), SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3), SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3), SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3), SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3), SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3), SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3), SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>Update to V3.3 or later version</p> <p><strong>Vendor fix</strong><br>Update to V3.3 or later version</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/340.html">CWE-340 Generation of Predictable Numbers or Identifiers</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>5.3</td> <td>MEDIUM</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2025-27587</a></h3> <div class="csaf-accordion-content"> <p>OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to a Minerva attack, exploitable by measuring the time of signing of random messages using the EVP_DigestSign API, and then using the private key to extract the K value (nonce) from the signatures. Next, based on the bit size of the extracted nonce, an attacker can compare signing times of full-sized nonces to those of signatures using smaller nonces through statistical tests. There is a side-channel in the P-364 curve that allows private key extraction. Additionally, there is a dependency between the bit size of K and the size of the side channel. This CVE is disputed because the OpenSSL security policy explicitly states that any side channels requiring the same physical system to be detected are outside the software’s threat model. The timing signal is so small that it cannot be detected without the attacking process running on the same physical system.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-27587">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Siemens SINEC OS</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Siemens</div> <div class="ics-version"><strong>Product Version:</strong><br>RUGGEDCOM RST2428P (6GK6242-6PA00), SCALANCE XCH328 (6GK5328-4TS01-2EC2), SCALANCE XCM324 (6GK5324-8TS01-2AC2), SCALANCE XCM328 (6GK5328-4TS01-2AC2), SCALANCE XCM332 (6GK5332-0GA01-2AC2), SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3), SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3), SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3), SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3), SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3), SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3), SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3), SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3), SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3), SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>Update to V3.3 or later version</p> <p><strong>Vendor fix</strong><br>Update to V3.3 or later version</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/385.html">CWE-385 Covert Timing Channel</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>5.3</td> <td>MEDIUM</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N">CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2025-32433</a></h3> <div class="csaf-accordion-content"> <p>Erlang/OTP is a collection of libraries and tools for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, an SSH server could allow an attacker to perform unauthenticated remote code execution. By exploiting a flaw in SSH protocol message handling, a malicious actor could gain unauthorized access and execute arbitrary commands without valid credentials. This issue is resolved in versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20. A temporary workaround involves disabling the SSH server or preventing access via firewall rules.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-32433">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Siemens SINEC OS</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Siemens</div> <div class="ics-version"><strong>Product Version:</strong><br>RUGGEDCOM RST2428P (6GK6242-6PA00), SCALANCE XCH328 (6GK5328-4TS01-2EC2), SCALANCE XCM324 (6GK5324-8TS01-2AC2), SCALANCE XCM328 (6GK5328-4TS01-2AC2), SCALANCE XCM332 (6GK5332-0GA01-2AC2), SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3), SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3), SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3), SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3), SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3), SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3), SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3), SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3), SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3), SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>Update to V3.3 or later version</p> <p><strong>Vendor fix</strong><br>Update to V3.3 or later version</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/306.html">CWE-306 Missing Authentication for Critical Function</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>10</td> <td>CRITICAL</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2025-38084</a></h3> <div class="csaf-accordion-content"> <p>In the Linux kernel, the following vulnerability has been resolved: "mm/hugetlb: unshare page tables during VMA split, not before. " Currently, __split_vma() triggers hugetlb page table unsharing through vm_ops-&gt;may_split(). This happens before the VMA lock and rmap locks are taken, which is too early. It allows racing VMA-locked page faults in the process and racing rmap walks from other processes to cause page tables to be shared again before the split occurs. This is fixed by explicitly calling the hugetlb unshare logic from __split_vma() in the same place where THP splitting also occurs. At that point, both the VMA and the rmap(s) are write-locked. A notable detail is that the helper hugetlb_unshare_pmds() can be called from two different locking contexts: First, from hugetlb_split(), holding: mmap lock (exclusively), VMA lock, file rmap lock (exclusively). Second, from hugetlb_unshare_all_pmds(), which appears to be designed to call with only the mmap lock held (in shared mode), but currently only runs while holding the mmap lock and VMA lock. This commit fixes a race condition introduced in commit b30c14cd6102 (“hugetlb: unshare some PMDs when splitting VMAs”). That commit claimed to fix an issue introduced in 5.13, but the fix should also apply to earlier versions.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-38084">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Siemens SINEC OS</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Siemens</div> <div class="ics-version"><strong>Product Version:</strong><br>RUGGEDCOM RST2428P (6GK6242-6PA00), SCALANCE XCH328 (6GK5328-4TS01-2EC2), SCALANCE XCM324 (6GK5324-8TS01-2AC2), SCALANCE XCM328 (6GK5328-4TS01-2AC2), SCALANCE XCM332 (6GK5332-0GA01-2AC2), SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3), SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3), SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3), SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3), SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3), SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3), SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3), SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3), SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3), SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>Update to V3.3 or later version</p> <p><strong>Vendor fix</strong><br>Update to V3.3 or later version</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/20.html">CWE-20 Improper Input Validation</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>7</td> <td>HIGH</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H">CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2025-38085</a></h3> <div class="csaf-accordion-content"> <p>In the Linux kernel, the following vulnerability has been resolved: "mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race." huge_pmd_unshare() drops a reference on a page table that may have previously been shared across processes. This can potentially turn it into a normal page table used in another process, where unrelated VMAs can later be installed. If this occurs during a concurrent gup_fast() operation, the function could end up walking the page tables of another process. Although this does not appear to immediately lead to kernel memory corruption, it is highly unusual and unexpected. This is resolved by using an explicit broadcast IPI through tlb_remove_table_sync_one(), similar to the approach used in khugepaged when removing page tables for a THP collapse.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-38085">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Siemens SINEC OS</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Siemens</div> <div class="ics-version"><strong>Product Version:</strong><br>RUGGEDCOM RST2428P (6GK6242-6PA00), SCALANCE XCH328 (6GK5328-4TS01-2EC2), SCALANCE XCM324 (6GK5324-8TS01-2AC2), SCALANCE XCM328 (6GK5328-4TS01-2AC2), SCALANCE XCM332 (6GK5332-0GA01-2AC2), SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3), SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3), SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3), SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3), SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3), SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3), SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3), SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3), SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3), SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>Update to V3.3 or later version</p> <p><strong>Vendor fix</strong><br>Update to V3.3 or later version</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/20.html">CWE-20 Improper Input Validation</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>5.5</td> <td>MEDIUM</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2025-38086</a></h3> <div class="csaf-accordion-content"> <p>In the Linux kernel, the following vulnerability has been resolved: "net: ch9200: fix uninitialised access during mii_nway_restart." In mii_nway_restart(), the code attempts to call mii-&gt;mdio_read, which is ch9200_mdio_read(). ch9200_mdio_read() uses a local buffer called buff, which is initialized with control_read(). However, buff is conditionally initialized inside control_read(). If the condition err == size is not met, then buff remains uninitialized. Once this happens, the uninitialized buff is accessed and returned during ch9200_mdio_read(). The problem stems from the fact that ch9200_mdio_read() ignores the return value of control_read(), leading to uninitialized access of buff. To fix this, the return value of control_read() should be checked and return early on error.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-38086">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Siemens SINEC OS</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Siemens</div> <div class="ics-version"><strong>Product Version:</strong><br>RUGGEDCOM RST2428P (6GK6242-6PA00), SCALANCE XCH328 (6GK5328-4TS01-2EC2), SCALANCE XCM324 (6GK5324-8TS01-2AC2), SCALANCE XCM328 (6GK5328-4TS01-2AC2), SCALANCE XCM332 (6GK5332-0GA01-2AC2), SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3), SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3), SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3), SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3), SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3), SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3), SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3), SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3), SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3), SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>Update to V3.3 or later version</p> <p><strong>Vendor fix</strong><br>Update to V3.3 or later version</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/20.html">CWE-20 Improper Input Validation</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>7</td> <td>HIGH</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H">CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2025-38345</a></h3> <div class="csaf-accordion-content"> <p>In the Linux kernel, the following vulnerability has been resolved: "ACPICA: fix ACPI operand cache leak in dswstate.c." An ACPI cache leak was identified during early termination and continued boot scenarios. When early termination occurs due to a malicious ACPI table, the Linux kernel terminates the ACPI function and continues the boot process. While the kernel terminates the ACPI function, kmem_cache_destroy() reports an Acpi-Operand cache leak. Analysis revealed that the acpi_ds_obj_stack_pop_and_delete() function miscalculated the top of the stack. The acpi_ds_obj_stack_push() function uses walk_state-&gt;operand_index for the start position of the top, but acpi_ds_obj_stack_pop_and_delete() considers index 0. Therefore, this causes acpi operand memory leak. This cache leak poses a security risk because older kernels (&lt;= 4.9) display memory locations of kernel functions in stack dumps. Malicious users could exploit this information to bypass kernel ASLR. A patch was developed to fix the ACPI operand cache leak.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-38345">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Siemens SINEC OS</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Siemens</div> <div class="ics-version"><strong>Product Version:</strong><br>RUGGEDCOM RST2428P (6GK6242-6PA00), SCALANCE XCH328 (6GK5328-4TS01-2EC2), SCALANCE XCM324 (6GK5324-8TS01-2AC2), SCALANCE XCM328 (6GK5328-4TS01-2AC2), SCALANCE XCM332 (6GK5332-0GA01-2AC2), SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3), SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3), SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3), SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3), SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3), SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3), SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3), SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3), SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3), SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>Update to V3.3 or later version</p> <p><strong>Vendor fix</strong><br>Update to V3.3 or later version</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/20.html">CWE-20 Improper Input Validation</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>5.5</td> <td>MEDIUM</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2025-38350</a></h3> <div class="csaf-accordion-content"> <p>In the Linux kernel, the following vulnerability has been resolved: "net/sched: Always pass notifications when child class becomes empty." Certain classful qdiscs may invoke their classes' dequeue handler during an enqueue operation. This may unexpectedly empty the child qdisc, causing an in-flight class to become passive via qlen_notify(). Most qdiscs do not expect such behavior at this point and may eventually re-activate the class anyway, which can lead to a use-after-free. The referenced fix commit attempted to address this behavior for the HFSC case by adjusting backlog accounting. However, this proved incomplete because the parent's parent may also encounter the issue. Because backlog accounting issues causing use-after-free on stale class pointers have become a recurring problem, this patch takes a different approach. Instead of attempting to fix the accounting, the patch ensures that qdisc_tree_reduce_backlog() always calls qlen_notify() when the child qdisc is empty. This solves the problem because deletion of qdiscs always involves a call to qdisc_reset() and / or qdisc_purge_queue() which ultimately resets its qlen to 0 thus causing the following qdisc_tree_reduce_backlog() to report to the parent. Note that this may call qlen_notify() on passive classes multiple times. This is not an issue after the recent patch series that made all classful qdiscs' qlen_notify() handlers idempotent.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-38350">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Siemens SINEC OS</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Siemens</div> <div class="ics-version"><strong>Product Version:</strong><br>RUGGEDCOM RST2428P (6GK6242-6PA00), SCALANCE XCH328 (6GK5328-4TS01-2EC2), SCALANCE XCM324 (6GK5324-8TS01-2AC2), SCALANCE XCM328 (6GK5328-4TS01-2AC2), SCALANCE XCM332 (6GK5332-0GA01-2AC2), SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3), SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3), SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3), SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3), SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3), SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3), SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3), SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3), SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3), SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>Update to V3.3 or later version</p> <p><strong>Vendor fix</strong><br>Update to V3.3 or later version</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/20.html">CWE-20 Improper Input Validation</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>7.1</td> <td>HIGH</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2025-38498</a></h3> <div class="csaf-accordion-content"> <p>In the Linux kernel, the following vulnerability has been resolved: "do_change_type(): refuse to operate on unmounted or non-owned mounts." This change ensures that propagation settings can only be modified for mounts located in the caller's mount namespace. This change aligns permission checking with the behavior of other mount(2) system calls.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-38498">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Siemens SINEC OS</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Siemens</div> <div class="ics-version"><strong>Product Version:</strong><br>RUGGEDCOM RST2428P (6GK6242-6PA00), SCALANCE XCH328 (6GK5328-4TS01-2EC2), SCALANCE XCM324 (6GK5324-8TS01-2AC2), SCALANCE XCM328 (6GK5328-4TS01-2AC2), SCALANCE XCM332 (6GK5332-0GA01-2AC2), SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3), SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3), SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3), SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3), SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3), SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3), SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3), SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3), SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3), SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>Update to V3.3 or later version</p> <p><strong>Vendor fix</strong><br>Update to V3.3 or later version</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/20.html">CWE-20 Improper Input Validation</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>7.3</td> <td>HIGH</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2025-39839</a></h3> <div class="csaf-accordion-content"> <p>In the Linux kernel, the following vulnerability has been resolved: "batman-adv: fix out-of-bounds read/write in network-coding decode." atadv_nc_skb_decode_packet() trusts coded_len and checks only against skb-&gt;len. XOR starts at sizeof(struct batadv_unicast_packet), reducing payload headroom. Additionally, the source skb length is not verified, allowing an out-of-bounds read and a small out-of-bounds write. Ensure that coded_len fits within the payload area of both destination and source sk_buff structures before performing XOR operations.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-39839">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Siemens SINEC OS</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Siemens</div> <div class="ics-version"><strong>Product Version:</strong><br>RUGGEDCOM RST2428P (6GK6242-6PA00), SCALANCE XCH328 (6GK5328-4TS01-2EC2), SCALANCE XCM324 (6GK5324-8TS01-2AC2), SCALANCE XCM328 (6GK5328-4TS01-2AC2), SCALANCE XCM332 (6GK5332-0GA01-2AC2), SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3), SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3), SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3), SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3), SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3), SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3), SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3), SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3), SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3), SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>Update to V3.3 or later version</p> <p><strong>Vendor fix</strong><br>Update to V3.3 or later version</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/20.html">CWE-20 Improper Input Validation</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>5.5</td> <td>MEDIUM</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2025-39841</a></h3> <div class="csaf-accordion-content"> <p>In the Linux kernel, the following vulnerability has been resolved: "scsi: lpfc: Fix buffer free/clear order in deferred receive path." This change addresses a use-after-free vulnerability by correcting the buffer release sequence in the deferred receive path. The code freed the RQ buffer first and only then cleared the context pointer under the lock. Concurrent paths (e.g., ABTS and the repost path) also inspect and release the same pointer under the lock, so the previous order could lead to a double-free or use-after-free condition. Note that the repost path already uses the correct pattern: detach the pointer under the lock, then free it after dropping the lock. The deferred path now follows the same pattern.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-39841">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Siemens SINEC OS</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Siemens</div> <div class="ics-version"><strong>Product Version:</strong><br>RUGGEDCOM RST2428P (6GK6242-6PA00), SCALANCE XCH328 (6GK5328-4TS01-2EC2), SCALANCE XCM324 (6GK5324-8TS01-2AC2), SCALANCE XCM328 (6GK5328-4TS01-2AC2), SCALANCE XCM332 (6GK5332-0GA01-2AC2), SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3), SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3), SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3), SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3), SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3), SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3), SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3), SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3), SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3), SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>Update to V3.3 or later version</p> <p><strong>Vendor fix</strong><br>Update to V3.3 or later version</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/20.html">CWE-20 Improper Input Validation</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>7.8</td> <td>HIGH</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2025-39846</a></h3> <div class="csaf-accordion-content"> <p>In the Linux kernel, the following vulnerability has been resolved: "pcmcia: Fix a NULL pointer dereference in __iodyn_find_io_region()." In __iodyn_find_io_region(), pcmcia_make_resource() is assigned to res and used in pci_bus_alloc_resource(). res is dereferenced in pci_bus_alloc_resource(), which could lead to a NULL pointer dereference if pcmcia_make_resource() fails. This issue is resolved by adding a check for res.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-39846">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Siemens SINEC OS</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Siemens</div> <div class="ics-version"><strong>Product Version:</strong><br>RUGGEDCOM RST2428P (6GK6242-6PA00), SCALANCE XCH328 (6GK5328-4TS01-2EC2), SCALANCE XCM324 (6GK5324-8TS01-2AC2), SCALANCE XCM328 (6GK5328-4TS01-2AC2), SCALANCE XCM332 (6GK5332-0GA01-2AC2), SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3), SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3), SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3), SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3), SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3), SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3), SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3), SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3), SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3), SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>Update to V3.3 or later version</p> <p><strong>Vendor fix</strong><br>Update to V3.3 or later version</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/20.html">CWE-20 Improper Input Validation</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>5.5</td> <td>MEDIUM</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2025-39853</a></h3> <div class="csaf-accordion-content"> <p>In the Linux kernel, the following vulnerability has been resolved: "i40e: Fix potential invalid access when MAC list is empty." list_first_entry() never returns NULL—if the list is empty, it still returns a pointer to an invalid object, which can lead to invalid memory access when dereferenced. This issue is resolved by using list_first_entry_or_null() instead of list_first_entry().</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-39853">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Siemens SINEC OS</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Siemens</div> <div class="ics-version"><strong>Product Version:</strong><br>RUGGEDCOM RST2428P (6GK6242-6PA00), SCALANCE XCH328 (6GK5328-4TS01-2EC2), SCALANCE XCM324 (6GK5324-8TS01-2AC2), SCALANCE XCM328 (6GK5328-4TS01-2AC2), SCALANCE XCM332 (6GK5332-0GA01-2AC2), SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3), SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3), SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3), SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3), SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3), SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3), SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3), SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3), SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3), SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>Update to V3.3 or later version</p> <p><strong>Vendor fix</strong><br>Update to V3.3 or later version</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/20.html">CWE-20 Improper Input Validation</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>5.5</td> <td>MEDIUM</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2025-39860</a></h3> <div class="csaf-accordion-content"> <p>In the Linux kernel, the following vulnerability has been resolved: "Bluetooth: Fix use-after-free in l2cap_sock_cleanup_listen()." In the crash report, a single thread calling bt_accept_dequeue() freed sk and accessed it afterward. The root cause appears to be the racy l2cap_sock_cleanup_listen() call introduced by the cited commit. bt_accept_dequeue() is called under lock_sock() except when invoked by l2cap_sock_release(). Two threads could see the same socket during the list iteration in bt_accept_dequeue(). Depending on timing, the other thread could appear in the "Freed by task" section. The fix ensures that l2cap_sock_cleanup_listen() is called under lock_sock() in l2cap_sock_release().</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-39860">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Siemens SINEC OS</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Siemens</div> <div class="ics-version"><strong>Product Version:</strong><br>RUGGEDCOM RST2428P (6GK6242-6PA00), SCALANCE XCH328 (6GK5328-4TS01-2EC2), SCALANCE XCM324 (6GK5324-8TS01-2AC2), SCALANCE XCM328 (6GK5328-4TS01-2AC2), SCALANCE XCM332 (6GK5332-0GA01-2AC2), SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3), SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3), SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3), SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3), SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3), SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3), SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3), SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3), SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3), SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>Update to V3.3 or later version</p> <p><strong>Vendor fix</strong><br>Update to V3.3 or later version</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/20.html">CWE-20 Improper Input Validation</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>7.1</td> <td>HIGH</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2025-39864</a></h3> <div class="csaf-accordion-content"> <p>In the Linux kernel, the following vulnerability has been resolved: "wifi: cfg80211: fix use-after-free in cmp_bss()." Following the bss_free() quirk introduced in commit 776b3580178f ("cfg80211: track hidden SSID networks properly"), update cfg80211_update_known_bss() to free the last beacon frame elements only if they are not shared via the corresponding hidden_beacon_bss pointer.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-39864">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Siemens SINEC OS</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Siemens</div> <div class="ics-version"><strong>Product Version:</strong><br>RUGGEDCOM RST2428P (6GK6242-6PA00), SCALANCE XCH328 (6GK5328-4TS01-2EC2), SCALANCE XCM324 (6GK5324-8TS01-2AC2), SCALANCE XCM328 (6GK5328-4TS01-2AC2), SCALANCE XCM332 (6GK5332-0GA01-2AC2), SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3), SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3), SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3), SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3), SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3), SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3), SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3), SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3), SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3), SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>Update to V3.3 or later version</p> <p><strong>Vendor fix</strong><br>Update to V3.3 or later version</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/20.html">CWE-20 Improper Input Validation</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>7.8</td> <td>HIGH</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2025-39865</a></h3> <div class="csaf-accordion-content"> <p>In the Linux kernel, the following vulnerability has been resolved: "tee: fix NULL pointer dereference in tee_shm_put()." tee_shm_put() has a NULL pointer dereference. Add a NULL check in tee_shm_put() to resolve the issue.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-39865">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Siemens SINEC OS</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Siemens</div> <div class="ics-version"><strong>Product Version:</strong><br>RUGGEDCOM RST2428P (6GK6242-6PA00), SCALANCE XCH328 (6GK5328-4TS01-2EC2), SCALANCE XCM324 (6GK5324-8TS01-2AC2), SCALANCE XCM328 (6GK5328-4TS01-2AC2), SCALANCE XCM332 (6GK5332-0GA01-2AC2), SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3), SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3), SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3), SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3), SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3), SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3), SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3), SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3), SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3), SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>Update to V3.3 or later version</p> <p><strong>Vendor fix</strong><br>Update to V3.3 or later version</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/20.html">CWE-20 Improper Input Validation</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>7</td> <td>HIGH</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H">CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H</a></td> </tr> </tbody> </table> </div> </div> </div> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2025-59375</a></h3> <div class="csaf-accordion-content"> <p>Expat versions prior to 2.7.2 allow attackers to trigger large dynamic memory allocations via a small document submitted for parsing.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-59375">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Siemens SINEC OS</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Siemens</div> <div class="ics-version"><strong>Product Version:</strong><br>RUGGEDCOM RST2428P (6GK6242-6PA00), SCALANCE XCH328 (6GK5328-4TS01-2EC2), SCALANCE XCM324 (6GK5324-8TS01-2AC2), SCALANCE XCM328 (6GK5328-4TS01-2AC2), SCALANCE XCM332 (6GK5332-0GA01-2AC2), SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3), SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3), SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3), SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3), SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3), SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3), SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3), SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3), SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3), SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3)</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>Update to V3.3 or later version</p> <p><strong>Vendor fix</strong><br>Update to V3.3 or later version</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/770.html">CWE-770 Allocation of Resources Without Limits or Throttling</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>7.5</td> <td>HIGH</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H</a></td> </tr> </tbody> </table> </div> </div> </div> </div> <hr> <h2>Acknowledgments</h2> <ul> <li>Siemens reported these vulnerabilities to CISA.</li> </ul> <hr> <h2>General Recommendations</h2> <p>As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals. Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity</p> <hr> <h2>Additional Resources</h2> <p>For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories</p> <hr> <h2>Terms of Use</h2> <p>The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.</p> <hr> <h2>Legal Notice and Terms of Use</h2> <p>This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy &amp; Use policy (https://www.cisa.gov/privacy-policy).</p> <hr> <h2>Recommended Practices</h2> <p>CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.</p> <p>Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.</p> <p>Locate control system networks and remote devices behind firewalls and isolate them from business networks.</p> <p>When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.</p> <p>CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.</p> <p>CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.</p> <p>CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.</p> <p>Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.</p> <hr> <h2>Advisory Conversion Disclaimer</h2> <p>This ICSA is a verbatim republication of Siemens ProductCERT SSA-089022 from a direct conversion of the vendor's Common Security Advisory Framework (CSAF) advisory. This is republished to CISA's website as a means of increasing visibility and is provided "as-is" for informational purposes only. CISA is not responsible for the editorial or technical accuracy of republished advisories and provides no warranties of any kind regarding any information contained within this advisory. Further, CISA does not endorse any commercial product or service. Please contact Siemens ProductCERT directly for any questions regarding this advisory.</p> <h2>Revision History</h2> <ul> <li><strong>Initial Release Date: </strong>2026-01-28</li> </ul> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">Date</th> <th role="columnheader">Revision</th> <th role="columnheader">Summary</th> </tr> </thead> <tbody> <tr> <td>2026-01-28</td> <td>1</td> <td>Publication Date</td> </tr> <tr> <td>2026-02-12</td> <td>2</td> <td>Initial CISA Republication of Siemens SSA-089022 advisory</td> </tr> </tbody> </table> <hr> <h2>Legal Notice and Terms of Use</h2>

<p><a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-043-07.json"><strong>View CSAF</strong></a></p> <h2>Summary</h2> <p><strong>The Webhooks implementation of Siveillance Video Management Servers contains a vulnerability that could allow an authenticated remote attacker with read-only privileges to achieve full access to Webhooks API. Siemens has released new versions for the affected products and recommends to update to the latest versions.</strong></p> <p>The following versions of Siemens Siveillance Video Management Servers are affected:</p> <ul> <li>Siveillance Video V2023 R1: All versions &lt; V23.1 HotfixRev18</li> <li>Siveillance Video V2023 R2: All versions &lt; V23.2 HotfixRev18</li> <li>Siveillance Video V2023 R3: All versions &lt; V23.3 HotfixRev23</li> <li>Siveillance Video V2024 R1: All versions &lt; V24.1 HotfixRev14</li> <li>Siveillance Video V2025: All versions &lt; V25.1 HotfixRev8</li> </ul> <div class="csaf-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS</th> <th role="columnheader">Vendor</th> <th role="columnheader">Equipment</th> <th role="columnheader">Vulnerabilities</th> </tr> </thead> <tbody> <tr> <td>v3 6.3</td> <td>Siemens</td> <td>Siemens Siveillance Video Management Servers</td> <td>Missing Authorization</td> </tr> </tbody> </table> </div> <h3>Background</h3> <ul> <li><strong>Critical Infrastructure Sectors: </strong>Critical Manufacturing</li> <li><strong>Countries/Areas Deployed: </strong>Worldwide</li> <li><strong>Company Headquarters Location: </strong>Germany</li> </ul> <hr> <h2>Vulnerabilities</h2> <div class="csaf-accordion"> <p><a class="csaf-accordion-toggle-all" href="#">Expand All +</a></p> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2025-0836</a></h3> <div class="csaf-accordion-content"> <p>Missing Authorization vulnerability in Milestone Systems XProtect VMS allows users with read-only access to Management Server to have full read/write access to MIP Webhooks API.</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-0836">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Siemens Siveillance Video Management Servers</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Siemens</div> <div class="ics-version"><strong>Product Version:</strong><br>Siveillance Video V2023 R1, Siveillance Video V2023 R2, Siveillance Video V2023 R3, Siveillance Video V2024 R1, Siveillance Video V2025</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Mitigation</strong><br>If, for any reason it is not possible to install the latest patch, we recommend auditing your role security settings and consider everyone with read-only access to the Management Server as having a full access to Webhooks configuration.</p> <p><strong>Vendor fix</strong><br>Update to V23.1 HotfixRev18 or later version</p> <p><strong>Vendor fix</strong><br>Update to V23.2 HotfixRev18 or later version</p> <p><strong>Vendor fix</strong><br>Update to V23.3 HotfixRev23 or later version</p> <p><strong>Vendor fix</strong><br>Update to V24.1 HotfixRev14 or later version</p> <p><strong>Vendor fix</strong><br>Update to V25.1 HotfixRev8 or later version</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/862.html">CWE-862 Missing Authorization</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>6.3</td> <td>MEDIUM</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L">CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L</a></td> </tr> </tbody> </table> </div> </div> </div> </div> <hr> <h2>Acknowledgments</h2> <ul> <li>Siemens ProductCERT reported this vulnerability to CISA.</li> <li>Milestone PSIRT reported this vulnerability to Siemens.</li> </ul> <hr> <h2>General Recommendations</h2> <p>As a general security measure Siemens strongly recommends to protect network access to affected products with appropriate mechanisms. It is advised to follow recommended security practices in order to run the devices in a protected IT environment.</p> <hr> <h2>Additional Resources</h2> <p>For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories</p> <hr> <h2>Terms of Use</h2> <p>The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.</p> <hr> <h2>Legal Notice and Terms of Use</h2> <p>This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy &amp; Use policy (https://www.cisa.gov/privacy-policy).</p> <hr> <h2>Recommended Practices</h2> <p>CISA recommends users take defensive measures to minimize the exploitation risk of these vulnerabilities.</p> <p>Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.</p> <p>Locate control system networks and remote devices behind firewalls and isolate them from business networks.</p> <p>When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.</p> <p>CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.</p> <p>CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.</p> <p>CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.</p> <p>Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.</p> <hr> <h2>Advisory Conversion Disclaimer</h2> <p>This ICSA is a verbatim republication of Siemens ProductCERT SSA-625934 from a direct conversion of the vendor's Common Security Advisory Framework (CSAF) advisory. This is republished to CISA's website as a means of increasing visibility and is provided "as-is" for informational purposes only. CISA is not responsible for the editorial or technical accuracy of republished advisories and provides no warranties of any kind regarding any information contained within this advisory. Further, CISA does not endorse any commercial product or service. Please contact Siemens ProductCERT directly for any questions regarding this advisory.</p> <h2>Revision History</h2> <ul> <li><strong>Initial Release Date: </strong>2026-02-10</li> </ul> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">Date</th> <th role="columnheader">Revision</th> <th role="columnheader">Summary</th> </tr> </thead> <tbody> <tr> <td>2026-02-10</td> <td>1</td> <td>Publication Date</td> </tr> <tr> <td>2026-02-12</td> <td>2</td> <td>Initial CISA Republication of Siemens ProductCERT SSA-625934 advisory</td> </tr> </tbody> </table> <hr> <h2>Legal Notice and Terms of Use</h2>

<p><a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-043-05.json"><strong>View CSAF</strong></a></p> <h2>Summary</h2> <p><strong>Solid Edge uses PS/IGES Parasolid Translator Component that contains an out of bounds read that could be triggered when the application reads files in IGS file formats. If a user is tricked to open a malicious file with any of the affected products, this could lead the application to crash or potentially lead to arbitrary code execution. Siemens has released a new version for Solid Edge and recommends to update to the latest version.</strong></p> <p>The following versions of Siemens Solid Edge are affected:</p> <ul> <li>Solid Edge: All versions prior to V226.00 Update 03</li> </ul> <div class="csaf-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS</th> <th role="columnheader">Vendor</th> <th role="columnheader">Equipment</th> <th role="columnheader">Vulnerabilities</th> </tr> </thead> <tbody> <tr> <td>v3 7.8</td> <td>Siemens</td> <td>Siemens Solid Edge</td> <td>Out-of-bounds Read</td> </tr> </tbody> </table> </div> <h3>Background</h3> <ul> <li><strong>Critical Infrastructure Sectors: </strong>Critical Manufacturing</li> <li><strong>Countries/Areas Deployed: </strong>Worldwide</li> <li><strong>Company Headquarters Location: </strong>Germany</li> </ul> <hr> <h2>Vulnerabilities</h2> <div class="csaf-accordion"> <p><a class="csaf-accordion-toggle-all" href="#">Expand All +</a></p> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2025-40936</a></h3> <div class="csaf-accordion-content"> <p>The affected applications contains an out of bounds read vulnerability while parsing specially crafted IGS files. This could allow an attacker to crash the application or execute code in the context of the current process. (ZDI-CAN-26755)</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-40936">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Siemens Solid Edge</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Siemens</div> <div class="ics-version"><strong>Product Version:</strong><br>Solid Edge</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Vendor fix</strong><br>Update to V226.00 Update 03 or later version</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/125.html">CWE-125 Out-of-bounds Read</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>7.8</td> <td>HIGH</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H">CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H</a></td> </tr> </tbody> </table> </div> </div> </div> </div> <hr> <h2>Acknowledgments</h2> <ul> <li>Siemens ProductCERT reported this vulnerability to CISA.</li> <li>Trend Micro Zero Day Initiative reported this vulnerability to Siemens.</li> </ul> <hr> <h2>General Recommendations</h2> <p>As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals. Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity</p> <hr> <h2>Additional Resources</h2> <p>For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories</p> <hr> <h2>Terms of Use</h2> <p>The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.</p> <hr> <h2>Legal Notice and Terms of Use</h2> <p>This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy &amp; Use policy (https://www.cisa.gov/privacy-policy).</p> <hr> <h2>Recommended Practices</h2> <p>CISA recommends users take defensive measures to minimize the exploitation risk of these vulnerabilities.</p> <p>Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.</p> <p>Locate control system networks and remote devices behind firewalls and isolate them from business networks.</p> <p>When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.</p> <p>CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.</p> <p>CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.</p> <p>CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.</p> <p>Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.</p> <hr> <h2>Advisory Conversion Disclaimer</h2> <p>This ICSA is a verbatim republication of Siemens ProductCERT SSA-445819 from a direct conversion of the vendor's Common Security Advisory Framework (CSAF) advisory. This is republished to CISA's website as a means of increasing visibility and is provided "as-is" for informational purposes only. CISA is not responsible for the editorial or technical accuracy of republished advisories and provides no warranties of any kind regarding any information contained within this advisory. Further, CISA does not endorse any commercial product or service. Please contact Siemens ProductCERT directly for any questions regarding this advisory.</p> <h2>Revision History</h2> <ul> <li><strong>Initial Release Date: </strong>2026-02-10</li> </ul> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">Date</th> <th role="columnheader">Revision</th> <th role="columnheader">Summary</th> </tr> </thead> <tbody> <tr> <td>2026-02-10</td> <td>1</td> <td>Publication Date</td> </tr> <tr> <td>2026-02-12</td> <td>2</td> <td>Initial CISA Republication of Siemens ProductCERT SSA-445819 advisory</td> </tr> </tbody> </table> <hr> <h2>Legal Notice and Terms of Use</h2>

The cyberspace domain is one of the most critical areas of national defense. It is a field that<br/> <img src='https://media.defense.gov/2021/May/24/2002725094/150/150/0/210524-D-LA132-0001.JPG' alt='USCYBERCOM' /> <br />

FORT GEORGE G. MEADE, Md. – U.S. Cyber Command’s Cyber National Mission Force, alongside Department<br/> <img src='https://media.defense.gov/2023/Sep/07/2003295935/150/150/0/230907-D-D0451-0001.PNG' alt='Joint Cybersecurity Advisory CVEs' /> <br />

U.S. Cyber Command’s Cyber National Mission Force, alongside Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, and the Federal Bureau of Investigation released a public joint seal cybersecurity advisory, “Multiple Nation-State Threat Actors Exploit CVE-2022-47966 and CVE-2022-42475,” on Sept. 7. The CSA provides information on an incident at an Aeronautical Sector organization. Nation-state advanced persistent threat (APT) actors exploited CVE-2022-47966 to gain unauthorized access through the organization’s public-facing application, establish persistence and move laterally within the network. Advance persistent threat actors often scan internet-facing devices for vulnerabilities that can be easily be exploited and will continue to do so.<br/> <img src='https://media.defense.gov/2023/Sep/07/2003295935/150/150/0/230907-D-D0451-0001.PNG' alt='Joint Cybersecurity Advisory CVEs' /> <br />

U.S. Cyber Command teamed up with the Air Force Personnel Center for the command’s first-ever public hiring event May 8 in Silver Spring, Maryland. The event, co-hosted by USCYBERCOM and AFPC’s Air Force Civilian Service talent acquisitions team, featured on-site resume reviews and interviews, with multiple qualified individuals receiving job offers on the spot.<br/>

U.S. Cyber Command’s Cyber National Mission Force, alongside interagency and foreign partners, issued a joint Cybersecurity Advisory highlighting advanced spear-phishing campaigns from Russia-based malicious cyber actors<br/> <img src='https://media.defense.gov/2023/Dec/07/2003353529/150/150/0/231207-D-SC900-8146.JPG' alt='An illustration accompanying a joint Cybersecurity Advisory' /> <br />

Strategic competitors, adversaries and proxies use information to gain an advantage over the U.S. joint force. <br/> <img src='https://media.defense.gov/2023/Oct/05/2003315563/150/150/0/231005-F-CT549-1001.PNG' alt='A graphic on how a false narrative is created and spread.' /> <br />

<p>CISA has added five new vulnerabilities to its <a href="https://www.cisa.gov/known-exploited-vulnerabilities-catalog" data-entity-type="node" data-entity-uuid="79453b83-86b9-4e2f-b1ec-abf73c6eb291" data-entity-substitution="canonical" title="Known Exploited Vulnerabilities Catalog">Known Exploited Vulnerabilities (KEV) Catalog</a>, based on evidence of active exploitation.</p> <ul> <li><a href="https://www.cve.org/CVERecord?id=CVE-2017-7921" target="_blank">CVE-2017-7921</a> Hikvision Multiple Products Improper Authentication Vulnerability</li> <li><a href="https://www.cve.org/CVERecord?id=CVE-2021-22681" target="_blank">CVE-2021-22681</a> Rockwell Multiple Products Insufficient Protected Credentials Vulnerability</li> <li><a href="https://www.cve.org/CVERecord?id=CVE-2021-30952" target="_blank">CVE-2021-30952</a> Apple Multiple Products Integer Overflow or Wraparound Vulnerability</li> <li><a href="https://www.cve.org/CVERecord?id=CVE-2023-41974" target="_blank">CVE-2023-41974</a> Apple iOS and iPadOS Use-After-Free Vulnerability</li> <li><a href="https://www.cve.org/CVERecord?id=CVE-2023-43000" target="_blank">CVE-2023-43000</a> Apple Multiple products Use-After-Free Vulnerability</li> </ul> <p>These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.</p> <p><a href="https://www.cisa.gov/binding-operational-directive-22-01">Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities</a> established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the <a href="https://www.cisa.gov/sites/default/files/publications/Reducing_the_Significant_Risk_of_Known_Exploited_Vulnerabilities_211103.pdf">BOD 22-01 Fact Sheet</a> for more information.</p> <p>Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of <a href="https://www.cisa.gov/known-exploited-vulnerabilities-catalog" data-entity-type="node" data-entity-uuid="79453b83-86b9-4e2f-b1ec-abf73c6eb291" data-entity-substitution="canonical" title="Known Exploited Vulnerabilities Catalog">KEV Catalog</a> vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the <a href="https://www.cisa.gov/known-exploited-vulnerabilities" data-entity-type="node" data-entity-uuid="f2adba9a-0404-494c-a90c-4363a4a5c934" data-entity-substitution="canonical" title="Reducing the Significant Risk of Known Exploited Vulnerabilities">specified criteria</a>.</p>

<p><a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-064-01.json"><strong>View CSAF</strong></a></p> <h2>Summary</h2> <p><strong>Successful exploitation of this vulnerability could result in an attacker achieving remote code execution on the device.</strong></p> <p>The following versions of Delta Electronics CNCSoft-G2 are affected:</p> <ul> <li>CNCSoft-G2</li> </ul> <div class="csaf-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS</th> <th role="columnheader">Vendor</th> <th role="columnheader">Equipment</th> <th role="columnheader">Vulnerabilities</th> </tr> </thead> <tbody> <tr> <td>v3 7.8</td> <td>Delta Electronics</td> <td>Delta Electronics CNCSoft-G2</td> <td>Out-of-bounds Write</td> </tr> </tbody> </table> </div> <h3>Background</h3> <ul> <li><strong>Critical Infrastructure Sectors: </strong>Critical Manufacturing</li> <li><strong>Countries/Areas Deployed: </strong>Worldwide</li> <li><strong>Company Headquarters Location: </strong>Taiwan</li> </ul> <hr> <h2>Vulnerabilities</h2> <div class="csaf-accordion"> <p><a class="csaf-accordion-toggle-all" href="#">Expand All +</a></p> <div class="csaf-accordion-item"> <h3><a class="csaf-accordion-toggle" href="#">CVE-2026-3094</a></h3> <div class="csaf-accordion-content"> <p>Delta Electronics CNCSoft-G2 devices prior to version V2.1.0.39 are vulnerable to an Out-of-Bounds Write while parsing DPAX files in the DOPSoft component.</p> <p><a href="https://www.cve.org/CVERecord?id=CVE-2026-3094">View CVE Details</a></p> <hr> <h4>Affected Products</h4> <h5>Delta Electronics CNCSoft-G2</h5> <div class="ics-vendor-version-status"> <div class="ics-vendor"><strong>Vendor:</strong><br>Delta Electronics</div> <div class="ics-version"><strong>Product Version:</strong><br>Delta Electronics CNCSoft-G2: &lt;V2.1.0.39</div> <div class="ics-status"><strong>Product Status:</strong><br>known_affected</div> </div> <div class="ics-remediations"> <h6>Remediations</h6> <p><strong>Mitigation</strong><br>Delta Electronics recommends users update to Version 2.1.0.39, which has resolved this vulnerability. The update can be obtained from the Delta Electronics download center at https://downloadcenter.deltaww.com/en-US/DownloadCenter?v=1&amp;q=cncsoft&amp;sort_expr=cdate&amp;sort_dir=DESC.</p> <p><strong>Mitigation</strong><br>For more information, see the associated Delta Electronics security advisory Delta-PCSA-2026-00004 which can be downloaded in PDF format here: https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2026-00004_CNCSoft-G2_File%20Parsing%20Out-Of-Bounds%20Write.pdf</p> </div> <p><strong>Relevant CWE:</strong> <a href="https://cwe.mitre.org/data/definitions/787.html">CWE-787 Out-of-bounds Write</a></p> <hr> <h4>Metrics</h4> <div class="csaf-table csaf-metrics-table"> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">CVSS Version</th> <th role="columnheader">Base Score</th> <th role="columnheader">Base Severity</th> <th role="columnheader">Vector String</th> </tr> </thead> <tbody> <tr> <td>3.1</td> <td>7.8</td> <td>HIGH</td> <td><a href="https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H">CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H</a></td> </tr> </tbody> </table> </div> </div> </div> </div> <hr> <h2>Acknowledgments</h2> <ul> <li>Natnael Samson (@NattiSamson) of TrendAI Zero Day Initiative reported this vulnerability to CISA</li> </ul> <hr> <h2>Legal Notice and Terms of Use</h2> <p>This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy &amp; Use policy (https://www.cisa.gov/privacy-policy).</p> <hr> <h2>Recommended Practices</h2> <p>CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:</p> <p>Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.</p> <p>Locate control system networks and remote devices behind firewalls and isolating them from business networks.</p> <p>When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.</p> <p>CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.</p> <p>CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.</p> <p>CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.</p> <p>Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.</p> <p>CISA recommends users take the following measures to protect themselves from social engineering attacks:</p> <p>Do not click web links or open attachments in unsolicited email messages.</p> <p>Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams.</p> <p>Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.</p> <p>Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.</p> <p>No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time. This vulnerability is not exploitable remotely.</p> <hr> <h2>Revision History</h2> <ul> <li><strong>Initial Release Date: </strong>2026-03-05</li> </ul> <table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap> <thead> <tr> <th role="columnheader" data-tablesaw-priority="persist">Date</th> <th role="columnheader">Revision</th> <th role="columnheader">Summary</th> </tr> </thead> <tbody> <tr> <td>2026-03-05</td> <td>1</td> <td>Initial Republication of Delta Electronics Delta-PCSA-2026-00004 advisory</td> </tr> </tbody> </table> <hr> <h2>Legal Notice and Terms of Use</h2>

FORT MEADE, Md. — U.S. Cyber Command launched its annual training exercise Cyber Guard 25-2 on June 2, reinforcing the nation's global preeminence in cyberspace operations. <br/> <img src='https://media.defense.gov/2025/Jun/04/2003732685/150/150/0/250603-A-Q1826-1001.JPG' alt='Three uniformed military personnel working at a computer' /> <br />

Estonian and U.S. cyber commands jointly conducted a defensive cyber-operation on Estonian Defence<br/> <img src='https://media.defense.gov/2020/Dec/03/2002545016/150/150/0/201203-F-LA132-0000.JPG' alt='Graphic' /> <br />

Maryland Governor Larry Hogan addresses the U.S. Cyber Command and NSA workforce on the importance of their work during the COVID-19 global pandemic <br/>

The United States Cyber Command (CYBERCOM) and DARPA are kicking off a pilot program aimed at<br/> <img src='https://media.defense.gov/2022/Nov/28/2003121686/150/150/0/221125-D-D0451-0201.PNG' alt='Darpa logo' /> <br />

U.S. Cyber Command will conduct a focused internal defensive cyberspace activity during the month of October. CYBERCOM has identified this event as the International Coordinated Cyber Security Activity, INCCA. This activity will highlight and enhance CYBERCOM's readiness, interoperability, global cyber security posture, cooperation, and support for the Joint Force Commanders, interagency partners, and international partners. <br/> <img src='https://media.defense.gov/2023/Oct/23/2003325475/150/150/0/230920-A-QI826-1001.JPG' alt='Joint Operation Center watch floor personnel at U.S. Cyber Command recap daily defensive cyber actions supporting an International Coordinated Cyber Security Activity.' /> <br />

U.S. Cyber Command conducted a new defensive cyberspace operation concept from October 3-14, 2022.<br/> <img src='https://media.defense.gov/2022/Oct/18/2003097703/150/150/0/221003-N-XK809-1002.JPG' alt='221003-N-XK809-1002 FORT GEORGE G. MEADE, Md. (Oct. 3, 2022) Cryptologic Technician (Networks) 2nd Class Samantha Thompson, assigned to U.S. Fleet Cyber Command / U.S. 10th Fleet, mans the defensive cyber operations watch officer desk in the maritime operations center in support of Global Cyber Defensive Operations. The Global Cyber Defensive Operations is a U.S. Cyber Command led enduring defensive campaigning activity with partners to hunt and identify Indicators of Compromise commonly used by malicious cyberspace actors on designated networks supporting the Joint Force’s logistics and power projection capabilities globally. (U.S. Navy photo by Mass Communication Specialist 1st Class William Sykes)' /> <br />

<p>CISA has added three new vulnerabilities to its <a href="https://www.cisa.gov/known-exploited-vulnerabilities-catalog" data-entity-type="node" data-entity-uuid="79453b83-86b9-4e2f-b1ec-abf73c6eb291" data-entity-substitution="canonical" title="Known Exploited Vulnerabilities Catalog">Known Exploited Vulnerabilities (KEV) Catalog</a>, based on evidence of active exploitation.</p> <ul> <li><a href="https://www.cve.org/CVERecord?id=CVE-2021-22054" target="_blank">CVE-2021-22054</a> Omnissa Workspace ONE Server-Side Request Forgery</li> <li><a href="https://www.cve.org/CVERecord?id=CVE-2025-26399" target="_blank">CVE-2025-26399</a> SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability</li> <li><a href="https://www.cve.org/CVERecord?id=CVE-2026-1603" target="_blank">CVE-2026-1603</a> Ivanti Endpoint Manager (EPM) Authentication Bypass Vulnerability</li> </ul> <p>These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.</p> <p><a href="https://www.cisa.gov/binding-operational-directive-22-01">Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities</a> established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the <a href="https://www.cisa.gov/sites/default/files/publications/Reducing_the_Significant_Risk_of_Known_Exploited_Vulnerabilities_211103.pdf">BOD 22-01 Fact Sheet</a> for more information.</p> <p>Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of <a href="https://www.cisa.gov/known-exploited-vulnerabilities-catalog" data-entity-type="node" data-entity-uuid="79453b83-86b9-4e2f-b1ec-abf73c6eb291" data-entity-substitution="canonical" title="Known Exploited Vulnerabilities Catalog">KEV Catalog vulnerabilities</a> as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the <a href="https://www.cisa.gov/known-exploited-vulnerabilities" data-entity-type="node" data-entity-uuid="f2adba9a-0404-494c-a90c-4363a4a5c934" data-entity-substitution="canonical" title="Reducing the Significant Risk of Known Exploited Vulnerabilities">specified criteria</a>.</p>

For the first time in U.S. Cyber Command history, a Cyber National Mission Force task force exercised, tested, and certified the capability to execute full-spectrum operations, including defensive, offensive, and information operations. <br/> <img src='https://media.defense.gov/2021/Jun/07/2002736051/150/150/0/210524-D-LA132-0106.JPG' alt='U.S. Cyber Command, Cyber National Mission Force members participate in a training and readiness exercise at Fort George G. Meade, Md., May 24, 2021.' /> <br />

Today, the Cyber National Mission Force posted its first malware sample to the website VirusTotal in an effort to share unclassified malware samples it believes will have an impact on improving global cybersecurity.<br/>

Cyber Guard 2017, a weeklong exercise conducted in June, tested and exercised the men and women of U.S. Cyber Command's Cyber Mission Force and interagency partner teams from across federal and state organizations tasked with defending critical infrastructure. <br/> <img src='https://media.defense.gov/2017/Oct/12/2001826235/150/150/0/170705-N-JP302-707.JPG' alt='Active duty, reserve and National Guard service members participate in the Cyber Guard and Cyber Flag exercises sponsored by U.S. Cyber Command. The exercises focused on developing coordinated state government, National Guard, commercial enterprise, Defense Department and interagency responses to significant cyberspace-enabled attacks on U.S. domestic critical infrastructure by hostile actors' /> <br />

FORT GEORGE G. MEADE, Maryland – The United States Cyber Command’s Academic Engagement Network program is aiming at enhancing the command’s ability to address critical mission challenges, foster innovation, and engage with students and faculty.<br/> <img src='https://media.defense.gov/2024/Mar/12/2003411423/150/150/0/240312-D-PP983-001.PNG' alt='CYBER RECON 24 Seal' /> <br />

Cyber Fort III, recently held on Fort George G. Meade, Md., was a bilateral, hands-on-keyboard exercise between U.S Cyber Command and France's Cyber Defense Forces Command designed to combat challenges posed by advanced persistent threats and ensure common defense in cyberspace.<br/> <img src='https://media.defense.gov/2021/Jul/29/2002815488/150/150/0/210721-D-LA132-0111.JPG' alt='U.S. Cyber Command and French cyber warriors collaborate during the training exercise, Cyber Fort III, at Fort George G. Meade, Md., July 21, 2021.' /> <br />

U.S. Cyber Command 2022 Year in Review<br/> <img src='https://media.defense.gov/2022/Oct/07/2003092987/150/150/0/221007-D-D0451-1005.JPG' alt='CODE Wallpaper Widescreen 2' /> <br />

November 22, 2024 — Lt. Gen. William J. Hartman, Deputy Commander of U.S. Cyber Command, emphasized the importance of collaboration between academia, government, and industry during a keynote address at the University of Wisconsin-Madison on Thursday, Nov. 21, 2024.<br/> <img src='https://media.defense.gov/2024/Nov/22/2003592856/150/150/0/241121-F-YW122-608.JPG' alt='A uniformed military officer looks at a device in a college student&#39;s hands.' /> <br />

This month marked a significant stride in cybersecurity as U.S. Cyber Command’s Exercise Cyber Guard 2024 convened cyber professionals from across the command for this year’s first large scale exercise March 1-14. This goal of Cyber Guard 2024 is to hone defensive capabilities and fortify collective cyber resilience. This year’s Cyber Guard integrated into the Large Scale Global Exercise (LSGE 24) for the first time, signifying a monumental collaboration. <br/>

Senior leaders from around the U.S. Cyber Command enterprise attended a summit on April 19 at the<br/> <img src='https://media.defense.gov/2022/Apr/22/2002982486/150/150/0/220419-N-KT462-001.JPG' alt='Senior leaders from around the U.S. Cyber Command enterprise attended a summit on April 19, 2022, at the command’s headquarters on Fort George G. Meade to discuss the future of cyber operations, evolving capabilities, and deeper integration. (DoD Photo by Chief Mass Communication Specialist John Dasbach)' /> <br />

<p>CISA has added two new vulnerabilities to its <a href="https://www.cisa.gov/known-exploited-vulnerabilities-catalog" data-entity-type="node" data-entity-uuid="79453b83-86b9-4e2f-b1ec-abf73c6eb291" data-entity-substitution="canonical" title="Known Exploited Vulnerabilities Catalog">Known Exploited Vulnerabilities (KEV) Catalog</a>, based on evidence of active exploitation.</p> <ul> <li><a href="https://www.cve.org/CVERecord?id=CVE-2025-49113" target="_blank">CVE-2025-49113</a> RoundCube Webmail Deserialization of Untrusted Data Vulnerability</li> <li><a href="https://www.cve.org/CVERecord?id=CVE-2025-68461" target="_blank">CVE-2025-68461</a> RoundCube Webmail Cross-site Scripting Vulnerability</li> </ul> <p>These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.</p> <p><a href="https://www.cisa.gov/binding-operational-directive-22-01">Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities</a> established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the <a href="https://www.cisa.gov/sites/default/files/publications/Reducing_the_Significant_Risk_of_Known_Exploited_Vulnerabilities_211103.pdf">BOD 22-01 Fact Sheet</a> for more information.</p> <p>Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of <a href="https://www.cisa.gov/known-exploited-vulnerabilities-catalog" data-entity-type="node" data-entity-uuid="79453b83-86b9-4e2f-b1ec-abf73c6eb291" data-entity-substitution="canonical" title="Known Exploited Vulnerabilities Catalog">KEV Catalog vulnerabilities</a> as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the <a href="https://www.cisa.gov/known-exploited-vulnerabilities" data-entity-type="node" data-entity-uuid="f2adba9a-0404-494c-a90c-4363a4a5c934" data-entity-substitution="canonical" title="Reducing the Significant Risk of Known Exploited Vulnerabilities">specified criteria</a>.&nbsp;</p>

This month, U.S. Cyber Command launched the second iteration of the International Coordinated Cyber Security Activity (INCCA), a focused defensive cyberspace operation aimed at strengthening Department of Defense (DoD) networks and enhancing global cybersecurity partnerships.<br/> <img src='https://media.defense.gov/2024/Nov/15/2003584625/150/150/0/241115-A-Q1826-1001.JPG' alt='Four service members coordinate during an INCCA.' /> <br />

FORT GEORGE G. MEADE, Md. – U.S. Cyber Command hosted the 13th Reserve Cyber and Signal Intelligence Summit on February 20 and 21 in the Freidman Conference Center and brought together over 260 Reserve and National Guard members from 10 different states. <br/> <img src='https://media.defense.gov/2025/Mar/14/2003667204/150/150/0/250220-A-Q1826-1002.JPG' alt='A uniformed Air Force officer stands on stage, speaking to a crowd.' /> <br />

Mr. Michael Clark, deputy director of plans and policy at U.S. Cyber Command, presented a plan to integrate artificial intelligence into military cyber operations at AI Defense Forum, the annual defense and intelligence conference hosted by C3 AI, on Sept. 10, 2024. The AI roadmap aims to improve analytic capabilities, scale operations, and enhance adversary disruption. <br/>

<p>CISA has added one new vulnerability to its&nbsp;<a href="https://www.cisa.gov/known-exploited-vulnerabilities-catalog">Known Exploited Vulnerabilities (KEV) Catalog</a>, based on evidence of active exploitation.</p> <ul> <li><a href="https://www.cve.org/CVERecord?id=CVE-2026-1731" target="_blank" title="https://www.cve.org/cverecord?id=cve-2026-1731">CVE-2026-1731</a> BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) OS Command Injection Vulnerability</li> </ul> <p>These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.</p> <p><a href="https://www.cisa.gov/binding-operational-directive-22-01">Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities</a>&nbsp;established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the&nbsp;<a href="https://www.cisa.gov/sites/default/files/publications/Reducing_the_Significant_Risk_of_Known_Exploited_Vulnerabilities_211103.pdf">BOD 22-01 Fact Sheet</a> for more information.</p> <p>Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of&nbsp;<a href="https://www.cisa.gov/known-exploited-vulnerabilities-catalog">KEV Catalog vulnerabilities</a> as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the&nbsp;<a href="https://www.cisa.gov/known-exploited-vulnerabilities">specified criteria</a>.</p>

U.S. service members, working alongside cyber defenders from the Republic of Macedonia, have been cooperating over the last few weeks to share best practices in cyber security and to build cyber defense capabilities.<br/>

POSTURE STATEMENT OF GENERAL TIMOTHY D. HAUGH COMMANDER, UNITED STATES CYBER COMMAND BEFORE THE 118TH CONGRESS SENATE COMMITTEE ON ARMED SERVICES 10 APRIL 2024<br/>

Together, 16th Air Force (Air Forces Cyber) and the Sweden Cyber Command are sharpening their competitive edge by teaming up to counter these malicious cyber activities.<br/> <img src='https://media.defense.gov/2025/Mar/07/2003668790/150/150/0/250224-F-RN139-1002.JPG' alt='A group photo of Airmen and the Swedish Armed Forces.' /> <br />

After two years of virtual engagements, U.S. Cyber Command recruiters are excited to meet candidates<br/> <img src='https://media.defense.gov/2022/May/06/2002991772/150/150/0/220506-X-XX001-0001.JPG' alt='Fort George G. Meade Community Job Fair, Wednesday, 11 May. The job fair will be held at Club Meade from 10 a.m. until 2 p.m.' /> <br />

The 2021 U.S. Cyber Command Legal Conference was held virtually Thursday morning, and livestreamed on the Defense Visual Information Distribution Service. This annual conference explores current law and policy issues related to offensive and defensive cyberspace operations. <br/> <img src='https://media.defense.gov/2021/Mar/05/2002594390/150/150/0/210304-N-KT462-7847.JPG' alt='Army Gen. Paul M. Nakasone, U.S. Cyber Command commander and National Security Agency director, remarks on the complexities associated with working within cyberspace during the 2021 USCYBERCOM Legal Conference, March 3, 2021.' /> <br />

As part of the Dept. of Defense’s efforts to sharpen lethality, reform business practices, and<br/> <img src='https://media.defense.gov/2020/Dec/04/2002546041/150/150/0/201103-F-LA132-0002.JPG' alt='Australian and United States Cyber Training Arrangement' /> <br />

United States Cyber Command has announced the appointment of Ms. Morgan M. Adamski as its new Executive Director. Ms. Adamski will assume this critical position in early June 2024, bringing her extensive expertise and leadership to the forefront of the nation's cyber defense efforts.<br/> <img src='https://media.defense.gov/2024/May/06/2003457339/150/150/0/240506-A-Q1826-1001.JPG' alt='Portrait picture of a woman' /> <br />

The threats against the nation's infrastructure and cyber networks are asymmetrical, persistent, and<br/>