Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-52051 |
Description: As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
View CSAF
1. EXECUTIVE SUMMARY
CVSS v4 7.0
ATTENTION: Low attack complexity
Vendor: Siemens
Equipment: Siemens Engineering Platforms
Vulnerability: Improper Input Validation
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
Siemens reports that the following products are affected:
Siemens SIMATIC STEP 7 Safety V18: All versions
Siemens SIMATIC STEP 7 Safety V19: All versions
Siemens SIMATIC S7-PLCSIM V18: All versions
Siemens SIMOCODE ES V18: All versions
Siemens SIMATIC WinCC Unified V17: All versions
Siemens SINAMICS Startdrive V18: All versions
Siemens SIMATIC STEP 7 V17: All versions
Siemens SIMATIC WinCC V19: All versions
Siemens SIRIUS Safety ES V17 (TIA Portal): All versions
Siemens TIA Portal Cloud V19: All versions
Siemens SIRIUS Safety ES V18 (TIA Portal): All versions
Siemens SIMATIC STEP 7 V19: All versions
Siemens SIRIUS Soft Starter ES V18 (TIA Portal): All versions
Siemens SIRIUS Safety ES V19 (TIA Portal): All versions
Siemens SIMOTION SCOUT TIA V5.4 SP3: All versions
Siemens SIMOTION SCOUT TIA V5.5 SP1: All versions
Siemens SINAMI...
EPSS Score: 0.04%
December 12th, 2024 (4 months ago)
|
|
CVE-2024-49704 |
Description: As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
View CSAF
1. EXECUTIVE SUMMARY
CVSS v4 5.9
ATTENTION: Low Attack Complexity
Vendor: Siemens
Equipment: COMOS
Vulnerabilities: Improper Restriction of XML External Entity Reference
2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to extract arbitrary application files.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
Siemens reports that the following products are affected:
COMOS V10.4.0: All versions
COMOS V10.4.1: All versions
COMOS V10.4.2: All versions
COMOS V10.4.3: Versions prior to V10.4.3.0.47
COMOS V10.4.4: Versions prior to V10.4.4.2
COMOS V10.4.4.1: Versions prior to V10.4.4.1.21
COMOS V10.3: Versions prior to V10.3.3.5.8
3.2 Vulnerability Overview
3.2.1 IMPROPER RESTRICTION OF XML EXTERNAL ENTITY REFERENCE CWE-611
The Generic Data Mapper, the Engineering Adapter, and the Engineering Interface improperly handle XML External Entity (XXE) entries when parsing configuration and mapping files. This could allow an attacker to extract any file with a known location on the user's system or accessible network folders by persuading a user to use a maliciously crafted configuration or mapping file in one of the affected ...
EPSS Score: 0.05%
December 12th, 2024 (4 months ago)
|
|
CVE-2024-52565 |
Description: As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
View CSAF
1. EXECUTIVE SUMMARY
CVSS v4 7.3
ATTENTION: Low Attack Complexity
Vendor: Siemens
Equipment: Teamcenter Visualization
Vulnerabilities: Out-of-bounds Read, Improper Restriction of Operations within the Bounds of a Memory Buffer, Out-of-bounds Write, NULL Pointer Dereference, Use After Free, Stack-based Buffer Overflow
2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to affect confidentiality, integrity, or availability of the affected products.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
Siemens reports that the following products are affected:
Teamcenter Visualization V2406: Versions prior to V2406.0005 (CVE-2024-52565, CVE-2024-52566, CVE-2024-52567, CVE-2024-52568, CVE-2024-52569, CVE-2024-52570, CVE-2024-52571, CVE-2024-52572, CVE-2024-52573, CVE-2024-52574)
Teamcenter Visualization V14.2: Versions prior to V14.2.0.14
Teamcenter Visualization V14.3: Versions prior to V14.3.0.12
Teamcenter Visualization V2312: Versions prior to V2312.0008
3.2 Vulnerability Overview
3.2.1 OUT-OF-BOUNDS READ CWE-125
The affected applications contain an out-of-bounds read past the end of an allocated structure while parsing...
EPSS Score: 0.04%
December 12th, 2024 (4 months ago)
|
|
Description: Security isn't just about tools — it's about understanding how the enemy thinks and why they make certain choices.
December 12th, 2024 (4 months ago)
|
|
|
Description: The Russia-linked state-sponsored threat actor tracked as Gamaredon has been attributed to two new Android spyware tools called BoneSpy and PlainGnome, marking the first time the adversary has been discovered using mobile-only malware families in its attack campaigns.
"BoneSpy and PlainGnome target former Soviet states and focus on Russian-speaking victims," Lookout said in an analysis. "Both
December 12th, 2024 (4 months ago)
|
|
|
Description: Cybersecurity researchers are warning that thousands of servers hosting the Prometheus monitoring and alerting toolkit are at risk of information leakage and exposure to denial-of-service (DoS) as well as remote code execution (RCE) attacks.
"Prometheus servers or exporters, often lacking proper authentication, allowed attackers to easily gather sensitive information, such as credentials and API
December 12th, 2024 (4 months ago)
|
|
|
Description: SaaS services are one of the biggest drivers of OpEx (operating expenses) for modern businesses. With Gartner projecting $247.2 billion in global SaaS spending this year, it’s no wonder SaaS budgets are a big deal in the world of finance and IT. Efficient SaaS utilization can significantly affect both the bottom line and employee productivity.
In this article, we’ll break down this topic
December 12th, 2024 (4 months ago)
|
|
CVE-2024-44131 |
Description: Details have emerged about a now-patched security vulnerability in Apple's iOS and macOS that, if successfully exploited, could sidestep the Transparency, Consent, and Control (TCC) framework and result in unauthorized access to sensitive information.
The flaw, tracked as CVE-2024-44131 (CVSS score: 5.3), resides in the FileProvider component, per Apple, and has been addressed with improved
EPSS Score: 0.14%
December 12th, 2024 (4 months ago)
|
|
|
Description: Why organisations should avoid ‘blame and fear’, and instead use technical measures to manage the threat from phishing.
December 12th, 2024 (4 months ago)
|
|
CVE-2024-11972 |
Description: Malicious actors are exploiting a critical vulnerability in the Hunk Companion plugin for WordPress to install other vulnerable plugins that could open the door to a variety of attacks.
The flaw, tracked as CVE-2024-11972 (CVSS score: 9.8), affects all versions of the plugin prior to 1.9.0. The plugin has over 10,000 active installations.
"This flaw poses a significant security risk, as it
EPSS Score: 0.04%
December 12th, 2024 (4 months ago)
|