Category: CISA.gov

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.8 ATTENTION: Low attack complexity Vendor: Schneider Electric Equipment: Uni-Telway Driver Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to perform

CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2025-25181 Advantive VeraCore SQL Injection Vulnerability CVE-2024-57968 Advantive VeraCore Unrestricted File Upload Vulnerability CVE-2024-13159 Ivanti Endpoint Manager (EPM) Absolute Path

The Federal Bureau of Investigation (FBI) Internet Crime Complaint Center (IC3) has released an alert warning of a scam involving criminal actors masquerading as the “BianLian Group.”  The cyber criminals target corporate executives by sending extortion letters

CISA released three Industrial Control Systems (ICS) advisories on March 6, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-065-01 Hitachi Energy PCU400 ICSA-25-065-02 Hitachi Energy Relion 670/650/SAM600-IO  ICSA-25-037-02

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: PCU400, PCULogger Vulnerabilities: Access of Resource Using Incompatible Type ('Type Confusion'), NULL Pointer Dereference, Use After Free, Double Free,

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: Relion 670/650/SAM600-IO Vulnerability: Improper Handling of Insufficient Privileges 2. RISK EVALUATION Successful exploitation of this vulnerability could allow anyone

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.1 ATTENTION: Low attack complexity Vendor: Carrier Equipment: Block Load Vulnerability: Uncontrolled Search Path Element 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a malicious actor to

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: XMC20 Vulnerability: Relative Path Traversal 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to access

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: GMOD Equipment: Apollo Vulnerabilities: Incorrect Privilege Assignment, Relative Path Traversal, Missing Authentication for Critical Function, Generation of Error Message Containing Sensitive Information

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Low attack complexity Vendor: Delta Electronics Equipment: CNCSoft-G2 Vulnerability: Heap-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute code