HOME TOOLS TRAINING NEWS CTF EVENTS CRYPTOJAMS CONTACT

NEWS

ALL NEWS - LIST VIEW "click here"

Major News Resources

Bleeping Computer

The Hacker News

FBI News

CISA Alerts & Advisories

Homeland Security News Wire

NSA Press Releases & Statements

New Exploits

Cybersecurity and Infrastructure Security Agency C

Siemens Solid Edge | CISA

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
View CSAF
Successful exploitation of these vulnerabilities could allow an attacker to crash the application or execute arbitrary code.
Siemens reports that the following products are af...
Cybersecurity and Infrastructure Security Agency C

Hitachi Energy MACH GWS | CISA

View CSAF
Exploiting these vulnerabilities could allow an attacker to tamper with system files, cause a denial of service, or perform a remote man-in-the-middle attack.
The following versions of MACH GWS affected:
A vulnerability exists in MACH GWS product, which if exploited, could allow a local unauthenticated attacker to tamper a system file resulting in a denial of notify service.
CVE-2025-39201 has been assigned to this vulnerability. A CVSS v3.1 base score of 6.1 has been calculated; the C...
Cybersecurity and Infrastructure Security Agency C

Siemens HyperLynx and Industrial Edge App Publisher | CISA

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
View CSAF
Successful exploitation of this vulnerability could allow a remote attacker to perform arbitrary code execution via a crafted HTML page.
Siemens reports that the following pro...
Cybersecurity and Infrastructure Security Agency C

Siemens SIMATIC ET 200SP Communication Processors | CISA

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
View CSAF
Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to access the configuration data.
Siemens reports that the following products are...
Cybersecurity and Infrastructure Security Agency C

Rockwell Automation FactoryTalk View Machine Edition and PanelView Plus 7 | CISA

View CSAF
Successful exploitation of these vulnerabilities could allow an unauthenticated attacker to access to the device's file system.
The following versions of Rockwell Automation FactoryTalk View Machine Edition and PanelView Plus 7 are affected:
A path traversal security issue exists within FactoryTalk View Machine Edition, allowing unauthenticated attackers on the same network as the device to delete any file within the panels operating system. Exploitation of this vulnerability is depend...
Cybersecurity and Infrastructure Security Agency C

Siemens SINEC NMS | CISA

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
View CSAF
Successful exploitation of this vulnerability could allow an authenticated low privileged attacker to insert malicious data and achieve privilege escalation.
Siemens reports t...
Cybersecurity and Infrastructure Security Agency C

Rockwell Automation FactoryTalk ViewPoint | CISA

View CSAF
Successful exploitation of this vulnerability could allow unauthenticated attackers to achieve XML external entity injection, resulting in a temporary denial-of-service condition.
Rockwell Automation reports the following versions of PanelView Plus (which interacts with FactoryTalk ViewPoint) are affected by this vulnerability:
A security issue was discovered within FactoryTalk ViewPoint, allowing unauthenticated attackers to achieve XML external entity injection. Certain SOAP requests...
Cybersecurity and Infrastructure Security Agency C

CISA Releases Thirteen Industrial Control Systems Advisories | CISA

CISA released thirteen Industrial Control Systems (ICS) advisories on October 16, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.
CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.

CISA released thirteen Industrial Control Systems (ICS) advisories on October 16, 2025. These advisories provide timely information about current security issues, vulner...
Cybersecurity and Infrastructure Security Agency C

Rockwell Automation ArmorStart AOP | CISA

View CSAF
Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service condition on the affected product.
The following Rockwell Automation products are affected:
A security issue exists within the Studio 5000 Logix Designer add-on profile (AOP) for the ArmorStart Classic distributed motor controller, resulting in a denial-of-service. This vulnerability is possible due to the input of invalid values into Component Object Model (COM) methods.
CVE-2025-9437 ha...
Cybersecurity and Infrastructure Security Agency C

Siemens SiPass Integrated | CISA

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
View CSAF
Successful exploitation of these vulnerabilities could allow an unauthenticated remote attacker to gain unauthorized access to user accounts, manipulate data, impersonate user...
Cybersecurity and Infrastructure Security Agency C

Siemens TeleControl Server Basic | CISA

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
View CSAF
Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to obtain password hashes of users and to login to and perform authenticated opera...
Cybersecurity and Infrastructure Security Agency C

Rockwell Automation FactoryTalk Linx | CISA

View CSAF
Successful exploitation of these vulnerabilities may allow full access to all files, processes, and system resources.
Rockwell Automation reports that the following versions of the FactoryTalk Linx control system data communications platform are affected:
A security issue exists within the x86 Microsoft Installer File (MSI), which is installed with FTLinx. Authenticated attackers with valid Windows user credentials can initiate a repair and hijack the resulting console window. This all...
Cybersecurity and Infrastructure Security Agency C

CISA Adds One Known Exploited Vulnerability to Catalog | CISA

CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise. 
Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant...
Cybersecurity and Infrastructure Security Agency C

CISA Directs Federal Agencies to Mitigate Vulnerabilities in F5 Devices | CISA

Today, CISA issued Emergency Directive ED 26-01: Mitigate Vulnerabilities in F5 Devices to direct Federal Civilian Executive Branch agencies to inventory F5 BIG-IP products, evaluate if the networked management interfaces are accessible from the public internet, and apply newly released updates from F5. 
A nation-state affiliated cyber threat actor has compromised F5 systems and exfiltrated data, including portions of the BIG-IP proprietary source code and vulnerability information, which provid...
Cybersecurity and Infrastructure Security Agency C

CISA Adds Five Known Exploited Vulnerabilities to Catalog | CISA

CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.
Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry signifi...
Cybersecurity and Infrastructure Security Agency C

Rockwell Automation 1715 EtherNet/IP Comms Module | CISA

View CSAF
Successful exploitation of these vulnerabilities could allow an attacker to cause the web server to crash, requiring a restart to recover.
The following versions of Rockwell Automation 1715 EtherNet/IP Comms Module are affected:
A denial-of-service security issue exists in the affected product and version. The security issue stems from a high number of requests sent to the web server. This could result in a web server crash; however, this does not impact I/O control or communication. A...
Cybersecurity and Infrastructure Security Agency C

CISA Releases One Industrial Control Systems Advisory | CISA

CISA released one Industrial Control Systems (ICS) advisory on October 14, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.
CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.

CISA released one Industrial Control Systems (ICS) advisory on October 14, 2025. These advisories provide timely information about current security issues, vulnerabilities, and...
Cybersecurity and Infrastructure Security Agency C

CISA Adds One Known Exploited Vulnerability to Catalog | CISA

CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise. 
Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant...
Cybersecurity and Infrastructure Security Agency C

Rockwell Automation Lifecycle Services with Cisco | CISA

View CSAF
Successful exploitation of this vulnerability could result in arbitrary code execution.
Rockwell Automation reports the following Lifecycle Services with Cisco are affected:
A third-party vulnerability exists in the affected products. The affected products use Cisco IOS XE Software which contains a vulnerability in the Simple Network Management Protocol (SNMP) subsystem. An authenticated, remote attacker with low privileges could cause a denial-of-service (DoS) condition on an affected...
Cybersecurity and Infrastructure Security Agency C

Rockwell Automation Stratix | CISA

View CSAF
Successful exploitation of this vulnerability could result in arbitrary code execution.
The following version of Stratix 5700 is affected:
A third-party vulnerability exists in the affected products. The affected products use Cisco IOS XE Software which contains a vulnerability in the Simple Network Management Protocol (SNMP) subsystem. An authenticated, remote attacker with low privileges could cause a denial-of-Service (DoS) condition on an affected device running Cisco IOS Software...
Cybersecurity and Infrastructure Security Agency C

Hitachi Energy Asset Suite | CISA

View CSAF
Successful exploitation of this vulnerability could result in the manipulation of content or the injection of data with the potential of carrying out further malicious attacks.
The following versions of Asset Suite are affected:
A vulnerability exists in Asset Suite for an authenticated user to manipulate the content of performance related log data or to inject crafted data in logfile for potentially carrying out further malicious attacks. Performance logging is typically enabled for t...
Cybersecurity and Infrastructure Security Agency C

CISA Adds One Known Exploited Vulnerability to Catalog | CISA

CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise. 
Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant...
Cybersecurity and Infrastructure Security Agency C

CISA Releases Two Industrial Control Systems Advisories | CISA

CISA released two Industrial Control Systems (ICS) advisories on October 7, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.
CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.

CISA released two Industrial Control Systems (ICS) advisories on October 7, 2025. These advisories provide timely information about current security issues, vulnerabilities, a...
Cybersecurity and Infrastructure Security Agency C

Delta Electronics DIAScreen | CISA

View CSAF
Successful exploitation of these vulnerabilities could allow an attacker to write data outside of the allocated memory buffer.
The following versions of Delta Electronics DIAScreen are affected:
Delta Electronics DIAScreen can write data outside of the intended memory buffer when a valid user opens a maliciously crafted project file.
CVE-2025-59297 has been assigned to this vulnerability. A CVSS v3.1 base score of 6.6 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/P...
Cybersecurity and Infrastructure Security Agency C

CISA Adds Seven Known Exploited Vulnerabilities to Catalog | CISA

CISA has added seven new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
These types of vulnerabilities are frequent attack vector for malicious cyber actors and pose significant risks to the federal enterprise. 
Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry signif...
Cybersecurity and Infrastructure Security Agency C

CISA Adds Five Known Exploited Vulnerabilities to Catalog | CISA

CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
These types of vulnerabilities are frequent attack vector for malicious cyber actors and pose significant risks to the federal enterprise. 
Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry signifi...
Cybersecurity and Infrastructure Security Agency C

Hitachi Energy MSM Product | CISA

View CSAF
Successful exploitation of these vulnerabilities could allow HTML injection via the name parameter or an assertion failure in fuzz_binary_decode, resulting in a crash.
Hitachi Energy reports that the following products are affected:
goform/formTest in EmbedThis GoAhead 2.5 allows HTML injection via the name parameter.
CVE-2023-53155 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.2 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L...
Cybersecurity and Infrastructure Security Agency C

Raise3D Pro2 Series 3D Printers | CISA

View CSAF
Successful exploitation of this vulnerability could result in data exfiltration and compromise of the target device.
The following firmware versions of the Rasie3D Pro2 Series printers are affected:
An unauthenticated debug port may allow access to the device file system.
CVE-2025-10653 has been assigned to this vulnerability. A CVSS v3 base score of 8.6 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L).
A CVSS v4 score has also been calculated for CV...
Cybersecurity and Infrastructure Security Agency C

CISA Releases Two Industrial Control Systems Advisories | CISA

CISA released two Industrial Control Systems (ICS) advisories on October 2, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.
CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.

CISA released two Industrial Control Systems (ICS) advisories on October 2, 2025. These advisories provide timely information about current security issues, vulnerabilities, a...
Cybersecurity and Infrastructure Security Agency C

CISA Releases Ten Industrial Control Systems Advisories | CISA

CISA released ten Industrial Control Systems (ICS) advisories on September 30, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.
CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.

CISA released ten Industrial Control Systems (ICS) advisories on September 30, 2025. These advisories provide timely information about current security issues, vulnerabilit...
Cybersecurity and Infrastructure Security Agency C

National Instruments Circuit Design Suite | CISA

View CSAF
Successful exploitation of these vulnerabilities could allow an attacker to cause memory corruption, potentially leading to information disclosure and execution of arbitrary code.
The following National Instruments products are affected:
The affected product is vulnerable to a memory corruption of a function table, which could allow an attacker to disclose information or execute arbitrary code.
CVE-2025-6033 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has bee...
Cybersecurity and Infrastructure Security Agency C

LG Innotek Camera Multiple Models | CISA

View CSAF
Successful exploitation of this vulnerability could allow an attacker to gain administrative access to the device.
The following models of LG Innotek CCTV Cameras are affected:
An authentication bypass vulnerability exists in LG Innotek camera models LND7210 and LNV7210R. The vulnerability allows a malicious actor to gain access to camera information including user account information.
CVE-2025-10538 has been assigned to this vulnerability. A CVSS v3.1 base score of 8.6 has been calcul...
Cybersecurity and Infrastructure Security Agency C

MegaSys Enterprises Telenium Online Web Application | CISA

View CSAF
Successful exploitation of this vulnerability could allow an unauthenticated attacker to inject arbitrary operating system commands through a crafted HTTP request, leading to remote code execution on the server in the security context of the web application service account.
The following MegaSys Enerprises products are affected:
The Telenium Online Web Application is vulnerable due to a PHP endpoint accessible to unauthenticated network users that improperly handles user-supplied input...
Cybersecurity and Infrastructure Security Agency C

Festo Controller CECC-S,-LK,-D Family Firmware | CISA

View CSAF
Successful exploitation of these vulnerabilities could allow an attacker to crash services, escalate privileges, bypass authentication, or gain unauthorized access to sensitive systems and data.
Festo reports that the following products are affected:
A remote, authenticated attacker could utilize the control program of the CODESYS Control runtime system to use the vulnerability in order to read and modify the configuration file(s) of the affected products.
CVE-2022-22515 has been assig...
Cybersecurity and Infrastructure Security Agency C

OpenPLC_V3 | CISA

View CSAF
Successful exploitation of this vulnerability could cause a denial of service, making the PLC runtime process crash.
The following versions of OpenPLC_V3 are affected:
OpenPLC_V3 has a vulnerability in the enipThread function that occurs due to the lack of a return value. This leads to a crash when the server loop ends and execution hits an illegal ud2 instruction. This issue can be triggered remotely without authentication by starting the same server multiple times or if the server ex...
Cybersecurity and Infrastructure Security Agency C

Festo CPX-CEC-C1 and CPX-CMXX | CISA

View CSAF
Successful exploitation of this vulnerability could allow unauthenticated, remote access to critical webpage functions which may cause a denial of service.
Festo reports that the following products are affected:
Festo control block CPX-CEC-C1 and CPX-CMXX in multiple versions allow unauthenticated, remote access to critical webpage functions which may cause a denial of service.
CVE-2022-3079 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.5 has been calculated; the...
Cybersecurity and Infrastructure Security Agency C

Festo SBRD-Q/SBOC-Q/SBOI-Q | CISA

View CSAF
Successful exploitation of these vulnerabilities may allow the attacker to read arbitrary data or cause a denial-of-service condition.
Festo reports that the following products are affected:
A specifically-crafted packet sent by an attacker to EIPStackGroup OpENer EtherNet/IP commits and versions prior to February 10, 2021, may cause a denial-of-service condition.
CVE-2021-27478 has been assigned to this vulnerability. A CVSS v3.1 base score of 8.2 has been calculated; the CVSS vector...
Cybersecurity and Infrastructure Security Agency C

CISA and UK NCSC Release Joint Guidance for Securing OT Systems | CISA

CISA, in collaboration with the Federal Bureau of Investigation, the United Kingdom’s National Cyber Security Centre, and other international partners has released new joint cybersecurity guidance: Creating and Maintaining a Definitive View of Your Operational Technology (OT) Architecture.
Building on the recent Foundations for OT Cybersecurity: Asset Inventory Guidance for Owners and Operators, this guidance explains how organizations can leverage data sources, such as asset inventories and man...
Cybersecurity and Infrastructure Security Agency C

CISA Adds Five Known Exploited Vulnerabilities to Catalog | CISA

CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
These types of vulnerabilities are frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise. 
Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry signif...
Cybersecurity and Infrastructure Security Agency C

CISA Strengthens Commitment to SLTT Governments | CISA

The Cybersecurity and Infrastructure Security Agency (CISA) announced that it has transitioned to a new model to better equip state, local, tribal, and territorial (SLTT) governments to strengthen shared responsibility nationwide. CISA is supporting our SLTT partners with access to grant funding, no-cost tools, and cybersecurity expertise to be resilient and lead at the local level. 
CISA’s cooperative agreement with the Center for Internet Security (CIS) will reach its planned end on September...
Cybersecurity and Infrastructure Security Agency C

CISA Directs Federal Agencies to Identify and Mitigate Potential Compromise of Cisco Devices | CISA

Today, CISA issued Emergency Directive ED 25-03: Identify and Mitigate Potential Compromise of Cisco Devices to address vulnerabilities in Cisco Adaptive Security Appliances (ASA) and Cisco Firepower devices. CISA has added vulnerabilities CVE-2025-20333 and CVE-2025-20362 to the Known Exploited Vulnerabilities Catalog. 
The Emergency Directive requires federal agencies to identify, analyze, and mitigate potential compromises immediately. Agencies must:
For detailed guidance, including additiona...
Cybersecurity and Infrastructure Security Agency C

Dingtian DT-R002 | CISA

View CSAF
Successful exploitation of these vulnerabilities could allow an attacker to retrieve credentials without authentication.
The following versions of Dingtian DT-R002, a relay board, are affected:
All versions of Dingtian DT-R002 are vulnerable to an Insufficiently Protected Credentials vulnerability that could allow an attacker to retrieve the current user's username without authentication.
CVE-2025-10879 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.5 has been cal...
Cybersecurity and Infrastructure Security Agency C

CISA Releases One Industrial Control Systems Advisory | CISA

CISA released one Industrial Control Systems (ICS) advisory on September 25, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.
CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.

CISA released one Industrial Control Systems (ICS) advisory on September 25, 2025. These advisories provide timely information about current security issues, vulnerabilities,...
Cybersecurity and Infrastructure Security Agency C

Widespread Supply Chain Compromise Impacting npm Ecosystem | CISA

CISA is releasing this Alert to provide guidance in response to a widespread software supply chain compromise involving the world’s largest JavaScript registry, npmjs.com. A self-replicating worm—publicly known as “Shai-Hulud”—has compromised over 500 packages.[i]
After gaining initial access, the malicious cyber actor deployed malware that scanned the environment for sensitive credentials. The cyber actor then targeted GitHub Personal Access Tokens (PATs) and application programming interface (...
Cybersecurity and Infrastructure Security Agency C

CISA Shares Lessons Learned from an Incident Response Engagement | CISA

The Cybersecurity and Infrastructure Security Agency (CISA) is releasing this Cybersecurity Advisory to highlight lessons learned from an incident response engagement CISA conducted at a U.S. federal civilian executive branch (FCEB) agency. CISA is publicizing this advisory to reinforce the importance of prompt patching, as well as preparing for incidents by practicing incident response plans and by implementing logging and aggregating logs in a centralized out-of-band location. CISA is also rai...
Cybersecurity and Infrastructure Security Agency C

Mitsubishi Electric MELSEC-Q Series CPU Module | CISA

View CSAF
Successful exploitation of this vulnerability could allow an attacker to cause a denial of service (DoS).
The following versions of Mitsubishi Electric MELSEC-Q Series CPU modules are affected:
A Denial-of-Service (DoS) vulnerability exists in the MELSEC-Q series CPU module when the user authentication function is enabled, due to improper handling of length parameter inconsistency.
CVE-2025-8531 has been assigned to this vulnerability. A CVSS v3.1 base score of 6.8 has been calculated;...
Cybersecurity and Infrastructure Security Agency C

Viessmann Vitogate 300 | CISA

View CSAF
Successful exploitation of this vulnerability could allow an attacker to modify an intended OS command when it is sent to a downstream component, or allow an attacker to cause unexpected interactions between the client and server.
The following versions of Viessmann Vitogate 300 are affected:
Vitogate 300 constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could...