US CERT
11/17/2022
Summary The Cybersecurity and Infrastructure Security Agency (CISA) is sharing the following information with the cybersecurity community as a primer for assisting in the protection of our Nation’s critical infrastructure in light of the current tensions between the Islamic Republic of Iran and the United States and Iran’s historic use …
US CERT
11/17/2022
Summary This Alert is the result of recent collaboration between the Department of the Treasury Financial Sector Cyber Information Group (CIG) and the Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) to identify and share information with the financial services sector. Treasury and the Cybersecurity and Infrastructure Security Agency …
US CERT
11/17/2022
Summary Note: This alert does not apply to federally certified voting systems running Windows 7. Microsoft will continue to provide free security updates to those systems through the 2020 election. See Microsoft’s article, Extending free Windows 7 security updates to voting systems, for more information. On January 14, 2020, Microsoft …
SIEMENS CERT
11/08/2022
Multiple vulnerabilities (also known as “NUCLEUS:13”) have be identified in the Nucleus RTOS (real-time operating system) and reported in the Siemens Security Advisory SSA-044112: https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf. CAPITAL VSTAR uses an affected version of the Nucleus software and inherently contains several of these vulnerabilities. Siemens recommends specific countermeasures for products where updates …
SIEMENS CERT
11/08/2022
SSA-638652 V1.1 (Last Update: 2022-11-08): Authentication Bypass Vulnerability in Mendix SAML Module
The Mendix SAML module insufficiently protects from packet capture replay. This could allow unauthorized remote attackers to bypass authentication and get access to the application. Mendix has provided fix releases for the Mendix SAML module and recommends to update to the latest version. Note: For compatibility reasons, fix versions are …
SIEMENS CERT
11/08/2022
The SSH server on RUGGEDCOM ROS devices is configured to offer weak ciphers by default. This could allow an unauthorized attacker in a man-in-the-middle position to read and modify any data passed over the connection between legitimate clients and the affected device. Siemens is preparing updates and recommends specific countermeasures …
SIEMENS CERT
11/08/2022
RUGGEDCOM ROS-based V4 devices are vulnerable to a denial of service attack (Slowloris). By sending partial HTTP requests nonstop, with none completed, the affected web servers will be waiting for the completion of each request, occupying all available HTTP connections. The web server recovers by itself once the attack ends. …
SIEMENS CERT
11/08/2022
A security research [1] identified weaknesses in the IEEE 1735 recommended practice for encryption of Design IP, which could allow a sophisticated attacker access to unencrypted Design IP data in IEEE 1735-compliant products. This advisory addresses the specific details for the affected Siemens software products: Questa and ModelSim simulators. Siemens …