August 2024
01.08.2024
US CERT (ICS)
Vonets WiFi Bridges
Titel
Vonets WiFi Bridges
Veröffentlicht
1. August 2024 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-08
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Vonets Equipment: VAR1200-H, VAR1200-L, VAR600-H, VAP11AC, VAP11G-500S, VBG1200, VAP11S-5G, VAP11S, VAR11N-300, VAP11G-300, VAP11N-300, VAP11G, VAP11G-500, VBG1200, VAP11AC, VGA-1000 Vulnerabilities: Use of Hard-coded Credentials, Improper Access Control, Path Traversal, Command Injection, Improper Check or Handling of Exceptional ...
01.08.2024
US CERT (ICS)
Johnson Controls exacqVision Web Service
Titel
Johnson Controls exacqVision Web Service
Veröffentlicht
1. August 2024 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-04
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.4 ATTENTION: Exploitable remotely Vendor: Johnson Controls, Inc. Equipment: exacqVision Web Service Vulnerability: Cleartext Transmission of Sensitive Information 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to perform a man-in-the-middle attack and gain access to sensitive information. 3. TECHNICAL ...
01.08.2024
US CERT (ICS)
Johnson Controls exacqVision Client and exacqVision Server
Titel
Johnson Controls exacqVision Client and exacqVision Server
Veröffentlicht
1. August 2024 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-01
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.0 ATTENTION: Exploitable remotely Vendor: Johnson Controls Inc. Equipment: exacqVision Client, exacqVision Server key Vulnerability: Inadequate Encryption Strength 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to be able to decrypt communications between exacqVision Server and exacqVision Client due ...
Juli 2024
25.07.2024
US CERT (ICS)
Positron Broadcast Signal Processor
Titel
Positron Broadcast Signal Processor
Veröffentlicht
25. Juli 2024 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-24-207-02
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: Positron S.R.L Equipment: Broadcast Signal Processor TRA7005 Vulnerability: Authentication Bypass Using an Alternate Path or Channel 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to bypass authentication and access ...
24.07.2024
US CERT
North Korea Cyber Group Conducts Global Espionage Campaign to Advance Regime’s Military and Nuclear Programs
Titel
North Korea Cyber Group Conducts Global Espionage Campaign to Advance Regime’s Military and Nuclear Programs
Veröffentlicht
24. Juli 2024 18:37
URL
https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-207a
Text
Summary The U.S. Federal Bureau of Investigation (FBI) and the following authoring partners are releasing this Cybersecurity Advisory to highlight cyber espionage activity associated with the Democratic People’s Republic of Korea (DPRK)’s Reconnaissance General Bureau (RGB) 3rd Bureau based in Pyongyang and Sinuiju: U.S. Cyber National Mission Force (CNMF) U.S. ...
23.07.2024
US CERT (ICS)
National Instruments LabVIEW
Titel
National Instruments LabVIEW
Veröffentlicht
23. Juli 2024 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-24-205-03
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION: Low attack complexity Vendor: National Instruments Equipment: LabVIEW Vulnerabilities: Out-of-Bounds Read, Improper Restriction of Operations within the Bounds of a Memory Buffer 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow a local attacker to disclose information and execute arbitrary ...
23.07.2024
US CERT (ICS)
National Instruments IO Trace
Titel
National Instruments IO Trace
Veröffentlicht
23. Juli 2024 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-24-205-01
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION: Low attack complexity Vendor: National Instruments Equipment: IO Trace Vulnerability: Stack-Based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a local attacker to execute arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following National Instruments I/O ...
23.07.2024
US CERT (ICS)
Hitachi Energy AFS/AFR Series Products
Titel
Hitachi Energy AFS/AFR Series Products
Veröffentlicht
23. Juli 2024 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-24-205-02
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: AFS650, AFS660, AFS665, AFS670, AFS675, AFS677, AFR677 Vulnerabilities: Type Confusion, Use After Free, Double Free, Observable Discrepancy 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to create a denial-of-service ...
22.07.2024
SIEMENS CERT
SSA-071402 V1.0: Multiple Vulnerabilities in SICAM Products
Titel
SSA-071402 V1.0: Multiple Vulnerabilities in SICAM Products
Veröffentlicht
22. Juli 2024 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-071402.html
Text
Multiple SICAM products are affected by unauthorized password reset and firmware downgrade vulnerabilities that could lead to privilege escalation and potential leak of information, namely: SICAM A8000 Device firmware CPCI85 for CP-8031/CP-8050 SICAM EGS Device firmware CPCI85 SICAM 8 Software Solution SICORE Siemens has released new firmware versions for the ...
22.07.2024
SIEMENS CERT
SSA-723487 V1.1 (Last Update: 2024-07-22): RADIUS Protocol Susceptible to Forgery Attacks (CVE-2024-3596) - Impact to SCALANCE,...
Titel
SSA-723487 V1.1 (Last Update: 2024-07-22): RADIUS Protocol Susceptible to Forgery Attacks (CVE-2024-3596) - Impact to SCALANCE, RUGGEDCOM and Related Products
Veröffentlicht
22. Juli 2024 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-723487.html
Text
This advisory documents the impact of CVE-2024-3596 (also dubbed “Blastradius”), a vulnerability in the RADIUS protocol, to SCALANCE, RUGGEDCOM and related products. The vulnerability could allow on-path attackers, located between a Network Access Server (the RADIUS client, e.g., SCALANCE or RUGGEDCOM devices) and a RADIUS server (e.g., SINEC INS), to ...
19.07.2024
BOSCH PSIRT
"regreSSHion" OpenSSH vulnerability in PRC7000
Titel
"regreSSHion" OpenSSH vulnerability in PRC7000
Veröffentlicht
19. Juli 2024 02:00
URL
https://psirt.bosch.com/security-advisories/bosch-sa-258444.html
Text

BOSCH-SA-248444: The Qualys Threat Research Unit (TRU) has discovered a Remote Unauthenticated Code Execution (RCE) vulnerability in OpenSSH’s server (sshd) in glibc-based Linux systems. The vulnerability, which is a signal handler race condition in OpenSSH’s server (sshd), allows unauthenticated remote code execution (RCE) as root on glibc-based Linux systems; that ...

18.07.2024
US CERT (ICS)
Subnet Solutions PowerSYSTEM Center
Titel
Subnet Solutions PowerSYSTEM Center
Veröffentlicht
18. Juli 2024 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-24-200-02
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Subnet Solutions Inc. Equipment: Subnet PowerSYSTEM Center Vulnerability: Prototype Pollution 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an authenticated attacker to elevate permissions. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of ...
18.07.2024
US CERT (ICS)
Mitsubishi Electric MELSOFT MaiLab
Titel
Mitsubishi Electric MELSOFT MaiLab
Veröffentlicht
18. Juli 2024 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-24-200-01
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.2 ATTENTION: Exploitable remotely Vendor: Mitsubishi Electric Corporation Equipment: MELSOFT MaiLab Vulnerability: Improper Verification of Cryptographic Signature 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote attacker to cause a denial-of-service condition in the target product. 3. TECHNICAL DETAILS 3.1 ...
16.07.2024
US CERT (ICS)
Rockwell Automation Pavilion 8
Titel
Rockwell Automation Pavilion 8
Veröffentlicht
16. Juli 2024 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-24-198-01
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: Pavilion 8 Vulnerability: Incorrect Permission Assignment for Critical Resource 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to create new users and view sensitive data. 3. TECHNICAL DETAILS 3.1 ...
11.07.2024
US CERT (ICS)
Siemens JT Open and PLM XML SDK
Titel
Siemens JT Open and PLM XML SDK
Veröffentlicht
11. Juli 2024 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-24-193-10
Text
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).View CSAF 1. EXECUTIVE SUMMARY CVSS ...
11.07.2024
US CERT (ICS)
Siemens TIA Portal and SIMATIC STEP 7
Titel
Siemens TIA Portal and SIMATIC STEP 7
Veröffentlicht
11. Juli 2024 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-24-193-12
Text
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).View CSAF 1. EXECUTIVE SUMMARY CVSS ...
11.07.2024
US CERT (ICS)
Siemens SIMATIC and SIMIT
Titel
Siemens SIMATIC and SIMIT
Veröffentlicht
11. Juli 2024 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-24-193-07
Text
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).View CSAF 1. EXECUTIVE SUMMARY CVSS ...
11.07.2024
US CERT (ICS)
Siemens Remote Connect Server
Titel
Siemens Remote Connect Server
Veröffentlicht
11. Juli 2024 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-24-193-01
Text
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).View CSAF 1. EXECUTIVE SUMMARY CVSS ...
11.07.2024
US CERT (ICS)
Siemens SCALANCE, RUGGEDCOM, SIPLUS, and SINEC
Titel
Siemens SCALANCE, RUGGEDCOM, SIPLUS, and SINEC
Veröffentlicht
11. Juli 2024 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-24-193-05
Text
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).View CSAF 1. EXECUTIVE SUMMARY CVSS ...
11.07.2024
US CERT (ICS)
Siemens RUGGEDCOM APE 1808
Titel
Siemens RUGGEDCOM APE 1808
Veröffentlicht
11. Juli 2024 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-24-193-02
Text
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).View CSAF 1. EXECUTIVE SUMMARY CVSS ...
11.07.2024
US CERT (ICS)
Siemens RUGGEDCOM
Titel
Siemens RUGGEDCOM
Veröffentlicht
11. Juli 2024 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-24-193-06
Text
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).View CSAF 1. EXECUTIVE SUMMARY CVSS ...
09.07.2024
US CERT
CISA Red Team’s Operations Against a Federal Civilian Executive Branch Organization Highlights the Necessity of Defense-in-Depth
Titel
CISA Red Team’s Operations Against a Federal Civilian Executive Branch Organization Highlights the Necessity of Defense-in-Depth
Veröffentlicht
9. Juli 2024 16:09
URL
https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-193a
Text
EXECUTIVE SUMMARY In early 2023, the Cybersecurity and Infrastructure Security Agency (CISA) conducted a SILENTSHIELD red team assessment against a Federal Civilian Executive Branch (FCEB) organization. During SILENTSHIELD assessments, the red team first performs a no-notice, long-term simulation of nation-state cyber operations. The team mimics the techniques, tradecraft, and behaviors ...
09.07.2024
US CERT (ICS)
Mitsubishi Electric MELIPC Series MI5122-VW
Titel
Mitsubishi Electric MELIPC Series MI5122-VW
Veröffentlicht
9. Juli 2024 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-24-191-02
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Low attack complexity Vendor: Mitsubishi Electric Equipment: MI5122-VW Vulnerability: Incorrect Default Permissions 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to tamper with, destroy, disclose, or delete information in the product, or cause a denial-of-service (DoS) condition ...
09.07.2024
US CERT (ICS)
Johnson Controls Software House C●CURE 9000
Titel
Johnson Controls Software House C●CURE 9000
Veröffentlicht
9. Juli 2024 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-24-191-05
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.7 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Johnson Controls Inc. Equipment: Software House C●CURE 9000 Vulnerability: Incorrect Default Permissions 2. RISK EVALUATION Successful exploitation of this vulnerability may allow an attacker to access credentials used for access to the application. 3. TECHNICAL DETAILS ...
09.07.2024
US CERT (ICS)
Johnson Controls Illustra Pro Gen 4
Titel
Johnson Controls Illustra Pro Gen 4
Veröffentlicht
9. Juli 2024 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-24-191-03
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.0 ATTENTION: Exploitable remotely Vendor: Johnson Controls, Inc. Equipment: Illustra Pro Gen 4 Vulnerability: Dependency on Vulnerable Third-Party Component 2. RISK EVALUATION Successful exploitation of this vulnerability could impact confidentiality and integrity of the device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Johnson Controls ...

Letzte Updates

BOSCH PSIRT
15.01.2025
SIEMENS CERT
17.04.2025
US CERT
01.04.2025
US CERT (ICS)
17.04.2025

Nach Quelle

Archiv

2025
2024
2023
2022
2021
2020
2019
2018
2017

Feeds