August 2023
08.08.2023
SIEMENS CERT
SSA-686975 V1.3 (Last Update: 2023-08-08): IPU 2022.3 Vulnerabilities in Siemens Industrial Products using Intel CPUs
Titel
SSA-686975 V1.3 (Last Update: 2023-08-08): IPU 2022.3 Vulnerabilities in Siemens Industrial Products using Intel CPUs
Veröffentlicht
8. August 2023 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-686975.html
Text
Intel has published information on vulnerabilities in Intel products in November 2022. This advisory lists the related Siemens Industrial products affected by these vulnerabilities that can be patched by applying the corresponding BIOS update (“2022.3 IPU – BIOS Advisory” Intel-SA-00688). Siemens is preparing updates and recommends specific countermeasures for products ...
08.08.2023
SIEMENS CERT
SSA-770902 V1.0: Denial of Service Vulnerability in the Web Server of RUGGEDCOM ROS Devices
Titel
SSA-770902 V1.0: Denial of Service Vulnerability in the Web Server of RUGGEDCOM ROS Devices
Veröffentlicht
8. August 2023 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-770902.html
Text
A denial of service vulnerability could allow an unauthorized attacker to cause total loss of availability in the web server of the affected devices. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends countermeasures for products ...
08.08.2023
SIEMENS CERT
SSA-691715 V1.2 (Last Update: 2023-08-08): Vulnerability in OPC Foundation Local Discovery Server Affecting Siemens Products
Titel
SSA-691715 V1.2 (Last Update: 2023-08-08): Vulnerability in OPC Foundation Local Discovery Server Affecting Siemens Products
Veröffentlicht
8. August 2023 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-691715.html
Text
A vulnerability was identified in OPC Foundation Local Discovery Server which also affects Siemens products that could allow an attacker to escalate privileges under certain circumstances. Siemens has released an update for SIMATIC WinCC and recommends to update to the latest version. Siemens is preparing further updates and recommends specific ...
08.08.2023
SIEMENS CERT
SSA-407785 V1.0: Multiple X_T File Parsing Vulnerabilities in Parasolid and Teamcenter Visualization
Titel
SSA-407785 V1.0: Multiple X_T File Parsing Vulnerabilities in Parasolid and Teamcenter Visualization
Veröffentlicht
8. August 2023 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-407785.html
Text
Parasolid and Teamcenter Visualization are affected by memory corruption vulnerabilities that could be triggered when the application reads files in X_T format. If a user is tricked to open a malicious file with the affected applications, an attacker could leverage the vulnerability to perform remote code execution or denial of ...
08.08.2023
SIEMENS CERT
SSA-764801 V1.1 (Last Update: 2023-08-08): File Parsing Vulnerabilities in Tecnomatix Plant Simulation
Titel
SSA-764801 V1.1 (Last Update: 2023-08-08): File Parsing Vulnerabilities in Tecnomatix Plant Simulation
Veröffentlicht
8. August 2023 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-764801.html
Text
Siemens Tecnomatix Plant Simulation contains multiple vulnerabilities that could be triggered when the application reads PAR, SPP, STP and PRT files. If a user is tricked to open a malicious file using the affected application, this could lead to a crash, and potentially also to arbitrary code execution on the ...
08.08.2023
SIEMENS CERT
SSA-851884 V1.2 (Last Update: 2023-08-08): Authentication Bypass Vulnerability in Mendix SAML Module
Titel
SSA-851884 V1.2 (Last Update: 2023-08-08): Authentication Bypass Vulnerability in Mendix SAML Module
Veröffentlicht
8. August 2023 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-851884.html
Text
The Mendix SAML module insufficiently verifies the SAML assertions. This could allow unauthenticated remote attackers to bypass authentication and get access to the application. Mendix has provided fix releases for the Mendix SAML module and recommends to update to the latest version. Note: For compatibility reasons, fixes for several versions ...
08.08.2023
SIEMENS CERT
SSA-811403 V1.0: Multiple File Parsing Vulnerabilities in Solid Edge before V223 Update 7
Titel
SSA-811403 V1.0: Multiple File Parsing Vulnerabilities in Solid Edge before V223 Update 7
Veröffentlicht
8. August 2023 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-811403.html
Text
Solid Edge is affected by multiple memory corruption vulnerabilities that could be triggered when the application reads specially crafted files in various formats such as DFT, PAR or PSM format. If a user is tricked to open a malicious file with the affected application, an attacker could leverage the vulnerability ...
08.08.2023
SIEMENS CERT
SSA-794697 V1.2 (Last Update: 2023-08-08): Vulnerabilities in the Linux Kernel of the SIMATIC S7-1500 TM MFP V1.0
Titel
SSA-794697 V1.2 (Last Update: 2023-08-08): Vulnerabilities in the Linux Kernel of the SIMATIC S7-1500 TM MFP V1.0
Veröffentlicht
8. August 2023 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-794697.html
Text
Multiple vulnerabilities have been identified in the Linux Kernel of the SIMATIC S7-1500 TM MFP V1.0. Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available.
03.08.2023
US CERT (ICS)
​Mitsubishi Electric GOT2000 and GOT SIMPLE
Titel
​Mitsubishi Electric GOT2000 and GOT SIMPLE
Veröffentlicht
3. August 2023 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-215-01
Text
1. EXECUTIVE SUMMARY ​CVSS v3 5.9 ​ATTENTION: Exploitable remotely ​Vendor: Mitsubishi Electric ​Equipment: GOT2000 Series and GOT SIMPLE Series ​Vulnerability: Predictable Exact Value from Previous Values 2. RISK EVALUATION ​Successful exploitation of this vulnerability could allow an attacker to hijack data connections or prevent legitimate users from establishing data connections. ...
03.08.2023
US CERT (ICS)
TEL-STER TelWin SCADA WebInterface
Titel
TEL-STER TelWin SCADA WebInterface
Veröffentlicht
3. August 2023 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-215-03
Text
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: TEL-STER Sp. z o. o. Equipment: TelWin SCADA WebInterface Vulnerability: Path Traversal 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated attacker to read files on the system. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS TEL-STER ...
03.08.2023
US CERT (ICS)
​Mitsubishi Electric GT and GOT Series Products
Titel
​Mitsubishi Electric GT and GOT Series Products
Veröffentlicht
3. August 2023 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-215-02
Text
1. EXECUTIVE SUMMARY ​CVSS v3 7.5 ​ATTENTION: Exploitable remotely/low attack complexity ​Vendor: Mitsubishi Electric ​Equipment: GT Designer3, GOT2000 Series, GOT SIMPLE Series, and GT SoftGOT2000 ​Vulnerability: Weak Encoding for Password 2. RISK EVALUATION ​Successful exploitation of this vulnerability could allow an attacker to obtain plaintext passwords by sniffing packets containing ...
03.08.2023
US CERT (ICS)
​Sensormatic Electronics VideoEdge
Titel
​Sensormatic Electronics VideoEdge
Veröffentlicht
3. August 2023 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-215-04
Text
1. EXECUTIVE SUMMARY ​CVSS v3 7.1 ​ATTENTION: Low attack complexity ​Vendor: Sensormatic Electronics, LLC, a subsidiary of Johnson Controls Inc. ​Equipment: VideoEdge ​Vulnerability: Acceptance of Extraneous Untrusted Data with Trusted Data 2. RISK EVALUATION ​Successful exploitation of this vulnerability could allow a local user to edit the VideoEdge configuration file ...
02.08.2023
US CERT
2022 Top Routinely Exploited Vulnerabilities
Titel
2022 Top Routinely Exploited Vulnerabilities
Veröffentlicht
2. August 2023 20:57
URL
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-215a
Text
SUMMARY The following cybersecurity agencies coauthored this joint Cybersecurity Advisory (CSA): United States: The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Federal Bureau of Investigation (FBI) Australia: Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) Canada: Canadian Centre for Cyber Security (CCCS) New Zealand: New Zealand ...
01.08.2023
US CERT
Threat Actors Exploiting Ivanti EPMM Vulnerabilities
Titel
Threat Actors Exploiting Ivanti EPMM Vulnerabilities
Veröffentlicht
1. August 2023 16:42
URL
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-213a
Text
SUMMARY The Cybersecurity and Infrastructure Security Agency (CISA) and the Norwegian National Cyber Security Centre (NCSC-NO) are releasing this joint Cybersecurity Advisory (CSA) in response to active exploitation of CVE-2023-35078 and CVE-2023-35081. Advanced persistent threat (APT) actors exploited CVE-2023-35078 as a zero day from at least April 2023 through July ...
01.08.2023
US CERT (ICS)
​APSystems Altenergy Power Control
Titel
​APSystems Altenergy Power Control
Veröffentlicht
1. August 2023 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-213-01
Text
1. EXECUTIVE SUMMARY ​CVSS v3 9.8 ​ATTENTION: Exploitable remotely / low attack complexity / public exploits available ​Vendor: APSystems ​Equipment: Altenergy Power Control ​Vulnerability: OS Command Injection 2. RISK EVALUATION ​Successful exploitation of this vulnerability may allow remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ​The following versions of ...
Juli 2023
27.07.2023
US CERT (ICS)
Mitsubishi Electric CNC Series
Titel
Mitsubishi Electric CNC Series
Veröffentlicht
27. Juli 2023 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-208-03
Text
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: CNC Series devices Vulnerability: Classic Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a malicious remote attacker to cause a denial-of-service condition and execute malicious code on the product by sending ...
27.07.2023
US CERT (ICS)
Mitsubishi Electric CNC Series (Update A)
Titel
Mitsubishi Electric CNC Series (Update A)
Veröffentlicht
27. Juli 2023 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-208-03
Text
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: CNC Series devices Vulnerability: Classic Buffer Overflow 2. UPDATE OR REPOSTED INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-23-208-03 Mitsubishi Electric CNC Series that was published July 27, 2023, on ...
27.07.2023
US CERT (ICS)
PTC KEPServerEX
Titel
PTC KEPServerEX
Veröffentlicht
27. Juli 2023 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-208-02
Text
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: PTC Equipment: KEPServerEX Vulnerability: Uncontrolled Resource Consumption 2. RISK EVALUATION Successful exploitation of this vulnerability could result in the affected device crashing. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of KEPServerEX, an industrial automation data concentrator ...
27.07.2023
US CERT (ICS)
ETIC Telecom RAS Authentication
Titel
ETIC Telecom RAS Authentication
Veröffentlicht
27. Juli 2023 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-208-01
Text
1. EXECUTIVE SUMMARY CVSS v3 7.1 ATTENTION: Exploitable with adjacent access/low attack complexity Vendor: ETIC Telecom Equipment: Remote Access Server (RAS) Vulnerability: Insecure Default Initialization of Resource 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to reconfigure the device or cause a denial-of-service condition. 3. TECHNICAL ...
26.07.2023
US CERT
Preventing Web Application Access Control Abuse
Titel
Preventing Web Application Access Control Abuse
Veröffentlicht
26. Juli 2023 23:10
URL
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-208a
Text
SUMMARY The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC), U.S. Cybersecurity and Infrastructure Security Agency (CISA), and U.S. National Security Agency (NSA) are releasing this joint Cybersecurity Advisory to warn vendors, designers, and developers of web applications and organizations using web applications about insecure direct object reference (IDOR) vulnerabilities. ...
25.07.2023
US CERT (ICS)
AXIS A1001
Titel
AXIS A1001
Veröffentlicht
25. Juli 2023 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-206-01
Text
1. EXECUTIVE SUMMARY CVSS v3 7.1 ATTENTION: Exploitable from adjacent network Vendor: Axis Communications Equipment: AXIS A1001 Vulnerability: Heap-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of AXIS A1001, a ...
25.07.2023
US CERT (ICS)
Emerson ROC800 Series RTU and DL8000 Preset Controller
Titel
Emerson ROC800 Series RTU and DL8000 Preset Controller
Veröffentlicht
25. Juli 2023 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-206-03
Text
1. EXECUTIVE SUMMARY CVSS v3 9.4 ATTENTION: Exploitable remotely/low attack complexity Vendor: Emerson Equipment: ROC800-Series RTU; including ROC800, ROC800L, and DL8000 Preset Controllers Vulnerability: Authentication Bypass 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service condition or gain unauthorized access to data or ...
25.07.2023
US CERT (ICS)
Johnson Controls IQ Wifi 6
Titel
Johnson Controls IQ Wifi 6
Veröffentlicht
25. Juli 2023 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-206-04
Text
1. EXECUTIVE SUMMARY CVSS v3 8.3 ATTENTION: Low attack complexity Vendor: Johnson Controls Inc. Equipment: IQ Wifi 6 Vulnerability: Improper Restriction of Excessive Authentication Attempts 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthorized user to gain account access by conducting a brute force authentication attack. 3. ...
20.07.2023
US CERT
Threat Actors Exploiting Citrix CVE-2023-3519 to Implant Webshells
Titel
Threat Actors Exploiting Citrix CVE-2023-3519 to Implant Webshells
Veröffentlicht
20. Juli 2023 21:28
URL
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-201a
Text
SUMMARY The Cybersecurity and Infrastructure Security Agency (CISA) is releasing this Cybersecurity Advisory to warn network defenders about exploitation of CVE-2023-3519, an unauthenticated remote code execution (RCE) vulnerability affecting NetScaler (formerly Citrix) Application Delivery Controller (ADC) and NetScaler Gateway. In June 2023, threat actors exploited this vulnerability as a zero-day ...
20.07.2023
US CERT (ICS)
Schneider Electric EcoStruxure Products, Modicon PLCs, and Programmable Automation Controllers
Titel
Schneider Electric EcoStruxure Products, Modicon PLCs, and Programmable Automation Controllers
Veröffentlicht
20. Juli 2023 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-201-01
Text
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: EcoStruxure Products, Modicon PLCs, and Programmable Automation Controllers Vulnerabilities: Improper Check for Unusual or Exceptional Conditions 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker unauthorized access to components, ability to execute ...

Letzte Updates

BOSCH PSIRT
21.08.2024
SIEMENS CERT
12.09.2024
US CERT
19.09.2024
US CERT (ICS)
19.09.2024

Nach Quelle

Archiv

2024
2023
2022
2021
2020
2019
2018
2017

Feeds