Juli 2023
18.07.2023
US CERT (ICS)
​Keysight N6845A Geolocation Server
Titel
​Keysight N6845A Geolocation Server
Veröffentlicht
18. Juli 2023 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-199-02
Text
1. EXECUTIVE SUMMARY ​CVSS v3 7.8 ​ATTENTION: Low attack complexity ​Vendor: Keysight Technologies ​Equipment: N6854A Geolocation Server ​Vulnerabilities: Exposed Dangerous Method or Function, Relative Path Traversal 2. RISK EVALUATION ​Successful exploitation of these vulnerabilities could allow an attacker to escalate privileges, execute arbitrary code, or cause a denial-of-service condition. 3. ...
18.07.2023
US CERT (ICS)
​Weintek Weincloud
Titel
​Weintek Weincloud
Veröffentlicht
18. Juli 2023 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-199-04
Text
1. EXECUTIVE SUMMARY ​CVSS v3 9.8 ​ATTENTION: Exploitable remotely/low attack complexity ​Vendor: Weintek ​Equipment: Weincloud ​Vulnerabilities: Weak Password Recovery Mechanism for Forgotten Password, Improper Authentication, Improper Restriction of Excessive Authentication Attempts, Improper Handling of Structural Elements 2. RISK EVALUATION ​Successful exploitation of these vulnerabilities could allow an attacker to utilize ...
18.07.2023
US CERT (ICS)
​GeoVision GV-ADR2701
Titel
​GeoVision GV-ADR2701
Veröffentlicht
18. Juli 2023 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-199-05
Text
1. EXECUTIVE SUMMARY ​CVSS v3 9.8 ​ATTENTION: Exploitable remotely/low attack complexity/public exploits are available ​Vendor: GeoVision ​Equipment: GV-ADR2701 ​Vulnerabilities: Improper Authentication 2. RISK EVALUATION ​Successful exploitation of this vulnerability could allow an attacker to log in to the camera’s web application. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ​GeoVision reports this ...
18.07.2023
US CERT (ICS)
WellinTech KingHistorian
Titel
WellinTech KingHistorian
Veröffentlicht
18. Juli 2023 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-199-07
Text
1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: WellinTech Equipment: KingHistorian Vulnerabilities: Exposure of Sensitive Information to an Unauthorized Actor, Signed to Unsigned Conversion Error 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to disclose sensitive information or send ...
18.07.2023
US CERT (ICS)
Rockwell Automation Kinetix 5700 DC Bus Power Supply
Titel
Rockwell Automation Kinetix 5700 DC Bus Power Supply
Veröffentlicht
18. Juli 2023 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-199-01
Text
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: Kinetix 5700 Vulnerability: Uncontrolled Resource Consumption 2. RISK EVALUATION Successful exploitation of this vulnerability could result in a denial-of-service attack. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following version of Rockwell Automation Kinetix 5700 DC ...
18.07.2023
US CERT (ICS)
Iagona ScrutisWeb
Titel
Iagona ScrutisWeb
Veröffentlicht
18. Juli 2023 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-199-03
Text
1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Iagona Equipment: ScrutisWeb Vulnerabilities: Absolute Path Traversal, Authorization Bypass Through User-Controlled Key, Use of Hard-coded Cryptographic Key, Unrestricted Upload of File with Dangerous Type 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to upload ...
13.07.2023
US CERT (ICS)
Honeywell Experion PKS, LX and PlantCruise
Titel
Honeywell Experion PKS, LX and PlantCruise
Veröffentlicht
13. Juli 2023 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-194-06
Text
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Honeywell Equipment: Experion PKS, LX, and PlantCruise Vulnerabilities: Heap-based Buffer Overflow, Stack-based Buffer Overflow, Out-of-bounds Write, Uncontrolled Resource Consumption, Improper Encoding or Escaping of Output, Deserialization of Untrusted Data, Improper Input Validation, Incorrect Comparison 2. RISK EVALUATION Successful ...
13.07.2023
US CERT (ICS)
Siemens SiPass Integrated
Titel
Siemens SiPass Integrated
Veröffentlicht
13. Juli 2023 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-194-02
Text
1. EXECUTIVE SUMMARY ​CVSS v3 7.5 ​ATTENTION: Exploitable remotely / low attack complexity ​Vendor: Siemens ​Equipment: SiPass Integrated ​Vulnerability: Improper Input Validation 2. RISK EVALUATION ​Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to crash the server application, creating a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED ...
13.07.2023
US CERT (ICS)
​Siemens SIMATIC MV500 Devices
Titel
​Siemens SIMATIC MV500 Devices
Veröffentlicht
13. Juli 2023 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-194-04
Text
1. EXECUTIVE SUMMARY ​CVSS v3 8.2 ​ATTENTION: Exploitable remotely/low attack complexity ​Vendor: Siemens ​Equipment: SIMATIC MV500 series devices ​Vulnerabilities: Exposure of Sensitive Information to an Unauthorized Actor, Missing Release of Memory after Effective Lifetime, Injection, Inadequate Encryption Strength, Double Free, Incomplete Cleanup, Observable Discrepancy, Improper Locking, Use After Free, Improper ...
13.07.2023
US CERT (ICS)
​Siemens RUGGEDCOM ROX
Titel
​Siemens RUGGEDCOM ROX
Veröffentlicht
13. Juli 2023 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-194-01
Text
1. EXECUTIVE SUMMARY ​CVSS v3 9.8 ​ATTENTION: Exploitable remotely / low attack complexity ​Vendor: Siemens ​Equipment: RUGGEDCOM ROX ​Vulnerabilities: Cleartext Transmission of Sensitive Information, Command Injection, Improper Authentication, Classic Buffer Overflow, Uncontrolled Resource Consumption, Improper Certificate Validation, Cross-Site Request Forgery (CSRF), Improper Input Validation, Incorrect Default Permissions, Cross-site Scripting, Inadequate ...
13.07.2023
US CERT (ICS)
Rockwell Automation PowerMonitor 1000
Titel
Rockwell Automation PowerMonitor 1000
Veröffentlicht
13. Juli 2023 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-194-05
Text
1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: PowerMonitor 1000 Vulnerability: Cross-site Scripting 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to achieve remote code execution and potentially the complete loss of confidentiality, integrity, and availability of the product. ...
13.07.2023
US CERT (ICS)
Siemens SIMATIC CN 4100
Titel
Siemens SIMATIC CN 4100
Veröffentlicht
13. Juli 2023 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-22-194-03
Text
1. EXECUTIVE SUMMARY CVSS v3 9.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIMATIC CN 4100 Vulnerabilities: Improper Access Control, Incorrect Default Permissions 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to gain privilege escalation and bypass network isolation. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ...
12.07.2023
US CERT (ICS)
Rockwell Automation Select Communication Modules
Titel
Rockwell Automation Select Communication Modules
Veröffentlicht
12. Juli 2023 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-193-01
Text
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: 1756-EN2T, 1756-EN2TK, 1756-EN2TXT, 1756-EN2TP, 1756-EN2TPK, 1756-EN2TPXT, 1756-EN2TR, 1756-EN2TRK, 1756-EN2TRXT, 1756-EN2F, 1756-EN2FK, 1756-EN3TR, 1756-EN3TRK, 1756-EN4TR, 1756-EN4TRK, 1756-EN4TRXT Vulnerabilities: Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow malicious actors to gain remote access ...
11.07.2023
US CERT
Enhanced Monitoring to Detect APT Activity Targeting Outlook Online
Titel
Enhanced Monitoring to Detect APT Activity Targeting Outlook Online
Veröffentlicht
11. Juli 2023 23:55
URL
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-193a
Text
SUMMARY In June 2023, a Federal Civilian Executive Branch (FCEB) agency identified suspicious activity in their Microsoft 365 (M365) cloud environment. The agency reported the activity to Microsoft and the Cybersecurity and Infrastructure Security Agency (CISA), and Microsoft determined that advanced persistent threat (APT) actors accessed and exfiltrated unclassified Exchange ...
11.07.2023
US CERT (ICS)
​Sensormatic Electronics iSTAR
Titel
​Sensormatic Electronics iSTAR
Veröffentlicht
11. Juli 2023 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-192-02
Text
1. EXECUTIVE SUMMARY ​CVSS v3 7.5 ​ATTENTION: Exploitable via adjacent network/Low attack complexity ​Vendor: Sensormatic Electronics, LLC, a subsidiary of Johnson Controls Inc. ​Equipment: iSTAR ​Vulnerability: Improper Authentication 2. RISK EVALUATION ​Successful exploitation of this vulnerability could allow an unauthenticated user to login to iSTAR devices with administrator rights. 3. ...
11.07.2023
US CERT (ICS)
Panasonic Control FPWin Pro7
Titel
Panasonic Control FPWin Pro7
Veröffentlicht
11. Juli 2023 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-192-03
Text
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Panasonic Equipment: Control FPWIN Pro7 Vulnerabilities: Type Confusion, Stack-based Buffer Overflow, Improper Restriction of Operations within the Bounds of a Memory Buffer 2. RISK EVALUATION Successful exploitation of these vulnerabilities could result in information disclosure or remote code execution ...
11.07.2023
US CERT (ICS)
Rockwell Automation Enhanced HIM
Titel
Rockwell Automation Enhanced HIM
Veröffentlicht
11. Juli 2023 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-192-01
Text
1. EXECUTIVE SUMMARY CVSS v3 9.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: Enhanced HIM Vulnerability: Cross-site Request Forgery 2. RISK EVALUATION Successful exploitation of this vulnerability could lead to sensitive information disclosure and full remote access to the affected products. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The ...
11.07.2023
SIEMENS CERT
SSB-439005 V5.3 (Last Update: 2023-07-11): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 151...
Titel
SSB-439005 V5.3 (Last Update: 2023-07-11): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP
Veröffentlicht
11. Juli 2023 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssb-439005.html
Text
11.07.2023
SIEMENS CERT
SSA-968170 V1.1 (Last Update: 2023-07-11): Remote Code Execution Vulnerability in SIMATIC STEP 7 V5.x and Derived Products
Titel
SSA-968170 V1.1 (Last Update: 2023-07-11): Remote Code Execution Vulnerability in SIMATIC STEP 7 V5.x and Derived Products
Veröffentlicht
11. Juli 2023 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-968170.html
Text
SIMATIC STEP 7 and PCS 7 contain a database management system that could allow remote users to use embedded functions of the database (local or in a network share) that have impact on the server. An attacker with network access to the server network could leverage these embedded functions to ...
11.07.2023
SIEMENS CERT
SSA-408105 V1.2 (Last Update: 2023-07-11): Buffer Overflow Vulnerabilities in OpenSSL 3.0 Affecting Siemens Products
Titel
SSA-408105 V1.2 (Last Update: 2023-07-11): Buffer Overflow Vulnerabilities in OpenSSL 3.0 Affecting Siemens Products
Veröffentlicht
11. Juli 2023 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-408105.html
Text
The openSSL component, versions 3.0.0 through 3.0.6, contains two buffer overflow vulnerabilities (CVE-2022-3602, CVE-2022-3786) in the X.509 certificate verification [0]. They could allow an attacker to create a denial of service condition or execute arbitrary code on a vulnerable TLS server (if the server requests client certificate authentication), or on ...
11.07.2023
SIEMENS CERT
SSA-446448 V1.9 (Last Update: 2023-07-11): Denial of Service Vulnerability in PROFINET Stack Integrated on Interniche Stack
Titel
SSA-446448 V1.9 (Last Update: 2023-07-11): Denial of Service Vulnerability in PROFINET Stack Integrated on Interniche Stack
Veröffentlicht
11. Juli 2023 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-446448.html
Text
The PROFINET (PNIO) stack, when integrated with the Interniche IP stack, contains a vulnerability that could allow an attacker to cause a denial of service condition on affected industrial products. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further ...
11.07.2023
SIEMENS CERT
SSA-930100 V1.1 (Last Update: 2023-07-11): Privilege Escalation Vulnerability in Simcenter STAR-CCM+
Titel
SSA-930100 V1.1 (Last Update: 2023-07-11): Privilege Escalation Vulnerability in Simcenter STAR-CCM+
Veröffentlicht
11. Juli 2023 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-930100.html
Text
Simcenter STAR-CCM+ contains a privilege escalation vulnerability which could allow a local attacker with an unprivileged account to override or modify the service executable and subsequently gain elevated privileges. Siemens has released an update for Simcenter STAR-CCM+ and recommends to update to the latest version.
11.07.2023
SIEMENS CERT
SSA-794697 V1.1 (Last Update: 2023-07-11): Vulnerabilities in the Linux Kernel of the SIMATIC S7-1500 TM MFP V1.0
Titel
SSA-794697 V1.1 (Last Update: 2023-07-11): Vulnerabilities in the Linux Kernel of the SIMATIC S7-1500 TM MFP V1.0
Veröffentlicht
11. Juli 2023 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-794697.html
Text
Multiple vulnerabilities have been identified in the Linux Kernel of the SIMATIC S7-1500 TM MFP V1.0. Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available.
11.07.2023
SIEMENS CERT
SSA-313488 V1.0: Multiple Vulnerabilities in SIMATIC CN 4100 before V2.5
Titel
SSA-313488 V1.0: Multiple Vulnerabilities in SIMATIC CN 4100 before V2.5
Veröffentlicht
11. Juli 2023 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-313488.html
Text
SIMATIC CN 4100 is vulnerable to improper access control and insecure default configurations that could allow an attacker to gain privilege escalation, and bypass network isolation. Siemens has released an update for SIMATIC CN 4100 and recommends to update to the latest version.
11.07.2023
SIEMENS CERT
SSA-764801 V1.0: File Parsing Vulnerabilities in Tecnomatix Plant Simulation
Titel
SSA-764801 V1.0: File Parsing Vulnerabilities in Tecnomatix Plant Simulation
Veröffentlicht
11. Juli 2023 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-764801.html
Text
Siemens Tecnomatix Plant Simulation contains multiple vulnerabilities that could be triggered when the application reads PAR, SPP, STP and PRT files. If a user is tricked to open a malicious file using the affected application, this could lead to a crash, and potentially also to arbitrary code execution on the ...

Letzte Updates

BOSCH PSIRT
21.08.2024
SIEMENS CERT
12.09.2024
US CERT
19.09.2024
US CERT (ICS)
19.09.2024

Nach Quelle

Archiv

2024
2023
2022
2021
2020
2019
2018
2017

Feeds