Juli 2024
23.07.2024
US CERT (ICS)
National Instruments IO Trace
Titel
National Instruments IO Trace
Veröffentlicht
23. Juli 2024 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-24-205-01
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION: Low attack complexity Vendor: National Instruments Equipment: IO Trace Vulnerability: Stack-Based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a local attacker to execute arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following National Instruments I/O ...
23.07.2024
US CERT (ICS)
Hitachi Energy AFS/AFR Series Products
Titel
Hitachi Energy AFS/AFR Series Products
Veröffentlicht
23. Juli 2024 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-24-205-02
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: AFS650, AFS660, AFS665, AFS670, AFS675, AFS677, AFR677 Vulnerabilities: Type Confusion, Use After Free, Double Free, Observable Discrepancy 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to create a denial-of-service ...
23.07.2024
US CERT (ICS)
National Instruments LabVIEW
Titel
National Instruments LabVIEW
Veröffentlicht
23. Juli 2024 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-24-205-03
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION: Low attack complexity Vendor: National Instruments Equipment: LabVIEW Vulnerabilities: Out-of-Bounds Read, Improper Restriction of Operations within the Bounds of a Memory Buffer 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow a local attacker to disclose information and execute arbitrary ...
22.07.2024
SIEMENS CERT
SSA-071402 V1.0: Multiple Vulnerabilities in SICAM Products
Titel
SSA-071402 V1.0: Multiple Vulnerabilities in SICAM Products
Veröffentlicht
22. Juli 2024 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-071402.html
Text
Multiple SICAM products are affected by unauthorized password reset and firmware downgrade vulnerabilities that could lead to privilege escalation and potential leak of information, namely: SICAM A8000 Device firmware CPCI85 for CP-8031/CP-8050 SICAM EGS Device firmware CPCI85 SICAM 8 Software Solution SICORE Siemens has released new firmware versions for the ...
22.07.2024
SIEMENS CERT
SSA-723487 V1.1 (Last Update: 2024-07-22): RADIUS Protocol Susceptible to Forgery Attacks (CVE-2024-3596) - Impact to SCALANCE,...
Titel
SSA-723487 V1.1 (Last Update: 2024-07-22): RADIUS Protocol Susceptible to Forgery Attacks (CVE-2024-3596) - Impact to SCALANCE, RUGGEDCOM and Related Products
Veröffentlicht
22. Juli 2024 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-723487.html
Text
This advisory documents the impact of CVE-2024-3596 (also dubbed “Blastradius”), a vulnerability in the RADIUS protocol, to SCALANCE, RUGGEDCOM and related products. The vulnerability could allow on-path attackers, located between a Network Access Server (the RADIUS client, e.g., SCALANCE or RUGGEDCOM devices) and a RADIUS server (e.g., SINEC INS), to ...
19.07.2024
BOSCH PSIRT
"regreSSHion" OpenSSH vulnerability in PRC7000
Titel
"regreSSHion" OpenSSH vulnerability in PRC7000
Veröffentlicht
19. Juli 2024 02:00
URL
https://psirt.bosch.com/security-advisories/bosch-sa-258444.html
Text

BOSCH-SA-248444: The Qualys Threat Research Unit (TRU) has discovered a Remote Unauthenticated Code Execution (RCE) vulnerability in OpenSSH’s server (sshd) in glibc-based Linux systems. The vulnerability, which is a signal handler race condition in OpenSSH’s server (sshd), allows unauthenticated remote code execution (RCE) as root on glibc-based Linux systems; that ...

18.07.2024
US CERT (ICS)
Mitsubishi Electric MELSOFT MaiLab
Titel
Mitsubishi Electric MELSOFT MaiLab
Veröffentlicht
18. Juli 2024 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-24-200-01
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.2 ATTENTION: Exploitable remotely Vendor: Mitsubishi Electric Corporation Equipment: MELSOFT MaiLab Vulnerability: Improper Verification of Cryptographic Signature 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote attacker to cause a denial-of-service condition in the target product. 3. TECHNICAL DETAILS 3.1 ...
18.07.2024
US CERT (ICS)
Subnet Solutions PowerSYSTEM Center
Titel
Subnet Solutions PowerSYSTEM Center
Veröffentlicht
18. Juli 2024 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-24-200-02
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Subnet Solutions Inc. Equipment: Subnet PowerSYSTEM Center Vulnerability: Prototype Pollution 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an authenticated attacker to elevate permissions. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of ...
16.07.2024
US CERT (ICS)
Rockwell Automation Pavilion 8
Titel
Rockwell Automation Pavilion 8
Veröffentlicht
16. Juli 2024 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-24-198-01
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: Pavilion 8 Vulnerability: Incorrect Permission Assignment for Critical Resource 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to create new users and view sensitive data. 3. TECHNICAL DETAILS 3.1 ...
11.07.2024
US CERT (ICS)
Siemens Remote Connect Server
Titel
Siemens Remote Connect Server
Veröffentlicht
11. Juli 2024 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-24-193-01
Text
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).View CSAF 1. EXECUTIVE SUMMARY CVSS ...
11.07.2024
US CERT (ICS)
Siemens RUGGEDCOM
Titel
Siemens RUGGEDCOM
Veröffentlicht
11. Juli 2024 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-24-193-06
Text
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).View CSAF 1. EXECUTIVE SUMMARY CVSS ...
11.07.2024
US CERT (ICS)
Siemens RUGGEDCOM APE 1808
Titel
Siemens RUGGEDCOM APE 1808
Veröffentlicht
11. Juli 2024 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-24-193-02
Text
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).View CSAF 1. EXECUTIVE SUMMARY CVSS ...
11.07.2024
US CERT (ICS)
Siemens SCALANCE, RUGGEDCOM, SIPLUS, and SINEC
Titel
Siemens SCALANCE, RUGGEDCOM, SIPLUS, and SINEC
Veröffentlicht
11. Juli 2024 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-24-193-05
Text
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).View CSAF 1. EXECUTIVE SUMMARY CVSS ...
11.07.2024
US CERT (ICS)
Siemens TIA Portal and SIMATIC STEP 7
Titel
Siemens TIA Portal and SIMATIC STEP 7
Veröffentlicht
11. Juli 2024 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-24-193-12
Text
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).View CSAF 1. EXECUTIVE SUMMARY CVSS ...
11.07.2024
US CERT (ICS)
Siemens SIMATIC and SIMIT
Titel
Siemens SIMATIC and SIMIT
Veröffentlicht
11. Juli 2024 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-24-193-07
Text
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).View CSAF 1. EXECUTIVE SUMMARY CVSS ...
11.07.2024
US CERT (ICS)
Siemens JT Open and PLM XML SDK
Titel
Siemens JT Open and PLM XML SDK
Veröffentlicht
11. Juli 2024 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-24-193-10
Text
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).View CSAF 1. EXECUTIVE SUMMARY CVSS ...
09.07.2024
US CERT
CISA Red Team’s Operations Against a Federal Civilian Executive Branch Organization Highlights the Necessity of Defense-in-Depth
Titel
CISA Red Team’s Operations Against a Federal Civilian Executive Branch Organization Highlights the Necessity of Defense-in-Depth
Veröffentlicht
9. Juli 2024 16:09
URL
https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-193a
Text
EXECUTIVE SUMMARY In early 2023, the Cybersecurity and Infrastructure Security Agency (CISA) conducted a SILENTSHIELD red team assessment against a Federal Civilian Executive Branch (FCEB) organization. During SILENTSHIELD assessments, the red team first performs a no-notice, long-term simulation of nation-state cyber operations. The team mimics the techniques, tradecraft, and behaviors ...
09.07.2024
US CERT (ICS)
Mitsubishi Electric MELIPC Series MI5122-VW
Titel
Mitsubishi Electric MELIPC Series MI5122-VW
Veröffentlicht
9. Juli 2024 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-24-191-02
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Low attack complexity Vendor: Mitsubishi Electric Equipment: MI5122-VW Vulnerability: Incorrect Default Permissions 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to tamper with, destroy, disclose, or delete information in the product, or cause a denial-of-service (DoS) condition ...
09.07.2024
US CERT (ICS)
Johnson Controls Software House C●CURE 9000
Titel
Johnson Controls Software House C●CURE 9000
Veröffentlicht
9. Juli 2024 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-24-191-05
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.7 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Johnson Controls Inc. Equipment: Software House C●CURE 9000 Vulnerability: Incorrect Default Permissions 2. RISK EVALUATION Successful exploitation of this vulnerability may allow an attacker to access credentials used for access to the application. 3. TECHNICAL DETAILS ...
09.07.2024
US CERT (ICS)
Johnson Controls Illustra Pro Gen 4
Titel
Johnson Controls Illustra Pro Gen 4
Veröffentlicht
9. Juli 2024 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-24-191-03
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.0 ATTENTION: Exploitable remotely Vendor: Johnson Controls, Inc. Equipment: Illustra Pro Gen 4 Vulnerability: Dependency on Vulnerable Third-Party Component 2. RISK EVALUATION Successful exploitation of this vulnerability could impact confidentiality and integrity of the device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Johnson Controls ...
09.07.2024
US CERT (ICS)
Delta Electronics CNCSoft-G2
Titel
Delta Electronics CNCSoft-G2
Veröffentlicht
9. Juli 2024 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-24-191-01
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION: Low attack complexity Vendor: Delta Electronics Equipment: CNCSoft-G2 Vulnerabilities: Stack-based Buffer Overflow, Out-of-bounds Write, Out-of-bounds Read, Heap-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of these vulnerabilities could cause a buffer overflow condition and allow remote code execution. 3. TECHNICAL DETAILS ...
09.07.2024
SIEMENS CERT
SSA-998949 V1.0: Hard-coded Default Encryption Key in Mendix Encryption Module V10.0.0 and V10.0.1
Titel
SSA-998949 V1.0: Hard-coded Default Encryption Key in Mendix Encryption Module V10.0.0 and V10.0.1
Veröffentlicht
9. Juli 2024 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-998949.html
Text
The Mendix Encryption module versions V10.0.0 and V10.0.1 define a specific hard-coded default value for the EncryptionKey constant, which is used in projects where no individual EncryptionKey was specified. This could allow to an attacker to decrypt any encrypted project data, as the default encryption key can be considered compromised. ...
09.07.2024
SIEMENS CERT
SSA-832273 V1.4 (Last Update: 2024-07-09): Multiple Vulnerabilities in Fortigate NGFW before V7.4.3 on RUGGEDCOM APE1808 devices
Titel
SSA-832273 V1.4 (Last Update: 2024-07-09): Multiple Vulnerabilities in Fortigate NGFW before V7.4.3 on RUGGEDCOM APE1808 devices
Veröffentlicht
9. Juli 2024 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-832273.html
Text
Fortinet has published information on vulnerabilities in FORTIOS. This advisory lists the related Siemens Industrial products. Siemens has released a new version of Fortigate NGFW for RUGGEDCOM APE1808 and recommends to update to the latest version. Siemens recommends to consult and implement the workarounds provided in Fortinet’s upstream security notifications.
09.07.2024
SIEMENS CERT
SSA-170375 V1.0: Multiple Vulnerabilities in RUGGEDCOM ROS before V5.9
Titel
SSA-170375 V1.0: Multiple Vulnerabilities in RUGGEDCOM ROS before V5.9
Veröffentlicht
9. Juli 2024 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-170375.html
Text
Multiple vulnerabilities affect the RUGGEDCOM Operating System (ROS). The common denominator to all vulnerabilities is the leak of confidential information. Siemens is preparing fix versions and recommends countermeasures for products where fixes are not, or not yet available.
09.07.2024
SIEMENS CERT
SSA-868282 V1.0: Multiple Vulnerabilities in SINEMA Remote Connect Client before V3.2 HF1
Titel
SSA-868282 V1.0: Multiple Vulnerabilities in SINEMA Remote Connect Client before V3.2 HF1
Veröffentlicht
9. Juli 2024 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-868282.html
Text
SINEMA Remote Connect Server before V3.2 HF1 is affected by multiple vulnerabilities. Siemens has released a new version for SINEMA Remote Connect Client and recommends to update to the latest version.

Letzte Updates

BOSCH PSIRT
14.08.2025
SIEMENS CERT
26.08.2025
US CERT
25.08.2025
US CERT (ICS)
04.09.2025

Nach Quelle

Archiv

2025
2024
2023
2022
2021
2020
2019
2018
2017

Feeds