August 2023
08.08.2023
SIEMENS CERT
SSA-691715 V1.2 (Last Update: 2023-08-08): Vulnerability in OPC Foundation Local Discovery Server Affecting Siemens Products
Titel
SSA-691715 V1.2 (Last Update: 2023-08-08): Vulnerability in OPC Foundation Local Discovery Server Affecting Siemens Products
Veröffentlicht
8. August 2023 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-691715.html
Text
A vulnerability was identified in OPC Foundation Local Discovery Server which also affects Siemens products that could allow an attacker to escalate privileges under certain circumstances. Siemens has released an update for SIMATIC WinCC and recommends to update to the latest version. Siemens is preparing further updates and recommends specific ...
08.08.2023
SIEMENS CERT
SSA-686975 V1.3 (Last Update: 2023-08-08): IPU 2022.3 Vulnerabilities in Siemens Industrial Products using Intel CPUs
Titel
SSA-686975 V1.3 (Last Update: 2023-08-08): IPU 2022.3 Vulnerabilities in Siemens Industrial Products using Intel CPUs
Veröffentlicht
8. August 2023 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-686975.html
Text
Intel has published information on vulnerabilities in Intel products in November 2022. This advisory lists the related Siemens Industrial products affected by these vulnerabilities that can be patched by applying the corresponding BIOS update (“2022.3 IPU – BIOS Advisory” Intel-SA-00688). Siemens is preparing updates and recommends specific countermeasures for products ...
08.08.2023
SIEMENS CERT
SSA-001569 V1.0: JT File Parsing Vulnerabilities in JT Open, JT Utilities and Parasolid
Titel
SSA-001569 V1.0: JT File Parsing Vulnerabilities in JT Open, JT Utilities and Parasolid
Veröffentlicht
8. August 2023 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-001569.html
Text
JT Open Toolkit, JT Utilities and Parasolid are affected by memory corruption vulnerabilities that could be triggered while parsing JT files. If a user is tricked to open a malicious JT file with any of the affected products, this could cause the application to crash or potentially lead to arbitrary ...
08.08.2023
SIEMENS CERT
SSA-811403 V1.0: Multiple File Parsing Vulnerabilities in Solid Edge before V223 Update 7
Titel
SSA-811403 V1.0: Multiple File Parsing Vulnerabilities in Solid Edge before V223 Update 7
Veröffentlicht
8. August 2023 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-811403.html
Text
Solid Edge is affected by multiple memory corruption vulnerabilities that could be triggered when the application reads specially crafted files in various formats such as DFT, PAR or PSM format. If a user is tricked to open a malicious file with the affected application, an attacker could leverage the vulnerability ...
08.08.2023
SIEMENS CERT
SSA-851884 V1.2 (Last Update: 2023-08-08): Authentication Bypass Vulnerability in Mendix SAML Module
Titel
SSA-851884 V1.2 (Last Update: 2023-08-08): Authentication Bypass Vulnerability in Mendix SAML Module
Veröffentlicht
8. August 2023 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-851884.html
Text
The Mendix SAML module insufficiently verifies the SAML assertions. This could allow unauthenticated remote attackers to bypass authentication and get access to the application. Mendix has provided fix releases for the Mendix SAML module and recommends to update to the latest version. Note: For compatibility reasons, fixes for several versions ...
08.08.2023
SIEMENS CERT
SSA-472630 V1.0: Security Vulnerabilities Fixed in RUGGEDCOM CROSSBOW V5.4
Titel
SSA-472630 V1.0: Security Vulnerabilities Fixed in RUGGEDCOM CROSSBOW V5.4
Veröffentlicht
8. August 2023 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-472630.html
Text
The RUGGEDCOM CROSSBOW server application before V5.4 contains multiple vulnerabilities that could allow an attacker to execute arbitrary database queries via SQL injection attacks, to create a denial of service condition, or to write arbitrary files to the application’s file system. Siemens has released an update for RUGGEDCOM CROSSBOW and ...
08.08.2023
SIEMENS CERT
SSA-116172 V1.0: Nullsoft Scriptable Install System (NSIS) Vulnerability (CVE-2023-37378) in Parasolid Installer
Titel
SSA-116172 V1.0: Nullsoft Scriptable Install System (NSIS) Vulnerability (CVE-2023-37378) in Parasolid Installer
Veröffentlicht
8. August 2023 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-116172.html
Text
A vulnerability in Nullsoft Scriptable Installer System (NSIS) software (CVE-2023-37378) used in Parasolid installers before V36 creates an “uninstall directory” with insufficient access control. This could allow an attacker to misuse the vulnerability, and potentially escalate privileges. Only systems where Parasolid is installed with a Parasolid installer is impacted. Siemens ...
08.08.2023
SIEMENS CERT
SSA-908185 V1.0: Mirror Port Isolation Vulnerability in RUGGEDCOM ROS Devices
Titel
SSA-908185 V1.0: Mirror Port Isolation Vulnerability in RUGGEDCOM ROS Devices
Veröffentlicht
8. August 2023 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-908185.html
Text
A vulnerability was identified in RUGGEDCOM ROS devices with mirror port enabled, that could allow an attacker to inject information into the network via the mirror port. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends ...
08.08.2023
SIEMENS CERT
SSA-975961 V1.0: Privilege Escalation Vulnerabilities in SICAM TOOLBOX II before V07.10
Titel
SSA-975961 V1.0: Privilege Escalation Vulnerabilities in SICAM TOOLBOX II before V07.10
Veröffentlicht
8. August 2023 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-975961.html
Text
SICAM TOOLBOX II contains two vulnerabilities that could allow local attackers to execute code on the system with elevated privileges. Siemens has released an update for SICAM TOOLBOX II and recommends to update to the latest version.
08.08.2023
SIEMENS CERT
SSA-478960 V1.6 (Last Update: 2023-08-08): Missing CSRF Protection in the Web Server Login Page of Industrial Controllers
Titel
SSA-478960 V1.6 (Last Update: 2023-08-08): Missing CSRF Protection in the Web Server Login Page of Industrial Controllers
Veröffentlicht
8. August 2023 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-478960.html
Text
The web server login page of affected products does not apply proper origin checking. This could allow authenticated remote attackers to track the activities of other users via a login cross-site request forgery attack.. Siemens has released updates for several affected products and recommends to update to the latest versions. ...
08.08.2023
SIEMENS CERT
SSA-932528 V1.1 (Last Update: 2023-08-08): Multiple File Parsing Vulnerabilities in Solid Edge
Titel
SSA-932528 V1.1 (Last Update: 2023-08-08): Multiple File Parsing Vulnerabilities in Solid Edge
Veröffentlicht
8. August 2023 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-932528.html
Text
Solid Edge is affected by multiple memory corruption vulnerabilities that could be triggered when the application reads specially crafted files in various formats such as DWG, IFC, OBJ or STP format. If a user is tricked to open a malicious file with the affected application, an attacker could leverage the ...
03.08.2023
US CERT (ICS)
​Mitsubishi Electric GOT2000 and GOT SIMPLE
Titel
​Mitsubishi Electric GOT2000 and GOT SIMPLE
Veröffentlicht
3. August 2023 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-215-01
Text
1. EXECUTIVE SUMMARY ​CVSS v3 5.9 ​ATTENTION: Exploitable remotely ​Vendor: Mitsubishi Electric ​Equipment: GOT2000 Series and GOT SIMPLE Series ​Vulnerability: Predictable Exact Value from Previous Values 2. RISK EVALUATION ​Successful exploitation of this vulnerability could allow an attacker to hijack data connections or prevent legitimate users from establishing data connections. ...
03.08.2023
US CERT (ICS)
​Sensormatic Electronics VideoEdge
Titel
​Sensormatic Electronics VideoEdge
Veröffentlicht
3. August 2023 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-215-04
Text
1. EXECUTIVE SUMMARY ​CVSS v3 7.1 ​ATTENTION: Low attack complexity ​Vendor: Sensormatic Electronics, LLC, a subsidiary of Johnson Controls Inc. ​Equipment: VideoEdge ​Vulnerability: Acceptance of Extraneous Untrusted Data with Trusted Data 2. RISK EVALUATION ​Successful exploitation of this vulnerability could allow a local user to edit the VideoEdge configuration file ...
03.08.2023
US CERT (ICS)
TEL-STER TelWin SCADA WebInterface
Titel
TEL-STER TelWin SCADA WebInterface
Veröffentlicht
3. August 2023 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-215-03
Text
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: TEL-STER Sp. z o. o. Equipment: TelWin SCADA WebInterface Vulnerability: Path Traversal 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated attacker to read files on the system. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS TEL-STER ...
03.08.2023
US CERT (ICS)
​Mitsubishi Electric GT and GOT Series Products
Titel
​Mitsubishi Electric GT and GOT Series Products
Veröffentlicht
3. August 2023 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-215-02
Text
1. EXECUTIVE SUMMARY ​CVSS v3 7.5 ​ATTENTION: Exploitable remotely/low attack complexity ​Vendor: Mitsubishi Electric ​Equipment: GT Designer3, GOT2000 Series, GOT SIMPLE Series, and GT SoftGOT2000 ​Vulnerability: Weak Encoding for Password 2. RISK EVALUATION ​Successful exploitation of this vulnerability could allow an attacker to obtain plaintext passwords by sniffing packets containing ...
02.08.2023
US CERT
2022 Top Routinely Exploited Vulnerabilities
Titel
2022 Top Routinely Exploited Vulnerabilities
Veröffentlicht
2. August 2023 20:57
URL
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-215a
Text
SUMMARY The following cybersecurity agencies coauthored this joint Cybersecurity Advisory (CSA): United States: The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Federal Bureau of Investigation (FBI) Australia: Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) Canada: Canadian Centre for Cyber Security (CCCS) New Zealand: New Zealand ...
01.08.2023
US CERT
Threat Actors Exploiting Ivanti EPMM Vulnerabilities
Titel
Threat Actors Exploiting Ivanti EPMM Vulnerabilities
Veröffentlicht
1. August 2023 16:42
URL
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-213a
Text
SUMMARY The Cybersecurity and Infrastructure Security Agency (CISA) and the Norwegian National Cyber Security Centre (NCSC-NO) are releasing this joint Cybersecurity Advisory (CSA) in response to active exploitation of CVE-2023-35078 and CVE-2023-35081. Advanced persistent threat (APT) actors exploited CVE-2023-35078 as a zero day from at least April 2023 through July ...
01.08.2023
US CERT (ICS)
​APSystems Altenergy Power Control
Titel
​APSystems Altenergy Power Control
Veröffentlicht
1. August 2023 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-213-01
Text
1. EXECUTIVE SUMMARY ​CVSS v3 9.8 ​ATTENTION: Exploitable remotely / low attack complexity / public exploits available ​Vendor: APSystems ​Equipment: Altenergy Power Control ​Vulnerability: OS Command Injection 2. RISK EVALUATION ​Successful exploitation of this vulnerability may allow remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ​The following versions of ...
Juli 2023
27.07.2023
US CERT (ICS)
Mitsubishi Electric CNC Series (Update A)
Titel
Mitsubishi Electric CNC Series (Update A)
Veröffentlicht
27. Juli 2023 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-208-03
Text
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: CNC Series devices Vulnerability: Classic Buffer Overflow 2. UPDATE OR REPOSTED INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-23-208-03 Mitsubishi Electric CNC Series that was published July 27, 2023, on ...
27.07.2023
US CERT (ICS)
Mitsubishi Electric CNC Series
Titel
Mitsubishi Electric CNC Series
Veröffentlicht
27. Juli 2023 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-208-03
Text
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: CNC Series devices Vulnerability: Classic Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a malicious remote attacker to cause a denial-of-service condition and execute malicious code on the product by sending ...
27.07.2023
US CERT (ICS)
ETIC Telecom RAS Authentication
Titel
ETIC Telecom RAS Authentication
Veröffentlicht
27. Juli 2023 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-208-01
Text
1. EXECUTIVE SUMMARY CVSS v3 7.1 ATTENTION: Exploitable with adjacent access/low attack complexity Vendor: ETIC Telecom Equipment: Remote Access Server (RAS) Vulnerability: Insecure Default Initialization of Resource 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to reconfigure the device or cause a denial-of-service condition. 3. TECHNICAL ...
27.07.2023
US CERT (ICS)
PTC KEPServerEX
Titel
PTC KEPServerEX
Veröffentlicht
27. Juli 2023 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-208-02
Text
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: PTC Equipment: KEPServerEX Vulnerability: Uncontrolled Resource Consumption 2. RISK EVALUATION Successful exploitation of this vulnerability could result in the affected device crashing. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of KEPServerEX, an industrial automation data concentrator ...
26.07.2023
US CERT
Preventing Web Application Access Control Abuse
Titel
Preventing Web Application Access Control Abuse
Veröffentlicht
26. Juli 2023 23:10
URL
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-208a
Text
SUMMARY The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC), U.S. Cybersecurity and Infrastructure Security Agency (CISA), and U.S. National Security Agency (NSA) are releasing this joint Cybersecurity Advisory to warn vendors, designers, and developers of web applications and organizations using web applications about insecure direct object reference (IDOR) vulnerabilities. ...
25.07.2023
US CERT (ICS)
Emerson ROC800 Series RTU and DL8000 Preset Controller
Titel
Emerson ROC800 Series RTU and DL8000 Preset Controller
Veröffentlicht
25. Juli 2023 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-206-03
Text
1. EXECUTIVE SUMMARY CVSS v3 9.4 ATTENTION: Exploitable remotely/low attack complexity Vendor: Emerson Equipment: ROC800-Series RTU; including ROC800, ROC800L, and DL8000 Preset Controllers Vulnerability: Authentication Bypass 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service condition or gain unauthorized access to data or ...
25.07.2023
US CERT (ICS)
Johnson Controls IQ Wifi 6
Titel
Johnson Controls IQ Wifi 6
Veröffentlicht
25. Juli 2023 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-206-04
Text
1. EXECUTIVE SUMMARY CVSS v3 8.3 ATTENTION: Low attack complexity Vendor: Johnson Controls Inc. Equipment: IQ Wifi 6 Vulnerability: Improper Restriction of Excessive Authentication Attempts 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthorized user to gain account access by conducting a brute force authentication attack. 3. ...

Letzte Updates

BOSCH PSIRT
31.10.2024
SIEMENS CERT
22.11.2024
US CERT
08.11.2024
US CERT (ICS)
21.11.2024

Nach Quelle

Archiv

2024
2023
2022
2021
2020
2019
2018
2017

Feeds