März 2023
Titel
SSA-697140 V1.2 (Last Update: 2023-03-14): Denial of Service Vulnerability in the TCP Event Service of SCALANCE and RUGGEDCOM Products
Veröffentlicht
14. März 2023 01:00
Text
The products listed below contain a denial of service vulnerability in the TCP event interface that could allow an unauthenticated remote attacker to render the device unusable. Siemens has released updates for the affected products and recommends to update to the latest versions.
Titel
SSA-712929 V1.8 (Last Update: 2023-03-14): Denial of Service Vulnerability in OpenSSL (CVE-2022-0778) Affecting Industrial Products
Veröffentlicht
14. März 2023 01:00
Text
A vulnerability in the openSSL component (CVE-2022-0778, [0]) could allow an attacker to create a denial of service condition by providing specially crafted elliptic curve certificates to products that use a vulnerable version of openSSL. Siemens has released updates for several affected products and recommends to update to the latest ...
Titel
SSA-565386 V1.0: Third-Party Component Vulnerabilities in SCALANCE W-700 IEEE 802.11ax devices before V2.0
Veröffentlicht
14. März 2023 01:00
Text
Multiple vulnerabilities affecting various third-party components of SCALANCE W-700 IEEE 802.11ax devices before V2.0 could allow an attacker to cause a denial of service condition, disclose sensitive data or violate the system integrity. Siemens has released an update for SCALANCE W-700 IEEE 802.11ax and recommends to update to the latest ...
Titel
SSA-772220 V2.2 (Last Update: 2023-03-14): OpenSSL Vulnerabilities in Industrial Products
Veröffentlicht
14. März 2023 01:00
Text
OpenSSL has published a security advisory [0] about a vulnerability in OpenSSL versions 1.1.1 < 1.1.1k, that allows an unauthenticated attacker to cause a Denial-of-Service (DoS) if a maliciously crafted renegotiation message is sent. Siemens has released updates for several affected products and recommends to update to the latest versions. ...
Titel
SSA-223771 V1.2 (Last Update: 2023-03-14): SISCO Stack Vulnerability in SIPROTEC 5 Devices
Veröffentlicht
14. März 2023 01:00
Text
A vulnerability in the third party component SISCO MMS-EASE could allow attackers to cause a denial of service condition with SIPROTEC 5 devices. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products ...
Titel
SSA-764417 V1.7 (Last Update: 2023-03-14): Weak Encryption Vulnerability in RUGGEDCOM ROS Devices
Veröffentlicht
14. März 2023 01:00
Text
The SSH server on RUGGEDCOM ROS devices is configured to offer weak ciphers by default. This could allow an unauthorized attacker in a man-in-the-middle position to read and modify any data passed over the connection between legitimate clients and the affected device. Siemens has released updates for the affected products ...
Titel
SSA-726834 V1.0: Denial of Service Vulnerability in the RADIUS Client of SIPROTEC 5 Devices
Veröffentlicht
14. März 2023 01:00
Text
The RADIUS client implementation of the VxWorks platform in SIPROTEC 5 devices contains a denial of service vulnerability that could be triggered when a specially crafted packet is sent by a RADIUS server. Siemens has released updates for the affected products and recommends to update to the latest versions.
Titel
SSA-203374 V1.0: Multiple OpenSSL Vulnerabilities in SCALANCE W1750D Devices
Veröffentlicht
14. März 2023 01:00
Text
The SCALANCE W1750D device contains multiple vulnerabilities in the integrated OpenSSL component that could allow an attacker to read memory contents, decrypt RSA-encrypted messages or create a denial of service condition. Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available.
Titel
SSA-840800 V1.2 (Last Update: 2023-03-14): Code Injection Vulnerability in RUGGEDCOM ROS
Veröffentlicht
14. März 2023 01:00
Text
RUGGEDCOM ROS-based devices are vulnerable to a web-based code injection attack. To execute this attack, it is necessary to access the system via the Command Line Interface (CLI). Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products ...
Titel
SSA-787941 V1.1 (Last Update: 2023-03-14): Denial of Service Vulnerability in RUGGEDCOM ROS V4
Veröffentlicht
14. März 2023 01:00
Text
RUGGEDCOM ROS-based V4 devices are vulnerable to a denial of service attack (Slowloris). By sending partial HTTP requests nonstop, with none completed, the affected web servers will be waiting for the completion of each request, occupying all available HTTP connections. The web server recovers by itself once the attack ends. ...
Titel
SSA-941426 V1.4 (Last Update: 2023-03-14): Multiple LLDP Vulnerabilities in Industrial Products
Veröffentlicht
14. März 2023 01:00
Text
There are multiple vulnerabilities in an underlying Link Layer Discovery Protocol (LLDP) third party library. Siemens has released updates for the affected products and recommends to update to the latest versions.
Titel
SSA-244969 V1.9 (Last Update: 2023-03-14): OpenSSL Vulnerability in Industrial Products
Veröffentlicht
14. März 2023 01:00
Text
OpenSSL has published a security advisory [0] about a vulnerability in OpenSSL versions 1.1.1 < 1.1.1l and 1.0.2 < 1.0.2za that allows an attacker to cause a denial of service (DoS) or to disclose private memory content. Siemens has released updates for several affected products and recommends to update to ...
Titel
SSA-552702 V1.4 (Last Update: 2023-03-14): Privilege Escalation Vulnerability in the Web Interface of SCALANCE and RUGGEDCOM Products
Veröffentlicht
14. März 2023 01:00
Text
The products listed below do not properly authorize the change password function of the web interface. This could allow low privileged users to escalate their privileges. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific ...
Titel
SSA-851884 V1.0: Authentication Bypass Vulnerability in Mendix SAML Module
Veröffentlicht
14. März 2023 01:00
Text
The Mendix SAML module insufficiently verifies the SAML assertions. This could allow unauthenticated remote attackers to bypass authentication and get access to the application. Mendix has provided fix releases for the Mendix SAML module and recommends to update to the latest version.
Titel
SSA-847261 V1.1 (Last Update: 2023-03-14): Multiple SPP File Parsing Vulnerabilities in Tecnomatix Plant Simulation
Veröffentlicht
14. März 2023 01:00
Text
Siemens Tecnomatix Plant Simulation has released an update, 2201 Update 6, that fixes multiple vulnerabilities that could be triggered when the application reads SPP files. If a user is tricked to open a malicious file using the affected application, this could lead to a crash, and potentially also to arbitrary ...
Titel
SSA-539476 V1.4 (Last Update: 2023-03-14): Siemens SIMATIC NET CP, SINEMA and SCALANCE Products Affected by Vulnerabilities in Third-Party Component strongSwan
Veröffentlicht
14. März 2023 01:00
Text
Vulnerabilities in the third-party component strongSwan could allow an attacker to cause a denial of service (DoS) condition in affected devices by exploiting integer overflow bugs. Siemens has released updates for the affected products and recommends to update to the latest versions.
Titel
Threat Actors Exploit Progress Telerik Vulnerability in U.S. Government IIS Server
Veröffentlicht
13. März 2023 18:57
Text
SUMMARY From November 2022 through early January 2023, the Cybersecurity and Infrastructure Security Agency (CISA) and authoring organizations identified the presence of indicators of compromise (IOCs) at a federal civilian executive branch (FCEB) agency. Analysts determined that multiple cyber threat actors, including an APT actor, were able to exploit a ...
Titel
Threat Actors Exploit Progress Telerik Vulnerabilities in Multiple U.S. Government IIS Servers
Veröffentlicht
13. März 2023 18:57
Text
SUMMARY From November 2022 through early January 2023, the Cybersecurity and Infrastructure Security Agency (CISA) and authoring organizations identified the presence of indicators of compromise (IOCs) at a federal civilian executive branch (FCEB) agency. Analysts determined that multiple cyber threat actors, including an advanced persistent threat (APT) actor, were able ...
Titel
<a href="/news-events/cybersecurity-advisories/aa23-074a" hreflang="en">Threat Actors Exploit Progress Telerik Vulnerability in U.S. Government IIS Server</a>
Veröffentlicht
13. März 2023 18:57
Text
SUMMARY From November 2022 through early January 2023, the Cybersecurity and Infrastructure Security Agency (CISA) and authoring organizations identified the presence of indicators of compromise (IOCs) at a federal civilian executive branch (FCEB) agency. Analysts determined that multiple cyber threat actors, including an APT actor, were able to exploit a ...
Titel
<a href="/news-events/ics-advisories/icsa-23-068-05" hreflang="en">Hitachi Energy Relion 670, 650 and SAM600-IO Series</a>
Veröffentlicht
9. März 2023 13:00
Text
1. EXECUTIVE SUMMARY CVSS v3 4.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: Relion 670, 650, and SAM600-IO Series Vulnerability: Insufficient Verification of Data Authenticity 2. RISK EVALUATION Successful exploitation of this vulnerability could cause the Intelligent Electronic Device (IED) to restart, causing a temporary denial-of-service condition. 3. ...
Titel
<a href="/news-events/ics-advisories/icsa-23-068-01" hreflang="en">Akuvox E11</a>
Veröffentlicht
9. März 2023 13:00
Text
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Akuvox Equipment: E11 Vulnerabilities: Generation of Predictable IV with CBC, User of Hard-coded Cryptographic Key, Missing Authentication for Critical Function, Storing Passwords in a Recoverable Format, Weak Password Recovery Mechanism for Forgotten Password, Command Injection, Reliance on File ...
Titel
<a href="/news-events/ics-advisories/icsa-23-068-04" hreflang="en">Step Tools Third-Party</a>
Veröffentlicht
9. März 2023 13:00
Text
1. EXECUTIVE SUMMARY CVSS v3 2.2 ATTENTION: Low attack complexity Vendor: Step Tools, Inc Equipment: STEPTools ifcmesh library Vulnerability: Null Pointer Dereference 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to deny application usage when reading a specially constructed file. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ...
Titel
<a href="/news-events/ics-advisories/icsa-23-068-03" hreflang="en">ABB Ability Symphony Plus</a>
Veröffentlicht
9. März 2023 13:00
Text
1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Low attack complexity Vendor: ABB Equipment: Ability Symphony Plus Vulnerability: Improper Authentication 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthorized client to connect to the S+ Operations servers (human machine interface (HMI) network), to act as a legitimate S+ ...
Titel
<a href="/news-events/ics-advisories/icsa-23-068-02" hreflang="en">B&amp;R Systems Diagnostics Manager</a>
Veröffentlicht
9. März 2023 13:00
Text
1. EXECUTIVE SUMMARY CVSS v3 6.1 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: B&R Industrial Automation Equipment: Systems Diagnostics Manager (SDM) Vulnerability: Cross-site Scripting 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code to exfiltrate data and perform any action within ...
Titel
<a href="/news-events/ics-advisories/icsa-23-061-01" hreflang="en">Mitsubishi Electric MELSEC iQ-F Series</a>
Veröffentlicht
2. März 2023 13:00
Text

Letzte Updates

BOSCH PSIRT
31.10.2024
SIEMENS CERT
22.11.2024
US CERT
08.11.2024
US CERT (ICS)
21.11.2024

Nach Quelle

Archiv

2024
2023
2022
2021
2020
2019
2018
2017

Feeds