Februar 2023
14.02.2023
SIEMENS CERT
SSA-953464 V1.0: Multiple Vulnerabilites in Siemens Brownfield Connectivity - Client before V2.15
Titel
SSA-953464 V1.0: Multiple Vulnerabilites in Siemens Brownfield Connectivity - Client before V2.15
Veröffentlicht
14. Februar 2023 01:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-953464.pdf
Text
Siemens has released a new version for Brownfield Connectivity - Client that contains fixes for multiple vulnerabilities in the underlying OpenSSL library. Successful exploitation of these vulnerabilities could lead to Denial of Service (DoS). Siemens has released an update for Brownfield Connectivity - Client and recommends to update to the ...
14.02.2023
SIEMENS CERT
SSA-658793 V1.0: Command Injection Vulnerability in SiPass integrated AC5102 / ACC-G2 and ACC-AP
Titel
SSA-658793 V1.0: Command Injection Vulnerability in SiPass integrated AC5102 / ACC-G2 and ACC-AP
Veröffentlicht
14. Februar 2023 01:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-658793.pdf
Text
SiPass integrated ACC (Advanced Central Controller) devices improperly sanitize user input on the telnet command line interface. This could allow an authenticated user to escalate privileges by injecting arbitrary commands that are executed with root privileges. Siemens has released updates for the affected products and recommends to update to the ...
14.02.2023
SIEMENS CERT
SSA-712929 V1.7 (Last Update: 2023-02-14): Denial of Service Vulnerability in OpenSSL (CVE-2022-0778) Affecting Industrial Prod...
Titel
SSA-712929 V1.7 (Last Update: 2023-02-14): Denial of Service Vulnerability in OpenSSL (CVE-2022-0778) Affecting Industrial Products
Veröffentlicht
14. Februar 2023 01:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-712929.pdf
Text
A vulnerability in the openSSL component (CVE-2022-0778, [0]) could allow an attacker to create a denial of service condition by providing specially crafted elliptic curve certificates to products that use a vulnerable version of openSSL. Siemens has released updates for several affected products and recommends to update to the latest ...
14.02.2023
SIEMENS CERT
SSB-439005 V5.0 (Last Update: 2023-02-14): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 151...
Titel
SSB-439005 V5.0 (Last Update: 2023-02-14): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP
Veröffentlicht
14. Februar 2023 01:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssb-439005.pdf
Text
14.02.2023
SIEMENS CERT
SSA-446448 V1.7 (Last Update: 2023-02-14): Denial of Service Vulnerability in PROFINET Stack Integrated on Interniche Stack
Titel
SSA-446448 V1.7 (Last Update: 2023-02-14): Denial of Service Vulnerability in PROFINET Stack Integrated on Interniche Stack
Veröffentlicht
14. Februar 2023 01:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-446448.pdf
Text
The PROFINET (PNIO) stack, when integrated with the Interniche IP stack, contains a vulnerability that could allow an attacker to cause a denial of service condition on affected industrial products. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further ...
14.02.2023
SIEMENS CERT
SSA-252808 V1.0: XPath Constraint Vulnerability in Mendix Runtime
Titel
SSA-252808 V1.0: XPath Constraint Vulnerability in Mendix Runtime
Veröffentlicht
14. Februar 2023 01:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-252808.pdf
Text
Mendix applications contain an improper access control vulnerability that could allow an attacker to bypass XPath constraints and retrieve information using XPath queries that trigger errors. Siemens has released updates for the affected products and recommends to update to the latest versions.
14.02.2023
SIEMENS CERT
SSA-450613 V1.0: Insyde BIOS Vulnerabilities in RUGGEDCOM APE1808 Product Family
Titel
SSA-450613 V1.0: Insyde BIOS Vulnerabilities in RUGGEDCOM APE1808 Product Family
Veröffentlicht
14. Februar 2023 01:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-450613.pdf
Text
Insyde has published information on vulnerabilities in Insyde BIOS in November 2022. These vulnerabilities also affect the RUGGEDCOM APE1808 product family. Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available.
14.02.2023
SIEMENS CERT
SSA-506569 V1.1 (Last Update: 2023-02-14): Multiple Vulnerabilities in SCALANCE W1750D
Titel
SSA-506569 V1.1 (Last Update: 2023-02-14): Multiple Vulnerabilities in SCALANCE W1750D
Veröffentlicht
14. Februar 2023 01:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf
Text
The SCALANCE W1750D device contains multiple vulnerabilities that could allow an attacker to inject commands or exploit buffer overflow vulnerabilities which could lead to denial of service, unauthenticated remote code execution or stored XSS. Siemens has released updates for the affected products and recommends to update to the latest versions.
14.02.2023
SIEMENS CERT
SSA-640968 V1.0: Untrusted Search Path Vulnerability in TIA Project-Server formerly known as TIA Multiuser Server
Titel
SSA-640968 V1.0: Untrusted Search Path Vulnerability in TIA Project-Server formerly known as TIA Multiuser Server
Veröffentlicht
14. Februar 2023 01:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-640968.pdf
Text
TIA Project-Server formerly known as TIA Multiuser Server contains an untrusted search path vulnerability that could allow an attacker to escalate privileges, when tricking a legitimate user to start the service from an attacker controlled path. Siemens has released updates for several affected products and recommends to update to the ...
09.02.2023
US CERT
AA23-040A: #StopRansomware: Ransomware Attacks on Critical Infrastructure Fund DPRK Malicious Cyber Activities
Titel
AA23-040A: #StopRansomware: Ransomware Attacks on Critical Infrastructure Fund DPRK Malicious Cyber Activities
Veröffentlicht
9. Februar 2023 19:00
URL
https://us-cert.cisa.gov/ncas/alerts/aa23-040a
Text
Original release date: February 9, 2023SummaryNote: This Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and various ransomware threat actors. These #StopRansomware advisories detail historically and recently observed tactics, techniques, and procedures (TTPs) and indicators of compromise ...
09.02.2023
US CERT (ICS)
Control By Web X-400, X-600M
Titel
Control By Web X-400, X-600M
Veröffentlicht
9. Februar 2023 16:25
URL
https://us-cert.cisa.gov/ics/advisories/icsa-23-040-01
Text
09.02.2023
US CERT (ICS)
LS ELECTRIC XBC-DN32U
Titel
LS ELECTRIC XBC-DN32U
Veröffentlicht
9. Februar 2023 16:20
URL
https://us-cert.cisa.gov/ics/advisories/icsa-23-040-02
Text
09.02.2023
US CERT (ICS)
Johnson Controls System Configuration Tool (SCT)
Titel
Johnson Controls System Configuration Tool (SCT)
Veröffentlicht
9. Februar 2023 16:15
URL
https://us-cert.cisa.gov/ics/advisories/icsa-23-040-03
Text
09.02.2023
US CERT (ICS)
Horner Automation Cscape Envision RV
Titel
Horner Automation Cscape Envision RV
Veröffentlicht
9. Februar 2023 16:10
URL
https://us-cert.cisa.gov/ics/advisories/icsa-23-040-04
Text
09.02.2023
US CERT (ICS)
Omron SYSMAC CS/CJ/CP Series and NJ/NX Series (Update A)
Titel
Omron SYSMAC CS/CJ/CP Series and NJ/NX Series (Update A)
Veröffentlicht
9. Februar 2023 16:05
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-179-02
Text
This advisory contains mitigations for Cleartext Transmission of Sensitive Information, Insufficient Verification of Data Authenticity, and Plaintext Storage of a Password vulnerabilities in Omron SYSMAC CS/CJ/CP Series and NJ/NX Series programmable logic controllers.
08.02.2023
US CERT
AA23-039A: ESXiArgs Ransomware Virtual Machine Recovery Guidance
Titel
AA23-039A: ESXiArgs Ransomware Virtual Machine Recovery Guidance
Veröffentlicht
8. Februar 2023 17:14
URL
https://us-cert.cisa.gov/ncas/alerts/aa23-039a
Text
Original release date: February 8, 2023SummaryThe Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) are releasing this joint Cybersecurity Advisory (CSA) in response to the ongoing ransomware campaign, known as “ESXiArgs.” Malicious actors may be exploiting known vulnerabilities in VMware ESXi servers that are likely ...
07.02.2023
US CERT (ICS)
EnOcean SmartServer
Titel
EnOcean SmartServer
Veröffentlicht
7. Februar 2023 16:00
URL
https://us-cert.cisa.gov/ics/advisories/icsa-23-037-01
Text
02.02.2023
US CERT (ICS)
Delta Electronics DIAScreen
Titel
Delta Electronics DIAScreen
Veröffentlicht
2. Februar 2023 16:25
URL
https://us-cert.cisa.gov/ics/advisories/icsa-23-033-01
Text
02.02.2023
US CERT (ICS)
Mitsubishi Electric GOT2000 Series and GT SoftGOT2000
Titel
Mitsubishi Electric GOT2000 Series and GT SoftGOT2000
Veröffentlicht
2. Februar 2023 16:20
URL
https://us-cert.cisa.gov/ics/advisories/icsa-23-033-02
Text
02.02.2023
US CERT (ICS)
Baicells Nova
Titel
Baicells Nova
Veröffentlicht
2. Februar 2023 16:15
URL
https://us-cert.cisa.gov/ics/advisories/icsa-23-033-03
Text
02.02.2023
US CERT (ICS)
Delta Electronics DVW-W02W2-E2
Titel
Delta Electronics DVW-W02W2-E2
Veröffentlicht
2. Februar 2023 16:10
URL
https://us-cert.cisa.gov/ics/advisories/icsa-23-033-04
Text
02.02.2023
US CERT (ICS)
Delta Electronics DX-2100-L1-CN
Titel
Delta Electronics DX-2100-L1-CN
Veröffentlicht
2. Februar 2023 16:05
URL
https://us-cert.cisa.gov/ics/advisories/icsa-23-033-05
Text
02.02.2023
US CERT (ICS)
Mitsubishi Electric Multiple Factory Automation Products (Update D)
Titel
Mitsubishi Electric Multiple Factory Automation Products (Update D)
Veröffentlicht
2. Februar 2023 16:00
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-221-01
Text
Januar 2023
31.01.2023
US CERT
#StopRansomware: Cuba Ransomware
Titel
#StopRansomware: Cuba Ransomware
Veröffentlicht
31. Januar 2023 22:32
URL
https://www.cisa.gov/news-events/cybersecurity-advisories/aa22-335a
Text
Summary Actions to take today to mitigate cyber threats from ransomware: • Prioritize remediating known exploited vulnerabilities. • Train users to recognize and report phishing attempts. • Enable and enforce phishing-resistant multifactor authentication. Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for ...
31.01.2023
US CERT
Impacket and Exfiltration Tool Used to Steal Sensitive ...
Titel
<a href="/news-events/cybersecurity-advisories/aa22-277a" hreflang="en">Impacket and Exfiltration Tool Used to Steal Sensitive Information from Defense Industrial Base Organization</a>
Veröffentlicht
31. Januar 2023 22:32
URL
https://www.cisa.gov/news-events/cybersecurity-advisories/aa22-277a
Text

Letzte Updates

BOSCH PSIRT
31.10.2024
SIEMENS CERT
22.11.2024
US CERT
08.11.2024
US CERT (ICS)
21.11.2024

Nach Quelle

Archiv

2024
2023
2022
2021
2020
2019
2018
2017

Feeds