August 2024
13.08.2024
SIEMENS CERT
SSA-981975 V1.3 (Last Update: 2024-08-13): Information Disclosure Vulnerability in Intel-CPUs (CVE-2022-40982) Impacting SIMATI...
Titel
SSA-981975 V1.3 (Last Update: 2024-08-13): Information Disclosure Vulnerability in Intel-CPUs (CVE-2022-40982) Impacting SIMATIC IPCs
Veröffentlicht
13. August 2024 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-981975.html
Text
Several Intel-CPU based SIMATIC IPCs are affected by an information exposure vulnerability (CVE-2022-40982) in the CPU that could allow an authenticated local user to potentially read other users’ data [1]. The issue is also known as “Gather Data Sampling” (GDS) or Downfall Attacks. For details refer to the chapter “Additional ...
13.08.2024
SIEMENS CERT
SSA-999588 V1.4 (Last Update: 2024-08-13): Multiple Vulnerabilities in User Management Component (UMC) Before V2.11.2
Titel
SSA-999588 V1.4 (Last Update: 2024-08-13): Multiple Vulnerabilities in User Management Component (UMC) Before V2.11.2
Veröffentlicht
13. August 2024 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-999588.html
Text
Siemens User Management Component (UMC) before V2.11.2 is affected by multiple vulnerabilities where the most severe could lead to a restart of the UMC server. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where fixes ...
13.08.2024
SIEMENS CERT
SSA-921449 V1.0: Plaintext Storage of a Password Vulnerability in LOGO! V8.3 BM Devices
Titel
SSA-921449 V1.0: Plaintext Storage of a Password Vulnerability in LOGO! V8.3 BM Devices
Veröffentlicht
13. August 2024 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-921449.html
Text
LOGO! V8.3 BM (incl. SIPLUS variants) devices contain a plaintext storage of a password vulnerability. This could allow an attacker with phyiscal access to an affected device to extract user-set passwords from an embedded storage IC. Siemens has released new hardware versions with the LOGO! V8.4 BM product family for ...
13.08.2024
SIEMENS CERT
SSA-640968 V1.2 (Last Update: 2024-08-13): Untrusted Search Path Vulnerability in TIA Project-Server formerly known as TIA Mult...
Titel
SSA-640968 V1.2 (Last Update: 2024-08-13): Untrusted Search Path Vulnerability in TIA Project-Server formerly known as TIA Multiuser Server
Veröffentlicht
13. August 2024 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-640968.html
Text
TIA Project-Server formerly known as TIA Multiuser Server contains an untrusted search path vulnerability that could allow an attacker to escalate privileges, when tricking a legitimate user to start the service from an attacker controlled path. Siemens has released updates for several affected products and recommends to update to the ...
12.08.2024
US CERT
CISA Adds Six Known Exploited Vulnerabilities to Catalog
Titel
CISA Adds Six Known Exploited Vulnerabilities to Catalog
Veröffentlicht
12. August 2024 19:38
URL
https://www.cisa.gov/news-events/alerts/2024/08/13/cisa-adds-six-known-exploited-vulnerabilities-catalog
Text
CISA has added six new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-38189 Microsoft Project Remote Code Execution Vulnerability CVE-2024-38178 Microsoft Windows Scripting Engine Memory Corruption Vulnerability CVE-2024-38213 Microsoft Windows SmartScreen Security Feature Bypass Vulnerability CVE-2024-38193 Microsoft Windows Ancillary Function Driver for WinSock Privilege ...
08.08.2024
US CERT (ICS)
Dorsett Controls InfoScan
Titel
Dorsett Controls InfoScan
Veröffentlicht
8. August 2024 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-24-221-01
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Dorsett Controls Equipment: InfoScan Vulnerabilities: Exposure of Sensitive Information To An Unauthorized Actor, Path Traversal 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to expose sensitive information, resulting in data theft and ...
07.08.2024
BOSCH PSIRT
Multiple Curl vulnerabilities in the Git for Windows component of Bosch DIVAR IP all-in-one Devices
Titel
Multiple Curl vulnerabilities in the Git for Windows component of Bosch DIVAR IP all-in-one Devices
Veröffentlicht
7. August 2024 02:00
URL
https://psirt.bosch.com/security-advisories/bosch-sa-587194-bt.html
Text

BOSCH-SA-587194-BT: DIVAR IP System Manager is a central user interface that provides an easy system setup, configuration and application software upgrades through an easily accessible web-based application. Multiple Curl vulnerabilities in the Git for Windows component have been discovered in DIVAR IP System Manager versions prior to 2.3.2, affecting several ...

02.08.2024
SIEMENS CERT
SSA-857368 V1.0: Multiple Vulnerabilities in Omnivise T3000
Titel
SSA-857368 V1.0: Multiple Vulnerabilities in Omnivise T3000
Veröffentlicht
2. August 2024 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-857368.html
Text
Omnivise T3000 contains multiple vulnerabilities that could allow an attacker to escalate privileges. Siemens Energy has released patches for several affected products and recommends to apply the patches. Siemens Energy is preparing further fixes for versions still under maintenance and recommends countermeasures for products where fixes are not, or not ...
01.08.2024
US CERT (ICS)
Johnson Controls exacqVision Web Service
Titel
Johnson Controls exacqVision Web Service
Veröffentlicht
1. August 2024 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-04
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.4 ATTENTION: Exploitable remotely Vendor: Johnson Controls, Inc. Equipment: exacqVision Web Service Vulnerability: Cleartext Transmission of Sensitive Information 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to perform a man-in-the-middle attack and gain access to sensitive information. 3. TECHNICAL ...
01.08.2024
US CERT (ICS)
AVTECH IP Camera
Titel
AVTECH IP Camera
Veröffentlicht
1. August 2024 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-07
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available/known public exploitation Vendor: AVTECH SECURITY Corporation Equipment: IP camera Vulnerability: Command Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to inject and execute commands as the owner of the ...
01.08.2024
US CERT (ICS)
Johnson Controls exacqVision Server Web Service
Titel
Johnson Controls exacqVision Server Web Service
Veröffentlicht
1. August 2024 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-02
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.6 ATTENTION: Exploitable remotely Vendor: Johnson Controls Inc. Equipment: exacqVision Web Service Vulnerability: Permissive Cross-domain Policy with Untrusted Domains 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to send an unauthorized request or access data from an untrusted domain. ...
01.08.2024
US CERT (ICS)
Vonets WiFi Bridges
Titel
Vonets WiFi Bridges
Veröffentlicht
1. August 2024 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-08
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Vonets Equipment: VAR1200-H, VAR1200-L, VAR600-H, VAP11AC, VAP11G-500S, VBG1200, VAP11S-5G, VAP11S, VAR11N-300, VAP11G-300, VAP11N-300, VAP11G, VAP11G-500, VBG1200, VAP11AC, VGA-1000 Vulnerabilities: Use of Hard-coded Credentials, Improper Access Control, Path Traversal, Command Injection, Improper Check or Handling of Exceptional ...
01.08.2024
US CERT (ICS)
Johnson Controls exacqVision Client and exacqVision Server
Titel
Johnson Controls exacqVision Client and exacqVision Server
Veröffentlicht
1. August 2024 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-01
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.0 ATTENTION: Exploitable remotely Vendor: Johnson Controls Inc. Equipment: exacqVision Client, exacqVision Server key Vulnerability: Inadequate Encryption Strength 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to be able to decrypt communications between exacqVision Server and exacqVision Client due ...
Juli 2024
25.07.2024
US CERT (ICS)
Positron Broadcast Signal Processor
Titel
Positron Broadcast Signal Processor
Veröffentlicht
25. Juli 2024 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-24-207-02
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: Positron S.R.L Equipment: Broadcast Signal Processor TRA7005 Vulnerability: Authentication Bypass Using an Alternate Path or Channel 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to bypass authentication and access ...
24.07.2024
US CERT
North Korea Cyber Group Conducts Global Espionage Campaign to Advance Regime’s Military and Nuclear Programs
Titel
North Korea Cyber Group Conducts Global Espionage Campaign to Advance Regime’s Military and Nuclear Programs
Veröffentlicht
24. Juli 2024 18:37
URL
https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-207a
Text
Summary The U.S. Federal Bureau of Investigation (FBI) and the following authoring partners are releasing this Cybersecurity Advisory to highlight cyber espionage activity associated with the Democratic People’s Republic of Korea (DPRK)’s Reconnaissance General Bureau (RGB) 3rd Bureau based in Pyongyang and Sinuiju: U.S. Cyber National Mission Force (CNMF) U.S. ...
23.07.2024
US CERT (ICS)
National Instruments IO Trace
Titel
National Instruments IO Trace
Veröffentlicht
23. Juli 2024 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-24-205-01
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION: Low attack complexity Vendor: National Instruments Equipment: IO Trace Vulnerability: Stack-Based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a local attacker to execute arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following National Instruments I/O ...
23.07.2024
US CERT (ICS)
National Instruments LabVIEW
Titel
National Instruments LabVIEW
Veröffentlicht
23. Juli 2024 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-24-205-03
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION: Low attack complexity Vendor: National Instruments Equipment: LabVIEW Vulnerabilities: Out-of-Bounds Read, Improper Restriction of Operations within the Bounds of a Memory Buffer 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow a local attacker to disclose information and execute arbitrary ...
23.07.2024
US CERT (ICS)
Hitachi Energy AFS/AFR Series Products
Titel
Hitachi Energy AFS/AFR Series Products
Veröffentlicht
23. Juli 2024 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-24-205-02
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: AFS650, AFS660, AFS665, AFS670, AFS675, AFS677, AFR677 Vulnerabilities: Type Confusion, Use After Free, Double Free, Observable Discrepancy 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to create a denial-of-service ...
22.07.2024
SIEMENS CERT
SSA-071402 V1.0: Multiple Vulnerabilities in SICAM Products
Titel
SSA-071402 V1.0: Multiple Vulnerabilities in SICAM Products
Veröffentlicht
22. Juli 2024 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-071402.html
Text
Multiple SICAM products are affected by unauthorized password reset and firmware downgrade vulnerabilities that could lead to privilege escalation and potential leak of information, namely: SICAM A8000 Device firmware CPCI85 for CP-8031/CP-8050 SICAM EGS Device firmware CPCI85 SICAM 8 Software Solution SICORE Siemens has released new firmware versions for the ...
22.07.2024
SIEMENS CERT
SSA-723487 V1.1 (Last Update: 2024-07-22): RADIUS Protocol Susceptible to Forgery Attacks (CVE-2024-3596) - Impact to SCALANCE,...
Titel
SSA-723487 V1.1 (Last Update: 2024-07-22): RADIUS Protocol Susceptible to Forgery Attacks (CVE-2024-3596) - Impact to SCALANCE, RUGGEDCOM and Related Products
Veröffentlicht
22. Juli 2024 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-723487.html
Text
This advisory documents the impact of CVE-2024-3596 (also dubbed “Blastradius”), a vulnerability in the RADIUS protocol, to SCALANCE, RUGGEDCOM and related products. The vulnerability could allow on-path attackers, located between a Network Access Server (the RADIUS client, e.g., SCALANCE or RUGGEDCOM devices) and a RADIUS server (e.g., SINEC INS), to ...
19.07.2024
BOSCH PSIRT
"regreSSHion" OpenSSH vulnerability in PRC7000
Titel
"regreSSHion" OpenSSH vulnerability in PRC7000
Veröffentlicht
19. Juli 2024 02:00
URL
https://psirt.bosch.com/security-advisories/bosch-sa-258444.html
Text

BOSCH-SA-248444: The Qualys Threat Research Unit (TRU) has discovered a Remote Unauthenticated Code Execution (RCE) vulnerability in OpenSSH’s server (sshd) in glibc-based Linux systems. The vulnerability, which is a signal handler race condition in OpenSSH’s server (sshd), allows unauthenticated remote code execution (RCE) as root on glibc-based Linux systems; that ...

18.07.2024
US CERT (ICS)
Mitsubishi Electric MELSOFT MaiLab
Titel
Mitsubishi Electric MELSOFT MaiLab
Veröffentlicht
18. Juli 2024 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-24-200-01
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.2 ATTENTION: Exploitable remotely Vendor: Mitsubishi Electric Corporation Equipment: MELSOFT MaiLab Vulnerability: Improper Verification of Cryptographic Signature 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote attacker to cause a denial-of-service condition in the target product. 3. TECHNICAL DETAILS 3.1 ...
18.07.2024
US CERT (ICS)
Subnet Solutions PowerSYSTEM Center
Titel
Subnet Solutions PowerSYSTEM Center
Veröffentlicht
18. Juli 2024 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-24-200-02
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Subnet Solutions Inc. Equipment: Subnet PowerSYSTEM Center Vulnerability: Prototype Pollution 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an authenticated attacker to elevate permissions. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of ...
16.07.2024
US CERT (ICS)
Rockwell Automation Pavilion 8
Titel
Rockwell Automation Pavilion 8
Veröffentlicht
16. Juli 2024 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-24-198-01
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: Pavilion 8 Vulnerability: Incorrect Permission Assignment for Critical Resource 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to create new users and view sensitive data. 3. TECHNICAL DETAILS 3.1 ...
11.07.2024
US CERT (ICS)
Siemens RUGGEDCOM APE 1808
Titel
Siemens RUGGEDCOM APE 1808
Veröffentlicht
11. Juli 2024 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-24-193-02
Text
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).View CSAF 1. EXECUTIVE SUMMARY CVSS ...

Letzte Updates

BOSCH PSIRT
21.08.2024
SIEMENS CERT
12.09.2024
US CERT
04.09.2024
US CERT (ICS)
19.09.2024

Nach Quelle

Archiv

2024
2023
2022
2021
2020
2019
2018
2017

Feeds