April 2023
März 2023
Titel
SSA-632164 V1.0: External Entity Injection Vulnerability in Polarion ALM
Veröffentlicht
11. April 2023 02:00
Text
Polarion ALM is vulnerable to XML External Entity (XXE) injection attack that could allow an attacker to potentially disclose confidential data. Siemens has released an update for Polarion ALM and recommends to update to the latest version, and update specific configurations to mitigate against the vulnerability. The configuration changes to ...
Titel
SSA-558014 V1.0: Third-Party Component Vulnerabilities in SCALANCE XCM332 before V2.2
Veröffentlicht
11. April 2023 02:00
Text
Multiple vulnerabilities in the third-party components cURL, BusyBox, libtirpc, Expat as well as in the Linux Kernel could allow an attacker to impact the SCALANCE XCM332 device’s confidentiality, integrity and availability. Siemens has released an update for the SCALANCE XCM332 and recommends to update to the latest version.
Titel
SSA-566905 V1.0: Multiple Denial of Service Vulnerabilities in the Webserver of Industrial Products
Veröffentlicht
11. April 2023 02:00
Text
Multiple vulnerabilities in the affected products could allow an unauthorized attacker with network access to the webserver of an affected products to perform a denial of service attack. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and ...
Titel
SSA-552702 V1.5 (Last Update: 2023-04-11): Privilege Escalation Vulnerability in the Web Interface of SCALANCE and RUGGEDCOM Products
Veröffentlicht
11. April 2023 02:00
Text
The products listed below do not properly authorize the change password function of the web interface. This could allow low privileged users to escalate their privileges. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates ...
Titel
SSA-557541 V1.2 (Last Update: 2023-04-11): Denial-of-Service Vulnerability in SIMATIC S7-400 CPUs
Veröffentlicht
11. April 2023 02:00
Text
SIMATIC S7-400 CPU devices contain an input validation vulnerability that could allow an attacker to create a Denial-of-Service condition. A restart is needed to restore normal operations. Siemens has released an update for SIMATIC S7-410 V10 CPU family and SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants for both) ...
Titel
SSA-549234 V1.3 (Last Update: 2023-04-11): Denial-of-Service Vulnerability in SIMATIC NET CP Modules
Veröffentlicht
11. April 2023 02:00
Text
A denial of service vulnerability was identified in different types of Communication Processors. An attacker could exploit this vulnerability causing the device to become un-operational until the device is restarted. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures ...
Titel
SSA-511182 V1.0: Use of Static TLS Certificate Known Hard Coded Private Keys in Adaptec Maxview Application
Veröffentlicht
11. April 2023 02:00
Text
The Adaptec Maxview application shipped with affected SIMATIC IPCs contains a hard coded, non-unique certificate to secure HTTPS connections between the browser and the local Maxview configuration application. A local attacker may use this key to decrypt intercepted local traffic between the browser and the application and could perform a ...
Titel
Hitachi Energy MicroSCADA System Data Manager SDM600
Veröffentlicht
6. April 2023 14:00
Text
1. EXECUTIVE SUMMARY CVSS v3 9.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: MicroSCADA System Data Manager SDM600 Vulnerabilities: Unrestricted Upload of File with Dangerous Type, Improper Authorization, Improper Resource Shutdown or Release, Improper Privilege Management 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker ...
Titel
JTEKT ELECTRONICS Screen Creator Advance 2
Veröffentlicht
6. April 2023 14:00
Text
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: JTEKT ELECTRONICS CORPORATION Equipment: Screen Creator Advance 2 Vulnerabilities: Out-of-bounds Read, Out-of-bounds Write, Use After Free 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to disclose information or execute arbitrary code. 3. TECHNICAL DETAILS 3.1 ...
Titel
JTEKT ELECTRONICS Kostac PLC Programming Software
Veröffentlicht
6. April 2023 14:00
Text
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: JTEKT ELECTRONICS CORPORATION Equipment: Kostac PLC Programming Software Vulnerabilities: Out-of-bounds Read, Use After Free 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to disclose information or execute arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ...
Titel
Korenix Jetwave
Veröffentlicht
6. April 2023 14:00
Text
1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Korenix Equipment: Jetwave Vulnerabilities: Command Injection, Uncontrolled Resource Consumption 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to gain full access to the underlying operating system of the device or cause a denial-of-service condition. ...
Titel
Industrial Control Links ScadaFlex II SCADA Controllers
Veröffentlicht
6. April 2023 14:00
Text
1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: Industrial Control Links Equipment: ScadaFlex II SCADA Controllers Vulnerability: External Control of File Name or Path 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an authenticated attacker to overwrite, delete, or create files. ...
Titel
Nexx Smart Home Device
Veröffentlicht
4. April 2023 14:00
Text
1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Nexx Equipment: Garage Door Controller, Smart Plug, Smart Alarm Vulnerabilities: Use of Hard-coded Credentials, Authorization Bypass through User-controlled Key, Improper Input Validation, Improper Authentication 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to receive ...
Titel
Hitachi Energy IEC 61850 MMS-Server
Veröffentlicht
30. März 2023 14:00
Text
1. EXECUTIVE SUMMARY CVSS v3 5.9 ATTENTION: Exploitable remotely Vendor: Hitachi Energy Equipment: IEC 61850 MMS-Server Vulnerability: Improper Resource Shutdown or Release 2. RISK EVALUATION Successful exploitation of this vulnerability could cause products using the IEC 61850 MMS-server communication stack to stop accepting new MMS-client connections. 3. TECHNICAL DETAILS 3.1 ...
Titel
SAUTER EY-modulo 5 Building Automation Stations
Veröffentlicht
23. März 2023 13:00
Text
1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: SAUTER Equipment: EY-modulo 5 Building Automation Stations Vulnerabilities: Cross-site Scripting, Cleartext Transmission of Sensitive Information, and Unrestricted Upload of File with Dangerous Type 2. RISK EVALUATION Successful exploitation of these vulnerabilities could lead to privilege escalation, unauthorized execution ...
Titel
ProPump and Controls Osprey Pump Controller
Veröffentlicht
23. März 2023 13:00
Text
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: ProPump and Controls, Inc. Equipment: Osprey Pump Controller Vulnerabilities: Insufficient Entropy, Use of GET Request Method with Sensitive Query Strings, Use of Hard-coded Password, OS Command Injection, Cross-site Scripting, Authentication Bypass using an Alternate Path ...
Titel
RoboDK
Veröffentlicht
23. März 2023 13:00
Text
1. EXECUTIVE SUMMARY CVSS v3 7.9 ATTENTION: Low attack complexity Vendor: RoboDK Equipment: RoboDK Vulnerability: Incorrect Permission Assignment for Critical Resource 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to escalate privileges, which could allow attackers to write files to the RoboDK directory and achieve code ...
Titel
CP Plus KVMS Pro
Veröffentlicht
23. März 2023 13:00
Text
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: CP Plus Equipment: KVMS Pro Vulnerability: Insufficiently Protected Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to retrieve sensitive credentials and control the entire CCTV system. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following ...
Titel
ABB Pulsar Plus Controller
Veröffentlicht
23. März 2023 13:00
Text
1. EXECUTIVE SUMMARY CVSS v3 6.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: ABB Equipment: Pulsar Plus Controller Vulnerabilities: Use of Insufficiently Random Values, Cross-Site Request Forgery (CSRF) 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to take control of the product or execute arbitrary code. 3. ...
Titel
Rockwell Automation ThinManager
Veröffentlicht
21. März 2023 13:00
Text
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: ThinManager ThinServer Vulnerabilities: Path Traversal, Heap-Based Buffer Overflow 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to potentially perform remote code execution on the target system/device or crash the software. 3. ...
Titel
Siemens RUGGEDCOM APE1808 Product Family
Veröffentlicht
21. März 2023 13:00
Text
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). 1. EXECUTIVE SUMMARY CVSS v3 ...
Titel
Siemens SCALANCE Third-Party
Veröffentlicht
21. März 2023 13:00
Text
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). 1. EXECUTIVE SUMMARY CVSS v3 ...
Titel
VISAM VBASE Automation Base
Veröffentlicht
21. März 2023 13:00
Text
1. EXECUTIVE SUMMARY CVSS v3 5.5 ATTENTION: Low attack complexity Vendor: VISAM Equipment: VBASE Vulnerabilities: Improper Restriction of XML External Entity Reference 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to obtain sensitive information from the target device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS VISAM reports ...
Titel
Siemens RADIUS Client of SIPROTEC 5 Devices
Veröffentlicht
21. März 2023 13:00
Text
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). 1. EXECUTIVE SUMMARY CVSS v3 ...
Titel
Keysight N6845A Geolocation Server
Veröffentlicht
21. März 2023 13:00
Text
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Keysight Technologies Equipment: N6854A Geolocation Sever Vulnerability: Deserialization of Untrusted Data 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to escalate privileges in the affected device’s default configuration, resulting in remote code execution or deleting ...
Letzte Updates
BOSCH PSIRT
25.04.2025
SIEMENS CERT
14.05.2025
US CERT
01.04.2025
US CERT (ICS)
15.05.2025
Nach Quelle
- BOSCH PSIRT (88)
- SIEMENS CERT (2026)
- US CERT (175)
- US CERT (ICS) (1847)
Archiv
2025
2024
- Dezember (57)
- November (53)
- Oktober (66)
- September (69)
- August (59)
- Juli (63)
- Juni (53)
- Mai (64)
- April (41)
- März (45)
- Februar (45)
- Januar (41)
2023
- Dezember (57)
- November (58)
- Oktober (46)
- September (51)
- August (62)
- Juli (49)
- Juni (49)
- Mai (52)
- April (67)
- März (67)
- Februar (71)
- Januar (60)
2022
- Dezember (65)
- November (46)
- Oktober (61)
- September (55)
- August (88)
- Juli (61)
- Juni (91)
- Mai (58)
- April (83)
- März (72)
- Februar (70)
- Januar (37)
2021
- Dezember (73)
- November (46)
- Oktober (49)
- September (73)
- August (33)
- Juli (33)
- Juni (30)
- Mai (30)
- April (37)
- März (46)
- Februar (42)
- Januar (27)
2020
- Dezember (32)
- November (19)
- Oktober (30)
- September (33)
- August (26)
- Juli (51)
- Juni (51)
- Mai (26)
- April (39)
- März (45)
- Februar (106)
- Januar (35)
2019
- Dezember (33)
- November (14)
- Oktober (37)
- September (34)
- August (26)
- Juli (28)
- Juni (22)
- Mai (37)
- April (28)
- März (19)
- Februar (36)
- Januar (37)
2018
- Dezember (36)
- November (36)
- Oktober (34)
- September (22)
- August (26)
- Juli (18)
- Juni (26)
- Mai (42)
- April (31)
- März (37)
- Februar (24)
- Januar (10)