Bulletins | CERT@VDE

Mitsubishi Electric Multiple Products (Update D)

Titel

Mitsubishi Electric Multiple Products (Update D)

Veröffentlicht

31. Mai 2022 16:05

URL

https://us-cert.cisa.gov/ics/advisories/icsa-20-245-01

Text

This updated advisory is a follow-up to the advisory update titled ICSA-20-245-01 Mitsubishi Electric Multiple Products (Update C) that was published September 9, 2021, to the ICS webpage on cisa.gov/ics. This advisory contains mitigations for a Predictable Exact Value from Previous Values vulnerability in several Mitsubishi Electric devices.

31.05.2022

Mitsubishi Electric Factory Automation Engineering Software (Update B)

Titel

Mitsubishi Electric Factory Automation Engineering Software (Update B)

Veröffentlicht

31. Mai 2022 16:00

URL

https://us-cert.cisa.gov/ics/advisories/icsa-20-212-02

Text

This updated advisory is a follow-up to the advisory update titled ICSA-20-212-02 Mitsubishi Electric Factory Automation Engineering Software (Update A) that was published January 5, 2021, to the ICS webpage on ucisa.gov/ics. This advisory contains mitigations for a Permission Issues vulnerability in Mitsubishi Electric Factory Automation Engineering software products.

26.05.2022

Keysight N6854A Geolocation server and N6841A RF Sensor software

Titel

Keysight N6854A Geolocation server and N6841A RF Sensor software

Veröffentlicht

26. Mai 2022 16:05

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-146-01

Text

This advisory contains mitigations for Relative Path Traversal, and Deserialization of Untrusted Data vulnerabilities in Keysight N6854A Geolocation and server and N6841A Sensor software, a spectrum monitoring platform.

26.05.2022

Horner Automation Cscape Csfont

Titel

Horner Automation Cscape Csfont

Veröffentlicht

26. Mai 2022 16:00

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-146-02

Text

This advisory contains mitigations for Out-of-bounds Write, Out-of-bounds Read, and Heap-based Buffer Overflow vulnerabilities in Horner Automation Cscape PLC management software.

24.05.2022

https://us-cert.cisa.gov/ics/advisories/icsa-22-144-02

Matrikon OPC Server

Titel

Matrikon OPC Server

Veröffentlicht

24. Mai 2022 16:10

URL

Text

This advisory contains mitigations for an Improper Access Control vulnerability in Makitron OPC software.

24.05.2022

Mitsubishi Electric FA Engineering Software Products (Update E)

Titel

Mitsubishi Electric FA Engineering Software Products (Update E)

Veröffentlicht

24. Mai 2022 16:05

URL

https://us-cert.cisa.gov/ics/advisories/icsa-21-049-02

Text

This updated advisory is a follow-up to the advisory update titled ICSA-21-049-02 Mitsubishi Electric FA Engineering Software Products (Update D) that was published February 8, 2022, to the ICS webpage on cisa.gov/ics. This advisory contains mitigations for Heap-based Buffer Overflow, and Improper Handling of Length Parameter Inconsistency vulnerabilities in Mitsubishi ...

24.05.2022

Mitsubishi Electric Factory Automation Engineering Products (Update G)

Titel

Mitsubishi Electric Factory Automation Engineering Products (Update G)

Veröffentlicht

24. Mai 2022 16:00

URL

https://us-cert.cisa.gov/ics/advisories/icsa-20-212-04

Text

This updated advisory is a follow-up to the advisory update titled ICSA-20-212-04 Mitsubishi Electric Factory Automation Engineering Products (Update F) that was published February 8, 2022, to the ICS webpage on cisa.gov/ics. This advisory contains mitigations for an Unquoted Search Path or Element vulnerability in Mitsubishi Electric Factory Automation Engineering ...

19.05.2022

Mitsubishi Electric MELSEC iQ-F Series

Titel

Mitsubishi Electric MELSEC iQ-F Series

Veröffentlicht

19. Mai 2022 16:00

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-139-01

Text

This advisory contains mitigations for Improper Input Validation vulnerabilities in Mitsubishi Electric MELSEC iQ-F Series CPU modules.

18.05.2022

AA22-138B: Threat Actors Chaining Unpatched VMware Vulnerabilities for Full System Control

Titel

AA22-138B: Threat Actors Chaining Unpatched VMware Vulnerabilities for Full System Control

Veröffentlicht

18. Mai 2022 20:00

URL

https://us-cert.cisa.gov/ncas/alerts/aa22-138b

Text

Original release date: May 18, 2022SummaryThe Cybersecurity and Infrastructure Security Agency (CISA) is releasing this Cybersecurity Advisory (CSA) to warn organizations that malicious cyber actors, likely advanced persistent threat (APT) actors, are exploiting CVE-2022-22954 and CVE-2022-22960 separately and in combination. These vulnerabilities affect certain versions of VMware Workspace ONE Access, ...

18.05.2022

AA22-138A: Threat Actors Exploiting F5 BIG-IP CVE-2022-1388

Titel

AA22-138A: Threat Actors Exploiting F5 BIG-IP CVE-2022-1388

Veröffentlicht

18. Mai 2022 15:00

URL

https://us-cert.cisa.gov/ncas/alerts/aa22-138a

Text

Original release date: May 18, 2022SummaryActions for administrators to take today: • Do not expose management interfaces to the internet. • Enforce multi-factor authentication. • Consider using CISA’s Cyber Hygiene Services. The Cybersecurity and Infrastructure Security Agency (CISA) and the Multi-State Information Sharing & Analysis Center (MS-ISAC) are releasing this ...

17.05.2022

Circutor COMPACT DC-S BASIC

Titel

Circutor COMPACT DC-S BASIC

Veröffentlicht

17. Mai 2022 16:00

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-137-01

Text

This advisory contains mitigations for a Stack-based Buffer Overflow vulnerability in the Circutor COMPACT DC-S BASIC smart metering concentrator.

17.05.2022

AA22-137A: Weak Security Controls and Practices Routinely Exploited for Initial Access

Titel

AA22-137A: Weak Security Controls and Practices Routinely Exploited for Initial Access

Veröffentlicht

17. Mai 2022 15:00

URL

https://us-cert.cisa.gov/ncas/alerts/aa22-137a

Text

Original release date: May 17, 2022SummaryBest Practices to Protect Your Systems: • Control access. • Harden Credentials. • Establish centralized log management. • Use antivirus solutions. • Employ detection tools. • Operate services exposed on internet-accessible hosts with secure configurations. • Keep software updated. Cyber actors routinely exploit poor security ...

Mitsubishi Electric MELSOFT iQ AppPortal

Titel

Mitsubishi Electric MELSOFT iQ AppPortal

Veröffentlicht

12. Mai 2022 16:50

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-132-02

Text

This advisory contains mitigations for Missing Authorization, Out-of-bounds Write, NULL Pointer Dereference, Classic Buffer Overflow, HTTP Request Smuggling, and Infinite Loop vulnerabilities in Mitsubishi Electric MELSOFT iQ AppPortal products.

Inkscape in Industrial Products

Titel

Inkscape in Industrial Products

Veröffentlicht

12. Mai 2022 16:48

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-132-03

Text

This advisory contains mitigations for Out-of-bounds Read, Access of Uninitialized Pointer, and Out-of-bounds Write vulnerabilities in the Inkscape open-source graphics editor.

Cambium Networks cnMaestro

Titel

Cambium Networks cnMaestro

Veröffentlicht

12. Mai 2022 16:46

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-132-04

Text

This advisory contains mitigations for OS Command Injection, SQL Injection, Path Traversal, and Use of Potentially Dangerous Function vulnerabilities in the Cambium Networks cnMaestro network management system.

Siemens Industrial PCs and CNC devices

Titel

Siemens Industrial PCs and CNC devices

Veröffentlicht

12. Mai 2022 16:44

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-132-05

Text

This advisory contains mitigations for Improper Input Validation, Improper Authentication, Improper Isolation of Shared Resources on System-on-a-Chip, and Improper Privilege Management vulnerabilities in Siemens Industrial PCs and CNC devices.

Siemens SIMATIC WinCC

Titel

Siemens SIMATIC WinCC

Veröffentlicht

12. Mai 2022 16:42

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-132-06

Text

This advisory contains mitigations for a, Insecure Default Initialization of Resource vulnerability in SIMATIC PCS and WinCC industrial products.

Siemens SICAM P850 and SICAM P855

Titel

Siemens SICAM P850 and SICAM P855

Veröffentlicht

12. Mai 2022 16:40

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-132-07

Text

This advisory contains mitigations for Improper Neutralization of Parameter/Argument Delimiters, Cleartext Transmission of Sensitive Information, Cross-site Scripting, Missing Authentication for Critical Function, Authentication Bypass by Capture-replay, and Improper Authentication vulnerabilities in Siemens SICAM P850 and SICAM P855.

Siemens JT2GO and Teamcenter Visualization

Titel

Siemens JT2GO and Teamcenter Visualization

Veröffentlicht

12. Mai 2022 16:36

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-132-09

Text

This advisory contains mitigations for Infinite Loop, Null Pointer Dereference, Integer Overflow to Buffer Overflow, Double Free, and Access of Uninitialized Pointer vulnerabilities in Siemens JT2GO, Teamcenter Visualization products.

Siemens Desigo PXC and DXR Devices

Titel

Siemens Desigo PXC and DXR Devices

Veröffentlicht

12. Mai 2022 16:34

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-132-10

Text

This advisory contains mitigations for an Uncaught Exception vulnerability in the Siemens Desigo DXR and PXC controllers.

11.05.2022

AA22-131A: Protecting Against Cyber Threats to Managed Service Providers and their Customers

Titel

AA22-131A: Protecting Against Cyber Threats to Managed Service Providers and their Customers

Veröffentlicht

11. Mai 2022 13:00

URL

https://us-cert.cisa.gov/ncas/alerts/aa22-131a

Text

Original release date: May 11, 2022SummaryTactical actions for MSPs and their customers to take today: • Identify and disable accounts that are no longer in use. • Enforce MFA on MSP accounts that access the customer environment and monitor for unexplained failed authentication. • Ensure MSP-customer contracts transparently identify ownership ...

Adminer in Industrial Products

Titel

Adminer in Industrial Products

Veröffentlicht

10. Mai 2022 16:25

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-130-01

Text

This advisory contains mitigations for a Files or Directories Accessible to External Parties vulnerability in the Adminer database tool.

Eaton Intelligent Power Protector

Titel

Eaton Intelligent Power Protector

Veröffentlicht

10. Mai 2022 16:20

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-130-02

Text

This advisory contains mitigations for a Cross-site Scripting vulnerability in the Eaton Intelligent Power Protector (IPP) power protection platform.

Eaton Intelligent Power Manager Infrastructure

Titel

Eaton Intelligent Power Manager Infrastructure

Veröffentlicht

10. Mai 2022 16:15

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-130-03

Text

This advisory contains mitigations for Cross-site Scripting, Reflected Cross-site Scripting, and Improper Neutralization of Formula in a CSV File vulnerabilities in Eaton Intelligent Power Manager Infrastructure power monitoring products.