Juli 2022
12.07.2022
SIEMENS CERT
SSA-712929 V1.1 (Last Update: 2022-07-12): Denial of Service Vulnerability in OpenSSL (CVE-2022-0778) Affecting Industrial Prod...
Titel
SSA-712929 V1.1 (Last Update: 2022-07-12): Denial of Service Vulnerability in OpenSSL (CVE-2022-0778) Affecting Industrial Products
Veröffentlicht
12. Juli 2022 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-712929.pdf
Text
A vulnerability in the openSSL component (CVE-2022-0778, [0]) could allow an attacker to create a denial of service condition by providing specially crafted elliptic curve certificates to products that use a vulnerable version of openSSL. Siemens has released updates for several affected products and recommends to update to the latest ...
12.07.2022
SIEMENS CERT
SSA-557804 V1.4 (Last Update: 2022-07-12): Mirror Port Isolation Vulnerability in SCALANCE X Switches
Titel
SSA-557804 V1.4 (Last Update: 2022-07-12): Mirror Port Isolation Vulnerability in SCALANCE X Switches
Veröffentlicht
12. Juli 2022 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-557804.pdf
Text
A vulnerability was identified in several SCALANCE X switches that could allow an attacker to feed information into a network via the mirror port with the monitor barrier feature enabled. Siemens has released updates for the affected products and recommends to update to the latest versions.
12.07.2022
SIEMENS CERT
SSA-321292 V1.1 (Last Update: 2022-07-12): Denial of Service in the OPC Foundation Local Discovery Server (LDS) in Industrial P...
Titel
SSA-321292 V1.1 (Last Update: 2022-07-12): Denial of Service in the OPC Foundation Local Discovery Server (LDS) in Industrial Products
Veröffentlicht
12. Juli 2022 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-321292.pdf
Text
A vulnerability has been identified in the OPC Foundation Local Discovery Server (LDS) [0] of several industrial products. The vulnerability could cause a denial of service condition on the service or the device. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens ...
12.07.2022
SIEMENS CERT
SSA-599506 V1.0: Command Injection in RUGGEDCOM ROX
Titel
SSA-599506 V1.0: Command Injection in RUGGEDCOM ROX
Veröffentlicht
12. Juli 2022 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-599506.pdf
Text
RUGGEDCOM ROX devices are affected by a command injection vulnerability that could allow an attacker with administrative privileges to gain root access. Siemens has released updates for the affected products and recommends to update to the latest versions.
12.07.2022
SIEMENS CERT
SSA-309571 V1.4 (Last Update: 2022-07-12): IPU 2021.1 Vulnerabilities in Siemens Industrial Products using Intel CPUs (June 2021)
Titel
SSA-309571 V1.4 (Last Update: 2022-07-12): IPU 2021.1 Vulnerabilities in Siemens Industrial Products using Intel CPUs (June 2021)
Veröffentlicht
12. Juli 2022 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-309571.pdf
Text
Intel has published information on vulnerabilities in Intel products in June 2021. This advisory lists the related Siemens Industrial products affected by these vulnerabilities that can be patched by applying the corresponding BIOS update. In this advisory we summarize: “2021.1 IPU – Intel® CSME, SPS and LMS Advisory” Intel-SA-00459, “2021.1 ...
12.07.2022
SIEMENS CERT
SSA-306654 V1.2 (Last Update: 2022-07-12): Insyde BIOS Vulnerabilities in Siemens Industrial Products
Titel
SSA-306654 V1.2 (Last Update: 2022-07-12): Insyde BIOS Vulnerabilities in Siemens Industrial Products
Veröffentlicht
12. Juli 2022 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf
Text
Insyde has published information on vulnerabilities in Insyde BIOS in February 2022. This advisory lists the Siemens Industrial products affected by these vulnerabilities. Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available.
07.07.2022
US CERT (ICS)
Bently Nevada ADAPT 3701/4X Series and 60M100
Titel
Bently Nevada ADAPT 3701/4X Series and 60M100
Veröffentlicht
7. Juli 2022 16:05
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-188-02
Text
1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Bently Nevada Equipment: 3701/4X series and 60M100 (3701/60) Condition Monitoring System Vulnerabilities: Use of Hard-coded Credentials, Missing Authentication for Critical Function CISA is aware of a public report, known as “OT:ICEFALL” that details vulnerabilities found in multiple operational ...
07.07.2022
US CERT (ICS)
Mitsubishi Electric MELSEC iQ-R Series C Controller Module (Update B)
Titel
Mitsubishi Electric MELSEC iQ-R Series C Controller Module (Update B)
Veröffentlicht
7. Juli 2022 16:00
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-280-04
Text
This updated advisory is a follow-up to the original advisory titled ICSA-21-280-04 Mitsubishi Electric MELSEC iQ-R Series C Controller Module (Update A) that was published October 28, 2021, to the ICS webpage on us-cert.cisa.gov. This advisory contains mitigations for an Uncontrolled Resource Consumption vulnerability in Mitsubishi Electric MELSEC iQ-R Series ...
06.07.2022
US CERT
AA22-187A: North Korean State-Sponsored Cyber Actors Use Maui Ransomware to Target the Healthcare and Public Health Sector
Titel
AA22-187A: North Korean State-Sponsored Cyber Actors Use Maui Ransomware to Target the Healthcare and Public Health Sector
Veröffentlicht
6. Juli 2022 16:00
URL
https://us-cert.cisa.gov/ncas/alerts/aa22-187a
Text
Original release date: July 6, 2022SummaryThe Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and the Department of the Treasury (Treasury) are releasing this joint Cybersecurity Advisory (CSA) to provide information on Maui ransomware, which has been used by North Korean state-sponsored cyber actors since at least ...
Juni 2022
30.06.2022
US CERT
AA22-181A: #StopRansomware: MedusaLocker
Titel
AA22-181A: #StopRansomware: MedusaLocker
Veröffentlicht
30. Juni 2022 19:00
URL
https://us-cert.cisa.gov/ncas/alerts/aa22-181a
Text
Original release date: June 30, 2022SummaryActions to take today to mitigate cyber threats from ransomware: • Prioritize remediating known exploited vulnerabilities. • Train users to recognize and report phishing attempts. • Enable and enforce multifactor authentication. Note: this joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to ...
30.06.2022
US CERT (ICS)
Exemys RME1
Titel
Exemys RME1
Veröffentlicht
30. Juni 2022 16:25
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-181-01
Text
This advisory contains mitigations for an Improper Authentication vulnerability in the Exemys RME1 analog acquisition module.
30.06.2022
US CERT (ICS)
Yokogawa Wide Area Communication Router
Titel
Yokogawa Wide Area Communication Router
Veröffentlicht
30. Juni 2022 16:20
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-181-02
Text
This advisory contains mitigations for a Use of Insufficiently Random Values vulnerability in the Yokogawa Wide Area Communication Router.
30.06.2022
US CERT (ICS)
Emerson DeltaV Distributed Control System
Titel
Emerson DeltaV Distributed Control System
Veröffentlicht
30. Juni 2022 16:15
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-181-03
Text
This advisory contains mitigations for a Missing Authentication for Critical Function, Use of Hard-coded Credentials, Insufficient Verification of Data Authenticity, and Use of a Broken or Risky Cryptographic Algorithm vulnerabilities in the Emerson DeltaV Distributed Control System software management platform.
30.06.2022
US CERT (ICS)
Mitsubishi Electric FA Engineering Software (Update A)
Titel
Mitsubishi Electric FA Engineering Software (Update A)
Veröffentlicht
30. Juni 2022 16:05
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-350-05
Text
This updated advisory is a follow-up to the original advisory titled ICSA-21-350-05 Mitsubishi Electric FA Engineering Software that was published December 16, 2021, on the ICS webpage on cisa.gov/ics. This advisory contains mitigations for Out-of-bounds Read, and Integer Underflow vulnerabilities in Mitsubishi Electric's FA Engineering Software products.
30.06.2022
US CERT (ICS)
CODESYS Gateway Server (Update A)
Titel
CODESYS Gateway Server (Update A)
Veröffentlicht
30. Juni 2022 16:00
URL
https://us-cert.cisa.gov/ics/advisories/ICSA-15-258-02
Text
This updated advisory is a follow-up to the original advisory titled ICSA-15-258-02 3S CODESYS Gateway Server Buffer overflow Vulnerability that was published September 15, 2015, on the ICS webpage at cisa.gov/ics. This advisory provides mitigation details for a heap-based buffer overflow vulnerability in CODESYS Gateway Server products.
28.06.2022
US CERT (ICS)
ABB e-Design
Titel
ABB e-Design
Veröffentlicht
28. Juni 2022 16:25
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-179-01
Text
This advisory contains mitigations for an Incorrect Default Permissions vulnerability in ABB e-Design engineering software.
28.06.2022
US CERT (ICS)
Omron SYSMAC CS/CJ/CP Series and NJ/NX Series
Titel
Omron SYSMAC CS/CJ/CP Series and NJ/NX Series
Veröffentlicht
28. Juni 2022 16:20
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-179-02
Text
This advisory contains mitigations for Cleartext Transmission of Sensitive Information, Insufficient Verification of Data Authenticity, and Plaintext Storage of a Password vulnerabilities in Omron SYSMAC CS/CJ/CP Series and NJ/NX Series programmable logic controllers.
28.06.2022
US CERT (ICS)
Motorola Solutions MOSCAD IP and ACE IP Gateways
Titel
Motorola Solutions MOSCAD IP and ACE IP Gateways
Veröffentlicht
28. Juni 2022 16:10
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-179-04
Text
This advisory contains mitigations for a missing authentication for critical function vulnerability in the Motorola Solutions MOSCAD IP and ACE IP Gateways products.
28.06.2022
US CERT (ICS)
Motorola Solutions MDLC
Titel
Motorola Solutions MDLC
Veröffentlicht
28. Juni 2022 16:05
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-179-05
Text
This advisory contains mitigations for Use of a Broken or Risky Cryptographic Algorithm, and Plaintext Storage of a Password vulnerabilities in the Motorola Solutions MDLC protocol parser.
28.06.2022
US CERT (ICS)
Motorola Solutions ACE1000
Titel
Motorola Solutions ACE1000
Veröffentlicht
28. Juni 2022 16:00
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-179-06
Text
This advisory contains mitigations for Use of Hard-coded Cryptographic Key, Use of Hard-coded Credentials, and Insufficient Verification of Data Authenticity vulnerabilities in the Motorola Solutions ACE1000 remote terminal unit.
23.06.2022
US CERT
AA22-174A: Malicious Cyber Actors Continue to Exploit Log4Shell in VMware Horizon Systems
Titel
AA22-174A: Malicious Cyber Actors Continue to Exploit Log4Shell in VMware Horizon Systems
Veröffentlicht
23. Juni 2022 19:00
URL
https://us-cert.cisa.gov/ncas/alerts/aa22-174a
Text
Original release date: June 23, 2022SummaryActions to take today: • Install fixed builds, updating all affected VMware Horizon and UAG systems to the latest versions. If updates or workarounds were not promptly applied following VMware’s release of updates for Log4Shell in December 2021, treat all affected VMware systems as compromised. ...
23.06.2022
US CERT (ICS)
OFFIS DCMTK
Titel
OFFIS DCMTK
Veröffentlicht
23. Juni 2022 16:25
URL
https://us-cert.cisa.gov/ics/advisories/icsma-22-174-01
Text
This advisory contains mitigations for a path traversal, relative path traversal, NULL pointer reference vulnerability in DCMTK, an OFFIS product.
23.06.2022
US CERT (ICS)
Yokogawa STARDOM
Titel
Yokogawa STARDOM
Veröffentlicht
23. Juni 2022 16:20
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-174-01
Text
This advisory contains mitigations for Cleartext Transmission of Sensitive Information, and Use of Hard-coded Credentials vulnerabilities in the Yokogawa STARDOM network control system.
23.06.2022
US CERT (ICS)
Yokogawa CAMS for HIS
Titel
Yokogawa CAMS for HIS
Veröffentlicht
23. Juni 2022 16:15
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-174-02
Text
This advisory contains mitigations for a Violation of Secure Design Principles vulnerability in the Yokogawa Consolidation Alarm Management Software for Human Interface Station (CAMS for HIS).
23.06.2022
US CERT (ICS)
Secheron SEPCOS Control and Protection Relay
Titel
Secheron SEPCOS Control and Protection Relay
Veröffentlicht
23. Juni 2022 16:10
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-174-03
Text
This advisory contains mitigations for Improper Enforcement of Behavioral Workflow, Lack of Administrator Control over Security, Improper Privilege Management, and Insufficiently Protected Credentials vulnerabilities in the Secheron SEPCOS Control and Protection Relay.

Letzte Updates

BOSCH PSIRT
31.10.2024
SIEMENS CERT
22.11.2024
US CERT
08.11.2024
US CERT (ICS)
21.11.2024

Nach Quelle

Archiv

2024
2023
2022
2021
2020
2019
2018
2017

Feeds