April 2022
19.04.2022
US CERT (ICS)
Automated Logic WebCTRL
Titel
Automated Logic WebCTRL
Veröffentlicht
19. April 2022 16:20
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-109-02
Text
This advisory contains mitigations for n Open Redirect vulnerability inAutomated Logic WebCTRL building automation software.
19.04.2022
US CERT (ICS)
FANUC ROBOGUIDE Simulation Platform
Titel
FANUC ROBOGUIDE Simulation Platform
Veröffentlicht
19. April 2022 16:15
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-109-03
Text
This advisory contains mitigations for Incorrect Permission Assignment for Critical Resource, Improper Access Control, Path Traversal, Improper Restriction of XML External Entity Reference, and Uncontrolled Resource Consumption vulnerabilities in FANUC ROBOGUIDE simulation software for FANUC robots.
19.04.2022
US CERT (ICS)
Elcomplus SmartPPT SCADA
Titel
Elcomplus SmartPPT SCADA
Veröffentlicht
19. April 2022 16:10
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-109-04
Text
This advisory contains mitigations for Path Traversal, Unrestricted Upload of File with Dangerous Type, Improper Authorization, and Cross-site Scripting vulnerabilities in Elcomplus SmartPPT SCADA voice and data dispatch software.
19.04.2022
US CERT (ICS)
Elcomplus SmartPTT SCADA
Titel
Elcomplus SmartPTT SCADA
Veröffentlicht
19. April 2022 16:10
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-109-04
Text
This advisory contains mitigations for Path Traversal, Unrestricted Upload of File with Dangerous Type, Improper Authorization, and Cross-site Scripting vulnerabilities in Elcomplus SmartPTT SCADA voice and data dispatch software.
19.04.2022
US CERT (ICS)
Elcomplus SmartPPT SCADA Server
Titel
Elcomplus SmartPPT SCADA Server
Veröffentlicht
19. April 2022 16:05
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-109-05
Text
This advisory contains mitigations for Cross-site Scripting, Unauthorized Exposure to Sensitive Information, Unrestricted Upload of File with Dangerous Type, Path Traversal, and Cross-site Request Forgery vulnerabilities in the Elcomplus SmartPPT SCADA Server voice and data dispatch software.
19.04.2022
US CERT (ICS)
Elcomplus SmartPTT SCADA Server
Titel
Elcomplus SmartPTT SCADA Server
Veröffentlicht
19. April 2022 16:05
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-109-05
Text
This advisory contains mitigations for Cross-site Scripting, Unauthorized Exposure to Sensitive Information, Unrestricted Upload of File with Dangerous Type, Path Traversal, and Cross-site Request Forgery vulnerabilities in the Elcomplus SmartPTT SCADA Server voice and data dispatch software.
19.04.2022
US CERT (ICS)
Multiple RTOS (Update E)
Titel
Multiple RTOS (Update E)
Veröffentlicht
19. April 2022 16:00
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-119-04
Text
This updated advisory is a follow-up to the advisory update titled ICSA-21-119-04 Multiple RTOS (Update D) that was published November 30, 2021, to the ICS webpage on www.cisa.gov/uscert. CISA is aware of a public report, known as “BadAlloc” that details vulnerabilities found in multiple real-time operating systems (RTOS) and supporting ...
19.04.2022
SIEMENS CERT
SSA-254054 V1.0: Spring Framework Vulnerability (Spring4Shell or SpringShell, CVE-2022-22965) - Impact to Siemens Products
Titel
SSA-254054 V1.0: Spring Framework Vulnerability (Spring4Shell or SpringShell, CVE-2022-22965) - Impact to Siemens Products
Veröffentlicht
19. April 2022 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-254054.pdf
Text
A vulnerability in Spring Framework was disclosed, that could allow remote unauthenticated attackers to execute code on vulnerable systems. The vulnerability is tracked as CVE-2022-22965 and is also known as “Spring4Shell” or “SpringShell”. Siemens is currently investigating to determine which products are affected and is continuously updating this advisory as ...
18.04.2022
US CERT
AA22-108A: TraderTraitor: North Korean State-Sponsored APT Targets Blockchain Companies
Titel
AA22-108A: TraderTraitor: North Korean State-Sponsored APT Targets Blockchain Companies
Veröffentlicht
18. April 2022 15:38
URL
https://us-cert.cisa.gov/ncas/alerts/aa22-108a
Text
Original release date: April 18, 2022SummaryActions to take today to mitigate cyber threats to cryptocurrency: • Patch all systems. • Prioritize patching known exploited vulnerabilities. • Train users to recognize and report phishing attempts. • Use multifactor authentication. The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency ...
15.04.2022
US CERT (ICS)
Siemens RUGGEDCOM Devices (Update A)
Titel
Siemens RUGGEDCOM Devices (Update A)
Veröffentlicht
15. April 2022 04:46
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-069-01
Text
This updated advisory is a follow-up to the original advisory titled ICSA-22-069-01 Siemens RUGGEDCOM Devices that was published March 10, 2022, to the ICS webpage on www.cisa.gov/uscert. This advisory contains mitigations for a Missing Encryption of Sensitive Data vulnerability in devices using the Siemens RUGGEDCOM software platform.
14.04.2022
US CERT (ICS)
Delta Electronics DMARS
Titel
Delta Electronics DMARS
Veröffentlicht
14. April 2022 17:20
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-104-01
Text
This advisory contains mitigations for an Improper Restriction of XML External Entity Reference vulnerability in the Delta Electronics DMARS program development tool.
14.04.2022
US CERT (ICS)
Red Lion DA50N
Titel
Red Lion DA50N
Veröffentlicht
14. April 2022 17:16
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-104-03
Text
This advisory contains mitigation for Insufficient Verification of Data Authenticity, Weak Password Requirements, Use of Unmaintained Third-Party Components, and Insufficiently Protected Credentials vulnerabilities in the Red Lion DA50N networking gateway.
14.04.2022
US CERT (ICS)
Siemens SCALANCE FragAttacks
Titel
Siemens SCALANCE FragAttacks
Veröffentlicht
14. April 2022 17:14
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-104-04
Text
This advisory contains mitigations for Improper Authentication, Injection, Improper Validation of Integrity Check, and Improper Input Validation vulnerabilities in the Siemens SCALANCE FragAttacks.
14.04.2022
US CERT (ICS)
Siemens OpenSSL Vulnerabilities in Industrial Products
Titel
Siemens OpenSSL Vulnerabilities in Industrial Products
Veröffentlicht
14. April 2022 17:12
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-104-05
Text
This advisory contains mitigations for a NULL Pointer Dereference vulnerability in the Siemens OpenSSL.
14.04.2022
US CERT (ICS)
Siemens PROFINET Stack Integrated on Interniche Stack
Titel
Siemens PROFINET Stack Integrated on Interniche Stack
Veröffentlicht
14. April 2022 17:10
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-104-06
Text
This advisory contains mitigations for an Uncontrolled Resource Consumption vulnerability in the Siemens PROFINET Stack Integrated on Interniche Stack.
14.04.2022
US CERT (ICS)
Siemens Mendix
Titel
Siemens Mendix
Veröffentlicht
14. April 2022 17:08
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-104-07
Text
This advisory contains mitigations for an Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Siemens Mendix, a software platform to build mobile and web applications.
14.04.2022
US CERT (ICS)
Siemens SCALANCE W1700
Titel
Siemens SCALANCE W1700
Veröffentlicht
14. April 2022 17:06
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-104-08
Text
This advisory contains mitigations for Race Condition, and Improper Input Validation vulnerabilities in the Siemens SCALANCE W1700 wireless communication device.
14.04.2022
US CERT (ICS)
Siemens SCALANCE X-300 Switches
Titel
Siemens SCALANCE X-300 Switches
Veröffentlicht
14. April 2022 17:04
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-104-09
Text
This advisory contains mitigations for Improper Input Validation, Use of Insufficiently Random Values, Stack-based Buffer Overflow, Cross-site Request Forgery, Improper Access Control, Basic XSS, Classic Buffer Overflow, Out-of-bounds Read vulnerabilities in Siemens SCALANCE X-300 Switches.
13.04.2022
US CERT
AA22-103A: APT Cyber Tools Targeting ICS/SCADA Devices
Titel
AA22-103A: APT Cyber Tools Targeting ICS/SCADA Devices
Veröffentlicht
13. April 2022 19:00
URL
https://us-cert.cisa.gov/ncas/alerts/aa22-103a
Text
Original release date: April 13, 2022SummaryActions to Take Today to Protect ICS/SCADA Devices: • Enforce multifactor authentication for all remote access to ICS networks and devices whenever possible. • Change all passwords to ICS/SCADA devices and systems on a consistent schedule, especially all default passwords, to device-unique strong passwords to ...
12.04.2022
US CERT (ICS)
Valmet DNA
Titel
Valmet DNA
Veröffentlicht
12. April 2022 16:20
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-102-01
Text
This advisory contains mitigations for an Inadequate Encryption Strength vulnerability in Valmet DNA distributed control system products.
12.04.2022
US CERT (ICS)
Mitsubishi Electric MELSEC-Q Series C Controller Module
Titel
Mitsubishi Electric MELSEC-Q Series C Controller Module
Veröffentlicht
12. April 2022 16:15
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-102-02
Text
This advisory contains mitigations for a Heap-based Buffer Overflow vulnerability in some MELSEC-Q Series C Controller Modules using Wind River VxWorks Version 6.4.
12.04.2022
US CERT (ICS)
Mitsubishi Electric GT25-WLAN
Titel
Mitsubishi Electric GT25-WLAN
Veröffentlicht
12. April 2022 16:05
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-102-04
Text
This advisory contains mitigations for Improper Removal of Sensitive Information Before Storage or Transfer, Inadequate Encryption Strength, Missing Authentication for Critical Function, Injection, and Improper Input Validation vulnerabilities in Mitsubishi Electric GT25-WLAN wireless communication units.
12.04.2022
US CERT (ICS)
Aethon TUG Home Base Server
Titel
Aethon TUG Home Base Server
Veröffentlicht
12. April 2022 16:00
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-102-05
Text
This advisory contains mitigations for Missing Authorization, Channel Accessible by Non-endpoint, and Cross-site Scripting vulnerabilities in the Aethon TUG Home Base Server; a server used to control and communicate with autonomous mobile robots in hospitals.
12.04.2022
SIEMENS CERT
SSA-270778 V1.7 (Last Update: 2022-04-12): Denial-of-Service Vulnerability in SIMATIC PCS 7, SIMATIC WinCC and SIMATIC NET PC S...
Titel
SSA-270778 V1.7 (Last Update: 2022-04-12): Denial-of-Service Vulnerability in SIMATIC PCS 7, SIMATIC WinCC and SIMATIC NET PC Software
Veröffentlicht
12. April 2022 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-270778.pdf
Text
A Denial-of-Service vulnerability was found in SIMATIC PCS 7, SIMATIC WinCC and SIMATIC NET PC software when encrypted communication is enabled. The vulnerability could allow an attacker with network access to cause a Denial-of-Service condition under certain circumstances (versions prior to SIMATIC WinCC V7.3 or SIMATIC PCS 7 V8.1 are ...
12.04.2022
SIEMENS CERT
SSA-787292 V1.1 (Last Update: 2022-04-12): Denial-of-Service Vulnerability in SIMATIC RFID Readers
Titel
SSA-787292 V1.1 (Last Update: 2022-04-12): Denial-of-Service Vulnerability in SIMATIC RFID Readers
Veröffentlicht
12. April 2022 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-787292.pdf
Text
The latest updates for SIMATIC RF products fix a vulnerability that could allow an unauthorized attacker to crash the OPC UA service of the affected devices. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific ...

Letzte Updates

BOSCH PSIRT
31.10.2024
SIEMENS CERT
26.11.2024
US CERT
08.11.2024
US CERT (ICS)
26.11.2024

Nach Quelle

Archiv

2024
2023
2022
2021
2020
2019
2018
2017

Feeds