Mai 2022
17.05.2022
US CERT
AA22-137A: Weak Security Controls and Practices Routinely Exploited for Initial Access
Titel
AA22-137A: Weak Security Controls and Practices Routinely Exploited for Initial Access
Veröffentlicht
17. Mai 2022 15:00
URL
https://us-cert.cisa.gov/ncas/alerts/aa22-137a
Text
Original release date: May 17, 2022SummaryBest Practices to Protect Your Systems: • Control access. • Harden Credentials. • Establish centralized log management. • Use antivirus solutions. • Employ detection tools. • Operate services exposed on internet-accessible hosts with secure configurations. • Keep software updated. Cyber actors routinely exploit poor security ...
12.05.2022
US CERT (ICS)
Mitsubishi Electric MELSOFT iQ AppPortal
Titel
Mitsubishi Electric MELSOFT iQ AppPortal
Veröffentlicht
12. Mai 2022 16:50
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-132-02
Text
This advisory contains mitigations for Missing Authorization, Out-of-bounds Write, NULL Pointer Dereference, Classic Buffer Overflow, HTTP Request Smuggling, and Infinite Loop vulnerabilities in Mitsubishi Electric MELSOFT iQ AppPortal products.
12.05.2022
US CERT (ICS)
Inkscape in Industrial Products
Titel
Inkscape in Industrial Products
Veröffentlicht
12. Mai 2022 16:48
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-132-03
Text
This advisory contains mitigations for Out-of-bounds Read, Access of Uninitialized Pointer, and Out-of-bounds Write vulnerabilities in the Inkscape open-source graphics editor.
12.05.2022
US CERT (ICS)
Cambium Networks cnMaestro
Titel
Cambium Networks cnMaestro
Veröffentlicht
12. Mai 2022 16:46
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-132-04
Text
This advisory contains mitigations for OS Command Injection, SQL Injection, Path Traversal, and Use of Potentially Dangerous Function vulnerabilities in the Cambium Networks cnMaestro network management system.
12.05.2022
US CERT (ICS)
Siemens Industrial PCs and CNC devices
Titel
Siemens Industrial PCs and CNC devices
Veröffentlicht
12. Mai 2022 16:44
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-132-05
Text
This advisory contains mitigations for Improper Input Validation, Improper Authentication, Improper Isolation of Shared Resources on System-on-a-Chip, and Improper Privilege Management vulnerabilities in Siemens Industrial PCs and CNC devices.
12.05.2022
US CERT (ICS)
Siemens SIMATIC WinCC
Titel
Siemens SIMATIC WinCC
Veröffentlicht
12. Mai 2022 16:42
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-132-06
Text
This advisory contains mitigations for a, Insecure Default Initialization of Resource vulnerability in SIMATIC PCS and WinCC industrial products.
12.05.2022
US CERT (ICS)
Siemens SICAM P850 and SICAM P855
Titel
Siemens SICAM P850 and SICAM P855
Veröffentlicht
12. Mai 2022 16:40
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-132-07
Text
This advisory contains mitigations for Improper Neutralization of Parameter/Argument Delimiters, Cleartext Transmission of Sensitive Information, Cross-site Scripting, Missing Authentication for Critical Function, Authentication Bypass by Capture-replay, and Improper Authentication vulnerabilities in Siemens SICAM P850 and SICAM P855.
12.05.2022
US CERT (ICS)
Siemens JT2GO and Teamcenter Visualization
Titel
Siemens JT2GO and Teamcenter Visualization
Veröffentlicht
12. Mai 2022 16:36
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-132-09
Text
This advisory contains mitigations for Infinite Loop, Null Pointer Dereference, Integer Overflow to Buffer Overflow, Double Free, and Access of Uninitialized Pointer vulnerabilities in Siemens JT2GO, Teamcenter Visualization products.
12.05.2022
US CERT (ICS)
Siemens Desigo PXC and DXR Devices
Titel
Siemens Desigo PXC and DXR Devices
Veröffentlicht
12. Mai 2022 16:34
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-132-10
Text
This advisory contains mitigations for an Uncaught Exception vulnerability in the Siemens Desigo DXR and PXC controllers.
11.05.2022
US CERT
AA22-131A: Protecting Against Cyber Threats to Managed Service Providers and their Customers
Titel
AA22-131A: Protecting Against Cyber Threats to Managed Service Providers and their Customers
Veröffentlicht
11. Mai 2022 13:00
URL
https://us-cert.cisa.gov/ncas/alerts/aa22-131a
Text
Original release date: May 11, 2022SummaryTactical actions for MSPs and their customers to take today: • Identify and disable accounts that are no longer in use. • Enforce MFA on MSP accounts that access the customer environment and monitor for unexplained failed authentication. • Ensure MSP-customer contracts transparently identify ownership ...
10.05.2022
US CERT (ICS)
Adminer in Industrial Products
Titel
Adminer in Industrial Products
Veröffentlicht
10. Mai 2022 16:25
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-130-01
Text
This advisory contains mitigations for a Files or Directories Accessible to External Parties vulnerability in the Adminer database tool.
10.05.2022
US CERT (ICS)
Eaton Intelligent Power Protector
Titel
Eaton Intelligent Power Protector
Veröffentlicht
10. Mai 2022 16:20
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-130-02
Text
This advisory contains mitigations for a Cross-site Scripting vulnerability in the Eaton Intelligent Power Protector (IPP) power protection platform.
10.05.2022
US CERT (ICS)
Eaton Intelligent Power Manager Infrastructure
Titel
Eaton Intelligent Power Manager Infrastructure
Veröffentlicht
10. Mai 2022 16:15
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-130-03
Text
This advisory contains mitigations for Cross-site Scripting, Reflected Cross-site Scripting, and Improper Neutralization of Formula in a CSV File vulnerabilities in Eaton Intelligent Power Manager Infrastructure power monitoring products.
10.05.2022
US CERT (ICS)
AVEVA InTouch Access Anywhere and Plant SCADA Access Anywhere
Titel
AVEVA InTouch Access Anywhere and Plant SCADA Access Anywhere
Veröffentlicht
10. Mai 2022 16:05
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-130-05
Text
This advisory contains mitigations for an Exposure of Resource to Wrong Sphere vulnerability in AVEVA InTouch Access Anywhere and Plant SCADA Access Anywhere HMI products.
10.05.2022
US CERT (ICS)
Mitsubishi Electric MELSOFT GT OPC UA
Titel
Mitsubishi Electric MELSOFT GT OPC UA
Veröffentlicht
10. Mai 2022 16:00
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-130-06
Text
This advisory contains mitigations for Out-of-bounds Read, and Integer Overflow or Wraparound vulnerabilities in Mitsubishi Electric MELSOFT GT OPC UA client connection products.
10.05.2022
SIEMENS CERT
SSA-480937 V1.0: Denial of Service Vulnerability in CP 44x-1 RNA before V1.5.18
Titel
SSA-480937 V1.0: Denial of Service Vulnerability in CP 44x-1 RNA before V1.5.18
Veröffentlicht
10. Mai 2022 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-480937.pdf
Text
Siemens has released a new version for the communication processor modules CP 44x-1 RNA that fixes a vulnerability that could allow an attacker to cause a denial of service condition. Siemens has released updates for the affected products and recommends to update to the latest versions.
10.05.2022
SIEMENS CERT
SSA-102233 V1.9 (Last Update: 2022-05-10): SegmentSmack in VxWorks-based Industrial Devices
Titel
SSA-102233 V1.9 (Last Update: 2022-05-10): SegmentSmack in VxWorks-based Industrial Devices
Veröffentlicht
10. Mai 2022 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-102233.pdf
Text
The products listed below contain a vulnerability that could allow remote attackers to affect the availability of the devices under certain conditions. The underlying TCP stack can be forced to make very computation expensive calls for every incoming packet which can lead to a Denial-of-Service. Siemens has released an update ...
10.05.2022
SIEMENS CERT
SSA-462066 V2.9 (Last Update: 2022-05-10): Vulnerability known as TCP SACK PANIC in Industrial Products
Titel
SSA-462066 V2.9 (Last Update: 2022-05-10): Vulnerability known as TCP SACK PANIC in Industrial Products
Veröffentlicht
10. Mai 2022 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf
Text
Multiple industrial products are affected by a vulnerability in the kernel known as TCP SACK PANIC. The vulnerability could allow a remote attacker to cause a denial of service condition. Siemens has released updates for several affected products and recommends to update to the new versions. Siemens is preparing further ...
10.05.2022
SIEMENS CERT
SSA-363107 V1.0: An Improper Initialization Vulnerability Affects SIMATIC WinCC Kiosk Mode
Titel
SSA-363107 V1.0: An Improper Initialization Vulnerability Affects SIMATIC WinCC Kiosk Mode
Veröffentlicht
10. Mai 2022 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-363107.pdf
Text
A vulnerability was found in SIMATIC WinCC that could allow authenticated attackers to escape the Kiosk Mode. Siemens has released an update for the SIMATIC WinCC V7.5 and recommends to update to the latest version. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, ...
10.05.2022
SIEMENS CERT
SSA-321292 V1.0: Denial of Service in the OPC Foundation Local Discovery Server (LDS) in Industrial Products
Titel
SSA-321292 V1.0: Denial of Service in the OPC Foundation Local Discovery Server (LDS) in Industrial Products
Veröffentlicht
10. Mai 2022 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-321292.pdf
Text
A vulnerability has been identified in the OPC Foundation Local Discovery Server (LDS) [0] of several industrial products. The vulnerability could cause a denial of service condition on the service or the device. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens ...
10.05.2022
SIEMENS CERT
SSA-285795 V1.0: Denial of Service in OPC-UA in Industrial Products
Titel
SSA-285795 V1.0: Denial of Service in OPC-UA in Industrial Products
Veröffentlicht
10. Mai 2022 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-285795.pdf
Text
Vulnerability in the underlying third party component OPC UA ANSIC Stack (also called Legacy C-Stack) affects several industrial products. The vulnerability could cause a crash of the component that includes the vulnerable part of the stack. Siemens has released updates for several affected products and recommends to update to the ...
10.05.2022
SIEMENS CERT
SSA-162616 V1.0: File Parsing Vulnerabilities in Simcenter Femap before V2022.2
Titel
SSA-162616 V1.0: File Parsing Vulnerabilities in Simcenter Femap before V2022.2
Veröffentlicht
10. Mai 2022 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-162616.pdf
Text
Siemens Simcenter Femap versions before V2022.2 are affected by an out of bounds write vulnerability that could be triggered when the application reads files in .NEU format. If a user is tricked to open a malicious file with the affected application, an attacker could leverage the vulnerability to perform remote ...
10.05.2022
SIEMENS CERT
SSA-165073 V1.0: Multiple Vulnerabilities in the Webinterface of SICAM P850 and SICAM P855 Devices
Titel
SSA-165073 V1.0: Multiple Vulnerabilities in the Webinterface of SICAM P850 and SICAM P855 Devices
Veröffentlicht
10. Mai 2022 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-165073.pdf
Text
Multiple vulnerabilities were identified in the webserver of SICAM P850 and SICAM P855 devices. These include unauthenticated access to web-interface functionality, missing HTTPS or impersonation as well as cross-site scripting related vulnerabilities. Siemens has released updates for the affected products and recommends to update to the latest versions.
10.05.2022
SIEMENS CERT
SSA-662649 V1.0: Denial of Service Vulnerability in Desigo DXR and PXC Controllers
Titel
SSA-662649 V1.0: Denial of Service Vulnerability in Desigo DXR and PXC Controllers
Veröffentlicht
10. Mai 2022 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-662649.pdf
Text
A vulnerability in Desigo DXR and PXC controllers has been identified that could allow an attacker to disable and reset a device to factory state using a denial of service attack. Siemens has released updates for the affected products and recommends to update to the latest versions.
10.05.2022
SIEMENS CERT
SSA-553086 V1.0: Multiple File Parsing Vulnerabilities in JT2Go and Teamcenter Visualization
Titel
SSA-553086 V1.0: Multiple File Parsing Vulnerabilities in JT2Go and Teamcenter Visualization
Veröffentlicht
10. Mai 2022 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-553086.pdf
Text
Siemens has released updates for JT2Go and Teamcenter Visualization to fix multiple file parsing vulnerabilities. If a user is tricked to open a malicious file (crafted as CGM, TIFF or TG4) with any of the affected products, this could lead the application to crash or potentially lead to arbitrary code ...

Letzte Updates

BOSCH PSIRT
15.01.2025
SIEMENS CERT
17.04.2025
US CERT
01.04.2025
US CERT (ICS)
17.04.2025

Nach Quelle

Archiv

2025
2024
2023
2022
2021
2020
2019
2018
2017

Feeds