Juni 2022
21.06.2022
US CERT (ICS)
Phoenix Contact Classic Line Controllers
Titel
Phoenix Contact Classic Line Controllers
Veröffentlicht
21. Juni 2022 16:15
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-172-03 external link
Text
This advisory contains mitigations for an Insufficient Verification of Data Authenticity vulnerability in the Phoenix Contact classic line controllers.
21.06.2022
US CERT (ICS)
Phoenix Contact ProConOS and MULTIPROG
Titel
Phoenix Contact ProConOS and MULTIPROG
Veröffentlicht
21. Juni 2022 16:10
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-172-04 external link
Text
This advisory contains mitigations for an Insufficient Verification of Data Authenticity vulnerability in the Phoenix Contact ProConOS and MULTIPROG software development kit.
21.06.2022
US CERT (ICS)
Phoenix Contact Classic Line Industrial Controllers
Titel
Phoenix Contact Classic Line Industrial Controllers
Veröffentlicht
21. Juni 2022 16:05
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-172-05 external link
Text
This advisory contains mitigations for an Insufficient Verification of Data Authenticity vulnerability in the Phoenix Contact Classic Line Industrial Controllers.
21.06.2022
US CERT (ICS)
Siemens WinCC OA
Titel
Siemens WinCC OA
Veröffentlicht
21. Juni 2022 16:00
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-172-06 external link
Text
This advisory contains mitigations for a Use of Client-side Authentication vulnerability in the Siemens SIMATIC WinCC OA SCADA HMI system.
21.06.2022
SIEMENS CERT
SSA-111512 V1.0: Client-side Authentication in SIMATIC WinCC OA
Titel
SSA-111512 V1.0: Client-side Authentication in SIMATIC WinCC OA
Veröffentlicht
21. Juni 2022 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-111512.pdf external link
Text
SIMATIC WinCC OA implements client-side only authentication, when neither server-side authentication (SSA) nor Kerberos authentication is enabled. In this configuration, attackers could impersonate other users or exploit the client-server protocol without being authenticated. Siemens recommends to enable server-side authentication (SSA) or Kerberos authentication for all WinCC OA projects, as documented ...
17.06.2022
US CERT (ICS)
Hillrom Medical Device Management
Titel
Hillrom Medical Device Management
Veröffentlicht
17. Juni 2022 05:08
URL
https://us-cert.cisa.gov/ics/advisories/icsma-22-167-01 external link
Text
This advisory contains mitigations for Use of Hard-coded Password, and Improper Access Control vulnerability in Welch Allyn resting electrocardiograph devices. Hillrom Medical. Welch Allyn, and ELI are registered trademarks of Baxter International, Inc., or its subsidiaries.
17.06.2022
US CERT (ICS)
AutomationDirect C-More EA9 HMI
Titel
AutomationDirect C-More EA9 HMI
Veröffentlicht
17. Juni 2022 05:06
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-167-01 external link
Text
This advisory contains mitigations for Uncontrolled Search Path Element, Cleartext Transmission of Sensitive Information vulnerabilities in AutomationDirect C-More EA9 human-machine interface products.
16.06.2022
US CERT (ICS)
AutomationDirect DirectLOGIC with Serial Communication
Titel
AutomationDirect DirectLOGIC with Serial Communication
Veröffentlicht
16. Juni 2022 17:04
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-167-02 external link
Text
This advisory contains mitigations for a Cleartext Transmission of Sensitive Information vulnerability in DirectLOGIC programmable controllers with serial communication.
16.06.2022
US CERT (ICS)
AutomationDirect DirectLOGIC with Ethernet
Titel
AutomationDirect DirectLOGIC with Ethernet
Veröffentlicht
16. Juni 2022 17:02
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-167-03 external link
Text
This advisory contains mitigations for Uncontrolled Resource Consumption, and Cleartext Transmission of Sensitive Information vulnerabilities in AutomationDirect DirectLOGIC programmable logic Ethernet controllers.
16.06.2022
US CERT (ICS)
Siemens Mendix SAML Module
Titel
Siemens Mendix SAML Module
Veröffentlicht
16. Juni 2022 17:00
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-167-04 external link
Text
This advisory contains mitigations for Improper Restriction of XML External Entity Reference, and Cross-site Scripting vulnerabilities in the Siemens Mendix SAML Module.
16.06.2022
US CERT (ICS)
Siemens Apache HTTP Server
Titel
Siemens Apache HTTP Server
Veröffentlicht
16. Juni 2022 16:56
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-167-06 external link
Text
This advisory contains mitigations for NULL Pointer Dereference, Out-of-bounds Write, and Server-side Request Forgery (SSRF) vulnerabilities in the Siemens Apache HTTP Server.
16.06.2022
US CERT (ICS)
Siemens SICAM GridEdge
Titel
Siemens SICAM GridEdge
Veröffentlicht
16. Juni 2022 16:52
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-167-08 external link
Text
This advisory contains mitigations for Missing Authentication for Critical Function, and Resource Leak vulnerabilities in the Siemens SICAM GridEdge Essential ARM.
16.06.2022
US CERT (ICS)
Siemens SCALANCE LPE9403 Third-Party Vulnerabilities
Titel
Siemens SCALANCE LPE9403 Third-Party Vulnerabilities
Veröffentlicht
16. Juni 2022 16:50
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-167-09 external link
Text
This advisory contains mitigations for vulnerabilities in the Siemens SCALANCE LPE9403, a processing power extension for the SCALANCE family of products.
16.06.2022
US CERT (ICS)
Siemens SCALANCE XM-400 and XR-500
Titel
Siemens SCALANCE XM-400 and XR-500
Veröffentlicht
16. Juni 2022 16:48
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-167-10 external link
Text
This advisory contains mitigations for an Improper Validation of Integrity Check Value vulnerability in the Siemens SCALANCE XM-400 and XR-500 industrial switches.
16.06.2022
US CERT (ICS)
Siemens Xpedition Designer
Titel
Siemens Xpedition Designer
Veröffentlicht
16. Juni 2022 16:46
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-167-11 external link
Text
This advisory contains mitigations for an Incorrect Permission Assignment for Critical Resource vulnerability in the Siemens Xpedition Designer PCB design flow products.
16.06.2022
US CERT (ICS)
Siemens Spectrum Power Systems
Titel
Siemens Spectrum Power Systems
Veröffentlicht
16. Juni 2022 16:44
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-167-12 external link
Text
This advisory contains mitigations for a Use of Hard-coded Credentials vulnerability in the Siemens Spectrum Power data modelling and monitoring system.
16.06.2022
US CERT (ICS)
Siemens OpenSSL Affected Industrial Products
Titel
Siemens OpenSSL Affected Industrial Products
Veröffentlicht
16. Juni 2022 16:40
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-167-14 external link
Text
This advisory contains mitigations for an Infinite Loop vulnerability in the Siemens OpenSSL Affected Industrial Products.
14.06.2022
US CERT (ICS)
Johnson Controls Metasys ADS ADX OAS Servers
Titel
Johnson Controls Metasys ADS ADX OAS Servers
Veröffentlicht
14. Juni 2022 16:10
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-165-01 external link
Text
This advisory contains mitigations for Unverified Password Change, and Cross-site Scripting vulnerabilities in the Johnson Controls Metasys ADS ADX OAS Servers.
14.06.2022
US CERT (ICS)
Meridian Cooperative Meridian
Titel
Meridian Cooperative Meridian
Veröffentlicht
14. Juni 2022 16:05
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-165-02 external link
Text
This advisory contains mitigations for an Improper Access Control vulnerability in Meridian utility software.
14.06.2022
US CERT (ICS)
Mitsubishi Electric MELSEC-Q/L and MELSEC iQ-R
Titel
Mitsubishi Electric MELSEC-Q/L and MELSEC iQ-R
Veröffentlicht
14. Juni 2022 16:00
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-165-03 external link
Text
This advisory contains mitigations for an Improper Input Validation vulnerability in the Mitsubishi Electric MELSEC-Q/L Series and MELSEC iQ-R Series Interface Modules.
14.06.2022
SIEMENS CERT
SSA-301589 V1.3 (Last Update: 2022-06-14): Multiple File Parsing Vulnerabilities in Solid Edge, JT2Go and Teamcenter Visualization
Titel
SSA-301589 V1.3 (Last Update: 2022-06-14): Multiple File Parsing Vulnerabilities in Solid Edge, JT2Go and Teamcenter Visualization
Veröffentlicht
14. Juni 2022 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-301589.pdf external link
Text
Siemens has released updates for JT2Go, Solid Edge and Teamcenter Visualization to fix multiple file parsing vulnerabilities. If a user is tricked to open a malicious file (crafted as PDF, DXF or PAR) with any of the affected products, this could lead the application to crash or potentially lead to ...
14.06.2022
SIEMENS CERT
SSA-988345 V1.0: Local Privilege Escalation Vulnerability in Xpedition Designer
Titel
SSA-988345 V1.0: Local Privilege Escalation Vulnerability in Xpedition Designer
Veröffentlicht
14. Juni 2022 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-988345.pdf external link
Text
A vulnerability in Xpedition Designer could allow an attacker with an unprivileged account to override or modify the service executable and subsequently gain elevated privileges. Siemens has released an update for the Xpedition Designer and recommends to update to the latest version.
14.06.2022
SIEMENS CERT
SSA-693555 V1.0: Memory Corruption Vulnerability in EN100 Ethernet Module
Titel
SSA-693555 V1.0: Memory Corruption Vulnerability in EN100 Ethernet Module
Veröffentlicht
14. Juni 2022 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-693555.pdf external link
Text
EN100 Ethernet module is affected by memory corruption vulnerability (CVE-2022-30937). Siemens has released an update for the EN100 Ethernet module IEC 61850 variant and recommends to update to the latest version. Siemens recommends specific countermeasures for products where updates are not, or not yet available.
14.06.2022
SIEMENS CERT
SSA-978220 V1.7 (Last Update: 2022-06-14): Denial of Service Vulnerability over SNMP in Multiple Industrial Products
Titel
SSA-978220 V1.7 (Last Update: 2022-06-14): Denial of Service Vulnerability over SNMP in Multiple Industrial Products
Veröffentlicht
14. Juni 2022 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-978220.pdf external link
Text
Several industrial products are affected by a vulnerability that could allow remote attackers to conduct a denial of service attack by sending specially crafted packets to port 161/udp (SNMP). Siemens has released updates for several affected products and recommends to update to the new versions. Siemens is preparing further updates ...
14.06.2022
SIEMENS CERT
SSA-941426 V1.2 (Last Update: 2022-06-14): Multiple LLDP Vulnerabilities in Industrial Products
Titel
SSA-941426 V1.2 (Last Update: 2022-06-14): Multiple LLDP Vulnerabilities in Industrial Products
Veröffentlicht
14. Juni 2022 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-941426.pdf external link
Text
There are multiple vulnerabilities in an underlying Link Layer Discovery Protocol (LLDP) third party library. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.

Letzte Updates

BOSCH PSIRT
10.06.2025
SIEMENS CERT
17.06.2025
US CERT
12.06.2025
US CERT (ICS)
17.06.2025

Nach Quelle

Archiv

2025
2024
2023
2022
2021
2020
2019
2018
2017

Feeds