Dezember 2021
14.12.2021
SIEMENS CERT
SSA-772220 V1.4 (Last Update: 2021-12-14): OpenSSL Vulnerabilities in Industrial Products
Titel
SSA-772220 V1.4 (Last Update: 2021-12-14): OpenSSL Vulnerabilities in Industrial Products
Veröffentlicht
14. Dezember 2021 01:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-772220.pdf
Text
OpenSSL has published a security advisory [0] about a vulnerability in OpenSSL versions 1.1.1 < 1.1.1k, that allows an unauthenticated attacker to cause a Denial-of-Service (DoS) if a maliciously crafted renegotiation message is sent. Siemens has released updates for several affected products and recommends to update to the latest versions. ...
14.12.2021
SIEMENS CERT
SSA-390195 V1.0: LibVNC Vulnerabilities in SIMATIC ITC Products
Titel
SSA-390195 V1.0: LibVNC Vulnerabilities in SIMATIC ITC Products
Veröffentlicht
14. Dezember 2021 01:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf
Text
Multiple LibVNC vulnerabilities in the affected products listed below could allow remote code execution, information disclosure and Denial-of-Service attacks under certain conditions. Siemens has released updates for the affected products and recommends to update to the latest versions.
14.12.2021
SIEMENS CERT
SSA-352143 V1.0: Multiple File Parsing Vulnerabilities in JTTK before V11.0.3.0 and JT Utilities before V13.0.3.0
Titel
SSA-352143 V1.0: Multiple File Parsing Vulnerabilities in JTTK before V11.0.3.0 and JT Utilities before V13.0.3.0
Veröffentlicht
14. Dezember 2021 01:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-352143.pdf
Text
JT Open Toolkit (JTTK) before V11.0.3.0 contains multiple vulnerabilities that could be triggered when the affected product reads a maliciously crafted JT file. These vulnerabilities also affects JT Utilities before V13.0.3.0. If a user is tricked to open a malicious file with any of the affected products, this could lead ...
14.12.2021
SIEMENS CERT
SSA-199605 V1.0: Arbitrary File Download Vulnerability in SIMATIC eaSie PCS 7 Skill Package
Titel
SSA-199605 V1.0: Arbitrary File Download Vulnerability in SIMATIC eaSie PCS 7 Skill Package
Veröffentlicht
14. Dezember 2021 01:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-199605.pdf
Text
SIMATIC eaSie PCS 7 Skill Package contains a path traversal vulnerability that could allow an authenticated remote attacker to read arbitrary files for the application server. Siemens has released an update for the SIMATIC eaSie PCS 7 Skill Package and recommends to update to the latest version.
14.12.2021
SIEMENS CERT
SSA-161331 V1.0: Scene File Parsing Vulnerability in Simcenter STAR-CCM+ Viewer before V2021.3.1
Titel
SSA-161331 V1.0: Scene File Parsing Vulnerability in Simcenter STAR-CCM+ Viewer before V2021.3.1
Veröffentlicht
14. Dezember 2021 01:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-161331.pdf
Text
Siemens Simcenter STAR-CCM+ Viewer is affected by a vulnerability that could be triggered when the application reads scene (.sce) files. If a user is tricked to open a malicious file with the affected application, this could lead to a crash, and potentially also to arbitrary code execution or data extraction ...
14.12.2021
SIEMENS CERT
SSA-160202 V1.0: Multiple Access Control Vulnerabilities in SiPass Integrated
Titel
SSA-160202 V1.0: Multiple Access Control Vulnerabilities in SiPass Integrated
Veröffentlicht
14. Dezember 2021 01:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-160202.pdf
Text
SiPass integrated contains multiple vulnerabilities that could allow an unauthenticated remote attacker to access or modify several internal application resources. Siemens has released a tool, “SiPass integrated Component Manager”, to remediate the vulnerabilities on all maintained and supported versions of SiPass integrated and recommends to apply this tool.
14.12.2021
SIEMENS CERT
SSA-133772 V1.0: Zip Path Traversal Vulnerability in Teamcenter Active Workspace
Titel
SSA-133772 V1.0: Zip Path Traversal Vulnerability in Teamcenter Active Workspace
Veröffentlicht
14. Dezember 2021 01:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-133772.pdf
Text
A zip path traversal vulnerability in Teamcenter Active Workspace could allow an attacker to achieve remote code execution. Siemens has released updates for the affected products and recommends to update to the latest versions.
13.12.2021
SIEMENS CERT
SSA-661247 V1.0: Apache Log4j Vulnerability (CVE-2021-44228, Log4Shell) - Impact to Siemens Products
Titel
SSA-661247 V1.0: Apache Log4j Vulnerability (CVE-2021-44228, Log4Shell) - Impact to Siemens Products
Veröffentlicht
13. Dezember 2021 01:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf
Text
On 2021-12-09, a vulnerability in Apache Log4j (a logging tool used in many Java-based applications) was disclosed, that could allow remote unauthenticated attackers to execute code on vulnerable systems. The vulnerability is tracked as CVE-2021-44228 and is also known as “Log4Shell”. Siemens is currently investigating to determine which products are ...
09.12.2021
US CERT (ICS)
Hillrom Welch Allyn Cardio Products
Titel
Hillrom Welch Allyn Cardio Products
Veröffentlicht
9. Dezember 2021 16:10
URL
https://us-cert.cisa.gov/ics/advisories/icsma-21-343-01
Text
This advisory contains mitigations for an Authentication Bypass Using an Alternate Path or Channel vulnerability in Hillrom Welch Allyn cardiology devices.
09.12.2021
US CERT (ICS)
Hitachi Energy GMS600, PWC600, and Relion
Titel
Hitachi Energy GMS600, PWC600, and Relion
Veröffentlicht
9. Dezember 2021 16:05
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-343-01
Text
This advisory contains mitigations for an Improper Access Controls vulnerability in Hitachi Energy GMS600, PWC600, and Relion circuit breaker monitoring systems.
08.12.2021
BOSCH PSIRT
Multiple Vulnerabilities in Bosch BT software products
Titel
Multiple Vulnerabilities in Bosch BT software products
Veröffentlicht
8. Dezember 2021 01:00
URL
https://psirt.bosch.com/security-advisories/bosch-sa-043434-bt.html
Text

BOSCH-SA-043434-BT: A recently discovered security vulnerability allows an unauthenticated attacker to cause an application to crash (Denial of Service / DoS) and for the VRM opens the possibility to send unauthenticated commands for a short time (this vulnerability is rated critical).The VRM, DIVAR IP and BVMS with VRM are also ...

07.12.2021
US CERT (ICS)
Hitachi Energy RTU500 OpenLDAP
Titel
Hitachi Energy RTU500 OpenLDAP
Veröffentlicht
7. Dezember 2021 16:10
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-341-01
Text
This advisory contains mitigations for Type Confusion, and Reachable Assertion vulnerabilities in Hitachi Energy RTU500 OpenLDAP firmware.
07.12.2021
US CERT (ICS)
Hitachi Energy XMC20 and FOX61x
Titel
Hitachi Energy XMC20 and FOX61x
Veröffentlicht
7. Dezember 2021 16:05
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-341-02
Text
This advisory contains mitigations for Weak Password Requirements, and Missing Handler vulnerabilities in Hitachi Energy XMC20 and FOX61x multi-service network elements.
07.12.2021
US CERT (ICS)
FANUC Robot Controllers
Titel
FANUC Robot Controllers
Veröffentlicht
7. Dezember 2021 16:00
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-243-02
Text
This advisory is a follow-up to the original advisory titled ICSA-21-243-02P FANUC Robot Controllers that was posted to the HSIN ICS library on August 31, 2021. This advisory contains mitigations for Integer Coercion Error, and Out-of-bounds Write vulnerabilities in FANUC Robot Controllers.
02.12.2021
US CERT
AA21-336A: APT Actors Exploiting CVE-2021-44077 in Zoho ManageEngine ServiceDesk Plus
Titel
AA21-336A: APT Actors Exploiting CVE-2021-44077 in Zoho ManageEngine ServiceDesk Plus
Veröffentlicht
2. Dezember 2021 19:00
URL
https://us-cert.cisa.gov/ncas/alerts/aa21-336a
Text
Original release date: December 2, 2021 | Last revised: December 6, 2021SummaryThis joint Cybersecurity Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework, Version 9. See the ATT&CK for Enterprise framework for referenced threat actor techniques and for mitigations. This joint advisory is the result of analytic ...
02.12.2021
US CERT (ICS)
Schneider Electric SESU
Titel
Schneider Electric SESU
Veröffentlicht
2. Dezember 2021 16:35
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-336-01
Text
This advisory contains mitigations for an Insufficient Entropy vulnerability in the Schneider Electric Software Update.
02.12.2021
US CERT (ICS)
Johnson Controls Entrapass
Titel
Johnson Controls Entrapass
Veröffentlicht
2. Dezember 2021 16:30
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-336-02
Text
This advisory contains mitigations for a Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Johnson Controls Entrapass security management software.
02.12.2021
US CERT (ICS)
Distributed Data Systems WebHMI
Titel
Distributed Data Systems WebHMI
Veröffentlicht
2. Dezember 2021 16:25
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-336-03
Text
This advisory contains mitigations for Authentication Bypass by Primary Weakness, and Unrestricted Upload of File with Dangerous Type vulnerabilities in Distributed Data Systems WebHMI SCADA systems.
02.12.2021
US CERT (ICS)
Hitachi Energy RTU500 series BCI
Titel
Hitachi Energy RTU500 series BCI
Veröffentlicht
2. Dezember 2021 16:20
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-336-04
Text
This advisory contains mitigations for an Improper Input Validation vulnerability in Hitachi Energy RTU500 series BCI remote terminal units.
02.12.2021
US CERT (ICS)
Hitachi Energy Relion 670/650/SAM600-IO
Titel
Hitachi Energy Relion 670/650/SAM600-IO
Veröffentlicht
2. Dezember 2021 16:15
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-336-05
Text
This advisory contains mitigations for an Insecure Default Initialization of Resource vulnerability in Hitachi Energy Relion 670/650/SAM600-IO Intelligent Electronic Devices (IEDs).
02.12.2021
US CERT (ICS)
Hitachi Energy APM Edge
Titel
Hitachi Energy APM Edge
Veröffentlicht
2. Dezember 2021 16:10
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-336-06
Text
This advisory contains mitigations for a Using Components with Known Vulnerabilities vulnerability in Hitachi Energy Transformer Asset Performance Management (APM) Edge software.
02.12.2021
US CERT (ICS)
Hitachi Energy PCM600 Update Manager
Titel
Hitachi Energy PCM600 Update Manager
Veröffentlicht
2. Dezember 2021 16:05
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-336-07
Text
This advisory contains mitigations for a Improper Certificate Validation vulnerability in Hitachi Energy PCM600 Update Manager protection and control IED software.
02.12.2021
US CERT (ICS)
Hitachi Energy RTU500 series
Titel
Hitachi Energy RTU500 series
Veröffentlicht
2. Dezember 2021 16:00
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-336-08
Text
This advisory contains mitigations for Observable Discrepancy, Buffer Over-read, and Out-of-bounds Read vulnerabilities in Hitachi Energy RTU500 remote terminal units.
November 2021
30.11.2021
US CERT (ICS)
Xylem Aanderaa GeoView
Titel
Xylem Aanderaa GeoView
Veröffentlicht
30. November 2021 16:30
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-334-01
Text
This advisory contains mitigations for a SQL Injection vulnerability in the Xylem Aanderaa GeoView web-based data display.
30.11.2021
US CERT (ICS)
Mitsubishi Electric MELSEC and MELIPC Series
Titel
Mitsubishi Electric MELSEC and MELIPC Series
Veröffentlicht
30. November 2021 16:25
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-334-02
Text
This advisory contains mitigations for Uncontrolled Resource Consumption, Improper Handling of Length Parameter Inconsistency, and Improper Input Validation vulnerabilities in Mitsubishi Electric MELSEC and MELIPC Series software management platforms.

Letzte Updates

BOSCH PSIRT
31.10.2024
SIEMENS CERT
26.11.2024
US CERT
08.11.2024
US CERT (ICS)
26.11.2024

Nach Quelle

Archiv

2024
2023
2022
2021
2020
2019
2018
2017

Feeds