April 2022
12.04.2022
SIEMENS CERT
SSA-350757 V1.0: Improper Access Control Vulnerability in TIA Portal Affecting S7-1200 and S7-1500 CPUs Web Server (Incl. Relat...
Titel
SSA-350757 V1.0: Improper Access Control Vulnerability in TIA Portal Affecting S7-1200 and S7-1500 CPUs Web Server (Incl. Related ET200 CPUs and SIPLUS variants)
Veröffentlicht
12. April 2022 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-350757.pdf
Text
An attacker could achieve privilege escalation on the web server of certain devices configured by SIMATIC STEP 7 (TIA Portal) due to incorrect handling of the webserver’s user management configuration during downloading. This only affects the S7-1200 and S7-1500 CPUs’ (incl. related ET200 CPUs and SIPLUS variants) web server, when ...
12.04.2022
SIEMENS CERT
SSA-316850 V1.0: Unauthenticated File Access in SICAM A8000 Devices
Titel
SSA-316850 V1.0: Unauthenticated File Access in SICAM A8000 Devices
Veröffentlicht
12. April 2022 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-316850.pdf
Text
SICAM A8000 CP-8050 and CP-8031 devices contain vulnerabilities that could allow an attacker to access files without authentication. Siemens has released updates for the affected products and recommends to update to the latest versions.
07.04.2022
US CERT (ICS)
Pepperl+Fuchs WirelessHART-Gateway
Titel
Pepperl+Fuchs WirelessHART-Gateway
Veröffentlicht
7. April 2022 16:10
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-097-01
Text
This advisory contains mitigations for several vulnerabilities in Pepperl+Fuchs WirelessHART-Gateway industrial networking devices.
07.04.2022
US CERT (ICS)
ABB SPIET800 and PNI800
Titel
ABB SPIET800 and PNI800
Veröffentlicht
7. April 2022 16:05
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-097-02
Text
This advisory contains mitigations for Incomplete Internal State Distinction, Improper Handling of Unexpected Data Type, and Uncontrolled Resource Consumption vulnerabilities in ABB Symphony Plus SPIET800 and PNI800 network interface modules.
05.04.2022
US CERT (ICS)
LifePoint Informatics Patient Portal
Titel
LifePoint Informatics Patient Portal
Veröffentlicht
5. April 2022 16:15
URL
https://us-cert.cisa.gov/ics/advisories/icsma-22-095-01
Text
This advisory contains mitigations for an Authentication Bypass Using Alternate Path or Channel vulnerability in the LifePoint Informatics Patient Portal, a website containing patient health data.
05.04.2022
US CERT (ICS)
Philips Vue PACS (Update B)
Titel
Philips Vue PACS (Update B)
Veröffentlicht
5. April 2022 16:00
URL
https://us-cert.cisa.gov/ics/advisories/icsma-21-187-01
Text
This updated advisory is a follow-up to the advisory update titled ICSMA-21-87-01 Philips Vue PACS (Update A) that was published January 20, 2022, to the ICS webpage on www.cisa.gov/uscert/ics. This advisory contains mitigations for numerous vulnerabilities in Philips Vue PACS products.
März 2022
31.03.2022
US CERT (ICS)
Schneider Electric SCADAPack Workbench
Titel
Schneider Electric SCADAPack Workbench
Veröffentlicht
31. März 2022 16:40
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-090-01
Text
This advisory contains mitigations for an Improper Restriction of XML External Entity Reference vulnerability in Schneider Electric SCADAPack Workbench software.
31.03.2022
US CERT (ICS)
Hitachi Energy e-mesh EMS
Titel
Hitachi Energy e-mesh EMS
Veröffentlicht
31. März 2022 16:35
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-090-02
Text
This advisory contains mitigations for Improper Restriction of Operations Within the Bounds of a Memory Buffer, Use After Free, and Uncontrolled Resource Consumption vulnerabilities in Hitachi Energy e-mesh EMS, an optimizer software for energy resources.
31.03.2022
US CERT (ICS)
Fuji Electric Alpha5
Titel
Fuji Electric Alpha5
Veröffentlicht
31. März 2022 16:30
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-090-03
Text
This advisory contains mitigations for Access of Uninitialized Pointer, Out-of-bound Read, Stack-based Buffer Overflow, and Heap-based Buffer Overflow vulnerabilities in the Fuji Electric Alpha5 servo drive system.
31.03.2022
US CERT (ICS)
Mitsubishi Electric FA Products
Titel
Mitsubishi Electric FA Products
Veröffentlicht
31. März 2022 16:25
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-090-04
Text
This advisory contains mitigations for a Use of Password Hash Instead of Password for Authentication, Use of Weak Hash, Cleartext Storage of Sensitive Information, and Authentication Bypass by Capture-replay vulnerabilities in Mitsubishi Electric FA CPU module products.
31.03.2022
US CERT (ICS)
General Electric Renewable Energy MDS Radios
Titel
General Electric Renewable Energy MDS Radios
Veröffentlicht
31. März 2022 16:15
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-090-06
Text
This advisory contains mitigations for Improper Input Validation, Hidden Functionality, Inadequate Encryption Strength, Uncontrolled Resource Consumption, Plaintext Storage of a Password, and Download of Code Without Integrity Check vulnerabilities in General Electric Renewable Energy MDS Radios.
31.03.2022
US CERT (ICS)
Rockwell Automation Studio 5000 Logix Designer
Titel
Rockwell Automation Studio 5000 Logix Designer
Veröffentlicht
31. März 2022 16:10
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-090-07
Text
This advisory contains mitigations for a Code Injection vulnerability in Rockwell Automation Studio 5000 Logix Designer design configuration hardware.
31.03.2022
US CERT (ICS)
PTC Axeda agent and Axeda Desktop Server (Update C)
Titel
PTC Axeda agent and Axeda Desktop Server (Update C)
Veröffentlicht
31. März 2022 16:05
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-067-01
Text
This updated advisory is a follow-up to the advisory update titled ICSA-22-067-01 PTC Axeda agent and Axeda Desktop Server (Update B) that was published March 15, 2022, on the ICS webpage on www.cisa.gov/uscert. This advisory contains mitigations for Use of Hard-coded Credentials, Missing Authentication for Critical Function, Exposure of Sensitive ...
31.03.2022
US CERT (ICS)
Mitsubishi Electric MELSEC iQ-R, Q and L Series (Update C)
Titel
Mitsubishi Electric MELSEC iQ-R, Q and L Series (Update C)
Veröffentlicht
31. März 2022 16:00
URL
https://us-cert.cisa.gov/ics/advisories/icsa-20-303-01
Text
This updated advisory is a follow-up to the advisory update ICSA-20-303-01 Mitsubishi Electric MELSEC iQ-R, Q and L Series (Update B) that was published January 13, 2022, to the ICS webpage on www.cisa.gov/uscert. This advisory contains mitigations for an Uncontrolled Resource Consumption vulnerability in Mitsubishi Electric's MELSEC iQ-R, Q and ...
30.03.2022
BOSCH PSIRT
Buffer Overflow Vulnerability in Recovery Image
Titel
Buffer Overflow Vulnerability in Recovery Image
Veröffentlicht
30. März 2022 02:00
URL
https://psirt.bosch.com/security-advisories/bosch-sa-446276-bt.html
Text

BOSCH-SA-446276-BT: A recently discovered security vulnerability allows an attacker to cause an buffer overflow in the recovery image, crashing the application and open the possibility for code execution.The recovery image can only be booted using a command requiring administrative access or requiring physical access to the device.Bosch rates this vulnerability ...

29.03.2022
US CERT (ICS)
Philips e-Alert
Titel
Philips e-Alert
Veröffentlicht
29. März 2022 16:25
URL
https://us-cert.cisa.gov/ics/advisories/icsma-22-088-01
Text
This advisory contains mitigations for Missing Authentication for Critical Function vulnerability in the Philips e-Alert MRI system monitoring platform.
29.03.2022
US CERT (ICS)
Rockwell Automation ISaGRAF
Titel
Rockwell Automation ISaGRAF
Veröffentlicht
29. März 2022 16:20
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-088-01
Text
This advisory contains mitigations for an Improper Restriction of XML External Entity Reference vulnerability in Rockwell Automation ISaGRAF software products.
29.03.2022
US CERT (ICS)
Omron CX-Position
Titel
Omron CX-Position
Veröffentlicht
29. März 2022 16:15
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-088-02
Text
This advisory contains mitigations for Stack-based Buffer Overflow, Improper Restriction of Operations Within the Bounds of a Memory Buffer, Use After Free, and Out-of-bounds Write vulnerabilities in the Omron CX-Position control software.
29.03.2022
US CERT (ICS)
Hitachi Energy LinkOne WebView
Titel
Hitachi Energy LinkOne WebView
Veröffentlicht
29. März 2022 16:10
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-088-03
Text
This advisory contains mitigations for Cross-site Scripting, Use of a Password System for Primary Authentication, Configuration, and Exposure of Sensitive Information to an Unauthorized Actor vulnerabilities in the Hitachi Energy LinkOne WebView graphical parts catalog.
29.03.2022
US CERT (ICS)
Modbus Tools Modbus Slave
Titel
Modbus Tools Modbus Slave
Veröffentlicht
29. März 2022 16:05
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-088-04
Text
This advisory contains mitigations for a Stack-based Buffer Overflow vulnerability in the Modbus Tools Modbus Slave PLC programming simulation tool.
29.03.2022
US CERT (ICS)
Delta Electronics DIAEnergie (Update A)
Titel
Delta Electronics DIAEnergie (Update A)
Veröffentlicht
29. März 2022 16:00
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-081-01
Text
This updated advisory is a follow-up to the original advisory titled ICSA-22-081-01 Delta Electronics DIAEnergie that was published March 22, 2022, on the ICS webpage at www.cisa.gov/uscert. This advisory contains mitigations for Path Traversal, Incorrect Default Permissions, and SQL Injection vulnerabilities in the Delta Electronics DIAEnergie industrial energy management system.
28.03.2022
SIEMENS CERT
SSA-593272 V1.5 (Last Update: 2022-03-28): SegmentSmack in Interniche IP-Stack based Industrial Devices
Titel
SSA-593272 V1.5 (Last Update: 2022-03-28): SegmentSmack in Interniche IP-Stack based Industrial Devices
Veröffentlicht
28. März 2022 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-593272.pdf
Text
A vulnerability exists in affected products that could allow remote attackers to affect the availability of the devices under certain conditions. The underlying TCP stack can be forced to make very computation expensive calls for every incoming packet which can lead to a Denial-of-Service.
24.03.2022
US CERT
AA22-083A: Tactics, Techniques, and Procedures of Indicted State-Sponsored Russian Cyber Actors Targeting the Energy Sector
Titel
AA22-083A: Tactics, Techniques, and Procedures of Indicted State-Sponsored Russian Cyber Actors Targeting the Energy Sector
Veröffentlicht
24. März 2022 15:00
URL
https://us-cert.cisa.gov/ncas/alerts/aa22-083a
Text
Original release date: March 24, 2022SummaryActions to Take Today to Protect Energy Sector Networks: • Implement and ensure robust network segmentation between IT and ICS networks. • Enforce MFA to authenticate to a system. • Manage the creation of, modification of, use of—and permissions associated with—privileged accounts. This joint Cybersecurity ...
23.03.2022
BOSCH PSIRT
Bosch Fire Monitoring System (FSM) affected by log4net Vulnerability
Titel
Bosch Fire Monitoring System (FSM) affected by log4net Vulnerability
Veröffentlicht
23. März 2022 01:00
URL
https://psirt.bosch.com/security-advisories/bosch-sa-479793-bt.html
Text

BOSCH-SA-479793-BT: A vulnerability has been discovered affecting the Bosch Fire Monitoring System (FSM-2500, FSM-5000, FSM-10k and obsolete FSM-10000). The issue applies to FSM server with version 5.6.630 and lower, and FSM client with version 5.6.2131 and lower. Bosch recommends customers to update vulnerable components with the provided patch. The vulnerability ...

22.03.2022
US CERT (ICS)
Delta Electronics DIAEnergie (Update B)
Titel
Delta Electronics DIAEnergie (Update B)
Veröffentlicht
22. März 2022 15:00
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-238-03
Text
This updated advisory is a follow-up to the advisory update titled ICSA-21-238-03 Delta Electronics DIAEnergie (Update A) that was published December 16, 2021, on the ICS webpage at www.cisa.gov/uscert. This advisory contains mitigations for several vulnerabilities in the Delta Electronics DIAEnergie industrial energy management system.

Letzte Updates

BOSCH PSIRT
15.01.2025
SIEMENS CERT
17.04.2025
US CERT
01.04.2025
US CERT (ICS)
22.04.2025

Nach Quelle

Archiv

2025
2024
2023
2022
2021
2020
2019
2018
2017

Feeds