September 2021
14.09.2021
SIEMENS CERT
SSA-865327 V1.1 (Last Update: 2021-09-14): Incorrect Authorization Vulnerability in Industrial Products
Titel
SSA-865327 V1.1 (Last Update: 2021-09-14): Incorrect Authorization Vulnerability in Industrial Products
Veröffentlicht
14. September 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-865327.pdf
Text
The latest updates for the below mentioned products fix a vulnerability that allows an unauthenticated attacker to read PLC variables from affected devices without proper authentication under certain circumstances. Siemens has released updates for some of the affected products, is working on updates for the remaining affected products and recommends ...
09.09.2021
US CERT (ICS)
AVEVA PCS Portal
Titel
AVEVA PCS Portal
Veröffentlicht
9. September 2021 16:15
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-252-01
Text
This advisory contains mitigations for an Uncontrolled Search Path Element vulnerability in AVEVA PCS Portal sofware.
09.09.2021
US CERT (ICS)
Delta Electronics DOPSoft 2
Titel
Delta Electronics DOPSoft 2
Veröffentlicht
9. September 2021 16:10
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-252-02
Text
This advisory contains mitigations for Stack-based Buffer Overflow, Out-of-Bounds Write, and Heap-based Buffer Overflow vulnerabilities in Delta Electronics DOPSoft 2 HMI editing software.
09.09.2021
US CERT (ICS)
Mitsubishi Electric Europe B.V. smartRTU and INEA ME-RTU
Titel
Mitsubishi Electric Europe B.V. smartRTU and INEA ME-RTU
Veröffentlicht
9. September 2021 16:05
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-252-03
Text
This advisory is a follow-up to a CISA product update titled ICS-ALERT-19-225-01 Mitsubishi Electric Europe B.V. smartRTU and INEA ME-RTU (Update A) published September 10, 2019, on the ICS webpage on us-cert.cisa.gov. This advisory contains mitigations for OS Command Injection, Improper Access Control, Cross-site Scripting, Use of Hard-coded Credentials, Unprotected ...
09.09.2021
US CERT (ICS)
Mitsubishi Electric Multiple Products (Update C)
Titel
Mitsubishi Electric Multiple Products (Update C)
Veröffentlicht
9. September 2021 16:00
URL
https://us-cert.cisa.gov/ics/advisories/icsa-20-245-01
Text
This updated advisory is a follow-up to the advisory update titled ICSA-20-245-01 Mitsubishi Electric Multiple Products (Update B) that was published May 18, 2021, to the ICS webpage on us-cert.cisa.gov. This advisory contains mitigations for a Predictable Exact Value from Previous Values vulnerability in several Mitsubishi Electric devices.
07.09.2021
US CERT (ICS)
Hitachi ABB Power Grids System Data Manager
Titel
Hitachi ABB Power Grids System Data Manager
Veröffentlicht
7. September 2021 16:00
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-250-02
Text
This advisory contains mitigations for a Cleartext Storage of Sensitive Information vulnerability in Hitachi ABB Power Grids System Data Manager products.
02.09.2021
US CERT (ICS)
Johnson Controls Sensormatic Electronics Illustra
Titel
Johnson Controls Sensormatic Electronics Illustra
Veröffentlicht
2. September 2021 16:10
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-245-01
Text
This advisory contains mitigations for an Off-by-one Error vulnerability in Johnson Controls Sensormatic Electronics Illustra camera systems.
02.09.2021
US CERT (ICS)
JTEKT TOYOPUC Products
Titel
JTEKT TOYOPUC Products
Veröffentlicht
2. September 2021 16:05
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-245-02
Text
This advisory contains mitigations for a Allocation of Resources Without Limits or Throttling vulnerability in JTEKT TOYOPUC industrial system hardware products.
August 2021
31.08.2021
US CERT
AA21-243A: Ransomware Awareness for Holidays and Weekends
Titel
AA21-243A: Ransomware Awareness for Holidays and Weekends
Veröffentlicht
31. August 2021 19:00
URL
https://us-cert.cisa.gov/ncas/alerts/aa21-243a
Text
Original release date: August 31, 2021 | Last revised: September 2, 2021SummaryImmediate Actions You Can Take Now to Protect Against Ransomware • Make an offline backup of your data. • Do not click on suspicious links. • If you use RDP, secure and monitor it. • Update your OS and ...
31.08.2021
US CERT (ICS)
Sensormatic Electronics KT-1
Titel
Sensormatic Electronics KT-1
Veröffentlicht
31. August 2021 16:05
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-243-01
Text
This advisory contains mitigations for a Use of Unmaintained Third-party Components vulnerability in Sensormatic Electronics KT-1 Ethernet-ready single-door controller.
31.08.2021
US CERT (ICS)
Philips Patient Monitoring Devices (Update A)
Titel
Philips Patient Monitoring Devices (Update A)
Veröffentlicht
31. August 2021 16:00
URL
https://us-cert.cisa.gov/ics/advisories/icsma-20-254-01
Text
This updated advisory is a follow-up to the original advisory titled ICSMA-20-254-01 Philips Patient Monitoring Devices that was published September 10, 2020, to the ICS webpage on us-cert.cisa.gov. This advisory contains mitigations for Improper Neutralization of Formula Elements in a CSV File, Cross-site Scripting, Improper Authentication, Improper Check for Certificate ...
26.08.2021
US CERT (ICS)
Johnson Controls Controlled Electronic Management Systems CEM Systems AC2000
Titel
Johnson Controls Controlled Electronic Management Systems CEM Systems AC2000
Veröffentlicht
26. August 2021 16:15
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-238-01
Text
This advisory contains mitigation for an Improper Authorization vulnerability in Johnson Controls Controlled Electronic Management Systems CEM Systems AC2000, an enterprise access control and integrated security management system.​​​​
26.08.2021
US CERT (ICS)
Annke Network Video Recorder
Titel
Annke Network Video Recorder
Veröffentlicht
26. August 2021 16:10
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-238-02
Text
This advisory contains mitigation for a Stack-based Buffer Overflow vulnerability in the Annke N48PBB Network Video Recorder.
26.08.2021
US CERT (ICS)
Delta Electronics DIAEnergie
Titel
Delta Electronics DIAEnergie
Veröffentlicht
26. August 2021 16:05
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-238-03
Text
This advisory contains mitigations for Use of Password Hash with Insufficient Computational Effort, Incorrect Authorization, Unrestricted Upload of File with Dangerous Type, SQL Injection, and Cross-site Request Forgery vulnerabilities in the Delta Electronics DIAEnergie industrial energy management system.
24.08.2021
US CERT (ICS)
Hitachi ABB Power Grids TropOS
Titel
Hitachi ABB Power Grids TropOS
Veröffentlicht
24. August 2021 16:15
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-236-01
Text
This advisory contains mitigations for Injection, Inadequate Encryption Strength, Missing Authentication for Critical Function, Improper Authentication, Improper Validation of Integrity Check Value, and Improper Input Validation vulnerabilities in Hitachi ABB Power Grids TropOS firmware.
19.08.2021
SIEMENS CERT
SSA-816035 V1.0: Code Execution Vulnerability in SINEMA Remote Connect Client
Titel
SSA-816035 V1.0: Code Execution Vulnerability in SINEMA Remote Connect Client
Veröffentlicht
19. August 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-816035.pdf
Text
The latest update for SINEMA Remote Connect Client fixes a vulnerability that could allow a local attacker to escalate privileges or even allow remote code execution under certain circumstances. Siemens has released a firmware update for SINEMA Remote Connect Client and proposes mitigations if an update is not possible.
17.08.2021
US CERT
AA21-229A: BadAlloc Vulnerability Affecting BlackBerry QNX RTOS
Titel
AA21-229A: BadAlloc Vulnerability Affecting BlackBerry QNX RTOS
Veröffentlicht
17. August 2021 19:00
URL
https://us-cert.cisa.gov/ncas/alerts/aa21-229a
Text
Original release date: August 17, 2021 | Last revised: August 23, 2021SummaryOn August 17, 2021, BlackBerry publicly disclosed that its QNX Real Time Operating System (RTOS) is affected by a BadAlloc vulnerability—CVE-2021-22156. BadAlloc is a collection of vulnerabilities affecting multiple RTOSs and supporting libraries.[1] A remote attacker could exploit CVE-2021-22156 ...
10.08.2021
SIEMENS CERT
SSA-818688 V1.0: Multiple Vulnerabilities in Solid Edge before SE2021MP7
Titel
SSA-818688 V1.0: Multiple Vulnerabilities in Solid Edge before SE2021MP7
Veröffentlicht
10. August 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-818688.pdf
Text
Siemens has released a new version for Solid Edge that fixes three vulnerabilities - an XML external entity (XXE) injection, and two file parsing issues which could be triggered when the application reads OBJ files. If a user is tricked to opening a malicious file using the affected application this ...
10.08.2021
SIEMENS CERT
SSA-679335 V1.0: Multiple Vulnerabilities in Embedded FTP Server of SIMATIC NET CP Modules
Titel
SSA-679335 V1.0: Multiple Vulnerabilities in Embedded FTP Server of SIMATIC NET CP Modules
Veröffentlicht
10. August 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-679335.pdf
Text
SIMATIC CP 1543-1 and CP 1545-1 devices are affected by multiple vulnerabilities in ProFTPD, a third party component, that could allow a remote attacker to access sensitive information and execute arbitrary code. Siemens has released an update for SIMATIC NET CP 1543-1 and recommends to update to the latest version. ...
10.08.2021
SIEMENS CERT
SSA-553445 V1.0: DNS "Name:Wreck" Vulnerabilities in Multiple Siemens Energy AGT and SGT solutions
Titel
SSA-553445 V1.0: DNS "Name:Wreck" Vulnerabilities in Multiple Siemens Energy AGT and SGT solutions
Veröffentlicht
10. August 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-553445.pdf
Text
One of the DNS-related vulnerabilities that were reported as “Name:Wreck” may affect the following Siemens Energy products: Industrial Gas Turbines SGT-100, SGT-200, SGT-300 and SGT-400 with Allen Bradley control systems Aeroderivative Gas Turbines SGT-A20, SGT-A35 and SGT-A65 with FT125 control systems
10.08.2021
SIEMENS CERT
SSA-365397 V1.0: Multiple File Parsing Vulnerabilities in JT2Go and Teamcenter Visualization before V13.2.0.1
Titel
SSA-365397 V1.0: Multiple File Parsing Vulnerabilities in JT2Go and Teamcenter Visualization before V13.2.0.1
Veröffentlicht
10. August 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-365397.pdf
Text
Siemens has released version V13.2.0.1 for JT2Go and Teamcenter Visualization to fix multiple vulnerabilities that could be triggered when the products read files in different file formats (CGM, DGN, DXF, and DWG). If a user is tricked to open a malicious file with the affected products, this could lead the ...
10.08.2021
SIEMENS CERT
SSA-309571 V1.0: IPU 2021.1 Vulnerabilities in Siemens Industrial Products using Intel CPUs (June 2021)
Titel
SSA-309571 V1.0: IPU 2021.1 Vulnerabilities in Siemens Industrial Products using Intel CPUs (June 2021)
Veröffentlicht
10. August 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-309571.pdf
Text
Intel has published information on vulnerabilities in Intel products in June 2021. This advisory lists the related Siemens Industrial products affected by these vulnerabilities that can be patched by applying the corresponding BIOS update. In this advisory we summarize: “2021.1 IPU – Intel® CSME, SPS and LMS Advisory” Intel-SA-00459, “2021.1 ...
10.08.2021
SIEMENS CERT
SSA-158827 V1.0: Denial-of-Service Vulnerability in Automation License Manager
Titel
SSA-158827 V1.0: Denial-of-Service Vulnerability in Automation License Manager
Veröffentlicht
10. August 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-158827.pdf
Text
A vulnerability was identified in the Automation License Manager software that could be triggered by sending specially crafted packets to port 4410/tcp of an affected system. This could cause a denial-of-service preventing legitimate users from using the system. Siemens has released an update for the Automation License Manager 6 and ...
10.08.2021
SIEMENS CERT
SSB-439005 V3.6 (Last Update: 2021-08-10): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 151...
Titel
SSB-439005 V3.6 (Last Update: 2021-08-10): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP
Veröffentlicht
10. August 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssb-439005.pdf
Text
10.08.2021
SIEMENS CERT
SSA-324955 V1.3 (Last Update: 2021-08-10): SAD DNS Attack in Linux Based Products
Titel
SSA-324955 V1.3 (Last Update: 2021-08-10): SAD DNS Attack in Linux Based Products
Veröffentlicht
10. August 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-324955.pdf
Text
A vulnerability made public under the name SAD DNS affects Domain Name System resolvers due to a vulnerability in the Linux kernel when handling ICMP packets. The Siemens products which are affected are listed below. For more information please see https://www.saddns.net/. Siemens has released updates for several affected products and ...

Letzte Updates

BOSCH PSIRT
21.08.2024
SIEMENS CERT
12.09.2024
US CERT
19.09.2024
US CERT (ICS)
19.09.2024

Nach Quelle

Archiv

2024
2023
2022
2021
2020
2019
2018
2017

Feeds