Bulletins | CERT@VDE

This advisory contains mitigations for Cross-site Scripting, Open Redirect, XPath Injection, Session Fixation, Use of a One-way Hash without a Salt, Relative Path Traversal, Improper Verification of Cryptographic Signature, Improper Privilege Management, Use of Hard-coded Credentials, Active Debug Code, and Improper Access Control vulnerabilities in B. Braun's SpaceCom, Battery Pack ...

Freitag, 21.10.2022

16:29

US CERT

AA22-294A: #StopRansomware: Daixin Team

Titel

AA22-294A: #StopRansomware: Daixin Team

Veröffentlicht

21. Oktober 2022 16:29

URL

https://us-cert.cisa.gov/ncas/alerts/aa22-294a

Text

Original release date: October 21, 2022SummaryActions to take today to mitigate cyber threats from ransomware: • Install updates for operating systems, software, and firmware as soon as they are released. • Require phishing-resistant MFA for as many services as possible. • Train users to recognize and report phishing attempts. Note: ...

02:00

SIEMENS CERT

SSA-640732 V1.0: Authentication Bypass Vulnerability in Siveillance Video Mobile Server

Titel

SSA-640732 V1.0: Authentication Bypass Vulnerability in Siveillance Video Mobile Server

Veröffentlicht

21. Oktober 2022 02:00

URL

https://cert-portal.siemens.com/productcert/pdf/ssa-640732.pdf

Text

The mobile server component of Siveillance Video 2022 R2 contains an authentication bypass vulnerability that could allow an unauthenticated remote attacker to access the application without a valid account. Siemens has released a hotfix for Siveillance Video 2022 R2 and recommends to apply the hotfix on all installations of the ...

Donnerstag, 20.10.2022

16:10

US CERT (ICS)

Bentley Systems MicroStation Connect

Titel

Bentley Systems MicroStation Connect

Veröffentlicht

20. Oktober 2022 16:10

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-293-01

Text

16:05

US CERT (ICS)

B. Braun Infusomat Space Large Volume Pump (Update A)

Titel

B. Braun Infusomat Space Large Volume Pump (Update A)

Veröffentlicht

20. Oktober 2022 16:05

URL

https://us-cert.cisa.gov/ics/advisories/icsma-21-294-01

Text

This advisory contains mitigation for Unrestricted Upload of File with Dangerous Type, Cleartext Transmission of Sensitive Information, Missing Authentication for Critical Function, Insufficient Verification of Data Authenticity, and Improper Input Validation vulnerabilities in the B. Braun Infusomat Space Large Volume Pump.

Mittwoch, 19.10.2022

02:00

BOSCH PSIRT

Multiple Cross Site Scripting vulnerabilities in Bosch VIDEOJET multi 4000

Titel

Multiple Cross Site Scripting vulnerabilities in Bosch VIDEOJET multi 4000

Veröffentlicht

19. Oktober 2022 02:00

URL

https://psirt.bosch.com/security-advisories/bosch-sa-454166-bt.html

Text

BOSCH-SA-454166-BT: The possibility for a reflected Cross Site Scripting (XSS) and stored Cross Site Scripting (XSS) attack was discovered in the Bosch VIDEOJET multi 4000.For more details please see the description of the vulnerability in this advisory.Bosch rates this vulnerability with CVSSv3.1 base score 5.8 (medium) and 5.1 (medium), where ...

02:00

BOSCH PSIRT

CVE-2021-3772 Linux Kernel Vulnerability in NetApp DSA E2800 series

Titel

CVE-2021-3772 Linux Kernel Vulnerability in NetApp DSA E2800 series

Veröffentlicht

19. Oktober 2022 02:00

URL

https://psirt.bosch.com/security-advisories/bosch-sa-609377-bt.html

Text

BOSCH-SA-609377-BT: The Bosch DSA E2800 products are based on NetApp technology, which incorporate a Linux Kernel. Linux Kernel versions prior to 5.15.0 are susceptible to a vulnerability which when successfully exploited could lead to addition or modification of data or Denial of Service (DoS). Successful exploitation of this vulnerability could ...

Donnerstag, 13.10.2022

16:46

US CERT (ICS)

Siemens Industrial Edge Management

Titel

Siemens Industrial Edge Management

Veröffentlicht

13. Oktober 2022 16:46

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-286-02

Text

16:40

US CERT (ICS)

Hitachi Energy Lumada Asset Performance Management Prognostic Model Executor Service

Titel

Hitachi Energy Lumada Asset Performance Management Prognostic Model Executor Service

Veröffentlicht

13. Oktober 2022 16:40

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-286-05

Text

This advisory contains mitigations for Allocation of Resources Without Limits or Throttling and Code Injection vulnerabilities in versions of Hitachi Energy Lumada Asset Performance Manager (APM) software.

16:38

US CERT (ICS)

Siemens Desigo PXM Devices

Titel

Siemens Desigo PXM Devices

Veröffentlicht

13. Oktober 2022 16:38

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-286-06

Text

16:36

US CERT (ICS)