Mittwoch, 27.04.2022
Titel
AA22-117A: 2021 Top Routinely Exploited Vulnerabilities
Veröffentlicht
27. April 2022 16:00
Text
Original release date: April 27, 2022SummaryThis joint Cybersecurity Advisory (CSA) was coauthored by cybersecurity authorities of the United States, Australia, Canada, New Zealand, and the United Kingdom: the Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI), Australian Cyber Security Centre (ACSC), Canadian Centre ...
Titel
Vulnerability in routers FL MGUARD and TC MGUARD
Veröffentlicht
27. April 2022 02:00
Text

BOSCH-SA-982696: The FL MGUARD and TC MGUARD safety devices sold by Bosch Rexroth are devices from Phoenix Contact that have been introduced as trade goods. A security advisory has been published by the manufacturer, which indicates that devices are affected by a possible infinite loop within an OpenSSL library method ...

Titel
SSA-254054 V1.1 (Last Update: 2022-04-27): Spring Framework Vulnerability (Spring4Shell or SpringShell, CVE-2022-22965) - Impact to Siemens Products
Veröffentlicht
27. April 2022 02:00
Text
A vulnerability in Spring Framework was disclosed, that could allow remote unauthenticated attackers to execute code on vulnerable systems. The vulnerability is tracked as CVE-2022-22965 and is also known as “Spring4Shell” or “SpringShell”. Siemens is currently investigating to determine which products are affected and is continuously updating this advisory as ...
Titel
Improper Control of Generation of Code in Bosch MATRIX
Veröffentlicht
27. April 2022 02:00
Text

BOSCH-SA-309239-BT: The access control and time attendance management software Bosch MATRIX uses a version of the Java Spring Framework that is vulnerable to \"spring4shell\" (CVE-2022-22965). Bosch MATRIX does NOT use a configuration that is currently known to be exploitable using this vulnerability, but as the developers of Spring point out, ...

Dienstag, 26.04.2022
Titel
Hitachi Energy System Data Manager
Veröffentlicht
26. April 2022 16:05
Text
This advisory contains mitigations for a Integer Overflow or Wraparound, Reachable Assertion, Type Confusion, Uncontrolled Recursion, and Observable Discrepancy vulnerabilities in Hitachi Energy System Data Manager products.
Titel
Mitsubishi Electric MELSEC and MELIPC Series (Update B)
Veröffentlicht
26. April 2022 16:00
Text
This updated advisory is a follow up to the advisory update titled ICSA-21-334-02 Mitsubishi Electric MELSEC and MELIPC Series (Update A) that was published January 27, 2022, to the ICS webpage on www.cisa.gov/uscert. This advisory contains mitigations for Uncontrolled Resource Consumption, Improper Handling of Length Parameter Inconsistency, and Improper Input ...
Donnerstag, 21.04.2022
Titel
Delta Electronics ASDA-Soft
Veröffentlicht
21. April 2022 16:10
Text
This advisory contains mitigations for Out-of-bounds Write, and Out-of-bounds Read vulnerabilities in Delta Electronics ASDA-Soft servo software.
Titel
Johnson Controls Metasys SCT Pro
Veröffentlicht
21. April 2022 16:05
Text
This advisory contains mitigations for a Server-side Request Forgery vulnerability in Johnson Controls Metasys SCT Pro building automation software.
Titel
Hitachi Energy MicroSCADA Pro/X SYS600
Veröffentlicht
21. April 2022 16:00
Text
This advisory contains mitigations for Observable Discrepancy, HTTP Request Smuggling, Classic Buffer Overflow, Improper Certificate Validation, Improper Restriction of Operations within the Bounds of a Memory Buffer, and Exposure of Sensitive Information to an Unauthorized Actor vulnerabilities in the Hitachi Energy MicroSCADA Pro/X SYS600 SCADA product.
Mittwoch, 20.04.2022
Titel
AA22-110A: Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure
Veröffentlicht
20. April 2022 19:00
Text
Original release date: April 20, 2022SummaryActions critical infrastructure organizations should implement to immediately protect against Russian state-sponsored and criminal cyber threats: • Patch all systems. Prioritize patching known exploited vulnerabilities. • Enforce multifactor authentication. • Secure and monitor Remote Desktop Protocol and other risky services. • Provide end-user awareness and ...
Titel
Multiple ctrlX CORE vulnerabilities
Veröffentlicht
20. April 2022 02:00
Text

BOSCH-SA-029150: The base operating system app core20, which is part of ctrlX CORE XCR (base system apps), includes vulnerable versions of expat, libc and OpenSSL. Furthermore, multiple ctrlX CORE apps use at least one of the libraries shipped with core20. An attacker might be able to escalate privileges, gain system ...

Dienstag, 19.04.2022
Titel
Interlogix Hills ComNav
Veröffentlicht
19. April 2022 16:25
Text
This advisory contains mitigations for Improper Restriction of Excessive Authentication Attempts, and Inadequate Encryption Strength vulnerability in Interlogix Hills ComNav remote access integration modules.
Titel
Automated Logic WebCTRL
Veröffentlicht
19. April 2022 16:20
Text
This advisory contains mitigations for n Open Redirect vulnerability inAutomated Logic WebCTRL building automation software.
Titel
FANUC ROBOGUIDE Simulation Platform
Veröffentlicht
19. April 2022 16:15
Text
This advisory contains mitigations for Incorrect Permission Assignment for Critical Resource, Improper Access Control, Path Traversal, Improper Restriction of XML External Entity Reference, and Uncontrolled Resource Consumption vulnerabilities in FANUC ROBOGUIDE simulation software for FANUC robots.
Titel
Elcomplus SmartPPT SCADA
Veröffentlicht
19. April 2022 16:10
Text
This advisory contains mitigations for Path Traversal, Unrestricted Upload of File with Dangerous Type, Improper Authorization, and Cross-site Scripting vulnerabilities in Elcomplus SmartPPT SCADA voice and data dispatch software.
Titel
Elcomplus SmartPTT SCADA
Veröffentlicht
19. April 2022 16:10
Text
This advisory contains mitigations for Path Traversal, Unrestricted Upload of File with Dangerous Type, Improper Authorization, and Cross-site Scripting vulnerabilities in Elcomplus SmartPTT SCADA voice and data dispatch software.
Titel
Elcomplus SmartPPT SCADA Server
Veröffentlicht
19. April 2022 16:05
Text
This advisory contains mitigations for Cross-site Scripting, Unauthorized Exposure to Sensitive Information, Unrestricted Upload of File with Dangerous Type, Path Traversal, and Cross-site Request Forgery vulnerabilities in the Elcomplus SmartPPT SCADA Server voice and data dispatch software.
Titel
Elcomplus SmartPTT SCADA Server
Veröffentlicht
19. April 2022 16:05
Text
This advisory contains mitigations for Cross-site Scripting, Unauthorized Exposure to Sensitive Information, Unrestricted Upload of File with Dangerous Type, Path Traversal, and Cross-site Request Forgery vulnerabilities in the Elcomplus SmartPTT SCADA Server voice and data dispatch software.
Titel
Multiple RTOS (Update E)
Veröffentlicht
19. April 2022 16:00
Text
This updated advisory is a follow-up to the advisory update titled ICSA-21-119-04 Multiple RTOS (Update D) that was published November 30, 2021, to the ICS webpage on www.cisa.gov/uscert. CISA is aware of a public report, known as “BadAlloc” that details vulnerabilities found in multiple real-time operating systems (RTOS) and supporting ...
Titel
SSA-254054 V1.0: Spring Framework Vulnerability (Spring4Shell or SpringShell, CVE-2022-22965) - Impact to Siemens Products
Veröffentlicht
19. April 2022 02:00
Text
A vulnerability in Spring Framework was disclosed, that could allow remote unauthenticated attackers to execute code on vulnerable systems. The vulnerability is tracked as CVE-2022-22965 and is also known as “Spring4Shell” or “SpringShell”. Siemens is currently investigating to determine which products are affected and is continuously updating this advisory as ...
Montag, 18.04.2022
Titel
AA22-108A: TraderTraitor: North Korean State-Sponsored APT Targets Blockchain Companies
Veröffentlicht
18. April 2022 15:38
Text
Original release date: April 18, 2022SummaryActions to take today to mitigate cyber threats to cryptocurrency: • Patch all systems. • Prioritize patching known exploited vulnerabilities. • Train users to recognize and report phishing attempts. • Use multifactor authentication. The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency ...
Freitag, 15.04.2022
Titel
Siemens RUGGEDCOM Devices (Update A)
Veröffentlicht
15. April 2022 04:46
Text
This updated advisory is a follow-up to the original advisory titled ICSA-22-069-01 Siemens RUGGEDCOM Devices that was published March 10, 2022, to the ICS webpage on www.cisa.gov/uscert. This advisory contains mitigations for a Missing Encryption of Sensitive Data vulnerability in devices using the Siemens RUGGEDCOM software platform.
Donnerstag, 14.04.2022
Titel
Delta Electronics DMARS
Veröffentlicht
14. April 2022 17:20
Text
This advisory contains mitigations for an Improper Restriction of XML External Entity Reference vulnerability in the Delta Electronics DMARS program development tool.
Titel
Red Lion DA50N
Veröffentlicht
14. April 2022 17:16
Text
This advisory contains mitigation for Insufficient Verification of Data Authenticity, Weak Password Requirements, Use of Unmaintained Third-Party Components, and Insufficiently Protected Credentials vulnerabilities in the Red Lion DA50N networking gateway.
Titel
Siemens SCALANCE FragAttacks
Veröffentlicht
14. April 2022 17:14
Text
This advisory contains mitigations for Improper Authentication, Injection, Improper Validation of Integrity Check, and Improper Input Validation vulnerabilities in the Siemens SCALANCE FragAttacks.

Letzte Updates

BOSCH PSIRT
31.10.2024
SIEMENS CERT
22.11.2024
US CERT
08.11.2024
US CERT (ICS)
21.11.2024

Nach Quelle

Archiv

2024
2023
2022
2021
2020
2019
2018
2017

Feeds