• 1
  • 2
  • 3 (current)
Dienstag, 08.08.2023
02:00
SIEMENS CERT
SSA-811403 V1.0: Multiple File Parsing Vulnerabilities in Solid Edge before V223 Update 7
Titel
SSA-811403 V1.0: Multiple File Parsing Vulnerabilities in Solid Edge before V223 Update 7
Veröffentlicht
8. August 2023 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-811403.html
Text
Solid Edge is affected by multiple memory corruption vulnerabilities that could be triggered when the application reads specially crafted files in various formats such as DFT, PAR or PSM format. If a user is tricked to open a malicious file with the affected application, an attacker could leverage the vulnerability ...
02:00
SIEMENS CERT
SSA-851884 V1.2 (Last Update: 2023-08-08): Authentication Bypass Vulnerability in Mendix SAML Module
Titel
SSA-851884 V1.2 (Last Update: 2023-08-08): Authentication Bypass Vulnerability in Mendix SAML Module
Veröffentlicht
8. August 2023 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-851884.html
Text
The Mendix SAML module insufficiently verifies the SAML assertions. This could allow unauthenticated remote attackers to bypass authentication and get access to the application. Mendix has provided fix releases for the Mendix SAML module and recommends to update to the latest version. Note: For compatibility reasons, fixes for several versions ...
02:00
SIEMENS CERT
SSA-908185 V1.0: Mirror Port Isolation Vulnerability in RUGGEDCOM ROS Devices
Titel
SSA-908185 V1.0: Mirror Port Isolation Vulnerability in RUGGEDCOM ROS Devices
Veröffentlicht
8. August 2023 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-908185.html
Text
A vulnerability was identified in RUGGEDCOM ROS devices with mirror port enabled, that could allow an attacker to inject information into the network via the mirror port. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends ...
02:00
SIEMENS CERT
SSA-478960 V1.6 (Last Update: 2023-08-08): Missing CSRF Protection in the Web Server Login Page of Industrial Controllers
Titel
SSA-478960 V1.6 (Last Update: 2023-08-08): Missing CSRF Protection in the Web Server Login Page of Industrial Controllers
Veröffentlicht
8. August 2023 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-478960.html
Text
The web server login page of affected products does not apply proper origin checking. This could allow authenticated remote attackers to track the activities of other users via a login cross-site request forgery attack.. Siemens has released updates for several affected products and recommends to update to the latest versions. ...
02:00
SIEMENS CERT
SSA-472630 V1.0: Security Vulnerabilities Fixed in RUGGEDCOM CROSSBOW V5.4
Titel
SSA-472630 V1.0: Security Vulnerabilities Fixed in RUGGEDCOM CROSSBOW V5.4
Veröffentlicht
8. August 2023 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-472630.html
Text
The RUGGEDCOM CROSSBOW server application before V5.4 contains multiple vulnerabilities that could allow an attacker to execute arbitrary database queries via SQL injection attacks, to create a denial of service condition, or to write arbitrary files to the application’s file system. Siemens has released an update for RUGGEDCOM CROSSBOW and ...
Donnerstag, 03.08.2023
14:00
US CERT (ICS)
​Sensormatic Electronics VideoEdge
Titel
​Sensormatic Electronics VideoEdge
Veröffentlicht
3. August 2023 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-215-04
Text
1. EXECUTIVE SUMMARY ​CVSS v3 7.1 ​ATTENTION: Low attack complexity ​Vendor: Sensormatic Electronics, LLC, a subsidiary of Johnson Controls Inc. ​Equipment: VideoEdge ​Vulnerability: Acceptance of Extraneous Untrusted Data with Trusted Data 2. RISK EVALUATION ​Successful exploitation of this vulnerability could allow a local user to edit the VideoEdge configuration file ...
14:00
US CERT (ICS)
​Mitsubishi Electric GOT2000 and GOT SIMPLE
Titel
​Mitsubishi Electric GOT2000 and GOT SIMPLE
Veröffentlicht
3. August 2023 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-215-01
Text
1. EXECUTIVE SUMMARY ​CVSS v3 5.9 ​ATTENTION: Exploitable remotely ​Vendor: Mitsubishi Electric ​Equipment: GOT2000 Series and GOT SIMPLE Series ​Vulnerability: Predictable Exact Value from Previous Values 2. RISK EVALUATION ​Successful exploitation of this vulnerability could allow an attacker to hijack data connections or prevent legitimate users from establishing data connections. ...
14:00
US CERT (ICS)
TEL-STER TelWin SCADA WebInterface
Titel
TEL-STER TelWin SCADA WebInterface
Veröffentlicht
3. August 2023 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-215-03
Text
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: TEL-STER Sp. z o. o. Equipment: TelWin SCADA WebInterface Vulnerability: Path Traversal 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated attacker to read files on the system. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS TEL-STER ...
14:00
US CERT (ICS)
​Mitsubishi Electric GT and GOT Series Products
Titel
​Mitsubishi Electric GT and GOT Series Products
Veröffentlicht
3. August 2023 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-215-02
Text
1. EXECUTIVE SUMMARY ​CVSS v3 7.5 ​ATTENTION: Exploitable remotely/low attack complexity ​Vendor: Mitsubishi Electric ​Equipment: GT Designer3, GOT2000 Series, GOT SIMPLE Series, and GT SoftGOT2000 ​Vulnerability: Weak Encoding for Password 2. RISK EVALUATION ​Successful exploitation of this vulnerability could allow an attacker to obtain plaintext passwords by sniffing packets containing ...
Mittwoch, 02.08.2023
20:57
US CERT
2022 Top Routinely Exploited Vulnerabilities
Titel
2022 Top Routinely Exploited Vulnerabilities
Veröffentlicht
2. August 2023 20:57
URL
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-215a
Text
SUMMARY The following cybersecurity agencies coauthored this joint Cybersecurity Advisory (CSA): United States: The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Federal Bureau of Investigation (FBI) Australia: Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) Canada: Canadian Centre for Cyber Security (CCCS) New Zealand: New Zealand ...
Dienstag, 01.08.2023
16:42
US CERT
Threat Actors Exploiting Ivanti EPMM Vulnerabilities
Titel
Threat Actors Exploiting Ivanti EPMM Vulnerabilities
Veröffentlicht
1. August 2023 16:42
URL
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-213a
Text
SUMMARY The Cybersecurity and Infrastructure Security Agency (CISA) and the Norwegian National Cyber Security Centre (NCSC-NO) are releasing this joint Cybersecurity Advisory (CSA) in response to active exploitation of CVE-2023-35078 and CVE-2023-35081. Advanced persistent threat (APT) actors exploited CVE-2023-35078 as a zero day from at least April 2023 through July ...
14:00
US CERT (ICS)
​APSystems Altenergy Power Control
Titel
​APSystems Altenergy Power Control
Veröffentlicht
1. August 2023 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-213-01
Text
1. EXECUTIVE SUMMARY ​CVSS v3 9.8 ​ATTENTION: Exploitable remotely / low attack complexity / public exploits available ​Vendor: APSystems ​Equipment: Altenergy Power Control ​Vulnerability: OS Command Injection 2. RISK EVALUATION ​Successful exploitation of this vulnerability may allow remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ​The following versions of ...
  • 1
  • 2
  • 3 (current)

Letzte Updates

BOSCH PSIRT
31.10.2024
SIEMENS CERT
22.11.2024
US CERT
08.11.2024
US CERT (ICS)
21.11.2024

Nach Quelle

Archiv

2024
2023
2022
2021
2020
2019
2018
2017

Feeds