• 1 (current)
  • 2
  • 3
Donnerstag, 19.12.2024
13:00
US CERT (ICS)
Delta Electronics DTM Soft
Titel
Delta Electronics DTM Soft
Veröffentlicht
19. Dezember 2024 13:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-24-354-03
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Low attack complexity Vendor: Delta Electronics Equipment: DTM Soft Vulnerability: Deserialization of Untrusted Data 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Delta Electronics products ...
13:00
US CERT (ICS)
Schneider Electric Accutech Manager
Titel
Schneider Electric Accutech Manager
Veröffentlicht
19. Dezember 2024 13:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-24-354-06
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: Accutech Manager Vulnerability: Classic Buffer Overflow 2. RISK EVALUATION Successful exploitation could allow an attacker to cause a crash of the Accutech Manager when receiving a specially crafted request over port 2536/TCP. 3. ...
13:00
US CERT (ICS)
Hitachi Energy RTU500 series CMU
Titel
Hitachi Energy RTU500 series CMU
Veröffentlicht
19. Dezember 2024 13:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-24-354-01
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.9 ATTENTION: Exploitable remotely Vendor: Hitachi Energy Equipment: RTU500 series CMU Vulnerability: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 ...
13:00
US CERT (ICS)
Hitachi Energy SDM600
Titel
Hitachi Energy SDM600
Veröffentlicht
19. Dezember 2024 13:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-24-354-02
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.0 ATTENTION: Exploitable from adjacent network Vendor: Hitachi Energy Equipment: SDM600 Vulnerabilities: Origin Validation Error, Incorrect Authorization 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to escalate privileges and access sensitive information. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Hitachi ...
13:00
US CERT (ICS)
Tibbo AggreGate Network Manager
Titel
Tibbo AggreGate Network Manager
Veröffentlicht
19. Dezember 2024 13:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-24-354-05
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Tibbo Equipment: AggreGate Network Manager Vulnerability: Unrestricted Upload of File with Dangerous Type 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to achieve code execution on the affected device. 3. TECHNICAL DETAILS ...
13:00
US CERT (ICS)
Siemens User Management Component
Titel
Siemens User Management Component
Veröffentlicht
19. Dezember 2024 13:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-24-354-04
Text
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS ...
Dienstag, 17.12.2024
13:00
US CERT (ICS)
Rockwell Automation PowerMonitor 1000 Remote
Titel
Rockwell Automation PowerMonitor 1000 Remote
Veröffentlicht
17. Dezember 2024 13:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-24-352-03
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: PowerMonitor 1000 Remote Vulnerabilities: Unprotected Alternate Channel, Heap-based Buffer Overflow, Classic Buffer Overflow 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to perform edit operations, create admin users, perform ...
13:00
US CERT (ICS)
Schneider Electric Modicon
Titel
Schneider Electric Modicon
Veröffentlicht
17. Dezember 2024 13:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-24-352-04
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: Modicon M241 / M251 / M258 / LMC058 Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could lead to a denial-of-service and a loss of confidentiality and integrity in ...
13:00
US CERT (ICS)
Hitachi Energy TropOS Devices Series 1400/2400/6400
Titel
Hitachi Energy TropOS Devices Series 1400/2400/6400
Veröffentlicht
17. Dezember 2024 13:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-24-352-02
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: TropOS Devices Series 1400/2400/6400 Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following ...
13:00
US CERT (ICS)
ThreatQuotient ThreatQ Platform
Titel
ThreatQuotient ThreatQ Platform
Veröffentlicht
17. Dezember 2024 13:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-24-352-01
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: ThreatQuotient Inc. Equipment: ThreatQ Platform Vulnerability: Command Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to perform remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of ThreatQuotient ...
Montag, 16.12.2024
01:00
SIEMENS CERT
SSA-928984 V1.0: Heap-based Buffer Overflow Vulnerability in User Management Component (UMC)
Titel
SSA-928984 V1.0: Heap-based Buffer Overflow Vulnerability in User Management Component (UMC)
Veröffentlicht
16. Dezember 2024 01:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-928984.html
Text
Siemens User Management Component (UMC) is affected by a heap-based buffer overflow vulnerability which could allow an unauthenticated remote attacker arbitrary code execution. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends countermeasures for ...
Donnerstag, 12.12.2024
13:00
US CERT (ICS)
Siemens CPCI85 Central Processing/Communication
Titel
Siemens CPCI85 Central Processing/Communication
Veröffentlicht
12. Dezember 2024 13:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-24-347-01
Text
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS ...
13:00
US CERT (ICS)
Siemens Solid Edge SE2024
Titel
Siemens Solid Edge SE2024
Veröffentlicht
12. Dezember 2024 13:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-24-347-07
Text
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS ...
13:00
US CERT (ICS)
Siemens SENTRON Powercenter 1000
Titel
Siemens SENTRON Powercenter 1000
Veröffentlicht
12. Dezember 2024 13:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-24-347-10
Text
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY ...
13:00
US CERT (ICS)
Siemens Teamcenter Visualization
Titel
Siemens Teamcenter Visualization
Veröffentlicht
12. Dezember 2024 13:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-24-347-09
Text
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS ...
01:00
SIEMENS CERT
SSA-097435 V1.7 (Last Update: 2024-12-12): Usernames Disclosure Vulnerability in Mendix Runtime
Titel
SSA-097435 V1.7 (Last Update: 2024-12-12): Usernames Disclosure Vulnerability in Mendix Runtime
Veröffentlicht
12. Dezember 2024 01:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-097435.html
Text
Mendix Runtime contains an observable response discrepancy vulnerability when validating usernames during authentication. This could allow unauthenticated remote attackers to distinguish between valid and invalid usernames. Siemens has released new versions for the affected products and recommends to update to the latest versions. Note that some, Mendix Runtime version lines ...
01:00
SIEMENS CERT
SSA-979056 V1.1 (Last Update: 2024-12-12): Out of Bounds Write Vulnerability in Parasolid
Titel
SSA-979056 V1.1 (Last Update: 2024-12-12): Out of Bounds Write Vulnerability in Parasolid
Veröffentlicht
12. Dezember 2024 01:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-979056.html
Text
Parasolid is affected by an out of bounds write vulnerability that could be triggered when the application is parsing X_T data or a specially crafted file in X_T format. If a user is tricked to open a malicious file with the affected applications, an attacker could leverage the vulnerability to ...
Dienstag, 10.12.2024
13:00
US CERT (ICS)
Schneider Electric EcoStruxure Foxboro DCS Core Control Services
Titel
Schneider Electric EcoStruxure Foxboro DCS Core Control Services
Veröffentlicht
10. Dezember 2024 13:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-24-345-02
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low Attack Complexity Vendor: Schneider Electric Equipment: EcoStruxure Foxboro DCS Core Control Services Vulnerabilities: Out-of-bounds Write, Improper Validation of Array Index, Improper Input Validation 2. RISK EVALUATION Successful exploitation of these vulnerabilities could lead to a loss of system functionality or ...
13:00
US CERT (ICS)
Schneider Electric FoxRTU Station
Titel
Schneider Electric FoxRTU Station
Veröffentlicht
10. Dezember 2024 13:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-24-345-03
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.3 ATTENTION: Low Attack Complexity Vendor: Schneider Electric Equipment: FoxRTU Station Vulnerability: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to perform remote code execution. 3. TECHNICAL DETAILS ...
13:00
US CERT (ICS)
MOBATIME Network Master Clock
Titel
MOBATIME Network Master Clock
Veröffentlicht
10. Dezember 2024 13:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-24-345-01
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/Low attack complexity Vendor: MOBATIME Equipment: Network Master Clock - DTS 4801 Vulnerability: Use of Default Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to take control of the operating system for this product. 3. ...
01:00
SIEMENS CERT
SSA-773256 V1.2 (Last Update: 2024-12-10): Impact of Socket.IO CVE-2024-38355 on Siemens Industrial Products
Titel
SSA-773256 V1.2 (Last Update: 2024-12-10): Impact of Socket.IO CVE-2024-38355 on Siemens Industrial Products
Veröffentlicht
10. Dezember 2024 01:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-773256.html
Text
A Socket.IO vulnerability affects multiple Siemens industrial products. This vulnerability consists of a specially crafted Socket.IO packet that triggers an uncaught exception on the Socket.IO server killing the Node.js process allowing a remote attacker to cause Denial-of-Service condition in the affected products. Siemens has released new versions for several affected ...
01:00
SIEMENS CERT
SSA-800126 V1.0: Deserialization Vulnerability in Siemens Engineering Platforms before V20
Titel
SSA-800126 V1.0: Deserialization Vulnerability in Siemens Engineering Platforms before V20
Veröffentlicht
10. Dezember 2024 01:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-800126.html
Text
Affected products do not properly sanitize user-controllable input when parsing files. This could allow an attacker to cause a type confusion and execute arbitrary code within the affected application. Siemens is preparing fix versions and recommends countermeasures for products where fixes are not, or not yet available. Siemens has released ...
01:00
SIEMENS CERT
SSA-398330 V2.1 (Last Update: 2024-12-10): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 151...
Titel
SSA-398330 V2.1 (Last Update: 2024-12-10): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
Veröffentlicht
10. Dezember 2024 01:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-398330.html
Text
Multiple vulnerabilities have been identified in the additional GNU/Linux subsystem of the firmware version V3.1 for the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP (incl. SIPLUS variant). These GNU/Linux vulnerabilities have been externally identified. Siemens is preparing fix versions and recommends specific countermeasures for products where fixes are not, or not ...
01:00
SIEMENS CERT
SSA-822518 V1.2 (Last Update: 2024-12-10): Multiple Vulnerabilities in Palo Alto Networks Virtual NGFW Before V11.0.1 on RUGGED...
Titel
SSA-822518 V1.2 (Last Update: 2024-12-10): Multiple Vulnerabilities in Palo Alto Networks Virtual NGFW Before V11.0.1 on RUGGEDCOM APE1808 Devices
Veröffentlicht
10. Dezember 2024 01:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-822518.html
Text
Palo Alto Networks has published [1] information on vulnerabilities in PAN-OS. This advisory lists the related Siemens Industrial products affected by these vulnerabilities. Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available. Customers are advised to consult and implement the workarounds ...
01:00
SIEMENS CERT
SSA-583523 V1.1 (Last Update: 2024-12-10): Multiple WRL File Parsing Vulnerabilities in Tecnomatix Plant Simulation
Titel
SSA-583523 V1.1 (Last Update: 2024-12-10): Multiple WRL File Parsing Vulnerabilities in Tecnomatix Plant Simulation
Veröffentlicht
10. Dezember 2024 01:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-583523.html
Text
Siemens Tecnomatix Plant Simulation contains multiple file parsing vulnerabilities that could be triggered when the application reads files in WRL format. If a user is tricked to open a malicious file with any of the affected products, this could lead the application to crash or potentially lead to arbitrary code ...
  • 1 (current)
  • 2
  • 3

Letzte Updates

BOSCH PSIRT
06.12.2024
SIEMENS CERT
16.12.2024
US CERT
08.11.2024
US CERT (ICS)
19.12.2024

Nach Quelle

Archiv

2024
2023
2022
2021
2020
2019
2018
2017

Feeds