Bulletins | CERT@VDE

1 (current)
2
3
…

Mai 2025

29.05.2025

US CERT (ICS)

Siemens SiPass

Titel

Siemens SiPass

Veröffentlicht

29. Mai 2025 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-25-148-01

Text

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY ...

29.05.2025

US CERT (ICS)

Instantel Micromate

Titel

Instantel Micromate

Veröffentlicht

29. Mai 2025 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-25-148-04

Text

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Instantel Equipment: Micromate Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated attacker to access the device's configuration port and execute commands. 3. TECHNICAL DETAILS 3.1 AFFECTED ...

29.05.2025

US CERT (ICS)

Consilium Safety CS5000 Fire Panel

Titel

Consilium Safety CS5000 Fire Panel

Veröffentlicht

29. Mai 2025 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-25-148-03

Text

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Consilium Safety Equipment: CS5000 Fire Panel Vulnerabilities: Initialization of a Resource with an Insecure Default, Use of Hard-coded Credentials 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to gain high-level access to ...

27.05.2025

US CERT (ICS)

Johnson Controls iSTAR Configuration Utility (ICU) Tool

Titel

Johnson Controls iSTAR Configuration Utility (ICU) Tool

Veröffentlicht

27. Mai 2025 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-25-146-01

Text

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.3 ATTENTION: Low attack complexity Vendor: Johnson Controls Inc. Equipment: iSTAR Configuration Utility (ICU) tool Vulnerability: Use of Uninitialized Variable 2. RISK EVALUATION Successful exploitation of this vulnerability may allow an attacker to gain access to memory leaked from the ICU. 3. TECHNICAL ...

22.05.2025

US CERT (ICS)

Rockwell Automation FactoryTalk Historian ThingWorx

Titel

Rockwell Automation FactoryTalk Historian ThingWorx

Veröffentlicht

22. Mai 2025 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-25-142-02

Text

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: 95057C-FTHTWXCT11 Vulnerability: Improper Restriction of XML External Entity Reference 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to launch XXE-based attacks on applications that accept malicious log4net configuration files. ...

22.05.2025

US CERT (ICS)

Lantronix Device Installer

Titel

Lantronix Device Installer

Veröffentlicht

22. Mai 2025 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-25-142-01

Text

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.9 ATTENTION: Low attack complexity Vendor: Lantronix Equipment: Device Installer Vulnerability: Improper Restriction of XML External Entity Reference 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to gain access to the host machine running the Device Installer software. 3. ...

20.05.2025

US CERT (ICS)

Vertiv Liebert RDU101 and UNITY

Titel

Vertiv Liebert RDU101 and UNITY

Veröffentlicht

20. Mai 2025 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-25-140-10

Text

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Vertiv Equipment: Liebert RDU101 and Liebert UNITY Vulnerabilities: Authentication Bypass Using an Alternate Path or Channel, Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to cause a denial-of-service condition ...

20.05.2025

US CERT (ICS)

Schneider Electric PrismaSeT Active - Wireless Panel Server

Titel

Schneider Electric PrismaSeT Active - Wireless Panel Server

Veröffentlicht

20. Mai 2025 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-25-140-06

Text

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: PrismaSeT Active - Wireless Panel Server Vulnerability: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') 2. RISK EVALUATION Successful exploitation of this vulnerability could allow unauthorized code execution, which could result ...

20.05.2025

US CERT (ICS)

Assured Telematics Inc (ATI) Fleet Management System with Geotab Integration

Titel

Assured Telematics Inc (ATI) Fleet Management System with Geotab Integration

Veröffentlicht

20. Mai 2025 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-25-140-11

Text

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Assured Telematics Inc. Equipment: Fleet Management System Vulnerabilities: Exposure of Sensitive System Information to an Unauthorized Control Sphere 2. RISK EVALUATION Successful exploitation of this vulnerability could result in an attacker collecting sensitive file system information ...

20.05.2025

US CERT (ICS)

Schneider Electric Galaxy VS, Galaxy VL, Galaxy VXL

Titel

Schneider Electric Galaxy VS, Galaxy VL, Galaxy VXL

Veröffentlicht

20. Mai 2025 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-25-140-07

Text

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: Galaxy VS, Galaxy VL, Galaxy VXL Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to perform unauthenticated remote code execution. 3. TECHNICAL DETAILS ...

20.05.2025

US CERT (ICS)

National Instruments Circuit Design Suite

Titel

National Instruments Circuit Design Suite

Veröffentlicht

20. Mai 2025 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-25-140-02

Text

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION: Low attack complexity Vendor: National Instruments Equipment: Circuit Design Suite Vulnerabilities: Out-of-bounds Write, Out-of-bounds Read, Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to disclose information or execute arbitrary code. 3. TECHNICAL DETAILS 3.1 ...

20.05.2025

US CERT (ICS)

Siemens Siveillance Video

Titel

Siemens Siveillance Video

Veröffentlicht

20. Mai 2025 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-25-140-05

Text

20.05.2025

US CERT (ICS)

Danfoss AK-SM 8xxA Series

Titel

Danfoss AK-SM 8xxA Series

Veröffentlicht

20. Mai 2025 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-25-140-03

Text

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.3 ATTENTION: Exploitable remotely Vendor: Danfoss Equipment: AK-SM 8xxA Series Vulnerability: Improper Authentication 2. RISK EVALUATION Successful exploitation of this vulnerability could enable a remote attacker to bypass authentication and execute arbitrary code remotely. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions ...

20.05.2025

US CERT (ICS)

AutomationDirect MB-Gateway

Titel

AutomationDirect MB-Gateway

Veröffentlicht

20. Mai 2025 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-25-140-09

Text

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: AutomationDirect Equipment: MB-Gateway Vulnerability: Missing Authentication For Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to make configuration changes, disrupt operations, or achieve arbitrary code execution. 3. TECHNICAL DETAILS 3.1 ...

20.05.2025

US CERT (ICS)

Mitsubishi Electric Iconics Digital Solutions and Mitsubishi Electric Products

Titel

Mitsubishi Electric Iconics Digital Solutions and Mitsubishi Electric Products

Veröffentlicht

20. Mai 2025 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-25-140-04

Text

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.3 ATTENTION: Low attack complexity Vendor: Mitsubishi Electric Iconics Digital Solutions, Mitsubishi Electric Equipment: ICONICS Product Suite and Mitsubishi Electric MC Works64 Vulnerability: Execution with Unnecessary Privileges 2. RISK EVALUATION Successful exploitation of this vulnerability could result in information tampering on the target ...

20.05.2025

US CERT (ICS)

ABUP IoT Cloud Platform

Titel

ABUP IoT Cloud Platform

Veröffentlicht

20. Mai 2025 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-25-140-01

Text

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.9 ATTENTION: Exploitable remotely/Low attack complexity Vendor: ABUP Equipment: ABUP Internet of Things (IoT) Cloud Platform Vulnerability: Incorrect Privilege Assignment 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to access device profiles for which they are not authorized. 3. ...

15.05.2025

US CERT (ICS)

Siemens MS/TP Point Pickup Module

Titel

Siemens MS/TP Point Pickup Module

Veröffentlicht

15. Mai 2025 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-25-135-16

Text

15.05.2025

US CERT (ICS)