Bulletins | CERT@VDE

Rockwell Automation ControlLogix, GuardLogix 5580, CompactLogix, and Compact GuardLogix 5380

Titel

Rockwell Automation ControlLogix, GuardLogix 5580, CompactLogix, and Compact GuardLogix 5380

Veröffentlicht

13. August 2024 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-24-226-10

Text

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: CompactLogix 5380, ControlLogix 5580, GuardLogix 5580, Compact GuardLogix 5380, CompactLogix 5480 Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could crash the device being accessed. 3. TECHNICAL DETAILS 3.1 ...

08.08.2024

Dorsett Controls InfoScan

Titel

Dorsett Controls InfoScan

Veröffentlicht

8. August 2024 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-24-221-01

Text

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Dorsett Controls Equipment: InfoScan Vulnerabilities: Exposure of Sensitive Information To An Unauthorized Actor, Path Traversal 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to expose sensitive information, resulting in data theft and ...

https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-07

AVTECH IP Camera

Titel

AVTECH IP Camera

Veröffentlicht

1. August 2024 14:00

URL

Text

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available/known public exploitation Vendor: AVTECH SECURITY Corporation Equipment: IP camera Vulnerability: Command Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to inject and execute commands as the owner of the ...

Johnson Controls exacqVision Server Web Service

Titel

Johnson Controls exacqVision Server Web Service

Veröffentlicht

1. August 2024 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-02

Text

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.6 ATTENTION: Exploitable remotely Vendor: Johnson Controls Inc. Equipment: exacqVision Web Service Vulnerability: Permissive Cross-domain Policy with Untrusted Domains 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to send an unauthorized request or access data from an untrusted domain. ...

Johnson Controls exacqVision Client and exacqVision Server

Titel

Johnson Controls exacqVision Client and exacqVision Server

Veröffentlicht

1. August 2024 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-01

Text

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.0 ATTENTION: Exploitable remotely Vendor: Johnson Controls Inc. Equipment: exacqVision Client, exacqVision Server key Vulnerability: Inadequate Encryption Strength 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to be able to decrypt communications between exacqVision Server and exacqVision Client due ...

Johnson Controls exacqVision Web Service

Titel

Johnson Controls exacqVision Web Service

Veröffentlicht

1. August 2024 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-04

Text

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.4 ATTENTION: Exploitable remotely Vendor: Johnson Controls, Inc. Equipment: exacqVision Web Service Vulnerability: Cleartext Transmission of Sensitive Information 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to perform a man-in-the-middle attack and gain access to sensitive information. 3. TECHNICAL ...

https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-08

Vonets WiFi Bridges

Titel

Vonets WiFi Bridges

Veröffentlicht

1. August 2024 14:00

URL

Text

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Vonets Equipment: VAR1200-H, VAR1200-L, VAR600-H, VAP11AC, VAP11G-500S, VBG1200, VAP11S-5G, VAP11S, VAR11N-300, VAP11G-300, VAP11N-300, VAP11G, VAP11G-500, VBG1200, VAP11AC, VGA-1000 Vulnerabilities: Use of Hard-coded Credentials, Improper Access Control, Path Traversal, Command Injection, Improper Check or Handling of Exceptional ...

Juli 2024

25.07.2024

Positron Broadcast Signal Processor

Titel

Positron Broadcast Signal Processor

Veröffentlicht

25. Juli 2024 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-24-207-02

Text

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: Positron S.R.L Equipment: Broadcast Signal Processor TRA7005 Vulnerability: Authentication Bypass Using an Alternate Path or Channel 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to bypass authentication and access ...

23.07.2024

National Instruments IO Trace

Titel

National Instruments IO Trace

Veröffentlicht

23. Juli 2024 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-24-205-01

Text

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION: Low attack complexity Vendor: National Instruments Equipment: IO Trace Vulnerability: Stack-Based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a local attacker to execute arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following National Instruments I/O ...

23.07.2024

Hitachi Energy AFS/AFR Series Products

Titel

Hitachi Energy AFS/AFR Series Products

Veröffentlicht

23. Juli 2024 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-24-205-02

Text

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: AFS650, AFS660, AFS665, AFS670, AFS675, AFS677, AFR677 Vulnerabilities: Type Confusion, Use After Free, Double Free, Observable Discrepancy 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to create a denial-of-service ...

23.07.2024

National Instruments LabVIEW

Titel

National Instruments LabVIEW

Veröffentlicht

23. Juli 2024 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-24-205-03

Text

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION: Low attack complexity Vendor: National Instruments Equipment: LabVIEW Vulnerabilities: Out-of-Bounds Read, Improper Restriction of Operations within the Bounds of a Memory Buffer 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow a local attacker to disclose information and execute arbitrary ...

18.07.2024

Mitsubishi Electric MELSOFT MaiLab

Titel

Mitsubishi Electric MELSOFT MaiLab

Veröffentlicht

18. Juli 2024 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-24-200-01

Text

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.2 ATTENTION: Exploitable remotely Vendor: Mitsubishi Electric Corporation Equipment: MELSOFT MaiLab Vulnerability: Improper Verification of Cryptographic Signature 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote attacker to cause a denial-of-service condition in the target product. 3. TECHNICAL DETAILS 3.1 ...

18.07.2024

Subnet Solutions PowerSYSTEM Center

Titel

Subnet Solutions PowerSYSTEM Center

Veröffentlicht

18. Juli 2024 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-24-200-02

Text

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Subnet Solutions Inc. Equipment: Subnet PowerSYSTEM Center Vulnerability: Prototype Pollution 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an authenticated attacker to elevate permissions. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of ...

16.07.2024

Rockwell Automation Pavilion 8

Titel

Rockwell Automation Pavilion 8

Veröffentlicht

16. Juli 2024 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-24-198-01

Text

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: Pavilion 8 Vulnerability: Incorrect Permission Assignment for Critical Resource 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to create new users and view sensitive data. 3. TECHNICAL DETAILS 3.1 ...

https://www.cisa.gov/news-events/ics-advisories/icsa-24-193-06

Siemens RUGGEDCOM

Titel

Siemens RUGGEDCOM

Veröffentlicht

11. Juli 2024 14:00

URL

Text

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).View CSAF 1. EXECUTIVE SUMMARY CVSS ...

Siemens Remote Connect Server

Titel

Siemens Remote Connect Server

Veröffentlicht

11. Juli 2024 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-24-193-01

Text

Siemens RUGGEDCOM APE 1808

Titel

Siemens RUGGEDCOM APE 1808

Veröffentlicht

11. Juli 2024 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-24-193-02

Text

Siemens TIA Portal and SIMATIC STEP 7

Titel

Siemens TIA Portal and SIMATIC STEP 7

Veröffentlicht

11. Juli 2024 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-24-193-12

Text

Siemens SIMATIC and SIMIT

Titel

Siemens SIMATIC and SIMIT

Veröffentlicht

11. Juli 2024 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-24-193-07

Text

Siemens SCALANCE, RUGGEDCOM, SIPLUS, and SINEC

Titel

Siemens SCALANCE, RUGGEDCOM, SIPLUS, and SINEC

Veröffentlicht

11. Juli 2024 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-24-193-05

Text

Siemens JT Open and PLM XML SDK

Titel

Siemens JT Open and PLM XML SDK

Veröffentlicht

11. Juli 2024 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-24-193-10

Text

Johnson Controls Illustra Pro Gen 4

Titel

Johnson Controls Illustra Pro Gen 4

Veröffentlicht

9. Juli 2024 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-24-191-03

Text

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.0 ATTENTION: Exploitable remotely Vendor: Johnson Controls, Inc. Equipment: Illustra Pro Gen 4 Vulnerability: Dependency on Vulnerable Third-Party Component 2. RISK EVALUATION Successful exploitation of this vulnerability could impact confidentiality and integrity of the device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Johnson Controls ...

Delta Electronics CNCSoft-G2

Titel

Delta Electronics CNCSoft-G2

Veröffentlicht

9. Juli 2024 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-24-191-01

Text

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION: Low attack complexity Vendor: Delta Electronics Equipment: CNCSoft-G2 Vulnerabilities: Stack-based Buffer Overflow, Out-of-bounds Write, Out-of-bounds Read, Heap-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of these vulnerabilities could cause a buffer overflow condition and allow remote code execution. 3. TECHNICAL DETAILS ...

Johnson Controls Software House C●CURE 9000

Titel

Johnson Controls Software House C●CURE 9000

Veröffentlicht

9. Juli 2024 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-24-191-05

Text

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.7 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Johnson Controls Inc. Equipment: Software House C●CURE 9000 Vulnerability: Incorrect Default Permissions 2. RISK EVALUATION Successful exploitation of this vulnerability may allow an attacker to access credentials used for access to the application. 3. TECHNICAL DETAILS ...