Bulletins | CERT@VDE

Siemens Spectrum Power 7

Titel

Siemens Spectrum Power 7

Veröffentlicht

21. September 2023 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-23-264-02

Text

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY ...

21.09.2023

Rockwell Automation Select Logix Communication Modules

Titel

Rockwell Automation Select Logix Communication Modules

Veröffentlicht

21. September 2023 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-23-264-04

Text

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: 1756-EN2T, 1756-EN2TK, 1756-EN2TXT, 1756-EN2TP, 1756-EN2TPK, 1756-EN2TPXT, 1756-EN2TR, 1756-EN2TRK, 1756-EN2TRXT, 1756-EN2F, 1756-EN2FK, 1756-EN3TR, 1756-EN3TRK Vulnerability: Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to achieve remote code ...

21.09.2023

Rockwell Automation FactoryTalk View Machine Edition

Titel

Rockwell Automation FactoryTalk View Machine Edition

Veröffentlicht

21. September 2023 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-23-264-06

Text

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: FactoryTalk View Machine Edition Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute code remotely with specially crafted malicious packets or by using a ...

Omron Engineering Software Zip-Slip

Titel

Omron Engineering Software Zip-Slip

Veröffentlicht

19. September 2023 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-23-262-03

Text

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.5 ATTENTION: Low attack complexity Vendor: Omron Equipment: Sysmac Studio, NX-IO Configurator Vulnerability: Path Traversal 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to overwrite files on a system. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of ...

Omron CJ/CS/CP Series

Titel

Omron CJ/CS/CP Series

Veröffentlicht

19. September 2023 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-23-262-05

Text

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Omron Equipment: Sysmac CJ/CS/CP Series Vulnerability: Improper Control of Interaction Frequency 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to obtain sensitive information in memory. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The ...

Siemens SIMATIC PCS neo Administration Console

Titel

Siemens SIMATIC PCS neo Administration Console

Veröffentlicht

19. September 2023 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-23-262-01

Text

Omron Engineering Software

Titel

Omron Engineering Software

Veröffentlicht

19. September 2023 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-23-262-04

Text

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.5 ATTENTION: Low attack complexity Vendor: Omron Equipment: Sysmac Studio Vulnerability: Improper Authorization 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Omron engineering software are ...

Siemans QMS Automotive

Titel

Siemans QMS Automotive

Veröffentlicht

14. September 2023 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-23-257-03

Text

Rockwell Automation Pavilion8

Titel

Rockwell Automation Pavilion8

Veröffentlicht

14. September 2023 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-23-257-07

Text

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: Pavilion8 Vulnerability: Improper Authentication 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to retrieve other user's sessions data. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Rockwell ...

https://www.cisa.gov/news-events/ics-advisories/icsa-23-257-05

Siemens SIMATIC IPCs

Titel

Siemens SIMATIC IPCs

Veröffentlicht

14. September 2023 14:00

URL

Text

Siemens SIMATIC, SIPLUS Products

Titel

Siemens SIMATIC, SIPLUS Products

Veröffentlicht

14. September 2023 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-23-257-01

Text

Siemens WIBU Systems CodeMeter

Titel

Siemens WIBU Systems CodeMeter

Veröffentlicht

14. September 2023 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-23-257-06

Text

Siemans WIBU Systems CodeMeter

Titel

Siemans WIBU Systems CodeMeter

Veröffentlicht

14. September 2023 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-23-257-06

Text

12.09.2023

Hitachi Energy Lumada APM Edge

Titel

Hitachi Energy Lumada APM Edge

Veröffentlicht

12. September 2023 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-23-255-01

Text

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: Lumada Asset Performance Management (APM) Edge Vulnerabilities: Use After Free, Double Free, Type Confusion, Observable Discrepancy 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to cause a denial-of-service condition ...

12.09.2023

Fujitsu Software Infrastructure Manager

Titel

Fujitsu Software Infrastructure Manager

Veröffentlicht

12. September 2023 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-23-255-02

Text

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.9 ATTENTION: Low attack complexity Vendor: Fujitsu Software Equipment: Infrastructure Manager Vulnerability: Cleartext Storage of Sensitive Information 2. RISK EVALUATION Successful exploitation of this vulnerability could result in an attacker retrieving the password for the proxy server that is configured in ISM from ...

07.09.2023

Socomec MOD3GP-SY-120K

Titel

Socomec MOD3GP-SY-120K

Veröffentlicht

7. September 2023 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-23-250-03

Text

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Socomec Equipment: MOD3GP-SY-120K Vulnerabilities: Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), Insecure Storage of Sensitive Information, Reliance on Cookies without Validation and Integrity Checking, Code Injection, Plaintext Storage of a Password 2. RISK EVALUATION Successful exploitation of these ...

07.09.2023

Phoenix Contact TC ROUTER and TC CLOUD CLIENT

Titel

Phoenix Contact TC ROUTER and TC CLOUD CLIENT

Veröffentlicht

7. September 2023 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-23-250-02

Text

1. EXECUTIVE SUMMARY CVSS v3 9.6 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: Phoenix Contact Equipment: TC ROUTER and TC CLOUD CLIENT Vulnerabilities: Cross-site Scripting, XML Entity Expansion 2. RISK EVALUATION Successful exploitation of this these vulnerabilities could execute code in the context of the user's browser or ...

07.09.2023

Dover Fueling Solutions MAGLINK LX Console

Titel

Dover Fueling Solutions MAGLINK LX Console

Veröffentlicht

7. September 2023 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-23-250-01

Text

1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Dover Fueling Solutions Equipment: MAGLINK LX - Web Console Configuration Vulnerabilities: Authentication Bypass using an Alternate Path or Channel, Improper Access Control, Path Traversal 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to gain ...

05.09.2023

Fujitsu Limited Real-time Video Transmission Gear "IP series"

Titel

Fujitsu Limited Real-time Video Transmission Gear "IP series"

Veröffentlicht

5. September 2023 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-23-248-01

Text

1. EXECUTIVE SUMMARY CVSS v3 5.9 ATTENTION: Exploitable remotely Vendor: Fujitsu Limited Equipment: Real-time Video Transmission Gear "IP series" Vulnerability: Use Of Hard-Coded Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could result in an attacker logging into the web interface using the obtained credentials. The attacker could initialize ...

August 2023

Digi RealPort Protocol

Titel

Digi RealPort Protocol

Veröffentlicht

31. August 2023 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-23-243-04

Text

1. EXECUTIVE SUMMARY CVSS v3 9.0 ATTENTION: Exploitable remotely Vendor: Digi International, Inc. Equipment: Digi RealPort Protocol Vulnerability: Use of Password Hash Instead of Password for Authentication 2. RISK EVALUATION Successful exploitation of this vulnerability could allow the attacker to access connected equipment. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Digi ...

ARDEREG Sistemas SCADA

Titel

ARDEREG Sistemas SCADA

Veröffentlicht

31. August 2023 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-23-243-01

Text

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: ARDEREG Equipment: Sistemas SCADA Vulnerability: SQL Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to manipulate SQL query logic to extract sensitive information and perform unauthorized actions within the database. 3. TECHNICAL DETAILS ...

PTC Kepware KepServerEX

Titel

PTC Kepware KepServerEX

Veröffentlicht

31. August 2023 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-23-243-03

Text

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: PTC Equipment: Kepware KepServerEX Vulnerabilities: Uncontrolled Search Path Element, Improper Input Validation, Insufficiently Protected Credentials 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to gain elevated privileges, execute arbitrary code, and obtain server hashes ...

GE Digital CIMPLICITY

Titel

GE Digital CIMPLICITY

Veröffentlicht

31. August 2023 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-23-243-02

Text

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: GE Digital Equipment: CIMPLICITY Vulnerability: Process Control 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a low-privileged local attacker to escalate privileges to SYSTEM. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following GE products are affected: GE ...

29.08.2023

https://www.cisa.gov/news-events/ics-advisories/icsa-23-241-01

PTC Codebeamer

Titel

PTC Codebeamer

Veröffentlicht

29. August 2023 14:00

URL

Text

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: PTC Equipment: Codebeamer Vulnerability: Cross site scripting 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to inject arbitrary JavaScript code, which could be executed in the victim's browser upon clicking on a malicious link. ...

24.08.2023