Bulletins | CERT@VDE

ARC Informatique PcVue (Update A)

Titel

ARC Informatique PcVue (Update A)

Veröffentlicht

29. September 2022 16:20

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-235-01-0

Text

This updated advisory is a follow-up to the advisory update titled ICSA-22-235-01 ARC Informatique PcVue that was published August 23, 2022 to the ICS webpage on cisa.gov/ics. This advisory contains mitigations for a Cleartext Storage of Sensitive Information vulnerability in various components of ARC Informatique products.

29.09.2022

Hitachi Energy MicroSCADA Pro X SYS600

Titel

Hitachi Energy MicroSCADA Pro X SYS600

Veröffentlicht

29. September 2022 16:05

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-272-02

Text

This advisory contains mitigations for NULL Pointer Dereference and Infinite Loop vulnerabilities in Hitachi Energy MicroSCADA Pro/X SYS600 products.

27.09.2022

Hitachi Energy AFS660/AFS665

Titel

Hitachi Energy AFS660/AFS665

Veröffentlicht

27. September 2022 16:20

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-270-01

Text

This advisory contains mitigations for an Improper Input Validation vulnerability in Hitachi Energy AFS660 and AFS665 industrial switches.

27.09.2022

Rockwell Automation ThinManager ThinServer

Titel

Rockwell Automation ThinManager ThinServer

Veröffentlicht

27. September 2022 16:00

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-270-03

Text

This advisory contains mitigations for a Heap-based Buffer Overflow vulnerability in Rockwell Automation ThinManager ThinServer, a thin client and remote desktop protocol (RDP) server management software.

22.09.2022

Mitsubishi Electric Factory Automation Engineering Software (Update D)

Titel

Mitsubishi Electric Factory Automation Engineering Software (Update D)

Veröffentlicht

22. September 2022 16:10

URL

https://us-cert.cisa.gov/ics/advisories/icsa-20-212-02

Text

This updated advisory is a follow-up to the advisory update titled ICSA-20-212-02 Mitsubishi Electric Factory Automation Engineering Software (Update C) that was published July 28, 2022, to the ICS webpage on cisa.gov/ics.This advisory contains mitigations for a Permission Issues vulnerability in versions of Mitsubishi Electric Factory Automation Engineering Software products.

22.09.2022

Mitsubishi Electric Multiple Products (Update E)

Titel

Mitsubishi Electric Multiple Products (Update E)

Veröffentlicht

22. September 2022 16:00

URL

https://us-cert.cisa.gov/ics/advisories/icsa-20-245-01

Text

This updated advisory is a follow-up to the advisory update titled ICSA-20-245-01 Mitsubishi Electric Multiple Products (Update D) that was published May 31, 2022 to the ICS webpage on cisa.gov/ics. This advisory contains mitigations for a Predictable Exact Value from Previous Values vulnerabilit in versions of several Mitsubishi Electric products.

Hitachi Energy PROMOD IV

Titel

Hitachi Energy PROMOD IV

Veröffentlicht

20. September 2022 16:35

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-263-01

Text

This advisory contains mitigations for an Improper Access Control vulnerability in PROMOD IV.

Hitachi Energy AFF660/665 Series

Titel

Hitachi Energy AFF660/665 Series

Veröffentlicht

20. September 2022 16:30

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-263-02

Text

This advisory contains mitigations for a Stack-base Buffer Overflow vulnerability in versions of Hitachi Energy AFF660/665 Firewall software.

Medtronic NGP 600 Series Insulin Pumps

Titel

Medtronic NGP 600 Series Insulin Pumps

Veröffentlicht

20. September 2022 16:25

URL

https://us-cert.cisa.gov/ics/advisories/icsma-22-263-01

Text

This advisory contains mitigations for a Protection Mechanism Failure vulnerability in versions of Medtronic NGP 600 Series Insulin Pumps and accessory components.

https://us-cert.cisa.gov/ics/advisories/icsa-22-263-03

Dataprobe iBoot-PDU

Titel

Dataprobe iBoot-PDU

Veröffentlicht

20. September 2022 16:20

URL

Text

This advisory contains mitigations for OS Command Injection, Path Traversal, Exposure of Sensitive Information to an Unauthorized Actor, Improper Access Control, Improper Authorization, Incorrect Authorization, and SSRF vulnerabilities in versions of Dataprobe iBoot-PDU FW products.

Host Engineering Communications Module

Titel

Host Engineering Communications Module

Veröffentlicht

20. September 2022 16:15

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-263-04

Text

This advisory contains mitigations for a Stack-based Buffer overflow vulnerability in versions of Host Engineering H0-ECOM100 Communications Module products.

AutomationDirect DirectLOGIC with Ethernet (Update A)

Titel

AutomationDirect DirectLOGIC with Ethernet (Update A)

Veröffentlicht

20. September 2022 16:10

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-167-03

Text

This updated advisory is a follow-up to the original advisory titled ICSA-22.167-03 AutomationDirect DirectLOGIC with Ethernet that was published June 16, 2022, on the ICS webpage on cisa.gov/ICS. This advisory contains mitigations for Uncontrolled Resource Consumption and Cleartext Transmission of Sensitive Information vulnerabilities in versions of AutomationDirect DirectLOGIC with Ethernet ...

AutomationDirect DirectLOGIC with Serial Communication (Update A)

Titel

AutomationDirect DirectLOGIC with Serial Communication (Update A)

Veröffentlicht

20. September 2022 16:05

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-167-02

Text

This updated advisory is a follow-up to the original advisory titled ICSA-22.167-02 AutomationDirect DirectLOGIC with Serial Communication that was published June 16, 2022, on the ICS webpage on cisa.gov/ICS. This advisory contains mitigations for a Cleartext Transmission of Sensitive Information vulnerability in versions of AutomationDirect DirectLOGIC with Serial Communication products.

MiCODUS MV720 GPS tracker (Update A)

Titel

MiCODUS MV720 GPS tracker (Update A)

Veröffentlicht

20. September 2022 16:00

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-200-01

Text

This updated advisory is a follow-up to the original advisory titled ICSA-22-200-01 MiCODUS MV720 GPS tracker that was published July 19, 2022, on the ICS webpage on cisa.gov/ICS. This advisory contains mitigations for Use of Hard-coded Credentials, Improper Authentication, Cross-site Scripting, and Authorization Bypass Through User-controlled Key vulnerabilities in versions ...

Siemens Mobility CoreShield OWG Software

Titel

Siemens Mobility CoreShield OWG Software

Veröffentlicht

15. September 2022 16:50

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-258-01

Text

This advisory contains mitigations for an Improper Access Control vulnerability in versions of Siemens CoreShield One-Way Gateway (OWG) Software.

Siemens Simcenter Femap and Parasolid

Titel

Siemens Simcenter Femap and Parasolid

Veröffentlicht

15. September 2022 16:45

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-258-02

Text

This advisory contains mitigations for Multiple File Parsing vulnerabilities in Siemens Simcenter Femap and Parasolid products.

Siemens Industrial Products Intel CPUs (Update F)

Titel

Siemens Industrial Products Intel CPUs (Update F)

Veröffentlicht

15. September 2022 16:38

URL

https://us-cert.cisa.gov/ics/advisories/icsa-21-222-05

Text

This updated advisory is a follow-up to the advisory update titled ICSA-21-222-05 Siemens Industrial Products Intel CPU (Update E) that was published August 11, 2022, to the ICS webpage on www.cisa.gov/ics. This advisory contains mitigations for a Missing Encryption of Sensitive Data vulnerability in versions of Siemens Industrial Products Intel ...

Siemens RUGGEDCOM ROS (Update A)

Titel

Siemens RUGGEDCOM ROS (Update A)

Veröffentlicht

15. September 2022 16:25

URL

https://us-cert.cisa.gov/ics/advisories/icsa-19-344-03

Text

This updated advisory is a follow-up to the original advisory titled ICSA-19-344-03 Siemens RUGGEDCOM ROS that was published December 10, 2019, on the ICS webpage on cisa.gov/ICS. This advisory contains mitigations for Improper Restriction of Operations within the Bounds of a Memory Buffer and Resource Management Errors vulnerabilities in multiple ...

Simcenter Femap and Parasolid (Update B)

Titel

Simcenter Femap and Parasolid (Update B)

Veröffentlicht

15. September 2022 16:20

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-195-09

Text

This updated advisory is a follow-up to the original advisory titled ICSA-22-195-09 Simcenter Femap and Parasolid (Update A) that was published July 14, 2022, on the ICS webpage on cisa.gov/ics. This advisory contains mitigations for an Out-of-bounds Read vulnerability Simcenter Femap, an advanced simulation application, and Parasolid, a 3D geometric ...

Siemens OpenSSL Affected Industrial Products (Update C)

Titel

Siemens OpenSSL Affected Industrial Products (Update C)

Veröffentlicht

15. September 2022 16:10

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-167-14

Text

This updated advisory is a follow-up to the original advisory titled ICSA-22-167-14 Siemens OpenSSL Affected Industrial Products (Update B) that was published August 18, 2022, on the ICS webpage on cisa.gov/ics. This advisory contains mitigations for an Infinite Loop vulnerability in multiple Siemens industrial products.