Bulletins | CERT@VDE

https://us-cert.cisa.gov/ics/advisories/icsa-22-221-03

Emerson OpenBSI

Titel

Emerson OpenBSI

Veröffentlicht

9. August 2022 16:05

URL

Text

This advisory contains mitigations for Use of Broken or Risky Cryptographic Algorithm and Use of Hard-coded Cryptographic Key vulnerabilities in Emerson OpenBSI, a set of network communication services.

04.08.2022

https://us-cert.cisa.gov/ics/advisories/icsa-22-216-01

Digi ConnectPort X2D

Titel

Digi ConnectPort X2D

Veröffentlicht

4. August 2022 16:05

URL

Text

This advisory contains mitigations for an Execution with Unnecessary Privileges vulnerability in Digi ConnectPort X2D, a connection gateway.

02.08.2022

Delta Electronics DIAEnergie (Update C)

Titel

Delta Electronics DIAEnergie (Update C)

Veröffentlicht

2. August 2022 16:20

URL

https://us-cert.cisa.gov/ics/advisories/icsa-21-238-03

Text

This updated advisory is a follow-up to the advisory update titled ICSA-21-238-03 Delta Electronics DIAEnergie (Update B) that was published March 22, 2022, on the ICS webpage at www.cisa.gov/ics. This advisory contains mitigations for Use of Password Hash with Insufficient Computational Effort, Authentication Bypass Using an Alternate Path or Channel, ...

02.08.2022

Mitsubishi Electric FA Engineering Software Products (Update F)

Titel

Mitsubishi Electric FA Engineering Software Products (Update F)

Veröffentlicht

2. August 2022 16:10

URL

https://us-cert.cisa.gov/ics/advisories/icsa-21-049-02

Text

his updated advisory is a follow-up to the advisory update titled ICSA-21-049-02 Mitsubishi Electric FA Engineering Software Products (Update E) that was published May 24, 2022, to the ICS webpage on cisa.gov/ics. This advisory contains mitigations for Heap-based Buffer Overflow and Improper Handling of Length Parameter Inconsistency vulnerabilities in various ...

02.08.2022

Mitsubishi Electric Factory Automation Engineering Products (Update H)

Titel

Mitsubishi Electric Factory Automation Engineering Products (Update H)

Veröffentlicht

2. August 2022 16:00

URL

https://us-cert.cisa.gov/ics/advisories/icsa-20-212-04

Text

This updated advisory is a follow-up to the advisory update titled ICSA-20-212-04 Mitsubishi Electric Factory Automation Engineering Products (Update E) that was published May 24, 2022, to the ICS webpage on cisa.gov/ics. This advisory contains mitigations for an Unquoted Search Path or Element vulnerability in various Mitsubishi Electric Factory Automation ...

Juli 2022

28.07.2022

Rockwell Products Impacted by Chromium Type Confusion

Titel

Rockwell Products Impacted by Chromium Type Confusion

Veröffentlicht

28. Juli 2022 16:10

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-209-01

Text

This advisory contains mitigations for a Type Confusion vulnerability in various Rockwell Automation products.

28.07.2022

Mitsubishi Electric FA Engineering Software (Update B)

Titel

Mitsubishi Electric FA Engineering Software (Update B)

Veröffentlicht

28. Juli 2022 16:05

URL

https://us-cert.cisa.gov/ics/advisories/icsa-21-350-05

Text

This updated advisory is a follow-up to the advisory update titled ICSA-21-350-05 Mitsubishi Electric FA Engineering Software (Update A) that was published December 16, 2021, on the ICS webpage on cisa.gov/ics. This advisory contains mitigations for Out-of-bounds Read and Integer Underflow vulnerabilities in Mitsubishi Electric FA Engineering Software, an engineering ...

28.07.2022

Mitsubishi Electric Factory Automation Engineering Software (Update C)

Titel

Mitsubishi Electric Factory Automation Engineering Software (Update C)

Veröffentlicht

28. Juli 2022 16:00

URL

https://us-cert.cisa.gov/ics/advisories/icsa-20-212-02

Text

This updated advisory is a follow-up to the advisory update titled ICSA-20-212-02 Mitsubishi Electric Factory Automation Engineering Software (Update B) that was published May 31, 2021, to the ICS webpage on ucisa.gov/ics.

https://us-cert.cisa.gov/ics/advisories/icsa-22-207-04

MOXA NPort 5110

Titel

MOXA NPort 5110

Veröffentlicht

26. Juli 2022 16:20

URL

Text

This advisory contains mitigations for an Out-of-bounds Write vulnerability in MOXA NPort 5110, a device server.

Honeywell Saia Burgess PG5 PCD

Titel

Honeywell Saia Burgess PG5 PCD

Veröffentlicht

26. Juli 2022 16:15

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-207-03

Text

This advisory contains mitigations for Authentication Bypass and Use of a Broken or Risky Cryptographic Algorithm vulnerabilities in Honeywell Saia Burgess PG5 PCD, a PLC.

Honeywell Safety Manager

Titel

Honeywell Safety Manager

Veröffentlicht

26. Juli 2022 16:10

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-207-02

Text

This advisory contains mitigations for Insufficient Verification of Data Authenticity, Missing Authentication for Critical Function, and Use of Hard-coded Credentials vulnerabilities in Honeywell Safety Manager, a safety solution of the Experion Process Knowledge System.

Mitsubishi Electric MELSEC and MELIPC Series (Update D)

Titel

Mitsubishi Electric MELSEC and MELIPC Series (Update D)

Veröffentlicht

26. Juli 2022 16:00

URL

https://us-cert.cisa.gov/ics/advisories/icsa-21-334-02

Text

This updated advisory is a follow up to the advisory update titled ICSA-21-334-02 Mitsubishi Electric MELSEC and MELIPC Series (Update C) that was published June 7, 2022, to the ICS webpage on cisa.gov/ics. This advisory contains mitigations for Uncontrolled Resource Consumption, Improper Handling of Length Parameter Inconsistency, and Improper Input ...

22.07.2022

AutomationDirect Stride Field I/O

Titel

AutomationDirect Stride Field I/O

Veröffentlicht

22. Juli 2022 04:25

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-202-05

Text

This advisory contains mitigations for an Cleartext Transmission of Sensitive Information vulnerability in AutomationDirect products.

ICONICS Suite and Mitsubishi Electric MC Works64 Products

Titel

ICONICS Suite and Mitsubishi Electric MC Works64 Products

Veröffentlicht

21. Juli 2022 19:07

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-202-04

Text

This advisory contains mitigations for an Path Traversal, Deserialization of Untrusted Data, Inclusion of Functionality from Untrusted Control Sphere, Out-of-Bounds Read vulnerabilities in the SCADA products.

Rockwell Automation ISaGRAF Update A

Titel

Rockwell Automation ISaGRAF Update A

Veröffentlicht

21. Juli 2022 16:20

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-088-01

Text

This updated advisory is a follow-up to the original advisory titled Rockwell Automation ISaGRAF that was published March 29, 2022, on the ICS webpage on cisa.gov/ics. This advisory contains mitigations for an Improper Restriction of XML External Entity Reference vulnerability in Rockwell Automation ISaGRAF software products.

Rockwell Automation ISaGRAF Workbench

Titel

Rockwell Automation ISaGRAF Workbench

Veröffentlicht

21. Juli 2022 16:15

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-202-03

Text

This advisory contains mitigations for a Missing Authentication for Critical Function vulnerability in the ISaGRAF Workbench.

Johnson Controls Metasys ADS, ADX, OAS

Titel

Johnson Controls Metasys ADS, ADX, OAS

Veröffentlicht

21. Juli 2022 16:10

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-202-02

Text

This advisory contains mitigations for an Missing Authentication for Critical Function vulnerability in the Metasys ADS, ADX, OAS.

ABB Drive Composer, Automation Builder, Mint Workbench

Titel

ABB Drive Composer, Automation Builder, Mint Workbench

Veröffentlicht

21. Juli 2022 16:05

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-202-01

Text

This advisory contains mitigations for an Improper Privilege Management vulnerabilities in the ABB products.

19.07.2022

MiCODUS MV720 GPS tracker

Titel

MiCODUS MV720 GPS tracker

Veröffentlicht

19. Juli 2022 16:05

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-200-01

Text

This advisory contains mitigations for Use of Hard-coded Credentials, Improper Authentication, Cross-site Scripting, and Authorization Bypass Through User-controlled Key vulnerabilities in the MiCODUS MV720 GPS tracker.

19.07.2022

Dahua ASI7213X-T1 (Update A)

Titel

Dahua ASI7213X-T1 (Update A)

Veröffentlicht

19. Juli 2022 16:00

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-193-01

Text

This updated advisory is a follow-up to the original advisory titled ICSA-22-193-01 Dahua ASI7213X-T1 that was published July 12, 2022, on the ICS webpage on cisa.gov/ics. This advisory contains mitigations for Unrestricted Upload of File with Dangerous Type, Authentication Bypass by Capture-replay, and Generation of Error Message Containing Sensitive Information ...

Siemens SCALANCE X Switch Devices

Titel

Siemens SCALANCE X Switch Devices

Veröffentlicht

14. Juli 2022 16:58

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-195-01

Text

This advisory contains mitigations for Use of Insufficiently Random Values, and Classic Buffer Overflow vulnerabilities in the Siemens SCALANCE X Switch Devices industrial ethernet switches.

Siemens SIMATIC MV500 Devices

Titel

Siemens SIMATIC MV500 Devices

Veröffentlicht

14. Juli 2022 16:54

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-195-03

Text

This advisory contains mitigations for Insufficient Session Expiration, and Missing Authentication for Critical Function vulnerabilities in the Siemens SIMATIC MV500 Devices Optical Readers.

Siemens Mendix Excel Importer

Titel

Siemens Mendix Excel Importer

Veröffentlicht

14. Juli 2022 16:48

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-195-06

Text

This advisory contains mitigations for an XML Entity Expansion vulnerability in the Mendix Excel Importer Module.

Siemens Datalogics File Parsing Vulnerability

Titel

Siemens Datalogics File Parsing Vulnerability

Veröffentlicht

14. Juli 2022 16:46

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-195-07

Text

This advisory contains mitigations for a Heap-based buffer Overflow vulnerability in the Siemens Teamcenter Visualization.