Bulletins | CERT@VDE

https://us-cert.cisa.gov/ics/advisories/icsa-22-062-01

IPCOMM ipDIO

Titel

IPCOMM ipDIO

Veröffentlicht

3. März 2022 16:00

URL

Text

This advisory contains mitigations for a Cross-site Scripting, and Code Injection vulnerabilities in the IPCOMM ipDIO telecontrol communication device.

Februar 2022

FATEK Automation FvDesigner

Titel

FATEK Automation FvDesigner

Veröffentlicht

24. Februar 2022 16:15

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-055-01

Text

This advisory contains mitigations for Stack-based Buffer Overflow, Out-of-bounds Write, and Out-of-bounds Read vulnerabilities in FATEK Automation FvDesigner HMI products.

Mitsubishi Electric EcoWebServerIII

Titel

Mitsubishi Electric EcoWebServerIII

Veröffentlicht

24. Februar 2022 16:10

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-055-02

Text

This advisory contains mitigations for Improper Neutralization of Input During Web Page Generation, Uncontrolled Resource Consumption, and Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerabilities in the Mitsubishi Electric EcoWebServerIII energy saving data collecting server.

Schneider Electric Easergy P5 and P3

Titel

Schneider Electric Easergy P5 and P3

Veröffentlicht

24. Februar 2022 16:05

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-055-03

Text

This advisory contains mitigations for Use of Hard-coded Credentials, and Classic Buffer Overflow vulnerabilities in Schneider Electric Easergy P5 and P3 medium voltage protection relays.

Baker Hughes Bently Nevada 3500

Titel

Baker Hughes Bently Nevada 3500

Veröffentlicht

24. Februar 2022 16:00

URL

https://us-cert.cisa.gov/ics/advisories/icsa-21-231-02

Text

This advisory was originally posted to the HSIN ICS library on August 19, 2021, and is being released to the ICS webpage on www.cisa.gov/uscert. This advisory contains mitigations for a Use of Password Hash with Insufficient Computational Effort vulnerability in the Bently Nevada 3500 machinery protection and monitoring systems.

22.02.2022

GE Proficy CIMPLICITY-IPM

Titel

GE Proficy CIMPLICITY-IPM

Veröffentlicht

22. Februar 2022 16:10

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-053-01

Text

This advisory contains mitigations for an Improper Privilege Management vulnerability in GE Proficy CIMPLICITY, a HMI and SCADA platform.

22.02.2022

GE Proficy CIMPLICITY-Cleartext

Titel

GE Proficy CIMPLICITY-Cleartext

Veröffentlicht

22. Februar 2022 16:05

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-053-02

Text

This advisory contains mitigations for a Cleartext Transmission of Sensitive Information vulnerability in GE Proficy CIMPLICITY, a HMI and SCADA platform.

22.02.2022

https://us-cert.cisa.gov/ics/advisories/icsa-22-053-03

WIN-911 2021

Titel

WIN-911 2021

Veröffentlicht

22. Februar 2022 16:00

URL

Text

This advisory contains mitigations for Incorrect Default Permissions vulnerabilities in WIN-911 2021 alarm notification platforms.

11.02.2022

Siemens Solid Edge, JT2Go, and Teamcenter Visualization

Titel

Siemens Solid Edge, JT2Go, and Teamcenter Visualization

Veröffentlicht

11. Februar 2022 04:55

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-041-07-1

Text

This advisory contains mitigations for Improper Restriction of Operations within the Bounds of a Memory Buffer, Out-of-bounds Write, Heap-based Buffer Overflow, and Out-of-bounds Read vulnerabilities in Siemens Solid Edge, JT2Go, and Teamcenter Visualization software products.

Siemens SIMATIC Industrial Products

Titel

Siemens SIMATIC Industrial Products

Veröffentlicht

10. Februar 2022 17:25

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-041-01

Text

This advisory contains mitigations for Operation on a Resource after Expiration or Release, and Missing Release of Memory after Effective Lifetime vulnerabilities in Siemens Industrial Products using the SIMATIC firmware platform.

Siemens SIMATIC WinCC and PCS

Titel

Siemens SIMATIC WinCC and PCS

Veröffentlicht

10. Februar 2022 17:20

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-041-02

Text

This advisory contains mitigations for a Exposure of Sensitive Information to an Unauthorized Actor, Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in Siemens SIMATIC WinCC and PCS industrial automation products.

SINEMA Remote Connect Server

Titel

SINEMA Remote Connect Server

Veröffentlicht

10. Februar 2022 17:10

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-041-04

Text

This advisory contains mitigations for an Open Redirect vulnerability in the SINEMA Remote Connect Server, a management platform for remote networks.

https://us-cert.cisa.gov/ics/advisories/icsa-22-041-05

SICAM TOOLBOX II

Titel

SICAM TOOLBOX II

Veröffentlicht

10. Februar 2022 17:05

URL

Text

This advisory contains mitigations for a Use of Hard-coded Credentials vulnerability in the Siemens SICAM TOOLBOX II software platform.

Siemens Spectrum Power 4

Titel

Siemens Spectrum Power 4

Veröffentlicht

10. Februar 2022 17:00

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-041-06

Text

This advisory contains mitigations for a Cross-site scripting vulnerability in Siemens Spectrum Power 4 communications and data modeling software.

Siemens COMOS Web (Update A)

Titel

Siemens COMOS Web (Update A)

Veröffentlicht

10. Februar 2022 16:50

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-013-05

Text

This updated advisory is a follow-up to the original advisory titled ICSA-22-013-05 Siemens COMOS Web that was published January 13, 2022, to the ICS webpage on www.cisa.gov/uscert. This advisory contains mitigations for Basic XSS, Relative Path Traversal, SQL Injection, and Cross-site Request Forgery vulnerabilities in the Siemens COMOS Web unified ...

Siemens Healthineers syngo fastView (Update A)

Titel

Siemens Healthineers syngo fastView (Update A)

Veröffentlicht

10. Februar 2022 16:45

URL

https://us-cert.cisa.gov/ics/advisories/icsa-21-350-16

Text

This updated advisory is a follow-up to the original advisory titled ICSA-21-350-16 Siemens Healthineers syngo fastView that was published December 16, 2021, to the ICS webpage on www.cisa.gov/uscert. This advisory contains mitigation for an Out-of-bounds Write vulnerability in the Siemens Healthineers syngo fastView software for digital imaging and communications.

Siemens SIMATIC WinCC (Update A)

Titel

Siemens SIMATIC WinCC (Update A)

Veröffentlicht

10. Februar 2022 16:40

URL

https://us-cert.cisa.gov/ics/advisories/icsa-21-315-03

Text

This updated advisory is a follow-up to the original advisory titled ICSA-21-315-03 Siemens SIMATIC WinCC that was published November 11, 2021, to the ICS webpage on www.cisa.gov/uscert. This advisory contains mitigations for a Path Traversal, and Insertion of Sensitive Information into Log File vulnerabilities in Siemens SIMATIC WinCC, a SCADA ...

Siemens LOGO! CMR and SIMATIC RTU 3000 (Update A)

Titel

Siemens LOGO! CMR and SIMATIC RTU 3000 (Update A)

Veröffentlicht

10. Februar 2022 16:35

URL

https://us-cert.cisa.gov/ics/advisories/icsa-21-257-13

Text

This updated advisory is a follow-up to the original advisory titled ICSA-21-257-13 Siemens LOGO! CMR and SIMATIC RTU 3000 that was published September 14, 2021, on the ICS webpage on www.cisa.gov/uscert. This advisory contains mitigations for a Use of Insufficiently Random Values vulnerability in Siemens LOGO! CMR controllers and SIMATIC ...

08.02.2022

Mitsubishi Electric FA Engineering Software Products (Update D)

Titel

Mitsubishi Electric FA Engineering Software Products (Update D)

Veröffentlicht

8. Februar 2022 16:05

URL

https://us-cert.cisa.gov/ics/advisories/icsa-21-049-02

Text

This updated advisory is a follow-up to the advisory update titled ICSA-21-049-02 Mitsubishi Electric FA Engineering Software Products (Update C) that was published November 16, 2021, to the ICS webpage on www.cisa.gov/uscert.This advisory contains mitigations for Heap-based Buffer Overflow, and Improper Handling of Length Parameter Inconsistency vulnerabilities in Mitsubishi Electric ...

08.02.2022

Mitsubishi Electric Factory Automation Engineering Products (Update F)

Titel

Mitsubishi Electric Factory Automation Engineering Products (Update F)

Veröffentlicht

8. Februar 2022 16:00

URL

https://us-cert.cisa.gov/ics/advisories/icsa-20-212-04

Text

This updated advisory is a follow-up to the advisory update titled ICSA-20-212-04 Mitsubishi Electric Factory Automation Engineering Products (Update E) that was published November 18, 2021, to the ICS webpage on www.cisa.gov/uscert. This advisory contains mitigations for an Unquoted Search Path or Element vulnerability in Mitsubishi Electric Factory Automation Engineering ...

03.02.2022

Sensormatic PowerManage

Titel

Sensormatic PowerManage

Veröffentlicht

3. Februar 2022 16:10

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-034-01

Text

This advisory contains mitigations for an Improper Input Validation vulnerability in the Sensormatic PowerManage operating platform.

03.02.2022

Airspan Networks Mimosa

Titel

Airspan Networks Mimosa

Veröffentlicht

3. Februar 2022 16:05

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-034-02

Text

This advisory contains mitigations for Improper Authorization, Incorrect Authorization, Server-side Request Forgery, SQL Injection, Deserialization of Untrusted Data, OS Command Injection, and Use of a Broken or Risky Cryptographic Algorithm vulnerabilities in Airspan Networks Mimosa network management software.

03.02.2022

FANUC Robot Controllers (Update A)

Titel

FANUC Robot Controllers (Update A)

Veröffentlicht

3. Februar 2022 16:00

URL

https://us-cert.cisa.gov/ics/advisories/icsa-21-243-02

Text

This advisory is a follow-up to the original advisory titled ICSA-21-243-02P FANUC Robot Controllers that was posted to the HSIN ICS library on August 31, 2021 and subsequently published December 7, 2021, to the ICS webpage on www.cisa.gov/uscert/ics.This advisory contains mitigations for Integer Coercion Error, and Out-of-bounds Write vulnerabilities in ...

01.02.2022