Bulletins | CERT@VDE

Siemens Climatix POL909

Titel

Siemens Climatix POL909

Veröffentlicht

10. März 2022 17:25

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-069-07

Text

This advisory contains mitigations for Cross-site Scripting, and Improper Access Control vulnerabilities in of Climatix POL909 AWM and AWB web modules.

10.03.2022

https://us-cert.cisa.gov/ics/advisories/icsa-22-069-08

Siemens Polarion ALM

Titel

Siemens Polarion ALM

Veröffentlicht

10. März 2022 17:20

URL

Text

This advisory contains mitigations for a Cross-site Scripting vulnerability in Siemens Siemens Polarion ALM management software.

10.03.2022

https://us-cert.cisa.gov/ics/advisories/icsa-22-069-09

Siemens SINEC INS

Titel

Siemens SINEC INS

Veröffentlicht

10. März 2022 17:15

URL

Text

This advisory contains mitigations for a Using Components with Known Vulnerabilities vulnerability in the Siemens SINECC INS web-based application.

08.03.2022

PTC Axeda agent and Axeda Desktop Server

Titel

PTC Axeda agent and Axeda Desktop Server

Veröffentlicht

8. März 2022 16:10

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-067-01

Text

This advisory contains mitigations for Use of Hard-coded Credentials, Missing Authentication for Critical Function, Exposure of Sensitive Information to an Unauthorized Actor, Path Traversal, Improper Check or Handling of Exceptional Conditions vulnerabilities in Axeda agent and Axeda Desktop Server, a remote asset connectivity software used as part of a cloud ...

08.03.2022

AVEVA System Platform

Titel

AVEVA System Platform

Veröffentlicht

8. März 2022 16:05

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-067-02

Text

This advisory contains mitigations for a Cleartext Storage of Sensitive Information in Memory vulnerability in the AVEVA System Platform, a software management product.

08.03.2022

Sensormatic PowerManage (Update A)

Titel

Sensormatic PowerManage (Update A)

Veröffentlicht

8. März 2022 16:00

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-034-01

Text

This update advisory is a follow-up to the original advisory titled ICSA-22-034-01 Sensormatic PowerManage that was published February 3, 2022, on the ICS webpage on www.cisa.gov/uscert. This advisory contains mitigations for an Improper Input Validation vulnerability in the Sensormatic PowerManage operating platform.

04.03.2022

Trailer Power Line Communications (PLC) J2497

Titel

Trailer Power Line Communications (PLC) J2497

Veröffentlicht

4. März 2022 16:00

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-063-01

Text

This advisory contains mitigations for Missing Authentication for Critical Function, and Improper Protection against Electromagnetic Fault Injection vulnerabilities in Power Line Communications (PLC): J2497 (a.k.a. PLC4TRUCKS), a bidirectional, serial communications link over a vehicle power supply line.

03.03.2022

https://us-cert.cisa.gov/ics/advisories/icsma-22-062-02

BD Viper LT

Titel

BD Viper LT

Veröffentlicht

3. März 2022 16:05

URL

Text

This advisory contains mitigations for a Use of Hard-coded Credentials vulnerability in the BD Viper LT automated molecular testing system.

03.03.2022

https://us-cert.cisa.gov/ics/advisories/icsa-22-062-01

IPCOMM ipDIO

Titel

IPCOMM ipDIO

Veröffentlicht

3. März 2022 16:00

URL

Text

This advisory contains mitigations for a Cross-site Scripting, and Code Injection vulnerabilities in the IPCOMM ipDIO telecontrol communication device.

Februar 2022

FATEK Automation FvDesigner

Titel

FATEK Automation FvDesigner

Veröffentlicht

24. Februar 2022 16:15

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-055-01

Text

This advisory contains mitigations for Stack-based Buffer Overflow, Out-of-bounds Write, and Out-of-bounds Read vulnerabilities in FATEK Automation FvDesigner HMI products.

Mitsubishi Electric EcoWebServerIII

Titel

Mitsubishi Electric EcoWebServerIII

Veröffentlicht

24. Februar 2022 16:10

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-055-02

Text

This advisory contains mitigations for Improper Neutralization of Input During Web Page Generation, Uncontrolled Resource Consumption, and Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerabilities in the Mitsubishi Electric EcoWebServerIII energy saving data collecting server.

Schneider Electric Easergy P5 and P3

Titel

Schneider Electric Easergy P5 and P3

Veröffentlicht

24. Februar 2022 16:05

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-055-03

Text

This advisory contains mitigations for Use of Hard-coded Credentials, and Classic Buffer Overflow vulnerabilities in Schneider Electric Easergy P5 and P3 medium voltage protection relays.

Baker Hughes Bently Nevada 3500

Titel

Baker Hughes Bently Nevada 3500

Veröffentlicht

24. Februar 2022 16:00

URL

https://us-cert.cisa.gov/ics/advisories/icsa-21-231-02

Text

This advisory was originally posted to the HSIN ICS library on August 19, 2021, and is being released to the ICS webpage on www.cisa.gov/uscert. This advisory contains mitigations for a Use of Password Hash with Insufficient Computational Effort vulnerability in the Bently Nevada 3500 machinery protection and monitoring systems.

22.02.2022

GE Proficy CIMPLICITY-IPM

Titel

GE Proficy CIMPLICITY-IPM

Veröffentlicht

22. Februar 2022 16:10

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-053-01

Text

This advisory contains mitigations for an Improper Privilege Management vulnerability in GE Proficy CIMPLICITY, a HMI and SCADA platform.

22.02.2022

GE Proficy CIMPLICITY-Cleartext

Titel

GE Proficy CIMPLICITY-Cleartext

Veröffentlicht

22. Februar 2022 16:05

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-053-02

Text

This advisory contains mitigations for a Cleartext Transmission of Sensitive Information vulnerability in GE Proficy CIMPLICITY, a HMI and SCADA platform.

22.02.2022

https://us-cert.cisa.gov/ics/advisories/icsa-22-053-03

WIN-911 2021

Titel

WIN-911 2021

Veröffentlicht

22. Februar 2022 16:00

URL

Text

This advisory contains mitigations for Incorrect Default Permissions vulnerabilities in WIN-911 2021 alarm notification platforms.

11.02.2022

Siemens Solid Edge, JT2Go, and Teamcenter Visualization

Titel

Siemens Solid Edge, JT2Go, and Teamcenter Visualization

Veröffentlicht

11. Februar 2022 04:55

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-041-07-1

Text

This advisory contains mitigations for Improper Restriction of Operations within the Bounds of a Memory Buffer, Out-of-bounds Write, Heap-based Buffer Overflow, and Out-of-bounds Read vulnerabilities in Siemens Solid Edge, JT2Go, and Teamcenter Visualization software products.

Siemens SIMATIC Industrial Products

Titel

Siemens SIMATIC Industrial Products

Veröffentlicht

10. Februar 2022 17:25

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-041-01

Text

This advisory contains mitigations for Operation on a Resource after Expiration or Release, and Missing Release of Memory after Effective Lifetime vulnerabilities in Siemens Industrial Products using the SIMATIC firmware platform.

Siemens SIMATIC WinCC and PCS

Titel

Siemens SIMATIC WinCC and PCS

Veröffentlicht

10. Februar 2022 17:20

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-041-02

Text

This advisory contains mitigations for a Exposure of Sensitive Information to an Unauthorized Actor, Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in Siemens SIMATIC WinCC and PCS industrial automation products.

SINEMA Remote Connect Server

Titel

SINEMA Remote Connect Server

Veröffentlicht

10. Februar 2022 17:10

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-041-04

Text

This advisory contains mitigations for an Open Redirect vulnerability in the SINEMA Remote Connect Server, a management platform for remote networks.

https://us-cert.cisa.gov/ics/advisories/icsa-22-041-05

SICAM TOOLBOX II

Titel

SICAM TOOLBOX II

Veröffentlicht

10. Februar 2022 17:05

URL

Text

This advisory contains mitigations for a Use of Hard-coded Credentials vulnerability in the Siemens SICAM TOOLBOX II software platform.

Siemens Spectrum Power 4

Titel

Siemens Spectrum Power 4

Veröffentlicht

10. Februar 2022 17:00

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-041-06

Text

This advisory contains mitigations for a Cross-site scripting vulnerability in Siemens Spectrum Power 4 communications and data modeling software.

Siemens COMOS Web (Update A)

Titel

Siemens COMOS Web (Update A)

Veröffentlicht

10. Februar 2022 16:50

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-013-05

Text

This updated advisory is a follow-up to the original advisory titled ICSA-22-013-05 Siemens COMOS Web that was published January 13, 2022, to the ICS webpage on www.cisa.gov/uscert. This advisory contains mitigations for Basic XSS, Relative Path Traversal, SQL Injection, and Cross-site Request Forgery vulnerabilities in the Siemens COMOS Web unified ...

Siemens Healthineers syngo fastView (Update A)

Titel

Siemens Healthineers syngo fastView (Update A)

Veröffentlicht

10. Februar 2022 16:45

URL

https://us-cert.cisa.gov/ics/advisories/icsa-21-350-16

Text

This updated advisory is a follow-up to the original advisory titled ICSA-21-350-16 Siemens Healthineers syngo fastView that was published December 16, 2021, to the ICS webpage on www.cisa.gov/uscert. This advisory contains mitigation for an Out-of-bounds Write vulnerability in the Siemens Healthineers syngo fastView software for digital imaging and communications.