Bulletins | CERT@VDE

TCP/IP Stack Vulnerabilities–AMNESIA:33 in SENTRON PAC / 3VA Devices

Titel

TCP/IP Stack Vulnerabilities–AMNESIA:33 in SENTRON PAC / 3VA Devices

Veröffentlicht

9. März 2021 17:15

URL

https://us-cert.cisa.gov/ics/advisories/icsa-21-068-06

Text

This advisory contains mitigations for Out-of-bounds Read, and Out-of-bounds Write vulnerabilities in Siemens SENTRON PAC / 3VA Devices power monitoring devices.

Siemens TCP Stack of SIMATIC MV400

Titel

Siemens TCP Stack of SIMATIC MV400

Veröffentlicht

9. März 2021 17:10

URL

https://us-cert.cisa.gov/ics/advisories/icsa-21-068-07

Text

This advisory contains mitigations for Improper Validation of Specified Index, Position, or Offset in Input; and Use of Insufficiently Random Values vulnerabilities in Siemens SIMATIC MV400 optical code reader software.

Siemens Energy PLUSCONTROL 1st Gen

Titel

Siemens Energy PLUSCONTROL 1st Gen

Veröffentlicht

9. März 2021 17:05

URL

https://us-cert.cisa.gov/ics/advisories/icsa-21-068-08

Text

This advisory contains mitigations for a Predictable Exact Value from Previous Values vulnerability in Siemens Energy PLUSCONTROL 1st Gen energy management systems.

Siemens Solid Edge File Parsing

Titel

Siemens Solid Edge File Parsing

Veröffentlicht

9. März 2021 17:00

URL

https://us-cert.cisa.gov/ics/advisories/icsa-21-068-09

Text

This advisory contains mitigations for a Out-of-bounds Write, Improper Restriction of XML External Entity Reference, and Out-of-bounds Read vulnerabilities in Siemens Solid Edge portfolio software tools.

02.03.2021

Hitachi ABB Power Grids Ellipse EAM

Titel

Hitachi ABB Power Grids Ellipse EAM

Veröffentlicht

2. März 2021 16:10

URL

https://us-cert.cisa.gov/ics/advisories/icsa-21-061-01

Text

This advisory contains mitigations for Cross-site Scripting, and User Interface Misrepresentation of Critical Information vulnerabilities in Hitachi ABB Power Grids Ellipse EAM software products.

02.03.2021

Rockwell Automation CompactLogix 5370 and ControlLogix 5570 Controllers

Titel

Rockwell Automation CompactLogix 5370 and ControlLogix 5570 Controllers

Veröffentlicht

2. März 2021 16:05

URL

https://us-cert.cisa.gov/ics/advisories/icsa-21-061-02

Text

This advisory contains mitigations for an Improper Input Validation vulnerability in Rockwell Automation CompactLogix 5370 and ControlLogix 5570 controllers.

02.03.2021

MB connect line mbCONNECT24, mymbCONNECT24

Titel

MB connect line mbCONNECT24, mymbCONNECT24

Veröffentlicht

2. März 2021 16:00

URL

https://us-cert.cisa.gov/ics/advisories/icsa-21-061-03

Text

This advisory contains mitigations for several vulnerabilities in the MB connect line mbCONNECT24, mymbCONNECT24 remote service portal products.

Februar 2021

PerFact OpenVPN-Client

Titel

PerFact OpenVPN-Client

Veröffentlicht

25. Februar 2021 16:15

URL

https://us-cert.cisa.gov/ics/advisories/icsa-21-056-01

Text

This advisory contains mitigations for an External Control of System or Configuration Setting vulnerability in the PerFact OpenVPN-Client.

https://us-cert.cisa.gov/ics/advisories/icsa-21-056-02

Fatek FvDesigner

Titel

Fatek FvDesigner

Veröffentlicht

25. Februar 2021 16:10

URL

Text

This advisory contains mitigations for Use After Free, Access of Uninitialized Pointer, Stack-based Buffer Overflow, Out-of-Bounds Write, and Out-of-Bounds Read vulnerabilities in Fatek FvDesigner software.

Rockwell Automation Logix Controllers

Titel

Rockwell Automation Logix Controllers

Veröffentlicht

25. Februar 2021 16:05

URL

https://us-cert.cisa.gov/ics/advisories/icsa-21-056-03

Text

This advisory contains mitigations for a n Insufficiently Protected Credentials vulnerability in Rockwell Automation Studio 5000 Logix Designer, RSLogix 5000, and Logix Controllers.

ProSoft Technology ICX35

Titel

ProSoft Technology ICX35

Veröffentlicht

25. Februar 2021 16:00

URL

https://us-cert.cisa.gov/ics/advisories/icsa-21-056-04

Text

This advisory contains mitigations for a Permissions, Privileges, and Access Controls vulnerability in ProSoft Technology ICX35 industrial cellular gateways.

23.02.2021

Advantech BB-ESWGP506-2SFP-T

Titel

Advantech BB-ESWGP506-2SFP-T

Veröffentlicht

23. Februar 2021 16:05

URL

https://us-cert.cisa.gov/ics/advisories/icsa-21-054-02

Text

This advisory contains mitigations for a Use of Hard-coded Credentials vulnerability in Advantech BB-ESWGP506-2SFP-T industrial ethernet switches.

23.02.2021

Advantech Spectre RT Industrial Routers

Titel

Advantech Spectre RT Industrial Routers

Veröffentlicht

23. Februar 2021 16:00

URL

https://us-cert.cisa.gov/ics/advisories/icsa-21-054-03

Text

This advisory contains mitigations for Improper Neutralization of Input During Web Page Generation, Cleartext Transmission of Sensitive Information, Improper Restriction of Excessive Authentication Attempts, Use of a Broken or Risky Cryptographic Algorithm, and Use of Platform-Dependent Third-party Components vulnerabilities in Advantech Spectre RT Industrial Routers.

11.02.2021

Multiple Embedded TCP/IP stacks

Titel

Multiple Embedded TCP/IP stacks

Veröffentlicht

11. Februar 2021 16:10

URL

https://us-cert.cisa.gov/ics/advisories/icsa-21-042-01

Text

This advisory contains mitigations for Use of Insufficiently Random Values vulnerabilities in Nut/Net, CycloneTCP, NDKTCPIP, FNET, uIP-Contiki-OS, uC/TCP-IP, uIP-Contiki-NG, uIP, picoTCP-NG, picoTCP, MPLAB Net, Nucleus NET, Nucleus ReadyStart TCP/IP stacks.

11.02.2021

Rockwell Automation DriveTools SP and Drives AOP

Titel

Rockwell Automation DriveTools SP and Drives AOP

Veröffentlicht

11. Februar 2021 16:05

URL

https://us-cert.cisa.gov/ics/advisories/icsa-21-042-02

Text

This advisory contains mitigations for an Uncontrolled Search Path Element vulnerability in Rockwell Automation DriveTools SP and Drives AOP software.

11.02.2021

Wibu-Systems CodeMeter (Update E)

Titel

Wibu-Systems CodeMeter (Update E)

Veröffentlicht

11. Februar 2021 16:00

URL

https://us-cert.cisa.gov/ics/advisories/icsa-20-203-01

Text

This updated advisory is a follow-up to the advisory update titled ICSA-20-203-01 Wibu-Systems CodeMeter (Update D) that was published December 3, 2020, to the ICS webpage on us-cert.gov. This advisory contains mitigations for Buffer Access with Incorrect Length Value, Inadequate Encryption Strength, Origin Validation Error, Improper Input Validation, Improper Verification ...

GE Digital HMI/SCADA iFIX

Titel

GE Digital HMI/SCADA iFIX

Veröffentlicht

9. Februar 2021 17:50

URL

https://us-cert.cisa.gov/ics/advisories/icsa-21-040-01

Text

This advisory contains mitigations for Incorrect Permission Assignment for Critical Resource vulnerabilities in the GE Digital HMI/SCADA iFIX software component.

Siemens SINEMA Server & SINEC NMS

Titel

Siemens SINEMA Server & SINEC NMS

Veröffentlicht

9. Februar 2021 17:40

URL

https://us-cert.cisa.gov/ics/advisories/icsa-21-040-03

Text

This advisory contains mitigations for a Path Traversal vulnerability in Siemens SINEMA server and SINEC NMS products.

Siemens TIA Administrator

Titel

Siemens TIA Administrator

Veröffentlicht

9. Februar 2021 17:30

URL

https://us-cert.cisa.gov/ics/advisories/icsa-21-040-05

Text

This advisory contains mitigations for an Improper Access Control vulnerability in Siemens TIA Administrator products.

Siemens SCALANCE W780 and W740

Titel

Siemens SCALANCE W780 and W740

Veröffentlicht

9. Februar 2021 17:20

URL

https://us-cert.cisa.gov/ics/advisories/icsa-21-040-07

Text

This advisory contains mitigations for an Allocation of Resources Without Limits or Throttling vulnerability in Siemens SCALANCE W780 and W740 industrial wireless LAN products.

Januar 2021

SOOIL Dana Diabecare RS Products

Titel

SOOIL Dana Diabecare RS Products

Veröffentlicht

12. Januar 2021 17:00

URL

https://us-cert.cisa.gov/ics/advisories/icsma-21-012-01

Text

This advisory contains mitigations for Use of Hard Coded Credentials, Insufficiently Protected Credentials, Use of Insufficiently Random Values, Use of Client-side Authentication, Client-side Enforcement of Server-side Security, Authentication Bypass by Capture-Replay, Unprotected Transport of Credentials, Key Exchange Without Entity Authentication, and Authentication Bypass by Spoofing vulnerabilities in SOOIL Dana Diabecare ...

Schneider Electric EcoStruxure Power Build-Rapsody

Titel

Schneider Electric EcoStruxure Power Build-Rapsody

Veröffentlicht

12. Januar 2021 16:55

URL

https://us-cert.cisa.gov/ics/advisories/icsa-21-012-01

Text

This advisory contains mitigations for an Unrestricted Upload of File with Dangerous Type vulnerability in the Schneider Electric EcoStruxure Power Build-Rapsody software.

Siemens JT2Go and Teamcenter Visualization

Titel

Siemens JT2Go and Teamcenter Visualization

Veröffentlicht

12. Januar 2021 16:45

URL

https://us-cert.cisa.gov/ics/advisories/icsa-21-012-03

Text

This advisory contains mitigations for a Type Confusion, Improper Restriction of XML External Entity Reference, Out-of-bounds Write, Heap-based Buffer Overflow, Stack-based Buffer Overflow, Untrusted Pointer Dereference, and Out-of-bounds Read vulnerabilities in Siemens JT2Go and Teamcenter Visualization software products.

https://us-cert.cisa.gov/ics/advisories/icsa-21-012-04

Siemens Solid Edge

Titel

Siemens Solid Edge

Veröffentlicht

12. Januar 2021 16:40

URL

Text

This advisory contains mitigations for Out-of-bounds Write, and Stack-based Buffer Overflow vulnerabilities in Siemens Solid Edge software tools.