Bulletins | CERT@VDE

Rockwell Automation Logix Controllers

Titel

Rockwell Automation Logix Controllers

Veröffentlicht

25. Februar 2021 16:05

URL

https://us-cert.cisa.gov/ics/advisories/icsa-21-056-03

Text

This advisory contains mitigations for a n Insufficiently Protected Credentials vulnerability in Rockwell Automation Studio 5000 Logix Designer, RSLogix 5000, and Logix Controllers.

25.02.2021

ProSoft Technology ICX35

Titel

ProSoft Technology ICX35

Veröffentlicht

25. Februar 2021 16:00

URL

https://us-cert.cisa.gov/ics/advisories/icsa-21-056-04

Text

This advisory contains mitigations for a Permissions, Privileges, and Access Controls vulnerability in ProSoft Technology ICX35 industrial cellular gateways.

23.02.2021

Advantech BB-ESWGP506-2SFP-T

Titel

Advantech BB-ESWGP506-2SFP-T

Veröffentlicht

23. Februar 2021 16:05

URL

https://us-cert.cisa.gov/ics/advisories/icsa-21-054-02

Text

This advisory contains mitigations for a Use of Hard-coded Credentials vulnerability in Advantech BB-ESWGP506-2SFP-T industrial ethernet switches.

23.02.2021

Advantech Spectre RT Industrial Routers

Titel

Advantech Spectre RT Industrial Routers

Veröffentlicht

23. Februar 2021 16:00

URL

https://us-cert.cisa.gov/ics/advisories/icsa-21-054-03

Text

This advisory contains mitigations for Improper Neutralization of Input During Web Page Generation, Cleartext Transmission of Sensitive Information, Improper Restriction of Excessive Authentication Attempts, Use of a Broken or Risky Cryptographic Algorithm, and Use of Platform-Dependent Third-party Components vulnerabilities in Advantech Spectre RT Industrial Routers.

11.02.2021

Multiple Embedded TCP/IP stacks

Titel

Multiple Embedded TCP/IP stacks

Veröffentlicht

11. Februar 2021 16:10

URL

https://us-cert.cisa.gov/ics/advisories/icsa-21-042-01

Text

This advisory contains mitigations for Use of Insufficiently Random Values vulnerabilities in Nut/Net, CycloneTCP, NDKTCPIP, FNET, uIP-Contiki-OS, uC/TCP-IP, uIP-Contiki-NG, uIP, picoTCP-NG, picoTCP, MPLAB Net, Nucleus NET, Nucleus ReadyStart TCP/IP stacks.

11.02.2021

Rockwell Automation DriveTools SP and Drives AOP

Titel

Rockwell Automation DriveTools SP and Drives AOP

Veröffentlicht

11. Februar 2021 16:05

URL

https://us-cert.cisa.gov/ics/advisories/icsa-21-042-02

Text

This advisory contains mitigations for an Uncontrolled Search Path Element vulnerability in Rockwell Automation DriveTools SP and Drives AOP software.

11.02.2021

Wibu-Systems CodeMeter (Update E)

Titel

Wibu-Systems CodeMeter (Update E)

Veröffentlicht

11. Februar 2021 16:00

URL

https://us-cert.cisa.gov/ics/advisories/icsa-20-203-01

Text

This updated advisory is a follow-up to the advisory update titled ICSA-20-203-01 Wibu-Systems CodeMeter (Update D) that was published December 3, 2020, to the ICS webpage on us-cert.gov. This advisory contains mitigations for Buffer Access with Incorrect Length Value, Inadequate Encryption Strength, Origin Validation Error, Improper Input Validation, Improper Verification ...

GE Digital HMI/SCADA iFIX

Titel

GE Digital HMI/SCADA iFIX

Veröffentlicht

9. Februar 2021 17:50

URL

https://us-cert.cisa.gov/ics/advisories/icsa-21-040-01

Text

This advisory contains mitigations for Incorrect Permission Assignment for Critical Resource vulnerabilities in the GE Digital HMI/SCADA iFIX software component.

Siemens SINEMA Server & SINEC NMS

Titel

Siemens SINEMA Server & SINEC NMS

Veröffentlicht

9. Februar 2021 17:40

URL

https://us-cert.cisa.gov/ics/advisories/icsa-21-040-03

Text

This advisory contains mitigations for a Path Traversal vulnerability in Siemens SINEMA server and SINEC NMS products.

Siemens TIA Administrator

Titel

Siemens TIA Administrator

Veröffentlicht

9. Februar 2021 17:30

URL

https://us-cert.cisa.gov/ics/advisories/icsa-21-040-05

Text

This advisory contains mitigations for an Improper Access Control vulnerability in Siemens TIA Administrator products.

Siemens SCALANCE W780 and W740

Titel

Siemens SCALANCE W780 and W740

Veröffentlicht

9. Februar 2021 17:20

URL

https://us-cert.cisa.gov/ics/advisories/icsa-21-040-07

Text

This advisory contains mitigations for an Allocation of Resources Without Limits or Throttling vulnerability in Siemens SCALANCE W780 and W740 industrial wireless LAN products.

Januar 2021

SOOIL Dana Diabecare RS Products

Titel

SOOIL Dana Diabecare RS Products

Veröffentlicht

12. Januar 2021 17:00

URL

https://us-cert.cisa.gov/ics/advisories/icsma-21-012-01

Text

This advisory contains mitigations for Use of Hard Coded Credentials, Insufficiently Protected Credentials, Use of Insufficiently Random Values, Use of Client-side Authentication, Client-side Enforcement of Server-side Security, Authentication Bypass by Capture-Replay, Unprotected Transport of Credentials, Key Exchange Without Entity Authentication, and Authentication Bypass by Spoofing vulnerabilities in SOOIL Dana Diabecare ...

Schneider Electric EcoStruxure Power Build-Rapsody

Titel

Schneider Electric EcoStruxure Power Build-Rapsody

Veröffentlicht

12. Januar 2021 16:55

URL

https://us-cert.cisa.gov/ics/advisories/icsa-21-012-01

Text

This advisory contains mitigations for an Unrestricted Upload of File with Dangerous Type vulnerability in the Schneider Electric EcoStruxure Power Build-Rapsody software.

Siemens JT2Go and Teamcenter Visualization

Titel

Siemens JT2Go and Teamcenter Visualization

Veröffentlicht

12. Januar 2021 16:45

URL

https://us-cert.cisa.gov/ics/advisories/icsa-21-012-03

Text

This advisory contains mitigations for a Type Confusion, Improper Restriction of XML External Entity Reference, Out-of-bounds Write, Heap-based Buffer Overflow, Stack-based Buffer Overflow, Untrusted Pointer Dereference, and Out-of-bounds Read vulnerabilities in Siemens JT2Go and Teamcenter Visualization software products.

https://us-cert.cisa.gov/ics/advisories/icsa-21-012-04

Siemens Solid Edge

Titel

Siemens Solid Edge

Veröffentlicht

12. Januar 2021 16:40

URL

Text

This advisory contains mitigations for Out-of-bounds Write, and Stack-based Buffer Overflow vulnerabilities in Siemens Solid Edge software tools.

Siemens SCALANCE X Products

Titel

Siemens SCALANCE X Products

Veröffentlicht

12. Januar 2021 16:35

URL

https://us-cert.cisa.gov/ics/advisories/icsa-21-012-05

Text

This advisory contains mitigations for Missing Authentication for Critical Function, and Heap-based Buffer Overflow vulnerabilities in Siemens SCALANCE X switches.

Siemens Opcenter Execution Core (Update B)

Titel

Siemens Opcenter Execution Core (Update B)

Veröffentlicht

12. Januar 2021 16:30

URL

https://us-cert.cisa.gov/ics/advisories/icsa-20-196-07

Text

This updated advisory is a follow-up to the original advisory titled ICSA-20-196-07 Siemens Opcenter Execution Core (Update A) that was published August 11, 2020, to the ICS webpage on us-cert.cisa.gov. This advisory contains mitigations for Cross-site Scripting, SQL Injection, and Improper Access Control vulnerabilities in Siemens Opcenter Execution Core software.

Siemens SIMATIC, SINAMICS, SINEC, SINEMA, SINUMERIK (Update E)

Titel

Siemens SIMATIC, SINAMICS, SINEC, SINEMA, SINUMERIK (Update E)

Veröffentlicht

12. Januar 2021 16:25

URL

https://us-cert.cisa.gov/ics/advisories/icsa-20-161-04

Text

This updated advisory is a follow-up to the advisory update titled ICSA-20-161-04 Siemens SIMATIC, SINAMICS, SINEC, SINEMA, SINUMERIK (Update D) that was published December 8, 2020, to the ICS webpage on us-cert.cisa.gov. This advisory contains mitigations for an Unquoted Search Path or Element vulnerability in Siemens SIMATIC, SINAMICS, SINEC, SINEMA, ...

Siemens SIMOTICS, Desigo, APOGEE, and TALON (Update A)

Titel

Siemens SIMOTICS, Desigo, APOGEE, and TALON (Update A)

Veröffentlicht

12. Januar 2021 16:20

URL

https://us-cert.cisa.gov/ics/advisories/icsa-20-105-06

Text

This updated advisory is a follow-up to the original advisory titled ICSA-20-105-06 Siemens SIMOTICS, Desigo, APOGEE, and TALON that was published April 14, 2020, to the ICS webpage on us-cert.cisa.gov. This advisory contains mitigations for a business logic errors vulnerability in Siemens SIMOTICS, Desigo, APOGEE, and TALON products.

Siemens SCALANCE & SIMATIC (Update C)

Titel

Siemens SCALANCE & SIMATIC (Update C)

Veröffentlicht

12. Januar 2021 16:15

URL

https://us-cert.cisa.gov/ics/advisories/icsa-20-105-07

Text

This updated advisory is a follow-up to the advisory update titled ICSA-20-105-07 Siemens SCALANCE & SIMATIC (Update B) that was published September 8, 2020, to the ICS webpage on us-cert.cisa.gov. This advisory contains mitigations for a resource exhaustion vulnerability in Siemens SCALANCE and SIMATIC products.

Dezember 2020

01.12.2020

Schneider Electric EcoStruxure Operator Terminal Expert runtime (Vijeo XD)

Titel

Schneider Electric EcoStruxure Operator Terminal Expert runtime (Vijeo XD)

Veröffentlicht

1. Dezember 2020 16:00

URL

https://us-cert.cisa.gov/ics/advisories/icsa-20-336-01

Text

This advisory contains mitigations for an Improper Privilege Management vulnerability in Schneider Electric EcoStruxure Operator Terminal Expert products.

November 2020

24.11.2020