March 2022
28.03.2022
SIEMENS CERT
SSA-593272 V1.5 (Last Update: 2022-03-28): SegmentSmack in Interniche IP-Stack based Industrial Devices
Title
SSA-593272 V1.5 (Last Update: 2022-03-28): SegmentSmack in Interniche IP-Stack based Industrial Devices
Published
March 28, 2022, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-593272.pdf
Summary
A vulnerability exists in affected products that could allow remote attackers to affect the availability of the devices under certain conditions. The underlying TCP stack can be forced to make very computation expensive calls for every incoming packet which can lead to a Denial-of-Service.
24.03.2022
US CERT
AA22-083A: Tactics, Techniques, and Procedures of Indicted State-Sponsored Russian Cyber Actors Targeting the Energy Sector
Title
AA22-083A: Tactics, Techniques, and Procedures of Indicted State-Sponsored Russian Cyber Actors Targeting the Energy Sector
Published
March 24, 2022, 3 p.m.
URL
https://us-cert.cisa.gov/ncas/alerts/aa22-083a
Summary
Original release date: March 24, 2022SummaryActions to Take Today to Protect Energy Sector Networks: • Implement and ensure robust network segmentation between IT and ICS networks. • Enforce MFA to authenticate to a system. • Manage the creation of, modification of, use of—and permissions associated with—privileged accounts. This joint Cybersecurity ...
23.03.2022
BOSCH PSIRT
Bosch Fire Monitoring System (FSM) affected by log4net Vulnerability
Title
Bosch Fire Monitoring System (FSM) affected by log4net Vulnerability
Published
March 23, 2022, 1 a.m.
URL
https://psirt.bosch.com/security-advisories/bosch-sa-479793-bt.html
Summary

BOSCH-SA-479793-BT: A vulnerability has been discovered affecting the Bosch Fire Monitoring System (FSM-2500, FSM-5000, FSM-10k and obsolete FSM-10000). The issue applies to FSM server with version 5.6.630 and lower, and FSM client with version 5.6.2131 and lower. Bosch recommends customers to update vulnerable components with the provided patch. The vulnerability ...

22.03.2022
US CERT (ICS)
Delta Electronics DIAEnergie (Update B)
Title
Delta Electronics DIAEnergie (Update B)
Published
March 22, 2022, 3 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-238-03
Summary
This updated advisory is a follow-up to the advisory update titled ICSA-21-238-03 Delta Electronics DIAEnergie (Update A) that was published December 16, 2021, on the ICS webpage at www.cisa.gov/uscert. This advisory contains mitigations for several vulnerabilities in the Delta Electronics DIAEnergie industrial energy management system.
17.03.2022
US CERT
AA22-076A: Strengthening Cybersecurity of SATCOM Network Providers and Customers
Title
AA22-076A: Strengthening Cybersecurity of SATCOM Network Providers and Customers
Published
March 17, 2022, 8 p.m.
URL
https://us-cert.cisa.gov/ncas/alerts/aa22-076a
Summary
Original release date: March 17, 2022SummaryActions to Take Today: • Use secure methods for authentication. • Enforce principle of least privilege. • Review trust relationships. • Implement encryption. • Ensure robust patching and system configuration audits. • Monitor logs for suspicious activity. • Ensure incident response, resilience, and continuity of ...
17.03.2022
US CERT (ICS)
Treck TCP/IP Stack (Update H)
Title
Treck TCP/IP Stack (Update H)
Published
March 17, 2022, 3 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-20-168-01
Summary
This updated advisory is a follow-up to the advisory update titled ICSA-20-168-01 Treck TCP/IP Stack (Update G) that was published Aug 20, 2020, to the ICS webpage on www.cisa.gov/uscert. This advisory contains mitigations for Improper Handling of Length Parameter Inconsistency, Improper Input Validation, Double Free, Out-of-bounds Read, Integer Overflow or ...
16.03.2022
BOSCH PSIRT
Improper Restriction of XML External Entity Reference in BVMS
Title
Improper Restriction of XML External Entity Reference in BVMS
Published
March 16, 2022, 1 a.m.
URL
https://psirt.bosch.com/security-advisories/bosch-sa-506619-bt.html
Summary

BOSCH-SA-506619-BT: When BVMS is installed in an installation folder where low-priviledged users have write access, BVMS is affected by a security vulnerability, which potentially allows for XXE-based attacks in applications that accept attacker-controlled log4net configuration files.Bosch rates the vulnerability with a CVSS v3.1 Base Score of 5.7 (Medium) when the ...

15.03.2022
US CERT (ICS)
ABB OPC Server for AC 800M
Title
ABB OPC Server for AC 800M
Published
March 15, 2022, 3:05 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-074-01
Summary
This advisory contains mitigations for an Execution with Unnecessary Privileges vulnerability in the ABB OPC Server for AC 800M run-time data reader.
15.03.2022
US CERT (ICS)
PTC Axeda agent and Axeda Desktop Server (Update B)
Title
PTC Axeda agent and Axeda Desktop Server (Update B)
Published
March 15, 2022, 3 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-067-01
Summary
This updated advisory is a follow-up to the original advisory titled ICSA-22-067-01 PTC Axeda agent and Axeda Desktop Server (Update A) that was published March 10, 2022, on the ICS webpage on www.cisa.gov/uscert. This advisory contains mitigations for Use of Hard-coded Credentials, Missing Authentication for Critical Function, Exposure of Sensitive ...
15.03.2022
US CERT
AA22-074A: Russian State-Sponsored Cyber Actors Gain Network Access by Exploiting Default Multifactor Authentication Protocols ...
Title
AA22-074A: Russian State-Sponsored Cyber Actors Gain Network Access by Exploiting Default Multifactor Authentication Protocols and “PrintNightmare” Vulnerability
Published
March 15, 2022, 3 p.m.
URL
https://us-cert.cisa.gov/ncas/alerts/aa22-074a
Summary
Original release date: March 15, 2022SummaryMultifactor Authentication (MFA): A Cybersecurity Essential • MFA is one of the most important cybersecurity practices to reduce the risk of intrusions—according to industry research, users who enable MFA are up to 99 percent less likely to have an account compromised. • Every organization should ...
11.03.2022
US CERT (ICS)
Siemens RUGGEDCOM Devices
Title
Siemens RUGGEDCOM Devices
Published
March 11, 2022, 5:55 a.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-069-01
Summary
This advisory contains mitigations for a Missing Encryption of Sensitive Data vulnerability in devices using the Siemens RUGGEDCOM software platform.
11.03.2022
SIEMENS CERT
SSA-764417 V1.1 (Last Update: 2022-03-11): Multiple Vulnerabilities in RUGGEDCOM Devices
Title
SSA-764417 V1.1 (Last Update: 2022-03-11): Multiple Vulnerabilities in RUGGEDCOM Devices
Published
March 11, 2022, 1 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-764417.pdf
Summary
There is an insecure cryptographic vulnerability for the affected RUGGEDCOM devices. If an attacker were to exploit this, they could gain privileged functions. Siemens recommends specific countermeasures for products where updates are not, or not yet available.
11.03.2022
SIEMENS CERT
SSA-593272 V1.4 (Last Update: 2022-03-11): SegmentSmack in Interniche IP-Stack based Industrial Devices
Title
SSA-593272 V1.4 (Last Update: 2022-03-11): SegmentSmack in Interniche IP-Stack based Industrial Devices
Published
March 11, 2022, 1 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-593272.pdf
Summary
A vulnerability exists in affected products that could allow remote attackers to affect the availability of the devices under certain conditions. The underlying TCP stack can be forced to make very computation expensive calls for every incoming packet which can lead to a Denial-of-Service.
11.03.2022
SIEMENS CERT
SSA-256353 V1.1 (Last Update: 2022-03-11): Third-Party Component Vulnerabilities in RUGGEDCOM ROS
Title
SSA-256353 V1.1 (Last Update: 2022-03-11): Third-Party Component Vulnerabilities in RUGGEDCOM ROS
Published
March 11, 2022, 1 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-256353.pdf
Summary
Multiple vulnerabilities affect various third-party components of the RUGGEDCOM ROS, and a cross-site scripting exploit. If exploited, an attacker could cause a denial-of-service, act as a man-in-the-middle or retrieval of sensitive information or gain privileged functions. Siemens has released updates for several affected products and recommends to update to the ...
10.03.2022
US CERT (ICS)
Siemens SIMOTICS CONNECT 400
Title
Siemens SIMOTICS CONNECT 400
Published
March 10, 2022, 5:50 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-069-02
Summary
This advisory contains mitigations for Type Confusion, Improper Validation of Specified Quantity in Input, Wrap or Wraparound, Improper Handling of Inconsistent Structural Elements vulnerabilities in the Siemens SIMOTICS CONNECT 400 connectivity module.
10.03.2022
US CERT (ICS)
Siemens SINEMA Mendix Forgot Password Appstore
Title
Siemens SINEMA Mendix Forgot Password Appstore
Published
March 10, 2022, 5:40 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-069-04
Summary
This advisory contains mitigations for Improper Access Control, an d Improper Restriction of Excessive Authentication Attempts vulnerabilities in the Siemens SINEMA Mendix Forgot Password Appstore password management module.
10.03.2022
US CERT (ICS)
Siemens COMOS
Title
Siemens COMOS
Published
March 10, 2022, 5:30 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-069-06
Summary
This advisory contains mitigations for Memory Allocation with Excessive Size Value, Untrusted Pointer Dereference, Type Confusion, Stack-based Buffer Overflow, Out-of-bounds Write, Out-of-bounds Read, Use After Free, Improper Check for Unusual or Exceptional Conditions vulnerabilities in Siemens COM collaborative plan design software.
10.03.2022
US CERT (ICS)
Siemens Climatix POL909
Title
Siemens Climatix POL909
Published
March 10, 2022, 5:25 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-069-07
Summary
This advisory contains mitigations for Cross-site Scripting, and Improper Access Control vulnerabilities in of Climatix POL909 AWM and AWB web modules.
10.03.2022
US CERT (ICS)
Siemens Polarion ALM
Title
Siemens Polarion ALM
Published
March 10, 2022, 5:20 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-069-08
Summary
This advisory contains mitigations for a Cross-site Scripting vulnerability in Siemens Siemens Polarion ALM management software.
10.03.2022
US CERT (ICS)
Siemens SINEC INS
Title
Siemens SINEC INS
Published
March 10, 2022, 5:15 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-069-09
Summary
This advisory contains mitigations for a Using Components with Known Vulnerabilities vulnerability in the Siemens SINECC INS web-based application.
08.03.2022
US CERT (ICS)
PTC Axeda agent and Axeda Desktop Server
Title
PTC Axeda agent and Axeda Desktop Server
Published
March 8, 2022, 4:10 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-067-01
Summary
This advisory contains mitigations for Use of Hard-coded Credentials, Missing Authentication for Critical Function, Exposure of Sensitive Information to an Unauthorized Actor, Path Traversal, Improper Check or Handling of Exceptional Conditions vulnerabilities in Axeda agent and Axeda Desktop Server, a remote asset connectivity software used as part of a cloud ...
08.03.2022
US CERT (ICS)
AVEVA System Platform
Title
AVEVA System Platform
Published
March 8, 2022, 4:05 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-067-02
Summary
This advisory contains mitigations for a Cleartext Storage of Sensitive Information in Memory vulnerability in the AVEVA System Platform, a software management product.
08.03.2022
US CERT (ICS)
Sensormatic PowerManage (Update A)
Title
Sensormatic PowerManage (Update A)
Published
March 8, 2022, 4 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-034-01
Summary
This update advisory is a follow-up to the original advisory titled ICSA-22-034-01 Sensormatic PowerManage that was published February 3, 2022, on the ICS webpage on www.cisa.gov/uscert. This advisory contains mitigations for an Improper Input Validation vulnerability in the Sensormatic PowerManage operating platform.
08.03.2022
SIEMENS CERT
SSA-501073 V1.1 (Last Update: 2022-03-08): Vulnerabilities in Controllers CPU 1518 MFP using Intel CPUs (November 2020)
Title
SSA-501073 V1.1 (Last Update: 2022-03-08): Vulnerabilities in Controllers CPU 1518 MFP using Intel CPUs (November 2020)
Published
March 8, 2022, 1 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-501073.pdf
Summary
Intel has published information on vulnerabilities in Intel products in November 2020. This advisory lists the Siemens Controllers that are affected by these vulnerabilities. In this advisory we take a representative CVE from each advisory: “Intel CSME, SPS, TXE, AMT and DAL Advisory” Intel-SA-00391 is represented by CVE-2020-8744 “BIOS Advisory” ...
08.03.2022
SIEMENS CERT
SSA-840188 V1.2 (Last Update: 2022-03-08): Multiple Vulnerabilities in SIMATIC WinCC Affecting Other SIMATIC Software Products
Title
SSA-840188 V1.2 (Last Update: 2022-03-08): Multiple Vulnerabilities in SIMATIC WinCC Affecting Other SIMATIC Software Products
Published
March 8, 2022, 1 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-840188.pdf
Summary
Multiple vulnerabilities were found in SIMATIC WinCC that ultimately could allow local or remote attackers to escalate privileges and read, write or delete critical files. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures ...

Last Updates

BOSCH PSIRT
14.08.2025
SIEMENS CERT
16.09.2025
US CERT
25.08.2025
US CERT (ICS)
18.09.2025

By Source

Archive

2025
2024
2023
2022
2021
2020
2019
2018
2017

Feeds