Bulletins | CERT@VDE

This advisory contains mitigations for an Unquoted Search Path or Element vulnerability in Mitsubishi Electric Factory Automation Engineering products.

28.07.2020

US CERT (ICS)

Secomea GateManager

Title

Secomea GateManager

Published

July 28, 2020, 4:15 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-20-210-01

Summary

This advisory contains mitigations for Improper Neutralization of Null Byte or NUL Character, Off-by-one Error, Use of Hard-coded Credentials, Use of Password Hash with Insufficient Computational Effort vulnerabilities in Secomea GateManager, a VPN server.

28.07.2020

US CERT (ICS)

Softing Industrial Automation OPC

Title

Softing Industrial Automation OPC

Published

July 28, 2020, 4:10 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-20-210-02

Summary

This advisory contains mitigations for a Heap-based Buffer Overflow, and Uncontrolled Resource Consumption vulnerabilities in Softing Industrial Automation's OPC products.

28.07.2020

US CERT (ICS)

HMS Industrial Networks eCatcher

Title

HMS Industrial Networks eCatcher

Published

July 28, 2020, 4:05 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-20-210-03

Summary

This advisory contains mitigations for a Stack-based Buffer Overflow vulnerability in HMS Industrial Networks eCatcher VPN client.

28.07.2020

US CERT (ICS)

Delta Industrial Automation DOPSoft (Update A)

Title

Delta Industrial Automation DOPSoft (Update A)

Published

July 28, 2020, 4 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-20-182-01

Summary

This updated advisory is a follow-up to the original advisory titled ICSA-20-182-01 Delta Industrial Automation DOPSoft that was published June 30, 2020, on the ICS webpage on us-cert.gov. This advisory contains mitigations for out-of-bounds read and heap-based buffer overflow vulnerabilities in Delta Industrial Automation DOPSoft products.

27.07.2020

US CERT

AA20-209A: Potential Legacy Risk from Malware Targeting QNAP NAS Devices

Title

AA20-209A: Potential Legacy Risk from Malware Targeting QNAP NAS Devices

Published

July 27, 2020, 2:20 p.m.

URL

https://us-cert.cisa.gov/ncas/alerts/aa20-209a

Summary

Original release date: July 27, 2020SummaryThis is a joint alert from the United States Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC). CISA and NCSC are investigating a strain of malware known as QSnatch, which attackers used in late 2019 to target Network ...

24.07.2020

US CERT

AA20-206A: Threat Actor Exploitation of F5 BIG-IP CVE-2020-5902

Title

AA20-206A: Threat Actor Exploitation of F5 BIG-IP CVE-2020-5902

Published

July 24, 2020, 12:59 p.m.

URL

https://us-cert.cisa.gov/ncas/alerts/aa20-206a

Summary

Original release date: July 24, 2020SummaryThe Cybersecurity and Infrastructure Security Agency (CISA) is issuing this alert in response to recently disclosed exploits that target F5 BIG-IP devices that are vulnerable to CVE-2020-5902. F5 Networks, Inc. (F5) released a patch for CVE-2020-5902 on June 30, 2020.[1] Unpatched F5 BIG-IP devices are ...

23.07.2020

US CERT

AA20-205A: NSA and CISA Recommend Immediate Actions to Reduce Exposure Across Operational Technologies and Control Systems

Title

AA20-205A: NSA and CISA Recommend Immediate Actions to Reduce Exposure Across Operational Technologies and Control Systems

Published

July 23, 2020, 4:29 p.m.

URL

https://us-cert.cisa.gov/ncas/alerts/aa20-205a

Summary

Original release date: July 23, 2020SummaryNote: This Activity Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise and ATT&CK for Industrial Control Systems frameworks for all referenced threat actor techniques and mitigations. Over recent months, cyber actors have demonstrated their continued willingness ...

23.07.2020

US CERT (ICS)

Schneider Electric Triconex TriStation and Tricon Communication Module

Title

Schneider Electric Triconex TriStation and Tricon Communication Module

Published

July 23, 2020, 4 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-20-205-01

Summary

This advisory contains mitigations for Cleartext Transmission of Sensitive Information, Uncontrolled Resource Consumption, Hidden Functionality, and Improper Access Control vulnerabilities in Schneider Electric's Triconex TriStation and Tricon Communication Module products.

21.07.2020

US CERT (ICS)

Treck TCP/IP Stack (Update E)

Title

Treck TCP/IP Stack (Update E)

Published

July 21, 2020, 4 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-20-168-01

Summary

This updated advisory is a follow-up to the original advisory titled ICSA-20-168-01 Treck TCP/IP Stack (Update D) that was published July 14, 2020, to the ICS webpage on us-cert.gov. This advisory contains mitigations for Improper Handling of Length Parameter Inconsistency, Improper Input Validation, Double Free, Out-of-bounds Read, Integer Overflow or ...

16.07.2020

US CERT

AA20-198A: Malicious Cyber Actor Use of Network Tunneling and Spoofing to Obfuscate Geolocation

Title

AA20-198A: Malicious Cyber Actor Use of Network Tunneling and Spoofing to Obfuscate Geolocation

Published

July 16, 2020, 2:09 p.m.

URL

https://us-cert.cisa.gov/ncas/alerts/aa20-198a

Summary

Original release date: July 16, 2020SummaryThis Activity Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK™) and Pre-ATT&CK frameworks. See the MITRE ATT&CK for Enterprise and Pre-ATT&CK frameworks for referenced threat actor techniques. Attributing malicious cyber activity that uses network tunneling and spoofing techniques to a specific threat ...

14.07.2020

US CERT (ICS)

Capsule Technologies SmartLinx Neuron 2

Title

Capsule Technologies SmartLinx Neuron 2

Published

July 14, 2020, 5:40 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsma-20-196-01

Summary

This advisory contains mitigations for a Protection Mechanism Failure vulnerability in Capsule Technologies' SmartLinx Neuron 2, a bedside mobile clinical monitoring system.

14.07.2020

US CERT (ICS)

Advantech iView

Title

Advantech iView

Published

July 14, 2020, 5:35 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01

Summary

This advisory contains mitigations for SQL Injection, Path Traversal, Command Injection, Improper Input Validation, Missing Authentication for Critical Function, Improper Access Control vulnerabilities in Advantech's iView device management application.

14.07.2020

US CERT (ICS)

Moxa EDR-G902 and EDR-G903 Series Routers

Title

Moxa EDR-G902 and EDR-G903 Series Routers

Published

July 14, 2020, 5:30 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-20-196-02

Summary

This advisory contains mitigations for a Stack-based Buffer Overflow vulnerability in Moxa's a EDR-G902 and EDR-G903 Series Routers.

14.07.2020

US CERT (ICS)

Siemens SICAM MMU, SICAM T, and SICAM SGU

Title

Siemens SICAM MMU, SICAM T, and SICAM SGU

Published

July 14, 2020, 5:25 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-20-196-03

Summary

This advisory contains mitigations for Out-of-bounds Read, Missing Authentication for Critical Function, Missing Encryption of Sensitive Data, Use of Password Hash with Insufficient Computational Effort, Cross-site Scripting, Classic Buffer Overflow, Basic XSS, Authentication Bypass by Capture-replay vulnerabilities in Siemens' SICAM MMU, SICAM T, and SICAM SGU products.

14.07.2020

US CERT (ICS)

Siemens SIMATIC HMI Panels

Title

Siemens SIMATIC HMI Panels

Published

July 14, 2020, 5:20 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-20-196-04

Summary

This advisory contains mitigations for a Cleartext Transmission of Sensitive Information vulnerability in Siemens SIMATIC HMI panels.

14.07.2020

US CERT (ICS)

Siemens UMC Stack

Title

Siemens UMC Stack

Published

July 14, 2020, 5:15 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-20-196-05

Summary

This advisory contains mitigations for Unquoted Search Path or Element, Uncontrolled Resource Consumption, Improper Input Validation vulnerabilities in Siemens UMC components.

14.07.2020

US CERT (ICS)

Siemens SIMATIC S7-200 SMART CPU Family

Title

Siemens SIMATIC S7-200 SMART CPU Family

Published

July 14, 2020, 5:10 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-20-196-06

Summary

This advisory contains mitigations for an Uncontrolled Resource Consumption vulnerability in Siemens SIMATIC S7-200 SMART CPU Family of products.

14.07.2020

US CERT (ICS)

Siemens Opcenter Execution Core

Title

Siemens Opcenter Execution Core

Published

July 14, 2020, 5:05 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-20-196-07

Summary

This advisory contains mitigations for Cross-site Scripting, SQL Injection, and Improper Access Control vulnerabilities in Siemens Opcenter Execution Core software.

14.07.2020

SIEMENS CERT

SSA-671286 (Last Update: 2020-07-14): Multiple Vulnerabilities in SCALANCE Products

Title

SSA-671286 (Last Update: 2020-07-14): Multiple Vulnerabilities in SCALANCE Products

Published

July 14, 2020, 2 a.m.

URL

https://cert-portal.siemens.com/productcert/pdf/ssa-671286.pdf

Summary

The latest updates for the below mentioned products contain fixes for multiple vulnerabilities. The most severe could allow authenticated local users with physical access to the device to execute arbitrary commands on the device under certain conditions. Siemens has released updates for the affected products and recommends that customers update ...

14.07.2020

SIEMENS CERT

SSA-631949 (Last Update: 2020-07-14): Ripple20 and Intel SPS Vulnerabilities in SPPA-T3000 Solutions

Title

SSA-631949 (Last Update: 2020-07-14): Ripple20 and Intel SPS Vulnerabilities in SPPA-T3000 Solutions

Published

July 14, 2020, 2 a.m.

URL

https://cert-portal.siemens.com/productcert/pdf/ssa-631949.pdf

Summary

SPPA-T3000 solutions are affected by vulnerabilities that were recently dislosed by JSOF research lab (“Ripple20”) for the TCP/IP stack used in APC UPS systems, and by Intel for the Server Platform Services (SPS) used in SPPA-T3000 Application Server and Terminal Server hardware. The advisory provides information to what amount SPAA-T3000 ...

14.07.2020

SIEMENS CERT

SSA-604937 (Last Update: 2020-07-14): Multiple Web Server Vulnerabilities in Opcenter Execution Core

Title

SSA-604937 (Last Update: 2020-07-14): Multiple Web Server Vulnerabilities in Opcenter Execution Core

Published

July 14, 2020, 2 a.m.

URL

https://cert-portal.siemens.com/productcert/pdf/ssa-604937.pdf

Summary

The latest update of Opcenter Execution Core fixes multiple vulnerabilities where the most severe could allow an attacker to perform a cross-site scripting (XSS) attack under certain conditions. Siemens has released an update for the Opcenter Execution Core and recommends that customers update to the latest version. Siemens recommends specific ...

14.07.2020

SIEMENS CERT

SSA-589181 (Last Update: 2020-07-14): Denial-Of-Service in SIMATIC S7-200 SMART CPU Family Devices

Title

SSA-589181 (Last Update: 2020-07-14): Denial-Of-Service in SIMATIC S7-200 SMART CPU Family Devices

Published

July 14, 2020, 2 a.m.

URL

https://cert-portal.siemens.com/productcert/pdf/ssa-589181.pdf

Summary

The latest update for SIMATIC S7-200 SMART fixes a vulnerability that could allow an attacker to cause a permanent Denial-of-Service of an affected device by sending a large number of crafted packets. Siemens has released an update for the SIMATIC S7-200 SMART CPU family and recommends that customers update to ...

14.07.2020

SIEMENS CERT

SSA-573753 (Last Update: 2020-07-14): Remote Code Execution in Siemens LOGO! Web Server

Title

SSA-573753 (Last Update: 2020-07-14): Remote Code Execution in Siemens LOGO! Web Server

Published

July 14, 2020, 2 a.m.

URL

https://cert-portal.siemens.com/productcert/pdf/ssa-573753.pdf

Summary

The latest update for LOGO! 8 BM devices fixes a vulnerability that could allow remote code execution in the web server functionality. Siemens provides a firmware update for the latest versions of LOGO! BM.

…
117
118
119 (current)
120
121
…

Last Updates

By Source

Archive

2025

2024

2023

2022

2021

2020

2019

2018

2017

Feeds