August 2022
09.08.2022
SIEMENS CERT
SSA-592007 V1.8 (Last Update: 2022-08-09): Denial-of-Service Vulnerability in Industrial Products
Title
SSA-592007 V1.8 (Last Update: 2022-08-09): Denial-of-Service Vulnerability in Industrial Products
Published
Aug. 9, 2022, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-592007.pdf
Summary
Several industrial controllers are affected by a security vulnerability that could allow an attacker to cause a Denial-of-Service condition via PROFINET DCP network packets under certain circumstances. Precondition for this scenario is a direct OSI Layer 2 access to the affected products. PROFIBUS interfaces are not affected. Siemens has released ...
09.08.2022
SIEMENS CERT
SSA-764417 V1.4 (Last Update: 2022-08-09): Weak Encryption Vulnerability in RUGGEDCOM ROS Devices
Title
SSA-764417 V1.4 (Last Update: 2022-08-09): Weak Encryption Vulnerability in RUGGEDCOM ROS Devices
Published
Aug. 9, 2022, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-764417.pdf
Summary
The SSH server on RUGGEDCOM ROS devices is configured to offer weak ciphers by default. This could allow an unauthorized attacker in a man-in-the-middle position to read and modify any data passed over the connection between legitimate clients and the affected device. Siemens recommends specific countermeasures for products where updates ...
09.08.2022
SIEMENS CERT
SSA-429204 V1.1 (Last Update: 2022-08-09): Open Design Alliance Drawings SDK Vulnerabilities in JT2Go and Teamcenter Visualization
Title
SSA-429204 V1.1 (Last Update: 2022-08-09): Open Design Alliance Drawings SDK Vulnerabilities in JT2Go and Teamcenter Visualization
Published
Aug. 9, 2022, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-429204.pdf
Summary
JT2Go and Teamcenter Visualization are affected by multiple file parsing vulnerabilities in Drawings SDK from Open Design Alliance. If a user is tricked to open a malicious DWG file with any of the affected products, this could lead the application to crash or potentially lead to arbitrary code execution. Siemens ...
09.08.2022
SIEMENS CERT
SSA-759952 V1.0: Command Injection and Denial of Service Vulnerability in Teamcenter
Title
SSA-759952 V1.0: Command Injection and Denial of Service Vulnerability in Teamcenter
Published
Aug. 9, 2022, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-759952.pdf
Summary
Teamcenter is affected by two security vulnerabilities in the File Service Cache service that could lead to command injection and denial of service issues. Siemens has released updates for the affected products and recommends to update to the latest versions.
09.08.2022
SIEMENS CERT
SSA-732250 V1.2 (Last Update: 2022-08-09): Libcurl Vulnerabilities in Industrial Devices
Title
SSA-732250 V1.2 (Last Update: 2022-08-09): Libcurl Vulnerabilities in Industrial Devices
Published
Aug. 9, 2022, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-732250.pdf
Summary
Vulnerabilities in third-party component cURL could allow an attacker to interfere with the affected products in various ways. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends countermeasures for products where updates are not, or not yet available.
09.08.2022
SIEMENS CERT
SSA-914168 V1.3 (Last Update: 2022-08-09): Multiple Vulnerabilities in SIMATIC WinCC Affecting Other SIMATIC Software Products
Title
SSA-914168 V1.3 (Last Update: 2022-08-09): Multiple Vulnerabilities in SIMATIC WinCC Affecting Other SIMATIC Software Products
Published
Aug. 9, 2022, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-914168.pdf
Summary
Multiple vulnerabilities were found in SIMATIC WinCC that ultimately could allow attackers to retrieve and brute force password hashes and access other systems. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products ...
09.08.2022
SIEMENS CERT
SSA-841348 V1.9 (Last Update: 2022-08-09): Multiple Vulnerabilities in the UMC Component
Title
SSA-841348 V1.9 (Last Update: 2022-08-09): Multiple Vulnerabilities in the UMC Component
Published
Aug. 9, 2022, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf
Summary
The products listed below contain two security vulnerabilities in the UMC component that could allow an attacker to cause a partial denial-of-service of the UMC component, or to locally escalate privileges from a user with administrative privileges to execute code with SYSTEM level privileges. Siemens has released updates for several ...
09.08.2022
SIEMENS CERT
SSA-840800 V1.1 (Last Update: 2022-08-09): Code Injection Vulnerability in RUGGEDCOM ROS
Title
SSA-840800 V1.1 (Last Update: 2022-08-09): Code Injection Vulnerability in RUGGEDCOM ROS
Published
Aug. 9, 2022, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-840800.pdf
Summary
RUGGEDCOM ROS-based devices are vulnerable to a web-based code injection attack. To execute this attack, it is necessary to access the system via the Command Line Interface (CLI). Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products ...
09.08.2022
SIEMENS CERT
SSA-829738 V1.1 (Last Update: 2022-08-09): Datalogics File Parsing Vulnerability in Teamcenter Visualization and JT2Go
Title
SSA-829738 V1.1 (Last Update: 2022-08-09): Datalogics File Parsing Vulnerability in Teamcenter Visualization and JT2Go
Published
Aug. 9, 2022, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-829738.pdf
Summary
Siemens Teamcenter Visualization and JT2Go are affected by an out of bounds write vulnerability in APDFL library from Datalogics. If a user is tricked to open a malicious PDF file with the affected products, this could lead the application to crash or potentially lead to arbitrary code execution. Siemens has ...
09.08.2022
SIEMENS CERT
SSA-941426 V1.3 (Last Update: 2022-08-09): Multiple LLDP Vulnerabilities in Industrial Products
Title
SSA-941426 V1.3 (Last Update: 2022-08-09): Multiple LLDP Vulnerabilities in Industrial Products
Published
Aug. 9, 2022, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-941426.pdf
Summary
There are multiple vulnerabilities in an underlying Link Layer Discovery Protocol (LLDP) third party library. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not, or not yet available.
09.08.2022
SIEMENS CERT
SSA-789162 V1.2 (Last Update: 2022-08-09): Vulnerabilities in Teamcenter
Title
SSA-789162 V1.2 (Last Update: 2022-08-09): Vulnerabilities in Teamcenter
Published
Aug. 9, 2022, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-789162.pdf
Summary
Teamcenter is affected by XML External Entity Injection (XXE, CVE-2022-29801) and a stack based buffer overflow vulnerability (CVE-2022-24290). XXE impacts only Teamcenter versions before V13.1. Siemens has released updates for the affected products and recommends to update to the latest versions.
09.08.2022
SIEMENS CERT
SSA-629512 V1.6 (Last Update: 2022-08-09): Local Privilege Escalation Vulnerability in TIA Portal
Title
SSA-629512 V1.6 (Last Update: 2022-08-09): Local Privilege Escalation Vulnerability in TIA Portal
Published
Aug. 9, 2022, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-629512.pdf
Summary
The latest updates for TIA Portal fix a vulnerability that could allow a local attacker to execute arbitrary code with SYSTEM privileges. Update: The previously provided fixes only correctly set the permissions on English Windows versions. Siemens has released updates for several affected products and recommends to update to the ...
09.08.2022
SIEMENS CERT
SSA-324955 V1.9 (Last Update: 2022-08-09): SAD DNS Attack in Linux Based Products
Title
SSA-324955 V1.9 (Last Update: 2022-08-09): SAD DNS Attack in Linux Based Products
Published
Aug. 9, 2022, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-324955.pdf
Summary
A vulnerability made public under the name SAD DNS affects Domain Name System resolvers due to a vulnerability in the Linux kernel when handling ICMP packets. The Siemens products which are affected are listed below. For more information please see https://www.saddns.net/. Siemens has released updates for several affected products and ...
09.08.2022
SIEMENS CERT
SSA-306654 V1.3 (Last Update: 2022-08-09): Insyde BIOS Vulnerabilities in Siemens Industrial Products
Title
SSA-306654 V1.3 (Last Update: 2022-08-09): Insyde BIOS Vulnerabilities in Siemens Industrial Products
Published
Aug. 9, 2022, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf
Summary
Insyde has published information on vulnerabilities in Insyde BIOS in February 2022. This advisory lists the Siemens Industrial products affected by these vulnerabilities. Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available.
04.08.2022
US CERT
AA22-216A: 2021 Top Malware Strains
Title
AA22-216A: 2021 Top Malware Strains
Published
Aug. 4, 2022, 8:10 p.m.
URL
https://us-cert.cisa.gov/ncas/alerts/aa22-216a
Summary
Original release date: August 4, 2022SummaryImmediate Actions You Can Take Now to Protect Against Malware: • Patch all systems and prioritize patching known exploited vulnerabilities. • Enforce multifactor authentication (MFA). • Secure Remote Desktop Protocol (RDP) and other risky services. • Make offline backups of your data. • Provide end-user ...
04.08.2022
US CERT (ICS)
Digi ConnectPort X2D
Title
Digi ConnectPort X2D
Published
Aug. 4, 2022, 4:05 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-216-01
Summary
This advisory contains mitigations for an Execution with Unnecessary Privileges vulnerability in Digi ConnectPort X2D, a connection gateway.
02.08.2022
US CERT (ICS)
Delta Electronics DIAEnergie (Update C)
Title
Delta Electronics DIAEnergie (Update C)
Published
Aug. 2, 2022, 4:20 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-238-03
Summary
This updated advisory is a follow-up to the advisory update titled ICSA-21-238-03 Delta Electronics DIAEnergie (Update B) that was published March 22, 2022, on the ICS webpage at www.cisa.gov/ics. This advisory contains mitigations for Use of Password Hash with Insufficient Computational Effort, Authentication Bypass Using an Alternate Path or Channel, ...
02.08.2022
US CERT (ICS)
Mitsubishi Electric FA Engineering Software Products (Update F)
Title
Mitsubishi Electric FA Engineering Software Products (Update F)
Published
Aug. 2, 2022, 4:10 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-049-02
Summary
his updated advisory is a follow-up to the advisory update titled ICSA-21-049-02 Mitsubishi Electric FA Engineering Software Products (Update E) that was published May 24, 2022, to the ICS webpage on cisa.gov/ics. This advisory contains mitigations for Heap-based Buffer Overflow and Improper Handling of Length Parameter Inconsistency vulnerabilities in various ...
02.08.2022
US CERT (ICS)
Mitsubishi Electric Factory Automation Engineering Products (Update H)
Title
Mitsubishi Electric Factory Automation Engineering Products (Update H)
Published
Aug. 2, 2022, 4 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-20-212-04
Summary
This updated advisory is a follow-up to the advisory update titled ICSA-20-212-04 Mitsubishi Electric Factory Automation Engineering Products (Update E) that was published May 24, 2022, to the ICS webpage on cisa.gov/ics. This advisory contains mitigations for an Unquoted Search Path or Element vulnerability in various Mitsubishi Electric Factory Automation ...
01.08.2022
BOSCH PSIRT
Multiple Vulnerabilities in BF-OS
Title
Multiple Vulnerabilities in BF-OS
Published
Aug. 1, 2022, 2 a.m.
URL
https://psirt.bosch.com/security-advisories/bosch-sa-013924-bt.html
Summary

BOSCH-SA-013924-BT: Multiple vulnerabilities were identified in BF-OS version 3.x up to and including 3.83 used by Bigfish V3 and PR21 (Energy Platform) devices and Bigfish VM image, which are part of the data collection infrastructure of the Energy Platform solution.The most critical vulnerability may allow an unauthenticated remote attacker to ...

July 2022
28.07.2022
US CERT (ICS)
Rockwell Products Impacted by Chromium Type Confusion
Title
Rockwell Products Impacted by Chromium Type Confusion
Published
July 28, 2022, 4:10 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-209-01
Summary
This advisory contains mitigations for a Type Confusion vulnerability in various Rockwell Automation products.
28.07.2022
US CERT (ICS)
Mitsubishi Electric FA Engineering Software (Update B)
Title
Mitsubishi Electric FA Engineering Software (Update B)
Published
July 28, 2022, 4:05 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-350-05
Summary
This updated advisory is a follow-up to the advisory update titled ICSA-21-350-05 Mitsubishi Electric FA Engineering Software (Update A) that was published December 16, 2021, on the ICS webpage on cisa.gov/ics. This advisory contains mitigations for Out-of-bounds Read and Integer Underflow vulnerabilities in Mitsubishi Electric FA Engineering Software, an engineering ...
28.07.2022
US CERT (ICS)
Mitsubishi Electric Factory Automation Engineering Software (Update C)
Title
Mitsubishi Electric Factory Automation Engineering Software (Update C)
Published
July 28, 2022, 4 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-20-212-02
Summary
This updated advisory is a follow-up to the advisory update titled ICSA-20-212-02 Mitsubishi Electric Factory Automation Engineering Software (Update B) that was published May 31, 2021, to the ICS webpage on ucisa.gov/ics.
26.07.2022
US CERT (ICS)
MOXA NPort 5110
Title
MOXA NPort 5110
Published
July 26, 2022, 4:20 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-207-04
Summary
This advisory contains mitigations for an Out-of-bounds Write vulnerability in MOXA NPort 5110, a device server.
26.07.2022
US CERT (ICS)
Honeywell Saia Burgess PG5 PCD
Title
Honeywell Saia Burgess PG5 PCD
Published
July 26, 2022, 4:15 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-207-03
Summary
This advisory contains mitigations for Authentication Bypass and Use of a Broken or Risky Cryptographic Algorithm vulnerabilities in Honeywell Saia Burgess PG5 PCD, a PLC.

Last Updates

BOSCH PSIRT
21.08.2024
SIEMENS CERT
12.09.2024
US CERT
19.09.2024
US CERT (ICS)
19.09.2024

By Source

Archive

2024
2023
2022
2021
2020
2019
2018
2017

Feeds