June 2022
Title
Pyramid Solutions EtherNet/IP Adapter Development Kit
Published
June 23, 2022, 4:05 p.m.
Summary
This advisory contains mitigations for an Out-of-bounds Write vulnerability in the Pyramid Solutions EtherNet/IP Adapter Development Kit.
Title
Elcomplus SmartICS
Published
June 23, 2022, 4 p.m.
Summary
This advisory contains mitigations for Improper Access Control, Relative Path Traversal, and Cross-site Scripting vulnerabilities in the Elcomplus SmartICS web-based HMI.
Title
Mitsubishi Electric MELSEC Q and L Series
Published
June 22, 2022, 4:25 a.m.
Summary
This advisory contains mitigations for an Improper Resource Locking vulnerability in Mitsubishi Electric MELSEC Q and L Series CPUs.
Title
Multiple Vulnerabilities PRA-ES8P2S Ethernet-Switch
Published
June 22, 2022, 2 a.m.
Summary

BOSCH-SA-247052-BT: Multiple vulnerabilities were found in the PRA-ES8P2S Ethernet-Switch including an Improper Input Validation, an Improper Privilege Management and an Execution with Unnecessary Privileges vulnerability.These vulnerabilities can give root access and/or administrator privilege to the switch from the network.Customers are advised to upgrade to version 1.01.07 that solves vulnerabilities CVE-2022-32534, ...

Title
JTEKT TOYOPUC
Published
June 21, 2022, 4:20 p.m.
Summary
This advisory contains mitigations for a Missing Authentication for Critical Function vulnerability in the JTEKT TOYOPUC programmable logic controller.
Title
Phoenix Contact Classic Line Controllers
Published
June 21, 2022, 4:15 p.m.
Summary
This advisory contains mitigations for an Insufficient Verification of Data Authenticity vulnerability in the Phoenix Contact classic line controllers.
Title
Phoenix Contact ProConOS and MULTIPROG
Published
June 21, 2022, 4:10 p.m.
Summary
This advisory contains mitigations for an Insufficient Verification of Data Authenticity vulnerability in the Phoenix Contact ProConOS and MULTIPROG software development kit.
Title
Phoenix Contact Classic Line Industrial Controllers
Published
June 21, 2022, 4:05 p.m.
Summary
This advisory contains mitigations for an Insufficient Verification of Data Authenticity vulnerability in the Phoenix Contact Classic Line Industrial Controllers.
Title
Siemens WinCC OA
Published
June 21, 2022, 4 p.m.
Summary
This advisory contains mitigations for a Use of Client-side Authentication vulnerability in the Siemens SIMATIC WinCC OA SCADA HMI system.
Title
SSA-111512 V1.0: Client-side Authentication in SIMATIC WinCC OA
Published
June 21, 2022, 2 a.m.
Summary
SIMATIC WinCC OA implements client-side only authentication, when neither server-side authentication (SSA) nor Kerberos authentication is enabled. In this configuration, attackers could impersonate other users or exploit the client-server protocol without being authenticated. Siemens recommends to enable server-side authentication (SSA) or Kerberos authentication for all WinCC OA projects, as documented ...
Title
Hillrom Medical Device Management
Published
June 17, 2022, 5:08 a.m.
Summary
This advisory contains mitigations for Use of Hard-coded Password, and Improper Access Control vulnerability in Welch Allyn resting electrocardiograph devices. Hillrom Medical. Welch Allyn, and ELI are registered trademarks of Baxter International, Inc., or its subsidiaries.
Title
AutomationDirect C-More EA9 HMI
Published
June 17, 2022, 5:06 a.m.
Summary
This advisory contains mitigations for Uncontrolled Search Path Element, Cleartext Transmission of Sensitive Information vulnerabilities in AutomationDirect C-More EA9 human-machine interface products.
Title
AutomationDirect DirectLOGIC with Serial Communication
Published
June 16, 2022, 5:04 p.m.
Summary
This advisory contains mitigations for a Cleartext Transmission of Sensitive Information vulnerability in DirectLOGIC programmable controllers with serial communication.
Title
AutomationDirect DirectLOGIC with Ethernet
Published
June 16, 2022, 5:02 p.m.
Summary
This advisory contains mitigations for Uncontrolled Resource Consumption, and Cleartext Transmission of Sensitive Information vulnerabilities in AutomationDirect DirectLOGIC programmable logic Ethernet controllers.
Title
Siemens Mendix SAML Module
Published
June 16, 2022, 5 p.m.
Summary
This advisory contains mitigations for Improper Restriction of XML External Entity Reference, and Cross-site Scripting vulnerabilities in the Siemens Mendix SAML Module.
Title
Siemens Apache HTTP Server
Published
June 16, 2022, 4:56 p.m.
Summary
This advisory contains mitigations for NULL Pointer Dereference, Out-of-bounds Write, and Server-side Request Forgery (SSRF) vulnerabilities in the Siemens Apache HTTP Server.
Title
Siemens SICAM GridEdge
Published
June 16, 2022, 4:52 p.m.
Summary
This advisory contains mitigations for Missing Authentication for Critical Function, and Resource Leak vulnerabilities in the Siemens SICAM GridEdge Essential ARM.
Title
Siemens SCALANCE LPE9403 Third-Party Vulnerabilities
Published
June 16, 2022, 4:50 p.m.
Summary
This advisory contains mitigations for vulnerabilities in the Siemens SCALANCE LPE9403, a processing power extension for the SCALANCE family of products.
Title
Siemens SCALANCE XM-400 and XR-500
Published
June 16, 2022, 4:48 p.m.
Summary
This advisory contains mitigations for an Improper Validation of Integrity Check Value vulnerability in the Siemens SCALANCE XM-400 and XR-500 industrial switches.
Title
Siemens Xpedition Designer
Published
June 16, 2022, 4:46 p.m.
Summary
This advisory contains mitigations for an Incorrect Permission Assignment for Critical Resource vulnerability in the Siemens Xpedition Designer PCB design flow products.
Title
Siemens Spectrum Power Systems
Published
June 16, 2022, 4:44 p.m.
Summary
This advisory contains mitigations for a Use of Hard-coded Credentials vulnerability in the Siemens Spectrum Power data modelling and monitoring system.
Title
Siemens OpenSSL Affected Industrial Products
Published
June 16, 2022, 4:40 p.m.
Summary
This advisory contains mitigations for an Infinite Loop vulnerability in the Siemens OpenSSL Affected Industrial Products.
Title
Johnson Controls Metasys ADS ADX OAS Servers
Published
June 14, 2022, 4:10 p.m.
Summary
This advisory contains mitigations for Unverified Password Change, and Cross-site Scripting vulnerabilities in the Johnson Controls Metasys ADS ADX OAS Servers.
Title
Meridian Cooperative Meridian
Published
June 14, 2022, 4:05 p.m.
Summary
This advisory contains mitigations for an Improper Access Control vulnerability in Meridian utility software.
Title
Mitsubishi Electric MELSEC-Q/L and MELSEC iQ-R
Published
June 14, 2022, 4 p.m.
Summary
This advisory contains mitigations for an Improper Input Validation vulnerability in the Mitsubishi Electric MELSEC-Q/L Series and MELSEC iQ-R Series Interface Modules.

Last Updates

BOSCH PSIRT
31.10.2024
SIEMENS CERT
22.11.2024
US CERT
08.11.2024
US CERT (ICS)
21.11.2024

By Source

Archive

2024
2023
2022
2021
2020
2019
2018
2017

Feeds