April 2022
12.04.2022
SIEMENS CERT
SSA-764417 V1.2 (Last Update: 2022-04-12): Multiple Vulnerabilities in RUGGEDCOM Devices
Title
SSA-764417 V1.2 (Last Update: 2022-04-12): Multiple Vulnerabilities in RUGGEDCOM Devices
Published
April 12, 2022, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-764417.pdf
Summary
There is an insecure cryptographic vulnerability for the affected RUGGEDCOM devices. If an attacker were to exploit this, they could gain privileged functions. Siemens recommends specific countermeasures for products where updates are not, or not yet available.
12.04.2022
SIEMENS CERT
SSA-840188 V1.3 (Last Update: 2022-04-12): Multiple Vulnerabilities in SIMATIC WinCC Affecting Other SIMATIC Software Products
Title
SSA-840188 V1.3 (Last Update: 2022-04-12): Multiple Vulnerabilities in SIMATIC WinCC Affecting Other SIMATIC Software Products
Published
April 12, 2022, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-840188.pdf
Summary
Multiple vulnerabilities were found in SIMATIC WinCC that ultimately could allow local or remote attackers to escalate privileges and read, write or delete critical files. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures ...
12.04.2022
SIEMENS CERT
SSA-978220 V1.6 (Last Update: 2022-04-12): Denial of Service Vulnerability over SNMP in Multiple Industrial Products
Title
SSA-978220 V1.6 (Last Update: 2022-04-12): Denial of Service Vulnerability over SNMP in Multiple Industrial Products
Published
April 12, 2022, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-978220.pdf
Summary
Several industrial products are affected by a vulnerability that could allow remote attackers to conduct a denial of service attack by sending specially crafted packets to port 161/udp (SNMP). Siemens has released updates for several affected products and recommends to update to the new versions. Siemens is preparing further updates ...
12.04.2022
SIEMENS CERT
SSA-599968 V1.5 (Last Update: 2022-04-12): Denial-of-Service Vulnerability in Profinet Devices
Title
SSA-599968 V1.5 (Last Update: 2022-04-12): Denial-of-Service Vulnerability in Profinet Devices
Published
April 12, 2022, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-599968.pdf
Summary
A vulnerability in affected devices could allow an attacker to perform a denial-of-service attack if a large amount of Profinet Discovery and Configuration Protocol (DCP) reset packets is sent to the affected devices. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens ...
12.04.2022
SIEMENS CERT
SSA-414513 V1.0: Information Disclosure Vulnerability in Mendix
Title
SSA-414513 V1.0: Information Disclosure Vulnerability in Mendix
Published
April 12, 2022, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-414513.pdf
Summary
An information disclosure vulnerability in Mendix applications was discovered. The vulnerability could allow to read sensitive data. Siemens has released an update for the Mendix Applications using Mendix 9 and recommends to update to the latest version. Siemens recommends countermeasures for products where updates are not, or not yet available.
12.04.2022
SIEMENS CERT
SSA-273799 V1.3 (Last Update: 2022-04-12): Message Integrity Protection Bypass Vulnerability in SIMATIC Products
Title
SSA-273799 V1.3 (Last Update: 2022-04-12): Message Integrity Protection Bypass Vulnerability in SIMATIC Products
Published
April 12, 2022, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-273799.pdf
Summary
A message integrity protection bypass vulnerability has been identified in several SIMATIC products. The vulnerability could allow an attacker in a Man-in-the-Middle position to modify network traffic exchanged on port 102/tcp to PLCs of the SIMATIC S7-1200, SIMATIC S7-1500 and SIMATIC SoftwareController CPU families. Siemens has released updates for several ...
12.04.2022
SIEMENS CERT
SSA-836527 V1.0: Multiple Vulnerabilities in SCALANCE X-300 Switch Family Devices
Title
SSA-836527 V1.0: Multiple Vulnerabilities in SCALANCE X-300 Switch Family Devices
Published
April 12, 2022, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-836527.pdf
Summary
Several SCALANCE X-300 switches contain multiple vulnerabilities. An unauthenticated attacker could reboot, cause denial of service conditions and potentially impact the system by other means through heap and buffer overflow vulnerabilities. Siemens has released updates for the affected products and recommends to update to the latest versions.
12.04.2022
SIEMENS CERT
SSA-392912 V1.0: Multiple Denial Of Service Vulnerabilities in SCALANCE W1700 Devices
Title
SSA-392912 V1.0: Multiple Denial Of Service Vulnerabilities in SCALANCE W1700 Devices
Published
April 12, 2022, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-392912.pdf
Summary
Vulnerabilities have been identified in devices of the SCALANCE W-1700 (11ac) family that could allow an attacker to cause various denial of service conditions. Siemens has released updates for the affected products and recommends to update to the latest versions.
12.04.2022
SIEMENS CERT
SSB-439005 V4.2 (Last Update: 2022-04-12): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 151...
Title
SSB-439005 V4.2 (Last Update: 2022-04-12): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP
Published
April 12, 2022, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssb-439005.pdf
Summary
07.04.2022
US CERT (ICS)
Pepperl+Fuchs WirelessHART-Gateway
Title
Pepperl+Fuchs WirelessHART-Gateway
Published
April 7, 2022, 4:10 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-097-01
Summary
This advisory contains mitigations for several vulnerabilities in Pepperl+Fuchs WirelessHART-Gateway industrial networking devices.
07.04.2022
US CERT (ICS)
ABB SPIET800 and PNI800
Title
ABB SPIET800 and PNI800
Published
April 7, 2022, 4:05 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-097-02
Summary
This advisory contains mitigations for Incomplete Internal State Distinction, Improper Handling of Unexpected Data Type, and Uncontrolled Resource Consumption vulnerabilities in ABB Symphony Plus SPIET800 and PNI800 network interface modules.
05.04.2022
US CERT (ICS)
LifePoint Informatics Patient Portal
Title
LifePoint Informatics Patient Portal
Published
April 5, 2022, 4:15 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsma-22-095-01
Summary
This advisory contains mitigations for an Authentication Bypass Using Alternate Path or Channel vulnerability in the LifePoint Informatics Patient Portal, a website containing patient health data.
05.04.2022
US CERT (ICS)
Philips Vue PACS (Update B)
Title
Philips Vue PACS (Update B)
Published
April 5, 2022, 4 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsma-21-187-01
Summary
This updated advisory is a follow-up to the advisory update titled ICSMA-21-87-01 Philips Vue PACS (Update A) that was published January 20, 2022, to the ICS webpage on www.cisa.gov/uscert/ics. This advisory contains mitigations for numerous vulnerabilities in Philips Vue PACS products.
March 2022
31.03.2022
US CERT (ICS)
Schneider Electric SCADAPack Workbench
Title
Schneider Electric SCADAPack Workbench
Published
March 31, 2022, 4:40 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-090-01
Summary
This advisory contains mitigations for an Improper Restriction of XML External Entity Reference vulnerability in Schneider Electric SCADAPack Workbench software.
31.03.2022
US CERT (ICS)
Hitachi Energy e-mesh EMS
Title
Hitachi Energy e-mesh EMS
Published
March 31, 2022, 4:35 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-090-02
Summary
This advisory contains mitigations for Improper Restriction of Operations Within the Bounds of a Memory Buffer, Use After Free, and Uncontrolled Resource Consumption vulnerabilities in Hitachi Energy e-mesh EMS, an optimizer software for energy resources.
31.03.2022
US CERT (ICS)
Fuji Electric Alpha5
Title
Fuji Electric Alpha5
Published
March 31, 2022, 4:30 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-090-03
Summary
This advisory contains mitigations for Access of Uninitialized Pointer, Out-of-bound Read, Stack-based Buffer Overflow, and Heap-based Buffer Overflow vulnerabilities in the Fuji Electric Alpha5 servo drive system.
31.03.2022
US CERT (ICS)
Mitsubishi Electric FA Products
Title
Mitsubishi Electric FA Products
Published
March 31, 2022, 4:25 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-090-04
Summary
This advisory contains mitigations for a Use of Password Hash Instead of Password for Authentication, Use of Weak Hash, Cleartext Storage of Sensitive Information, and Authentication Bypass by Capture-replay vulnerabilities in Mitsubishi Electric FA CPU module products.
31.03.2022
US CERT (ICS)
General Electric Renewable Energy MDS Radios
Title
General Electric Renewable Energy MDS Radios
Published
March 31, 2022, 4:15 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-090-06
Summary
This advisory contains mitigations for Improper Input Validation, Hidden Functionality, Inadequate Encryption Strength, Uncontrolled Resource Consumption, Plaintext Storage of a Password, and Download of Code Without Integrity Check vulnerabilities in General Electric Renewable Energy MDS Radios.
31.03.2022
US CERT (ICS)
Rockwell Automation Studio 5000 Logix Designer
Title
Rockwell Automation Studio 5000 Logix Designer
Published
March 31, 2022, 4:10 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-090-07
Summary
This advisory contains mitigations for a Code Injection vulnerability in Rockwell Automation Studio 5000 Logix Designer design configuration hardware.
31.03.2022
US CERT (ICS)
PTC Axeda agent and Axeda Desktop Server (Update C)
Title
PTC Axeda agent and Axeda Desktop Server (Update C)
Published
March 31, 2022, 4:05 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-067-01
Summary
This updated advisory is a follow-up to the advisory update titled ICSA-22-067-01 PTC Axeda agent and Axeda Desktop Server (Update B) that was published March 15, 2022, on the ICS webpage on www.cisa.gov/uscert. This advisory contains mitigations for Use of Hard-coded Credentials, Missing Authentication for Critical Function, Exposure of Sensitive ...
31.03.2022
US CERT (ICS)
Mitsubishi Electric MELSEC iQ-R, Q and L Series (Update C)
Title
Mitsubishi Electric MELSEC iQ-R, Q and L Series (Update C)
Published
March 31, 2022, 4 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-20-303-01
Summary
This updated advisory is a follow-up to the advisory update ICSA-20-303-01 Mitsubishi Electric MELSEC iQ-R, Q and L Series (Update B) that was published January 13, 2022, to the ICS webpage on www.cisa.gov/uscert. This advisory contains mitigations for an Uncontrolled Resource Consumption vulnerability in Mitsubishi Electric's MELSEC iQ-R, Q and ...
30.03.2022
BOSCH PSIRT
Buffer Overflow Vulnerability in Recovery Image
Title
Buffer Overflow Vulnerability in Recovery Image
Published
March 30, 2022, 2 a.m.
URL
https://psirt.bosch.com/security-advisories/bosch-sa-446276-bt.html
Summary

BOSCH-SA-446276-BT: A recently discovered security vulnerability allows an attacker to cause an buffer overflow in the recovery image, crashing the application and open the possibility for code execution.The recovery image can only be booted using a command requiring administrative access or requiring physical access to the device.Bosch rates this vulnerability ...

29.03.2022
US CERT (ICS)
Philips e-Alert
Title
Philips e-Alert
Published
March 29, 2022, 4:25 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsma-22-088-01
Summary
This advisory contains mitigations for Missing Authentication for Critical Function vulnerability in the Philips e-Alert MRI system monitoring platform.
29.03.2022
US CERT (ICS)
Rockwell Automation ISaGRAF
Title
Rockwell Automation ISaGRAF
Published
March 29, 2022, 4:20 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-088-01
Summary
This advisory contains mitigations for an Improper Restriction of XML External Entity Reference vulnerability in Rockwell Automation ISaGRAF software products.
29.03.2022
US CERT (ICS)
Omron CX-Position
Title
Omron CX-Position
Published
March 29, 2022, 4:15 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-088-02
Summary
This advisory contains mitigations for Stack-based Buffer Overflow, Improper Restriction of Operations Within the Bounds of a Memory Buffer, Use After Free, and Out-of-bounds Write vulnerabilities in the Omron CX-Position control software.

Last Updates

BOSCH PSIRT
21.08.2024
SIEMENS CERT
12.09.2024
US CERT
19.09.2024
US CERT (ICS)
19.09.2024

By Source

Archive

2024
2023
2022
2021
2020
2019
2018
2017

Feeds