May 2022
Title
BD Synapsys
Published
May 31, 2022, 4:25 p.m.
Summary
This advisory contains mitigations for an Insufficient Session Expiration vulnerability in the BD Synapsys microbiology informatics software platform.
Title
Mitsubishi Electric MELSEC iQ-F Series (Update A)
Published
May 31, 2022, 4:15 p.m.
Summary
This updated advisory is a follow-up to the original advisory titled ICSA-22-139-01 Mitsubishi Electric MELSEC iQ-F Series that was published May 19, 2022, on the ICS webpage at cisa.gov/ics. This advisory contains mitigations for Improper Input Validation vulnerabilities in Mitsubishi Electric MELSEC iQ-F Series CPU modules.
Title
Mitsubishi Electric FA Products (Update A)
Published
May 31, 2022, 4:10 p.m.
Summary
This updated advisory is a follow-up to the original advisory titled ICSA-22-090-04 Mitsubishi Electric FA Products that was published March 31, 2022, on the ICS webpage on cisa.gov/ics. This advisory contains mitigations for a Use of Password Hash Instead of Password for Authentication, Use of Weak Hash, Cleartext Storage of ...
Title
Mitsubishi Electric Multiple Products (Update D)
Published
May 31, 2022, 4:05 p.m.
Summary
This updated advisory is a follow-up to the advisory update titled ICSA-20-245-01 Mitsubishi Electric Multiple Products (Update C) that was published September 9, 2021, to the ICS webpage on cisa.gov/ics. This advisory contains mitigations for a Predictable Exact Value from Previous Values vulnerability in several Mitsubishi Electric devices.
Title
Mitsubishi Electric Factory Automation Engineering Software (Update B)
Published
May 31, 2022, 4 p.m.
Summary
This updated advisory is a follow-up to the advisory update titled ICSA-20-212-02 Mitsubishi Electric Factory Automation Engineering Software (Update A) that was published January 5, 2021, to the ICS webpage on ucisa.gov/ics. This advisory contains mitigations for a Permission Issues vulnerability in Mitsubishi Electric Factory Automation Engineering software products.
Title
Keysight N6854A Geolocation server and N6841A RF Sensor software
Published
May 26, 2022, 4:05 p.m.
Summary
This advisory contains mitigations for Relative Path Traversal, and Deserialization of Untrusted Data vulnerabilities in Keysight N6854A Geolocation and server and N6841A Sensor software, a spectrum monitoring platform.
Title
Horner Automation Cscape Csfont
Published
May 26, 2022, 4 p.m.
Summary
This advisory contains mitigations for Out-of-bounds Write, Out-of-bounds Read, and Heap-based Buffer Overflow vulnerabilities in Horner Automation Cscape PLC management software.
Title
Matrikon OPC Server
Published
May 24, 2022, 4:10 p.m.
Summary
This advisory contains mitigations for an Improper Access Control vulnerability in Makitron OPC software.
Title
Mitsubishi Electric FA Engineering Software Products (Update E)
Published
May 24, 2022, 4:05 p.m.
Summary
This updated advisory is a follow-up to the advisory update titled ICSA-21-049-02 Mitsubishi Electric FA Engineering Software Products (Update D) that was published February 8, 2022, to the ICS webpage on cisa.gov/ics. This advisory contains mitigations for Heap-based Buffer Overflow, and Improper Handling of Length Parameter Inconsistency vulnerabilities in Mitsubishi ...
Title
Mitsubishi Electric Factory Automation Engineering Products (Update G)
Published
May 24, 2022, 4 p.m.
Summary
This updated advisory is a follow-up to the advisory update titled ICSA-20-212-04 Mitsubishi Electric Factory Automation Engineering Products (Update F) that was published February 8, 2022, to the ICS webpage on cisa.gov/ics. This advisory contains mitigations for an Unquoted Search Path or Element vulnerability in Mitsubishi Electric Factory Automation Engineering ...
Title
Mitsubishi Electric MELSEC iQ-F Series
Published
May 19, 2022, 4 p.m.
Summary
This advisory contains mitigations for Improper Input Validation vulnerabilities in Mitsubishi Electric MELSEC iQ-F Series CPU modules.
Title
AA22-138B: Threat Actors Chaining Unpatched VMware Vulnerabilities for Full System Control
Published
May 18, 2022, 8 p.m.
Summary
Original release date: May 18, 2022SummaryThe Cybersecurity and Infrastructure Security Agency (CISA) is releasing this Cybersecurity Advisory (CSA) to warn organizations that malicious cyber actors, likely advanced persistent threat (APT) actors, are exploiting CVE-2022-22954 and CVE-2022-22960 separately and in combination. These vulnerabilities affect certain versions of VMware Workspace ONE Access, ...
Title
AA22-138A: Threat Actors Exploiting F5 BIG-IP CVE-2022-1388
Published
May 18, 2022, 3 p.m.
Summary
Original release date: May 18, 2022SummaryActions for administrators to take today: • Do not expose management interfaces to the internet. • Enforce multi-factor authentication. • Consider using CISA’s Cyber Hygiene Services. The Cybersecurity and Infrastructure Security Agency (CISA) and the Multi-State Information Sharing & Analysis Center (MS-ISAC) are releasing this ...
Title
Circutor COMPACT DC-S BASIC
Published
May 17, 2022, 4 p.m.
Summary
This advisory contains mitigations for a Stack-based Buffer Overflow vulnerability in the Circutor COMPACT DC-S BASIC smart metering concentrator.
Title
AA22-137A: Weak Security Controls and Practices Routinely Exploited for Initial Access
Published
May 17, 2022, 3 p.m.
Summary
Original release date: May 17, 2022SummaryBest Practices to Protect Your Systems: • Control access. • Harden Credentials. • Establish centralized log management. • Use antivirus solutions. • Employ detection tools. • Operate services exposed on internet-accessible hosts with secure configurations. • Keep software updated. Cyber actors routinely exploit poor security ...
Title
Mitsubishi Electric MELSOFT iQ AppPortal
Published
May 12, 2022, 4:50 p.m.
Summary
This advisory contains mitigations for Missing Authorization, Out-of-bounds Write, NULL Pointer Dereference, Classic Buffer Overflow, HTTP Request Smuggling, and Infinite Loop vulnerabilities in Mitsubishi Electric MELSOFT iQ AppPortal products.
Title
Inkscape in Industrial Products
Published
May 12, 2022, 4:48 p.m.
Summary
This advisory contains mitigations for Out-of-bounds Read, Access of Uninitialized Pointer, and Out-of-bounds Write vulnerabilities in the Inkscape open-source graphics editor.
Title
Cambium Networks cnMaestro
Published
May 12, 2022, 4:46 p.m.
Summary
This advisory contains mitigations for OS Command Injection, SQL Injection, Path Traversal, and Use of Potentially Dangerous Function vulnerabilities in the Cambium Networks cnMaestro network management system.
Title
Siemens Industrial PCs and CNC devices
Published
May 12, 2022, 4:44 p.m.
Summary
This advisory contains mitigations for Improper Input Validation, Improper Authentication, Improper Isolation of Shared Resources on System-on-a-Chip, and Improper Privilege Management vulnerabilities in Siemens Industrial PCs and CNC devices.
Title
Siemens SIMATIC WinCC
Published
May 12, 2022, 4:42 p.m.
Summary
This advisory contains mitigations for a, Insecure Default Initialization of Resource vulnerability in SIMATIC PCS and WinCC industrial products.
Title
Siemens SICAM P850 and SICAM P855
Published
May 12, 2022, 4:40 p.m.
Summary
This advisory contains mitigations for Improper Neutralization of Parameter/Argument Delimiters, Cleartext Transmission of Sensitive Information, Cross-site Scripting, Missing Authentication for Critical Function, Authentication Bypass by Capture-replay, and Improper Authentication vulnerabilities in Siemens SICAM P850 and SICAM P855.
Title
Siemens JT2GO and Teamcenter Visualization
Published
May 12, 2022, 4:36 p.m.
Summary
This advisory contains mitigations for Infinite Loop, Null Pointer Dereference, Integer Overflow to Buffer Overflow, Double Free, and Access of Uninitialized Pointer vulnerabilities in Siemens JT2GO, Teamcenter Visualization products.
Title
Siemens Desigo PXC and DXR Devices
Published
May 12, 2022, 4:34 p.m.
Summary
This advisory contains mitigations for an Uncaught Exception vulnerability in the Siemens Desigo DXR and PXC controllers.
Title
AA22-131A: Protecting Against Cyber Threats to Managed Service Providers and their Customers
Published
May 11, 2022, 1 p.m.
Summary
Original release date: May 11, 2022SummaryTactical actions for MSPs and their customers to take today: • Identify and disable accounts that are no longer in use. • Enforce MFA on MSP accounts that access the customer environment and monitor for unexplained failed authentication. • Ensure MSP-customer contracts transparently identify ownership ...
Title
Adminer in Industrial Products
Published
May 10, 2022, 4:25 p.m.
Summary
This advisory contains mitigations for a Files or Directories Accessible to External Parties vulnerability in the Adminer database tool.

Last Updates

BOSCH PSIRT
31.10.2024
SIEMENS CERT
22.11.2024
US CERT
08.11.2024
US CERT (ICS)
21.11.2024

By Source

Archive

2024
2023
2022
2021
2020
2019
2018
2017

Feeds