May 2022
17.05.2022
US CERT
AA22-137A: Weak Security Controls and Practices Routinely Exploited for Initial Access
Title
AA22-137A: Weak Security Controls and Practices Routinely Exploited for Initial Access
Published
May 17, 2022, 3 p.m.
URL
https://us-cert.cisa.gov/ncas/alerts/aa22-137a
Summary
Original release date: May 17, 2022SummaryBest Practices to Protect Your Systems: • Control access. • Harden Credentials. • Establish centralized log management. • Use antivirus solutions. • Employ detection tools. • Operate services exposed on internet-accessible hosts with secure configurations. • Keep software updated. Cyber actors routinely exploit poor security ...
12.05.2022
US CERT (ICS)
Mitsubishi Electric MELSOFT iQ AppPortal
Title
Mitsubishi Electric MELSOFT iQ AppPortal
Published
May 12, 2022, 4:50 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-132-02
Summary
This advisory contains mitigations for Missing Authorization, Out-of-bounds Write, NULL Pointer Dereference, Classic Buffer Overflow, HTTP Request Smuggling, and Infinite Loop vulnerabilities in Mitsubishi Electric MELSOFT iQ AppPortal products.
12.05.2022
US CERT (ICS)
Inkscape in Industrial Products
Title
Inkscape in Industrial Products
Published
May 12, 2022, 4:48 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-132-03
Summary
This advisory contains mitigations for Out-of-bounds Read, Access of Uninitialized Pointer, and Out-of-bounds Write vulnerabilities in the Inkscape open-source graphics editor.
12.05.2022
US CERT (ICS)
Cambium Networks cnMaestro
Title
Cambium Networks cnMaestro
Published
May 12, 2022, 4:46 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-132-04
Summary
This advisory contains mitigations for OS Command Injection, SQL Injection, Path Traversal, and Use of Potentially Dangerous Function vulnerabilities in the Cambium Networks cnMaestro network management system.
12.05.2022
US CERT (ICS)
Siemens Industrial PCs and CNC devices
Title
Siemens Industrial PCs and CNC devices
Published
May 12, 2022, 4:44 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-132-05
Summary
This advisory contains mitigations for Improper Input Validation, Improper Authentication, Improper Isolation of Shared Resources on System-on-a-Chip, and Improper Privilege Management vulnerabilities in Siemens Industrial PCs and CNC devices.
12.05.2022
US CERT (ICS)
Siemens SIMATIC WinCC
Title
Siemens SIMATIC WinCC
Published
May 12, 2022, 4:42 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-132-06
Summary
This advisory contains mitigations for a, Insecure Default Initialization of Resource vulnerability in SIMATIC PCS and WinCC industrial products.
12.05.2022
US CERT (ICS)
Siemens SICAM P850 and SICAM P855
Title
Siemens SICAM P850 and SICAM P855
Published
May 12, 2022, 4:40 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-132-07
Summary
This advisory contains mitigations for Improper Neutralization of Parameter/Argument Delimiters, Cleartext Transmission of Sensitive Information, Cross-site Scripting, Missing Authentication for Critical Function, Authentication Bypass by Capture-replay, and Improper Authentication vulnerabilities in Siemens SICAM P850 and SICAM P855.
12.05.2022
US CERT (ICS)
Siemens JT2GO and Teamcenter Visualization
Title
Siemens JT2GO and Teamcenter Visualization
Published
May 12, 2022, 4:36 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-132-09
Summary
This advisory contains mitigations for Infinite Loop, Null Pointer Dereference, Integer Overflow to Buffer Overflow, Double Free, and Access of Uninitialized Pointer vulnerabilities in Siemens JT2GO, Teamcenter Visualization products.
12.05.2022
US CERT (ICS)
Siemens Desigo PXC and DXR Devices
Title
Siemens Desigo PXC and DXR Devices
Published
May 12, 2022, 4:34 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-132-10
Summary
This advisory contains mitigations for an Uncaught Exception vulnerability in the Siemens Desigo DXR and PXC controllers.
11.05.2022
US CERT
AA22-131A: Protecting Against Cyber Threats to Managed Service Providers and their Customers
Title
AA22-131A: Protecting Against Cyber Threats to Managed Service Providers and their Customers
Published
May 11, 2022, 1 p.m.
URL
https://us-cert.cisa.gov/ncas/alerts/aa22-131a
Summary
Original release date: May 11, 2022SummaryTactical actions for MSPs and their customers to take today: • Identify and disable accounts that are no longer in use. • Enforce MFA on MSP accounts that access the customer environment and monitor for unexplained failed authentication. • Ensure MSP-customer contracts transparently identify ownership ...
10.05.2022
US CERT (ICS)
Adminer in Industrial Products
Title
Adminer in Industrial Products
Published
May 10, 2022, 4:25 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-130-01
Summary
This advisory contains mitigations for a Files or Directories Accessible to External Parties vulnerability in the Adminer database tool.
10.05.2022
US CERT (ICS)
Eaton Intelligent Power Protector
Title
Eaton Intelligent Power Protector
Published
May 10, 2022, 4:20 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-130-02
Summary
This advisory contains mitigations for a Cross-site Scripting vulnerability in the Eaton Intelligent Power Protector (IPP) power protection platform.
10.05.2022
US CERT (ICS)
Eaton Intelligent Power Manager Infrastructure
Title
Eaton Intelligent Power Manager Infrastructure
Published
May 10, 2022, 4:15 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-130-03
Summary
This advisory contains mitigations for Cross-site Scripting, Reflected Cross-site Scripting, and Improper Neutralization of Formula in a CSV File vulnerabilities in Eaton Intelligent Power Manager Infrastructure power monitoring products.
10.05.2022
US CERT (ICS)
AVEVA InTouch Access Anywhere and Plant SCADA Access Anywhere
Title
AVEVA InTouch Access Anywhere and Plant SCADA Access Anywhere
Published
May 10, 2022, 4:05 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-130-05
Summary
This advisory contains mitigations for an Exposure of Resource to Wrong Sphere vulnerability in AVEVA InTouch Access Anywhere and Plant SCADA Access Anywhere HMI products.
10.05.2022
US CERT (ICS)
Mitsubishi Electric MELSOFT GT OPC UA
Title
Mitsubishi Electric MELSOFT GT OPC UA
Published
May 10, 2022, 4 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-130-06
Summary
This advisory contains mitigations for Out-of-bounds Read, and Integer Overflow or Wraparound vulnerabilities in Mitsubishi Electric MELSOFT GT OPC UA client connection products.
10.05.2022
SIEMENS CERT
SSA-480937 V1.0: Denial of Service Vulnerability in CP 44x-1 RNA before V1.5.18
Title
SSA-480937 V1.0: Denial of Service Vulnerability in CP 44x-1 RNA before V1.5.18
Published
May 10, 2022, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-480937.pdf
Summary
Siemens has released a new version for the communication processor modules CP 44x-1 RNA that fixes a vulnerability that could allow an attacker to cause a denial of service condition. Siemens has released updates for the affected products and recommends to update to the latest versions.
10.05.2022
SIEMENS CERT
SSA-102233 V1.9 (Last Update: 2022-05-10): SegmentSmack in VxWorks-based Industrial Devices
Title
SSA-102233 V1.9 (Last Update: 2022-05-10): SegmentSmack in VxWorks-based Industrial Devices
Published
May 10, 2022, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-102233.pdf
Summary
The products listed below contain a vulnerability that could allow remote attackers to affect the availability of the devices under certain conditions. The underlying TCP stack can be forced to make very computation expensive calls for every incoming packet which can lead to a Denial-of-Service. Siemens has released an update ...
10.05.2022
SIEMENS CERT
SSA-462066 V2.9 (Last Update: 2022-05-10): Vulnerability known as TCP SACK PANIC in Industrial Products
Title
SSA-462066 V2.9 (Last Update: 2022-05-10): Vulnerability known as TCP SACK PANIC in Industrial Products
Published
May 10, 2022, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf
Summary
Multiple industrial products are affected by a vulnerability in the kernel known as TCP SACK PANIC. The vulnerability could allow a remote attacker to cause a denial of service condition. Siemens has released updates for several affected products and recommends to update to the new versions. Siemens is preparing further ...
10.05.2022
SIEMENS CERT
SSA-363107 V1.0: An Improper Initialization Vulnerability Affects SIMATIC WinCC Kiosk Mode
Title
SSA-363107 V1.0: An Improper Initialization Vulnerability Affects SIMATIC WinCC Kiosk Mode
Published
May 10, 2022, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-363107.pdf
Summary
A vulnerability was found in SIMATIC WinCC that could allow authenticated attackers to escape the Kiosk Mode. Siemens has released an update for the SIMATIC WinCC V7.5 and recommends to update to the latest version. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, ...
10.05.2022
SIEMENS CERT
SSA-321292 V1.0: Denial of Service in the OPC Foundation Local Discovery Server (LDS) in Industrial Products
Title
SSA-321292 V1.0: Denial of Service in the OPC Foundation Local Discovery Server (LDS) in Industrial Products
Published
May 10, 2022, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-321292.pdf
Summary
A vulnerability has been identified in the OPC Foundation Local Discovery Server (LDS) [0] of several industrial products. The vulnerability could cause a denial of service condition on the service or the device. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens ...
10.05.2022
SIEMENS CERT
SSA-285795 V1.0: Denial of Service in OPC-UA in Industrial Products
Title
SSA-285795 V1.0: Denial of Service in OPC-UA in Industrial Products
Published
May 10, 2022, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-285795.pdf
Summary
Vulnerability in the underlying third party component OPC UA ANSIC Stack (also called Legacy C-Stack) affects several industrial products. The vulnerability could cause a crash of the component that includes the vulnerable part of the stack. Siemens has released updates for several affected products and recommends to update to the ...
10.05.2022
SIEMENS CERT
SSA-162616 V1.0: File Parsing Vulnerabilities in Simcenter Femap before V2022.2
Title
SSA-162616 V1.0: File Parsing Vulnerabilities in Simcenter Femap before V2022.2
Published
May 10, 2022, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-162616.pdf
Summary
Siemens Simcenter Femap versions before V2022.2 are affected by an out of bounds write vulnerability that could be triggered when the application reads files in .NEU format. If a user is tricked to open a malicious file with the affected application, an attacker could leverage the vulnerability to perform remote ...
10.05.2022
SIEMENS CERT
SSA-165073 V1.0: Multiple Vulnerabilities in the Webinterface of SICAM P850 and SICAM P855 Devices
Title
SSA-165073 V1.0: Multiple Vulnerabilities in the Webinterface of SICAM P850 and SICAM P855 Devices
Published
May 10, 2022, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-165073.pdf
Summary
Multiple vulnerabilities were identified in the webserver of SICAM P850 and SICAM P855 devices. These include unauthenticated access to web-interface functionality, missing HTTPS or impersonation as well as cross-site scripting related vulnerabilities. Siemens has released updates for the affected products and recommends to update to the latest versions.
10.05.2022
SIEMENS CERT
SSA-662649 V1.0: Denial of Service Vulnerability in Desigo DXR and PXC Controllers
Title
SSA-662649 V1.0: Denial of Service Vulnerability in Desigo DXR and PXC Controllers
Published
May 10, 2022, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-662649.pdf
Summary
A vulnerability in Desigo DXR and PXC controllers has been identified that could allow an attacker to disable and reset a device to factory state using a denial of service attack. Siemens has released updates for the affected products and recommends to update to the latest versions.
10.05.2022
SIEMENS CERT
SSA-553086 V1.0: Multiple File Parsing Vulnerabilities in JT2Go and Teamcenter Visualization
Title
SSA-553086 V1.0: Multiple File Parsing Vulnerabilities in JT2Go and Teamcenter Visualization
Published
May 10, 2022, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-553086.pdf
Summary
Siemens has released updates for JT2Go and Teamcenter Visualization to fix multiple file parsing vulnerabilities. If a user is tricked to open a malicious file (crafted as CGM, TIFF or TG4) with any of the affected products, this could lead the application to crash or potentially lead to arbitrary code ...

Last Updates

BOSCH PSIRT
15.01.2025
SIEMENS CERT
17.04.2025
US CERT
01.04.2025
US CERT (ICS)
17.04.2025

By Source

Archive

2025
2024
2023
2022
2021
2020
2019
2018
2017

Feeds