April 2022
21.04.2022
US CERT (ICS)
Delta Electronics ASDA-Soft
Title
Delta Electronics ASDA-Soft
Published
April 21, 2022, 4:10 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-111-01
Summary
This advisory contains mitigations for Out-of-bounds Write, and Out-of-bounds Read vulnerabilities in Delta Electronics ASDA-Soft servo software.
21.04.2022
US CERT (ICS)
Johnson Controls Metasys SCT Pro
Title
Johnson Controls Metasys SCT Pro
Published
April 21, 2022, 4:05 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-111-02
Summary
This advisory contains mitigations for a Server-side Request Forgery vulnerability in Johnson Controls Metasys SCT Pro building automation software.
21.04.2022
US CERT (ICS)
Hitachi Energy MicroSCADA Pro/X SYS600
Title
Hitachi Energy MicroSCADA Pro/X SYS600
Published
April 21, 2022, 4 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-111-03
Summary
This advisory contains mitigations for Observable Discrepancy, HTTP Request Smuggling, Classic Buffer Overflow, Improper Certificate Validation, Improper Restriction of Operations within the Bounds of a Memory Buffer, and Exposure of Sensitive Information to an Unauthorized Actor vulnerabilities in the Hitachi Energy MicroSCADA Pro/X SYS600 SCADA product.
20.04.2022
US CERT
AA22-110A: Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure
Title
AA22-110A: Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure
Published
April 20, 2022, 7 p.m.
URL
https://us-cert.cisa.gov/ncas/alerts/aa22-110a
Summary
Original release date: April 20, 2022SummaryActions critical infrastructure organizations should implement to immediately protect against Russian state-sponsored and criminal cyber threats: • Patch all systems. Prioritize patching known exploited vulnerabilities. • Enforce multifactor authentication. • Secure and monitor Remote Desktop Protocol and other risky services. • Provide end-user awareness and ...
20.04.2022
BOSCH PSIRT
Multiple ctrlX CORE vulnerabilities
Title
Multiple ctrlX CORE vulnerabilities
Published
April 20, 2022, 2 a.m.
URL
https://psirt.bosch.com/security-advisories/bosch-sa-029150.html
Summary

BOSCH-SA-029150: The base operating system app core20, which is part of ctrlX CORE XCR (base system apps), includes vulnerable versions of expat, libc and OpenSSL. Furthermore, multiple ctrlX CORE apps use at least one of the libraries shipped with core20. An attacker might be able to escalate privileges, gain system ...

19.04.2022
US CERT (ICS)
Interlogix Hills ComNav
Title
Interlogix Hills ComNav
Published
April 19, 2022, 4:25 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-109-01
Summary
This advisory contains mitigations for Improper Restriction of Excessive Authentication Attempts, and Inadequate Encryption Strength vulnerability in Interlogix Hills ComNav remote access integration modules.
19.04.2022
US CERT (ICS)
Automated Logic WebCTRL
Title
Automated Logic WebCTRL
Published
April 19, 2022, 4:20 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-109-02
Summary
This advisory contains mitigations for n Open Redirect vulnerability inAutomated Logic WebCTRL building automation software.
19.04.2022
US CERT (ICS)
FANUC ROBOGUIDE Simulation Platform
Title
FANUC ROBOGUIDE Simulation Platform
Published
April 19, 2022, 4:15 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-109-03
Summary
This advisory contains mitigations for Incorrect Permission Assignment for Critical Resource, Improper Access Control, Path Traversal, Improper Restriction of XML External Entity Reference, and Uncontrolled Resource Consumption vulnerabilities in FANUC ROBOGUIDE simulation software for FANUC robots.
19.04.2022
US CERT (ICS)
Elcomplus SmartPPT SCADA
Title
Elcomplus SmartPPT SCADA
Published
April 19, 2022, 4:10 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-109-04
Summary
This advisory contains mitigations for Path Traversal, Unrestricted Upload of File with Dangerous Type, Improper Authorization, and Cross-site Scripting vulnerabilities in Elcomplus SmartPPT SCADA voice and data dispatch software.
19.04.2022
US CERT (ICS)
Elcomplus SmartPTT SCADA
Title
Elcomplus SmartPTT SCADA
Published
April 19, 2022, 4:10 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-109-04
Summary
This advisory contains mitigations for Path Traversal, Unrestricted Upload of File with Dangerous Type, Improper Authorization, and Cross-site Scripting vulnerabilities in Elcomplus SmartPTT SCADA voice and data dispatch software.
19.04.2022
US CERT (ICS)
Elcomplus SmartPTT SCADA Server
Title
Elcomplus SmartPTT SCADA Server
Published
April 19, 2022, 4:05 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-109-05
Summary
This advisory contains mitigations for Cross-site Scripting, Unauthorized Exposure to Sensitive Information, Unrestricted Upload of File with Dangerous Type, Path Traversal, and Cross-site Request Forgery vulnerabilities in the Elcomplus SmartPTT SCADA Server voice and data dispatch software.
19.04.2022
US CERT (ICS)
Elcomplus SmartPPT SCADA Server
Title
Elcomplus SmartPPT SCADA Server
Published
April 19, 2022, 4:05 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-109-05
Summary
This advisory contains mitigations for Cross-site Scripting, Unauthorized Exposure to Sensitive Information, Unrestricted Upload of File with Dangerous Type, Path Traversal, and Cross-site Request Forgery vulnerabilities in the Elcomplus SmartPPT SCADA Server voice and data dispatch software.
19.04.2022
US CERT (ICS)
Multiple RTOS (Update E)
Title
Multiple RTOS (Update E)
Published
April 19, 2022, 4 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-119-04
Summary
This updated advisory is a follow-up to the advisory update titled ICSA-21-119-04 Multiple RTOS (Update D) that was published November 30, 2021, to the ICS webpage on www.cisa.gov/uscert. CISA is aware of a public report, known as “BadAlloc” that details vulnerabilities found in multiple real-time operating systems (RTOS) and supporting ...
19.04.2022
SIEMENS CERT
SSA-254054 V1.0: Spring Framework Vulnerability (Spring4Shell or SpringShell, CVE-2022-22965) - Impact to Siemens Products
Title
SSA-254054 V1.0: Spring Framework Vulnerability (Spring4Shell or SpringShell, CVE-2022-22965) - Impact to Siemens Products
Published
April 19, 2022, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-254054.pdf
Summary
A vulnerability in Spring Framework was disclosed, that could allow remote unauthenticated attackers to execute code on vulnerable systems. The vulnerability is tracked as CVE-2022-22965 and is also known as “Spring4Shell” or “SpringShell”. Siemens is currently investigating to determine which products are affected and is continuously updating this advisory as ...
18.04.2022
US CERT
AA22-108A: TraderTraitor: North Korean State-Sponsored APT Targets Blockchain Companies
Title
AA22-108A: TraderTraitor: North Korean State-Sponsored APT Targets Blockchain Companies
Published
April 18, 2022, 3:38 p.m.
URL
https://us-cert.cisa.gov/ncas/alerts/aa22-108a
Summary
Original release date: April 18, 2022SummaryActions to take today to mitigate cyber threats to cryptocurrency: • Patch all systems. • Prioritize patching known exploited vulnerabilities. • Train users to recognize and report phishing attempts. • Use multifactor authentication. The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency ...
15.04.2022
US CERT (ICS)
Siemens RUGGEDCOM Devices (Update A)
Title
Siemens RUGGEDCOM Devices (Update A)
Published
April 15, 2022, 4:46 a.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-069-01
Summary
This updated advisory is a follow-up to the original advisory titled ICSA-22-069-01 Siemens RUGGEDCOM Devices that was published March 10, 2022, to the ICS webpage on www.cisa.gov/uscert. This advisory contains mitigations for a Missing Encryption of Sensitive Data vulnerability in devices using the Siemens RUGGEDCOM software platform.
14.04.2022
US CERT (ICS)
Delta Electronics DMARS
Title
Delta Electronics DMARS
Published
April 14, 2022, 5:20 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-104-01
Summary
This advisory contains mitigations for an Improper Restriction of XML External Entity Reference vulnerability in the Delta Electronics DMARS program development tool.
14.04.2022
US CERT (ICS)
Red Lion DA50N
Title
Red Lion DA50N
Published
April 14, 2022, 5:16 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-104-03
Summary
This advisory contains mitigation for Insufficient Verification of Data Authenticity, Weak Password Requirements, Use of Unmaintained Third-Party Components, and Insufficiently Protected Credentials vulnerabilities in the Red Lion DA50N networking gateway.
14.04.2022
US CERT (ICS)
Siemens SCALANCE FragAttacks
Title
Siemens SCALANCE FragAttacks
Published
April 14, 2022, 5:14 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-104-04
Summary
This advisory contains mitigations for Improper Authentication, Injection, Improper Validation of Integrity Check, and Improper Input Validation vulnerabilities in the Siemens SCALANCE FragAttacks.
14.04.2022
US CERT (ICS)
Siemens OpenSSL Vulnerabilities in Industrial Products
Title
Siemens OpenSSL Vulnerabilities in Industrial Products
Published
April 14, 2022, 5:12 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-104-05
Summary
This advisory contains mitigations for a NULL Pointer Dereference vulnerability in the Siemens OpenSSL.
14.04.2022
US CERT (ICS)
Siemens PROFINET Stack Integrated on Interniche Stack
Title
Siemens PROFINET Stack Integrated on Interniche Stack
Published
April 14, 2022, 5:10 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-104-06
Summary
This advisory contains mitigations for an Uncontrolled Resource Consumption vulnerability in the Siemens PROFINET Stack Integrated on Interniche Stack.
14.04.2022
US CERT (ICS)
Siemens Mendix
Title
Siemens Mendix
Published
April 14, 2022, 5:08 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-104-07
Summary
This advisory contains mitigations for an Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Siemens Mendix, a software platform to build mobile and web applications.
14.04.2022
US CERT (ICS)
Siemens SCALANCE W1700
Title
Siemens SCALANCE W1700
Published
April 14, 2022, 5:06 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-104-08
Summary
This advisory contains mitigations for Race Condition, and Improper Input Validation vulnerabilities in the Siemens SCALANCE W1700 wireless communication device.
14.04.2022
US CERT (ICS)
Siemens SCALANCE X-300 Switches
Title
Siemens SCALANCE X-300 Switches
Published
April 14, 2022, 5:04 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-104-09
Summary
This advisory contains mitigations for Improper Input Validation, Use of Insufficiently Random Values, Stack-based Buffer Overflow, Cross-site Request Forgery, Improper Access Control, Basic XSS, Classic Buffer Overflow, Out-of-bounds Read vulnerabilities in Siemens SCALANCE X-300 Switches.
13.04.2022
US CERT
AA22-103A: APT Cyber Tools Targeting ICS/SCADA Devices
Title
AA22-103A: APT Cyber Tools Targeting ICS/SCADA Devices
Published
April 13, 2022, 7 p.m.
URL
https://us-cert.cisa.gov/ncas/alerts/aa22-103a
Summary
Original release date: April 13, 2022SummaryActions to Take Today to Protect ICS/SCADA Devices: • Enforce multifactor authentication for all remote access to ICS networks and devices whenever possible. • Change all passwords to ICS/SCADA devices and systems on a consistent schedule, especially all default passwords, to device-unique strong passwords to ...

Last Updates

BOSCH PSIRT
15.01.2025
SIEMENS CERT
17.04.2025
US CERT
01.04.2025
US CERT (ICS)
17.04.2025

By Source

Archive

2025
2024
2023
2022
2021
2020
2019
2018
2017

Feeds