June 2022
14.06.2022
SIEMENS CERT
SSA-324955 V1.8 (Last Update: 2022-06-14): SAD DNS Attack in Linux Based Products
Title
SSA-324955 V1.8 (Last Update: 2022-06-14): SAD DNS Attack in Linux Based Products
Published
June 14, 2022, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-324955.pdf
Summary
A vulnerability made public under the name SAD DNS affects Domain Name System resolvers due to a vulnerability in the Linux kernel when handling ICMP packets. The Siemens products which are affected are listed below. For more information please see https://www.saddns.net/. Siemens has released updates for several affected products and ...
14.06.2022
SIEMENS CERT
SSA-301589 V1.3 (Last Update: 2022-06-14): Multiple File Parsing Vulnerabilities in Solid Edge, JT2Go and Teamcenter Visualization
Title
SSA-301589 V1.3 (Last Update: 2022-06-14): Multiple File Parsing Vulnerabilities in Solid Edge, JT2Go and Teamcenter Visualization
Published
June 14, 2022, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-301589.pdf
Summary
Siemens has released updates for JT2Go, Solid Edge and Teamcenter Visualization to fix multiple file parsing vulnerabilities. If a user is tricked to open a malicious file (crafted as PDF, DXF or PAR) with any of the affected products, this could lead the application to crash or potentially lead to ...
14.06.2022
SIEMENS CERT
SSA-254054 V1.2 (Last Update: 2022-06-14): Spring Framework Vulnerability (Spring4Shell or SpringShell, CVE-2022-22965) - Impac...
Title
SSA-254054 V1.2 (Last Update: 2022-06-14): Spring Framework Vulnerability (Spring4Shell or SpringShell, CVE-2022-22965) - Impact to Siemens Products
Published
June 14, 2022, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-254054.pdf
Summary
A vulnerability in Spring Framework was disclosed, that could allow remote unauthenticated attackers to execute code on vulnerable systems. The vulnerability is tracked as CVE-2022-22965 and is also known as “Spring4Shell” or “SpringShell”. Siemens is currently investigating to determine which products are affected and is continuously updating this advisory as ...
14.06.2022
SIEMENS CERT
SSA-244969 V1.5 (Last Update: 2022-06-14): OpenSSL Vulnerability in Industrial Products
Title
SSA-244969 V1.5 (Last Update: 2022-06-14): OpenSSL Vulnerability in Industrial Products
Published
June 14, 2022, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-244969.pdf
Summary
OpenSSL has published a security advisory [0] about a vulnerability in OpenSSL versions 1.1.1 < 1.1.1l and 1.0.2 < 1.0.2za that allows an attacker to cause a denial of service (DoS) or to disclose private memory content. Siemens has released updates for several affected products and recommends to update to ...
14.06.2022
SIEMENS CERT
SSA-222547 V1.0: Third-Party Component Vulnerabilities in SCALANCE LPE9403 before V2.0
Title
SSA-222547 V1.0: Third-Party Component Vulnerabilities in SCALANCE LPE9403 before V2.0
Published
June 14, 2022, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf
Summary
Multiple vulnerabilities in the third-party components CivetWeb, Docker, Linux Kernel and systemd could allow an attacker to impact SCALANCE LPE9403 confidentiality, integrity and availability. Siemens has released an update for the SCALANCE LPE9403 and recommends to update to the latest version.
14.06.2022
SIEMENS CERT
SSA-220589 V1.0: Hard Coded Default Credential Vulnerability in Teamcenter
Title
SSA-220589 V1.0: Hard Coded Default Credential Vulnerability in Teamcenter
Published
June 14, 2022, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-220589.pdf
Summary
Siemens has released updates for Teamcenter that fixes a security vulnerability related to unsecure storage of user credentials. This vulnerability affects Java EE Server Manager HTML Adaptor. This service is not installed by default and currently also obsoleted. Siemens has released updates for the affected products and recommends to update ...
14.06.2022
SIEMENS CERT
SSA-148078 V1.1 (Last Update: 2022-06-14): Multiple Vulnerabilities in APOGEE/TALON Field Panels
Title
SSA-148078 V1.1 (Last Update: 2022-06-14): Multiple Vulnerabilities in APOGEE/TALON Field Panels
Published
June 14, 2022, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-148078.pdf
Summary
Multiple vulnerabilities in the APOGEE PXC and TALON TC series of products could allow unauthenticated attackers to download sensitive information through the integrated webserver. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends countermeasures for products where updates are not, or ...
14.06.2022
SIEMENS CERT
SSA-145224 V1.0: Vulnerability in OSPF Packet Handling of SCALANCE XM-400 and XR-500 Devices
Title
SSA-145224 V1.0: Vulnerability in OSPF Packet Handling of SCALANCE XM-400 and XR-500 Devices
Published
June 14, 2022, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-145224.pdf
Summary
SCALANCE XM-400 and XR-500 devices contain a vulnerability in the OSPF protocol implementation that could allow an unauthenticated remote attacker to cause interruptions in the network. Siemens has released updates for the affected products and recommends to update to the latest versions.
14.06.2022
SIEMENS CERT
SSA-102233 V2.0 (Last Update: 2022-06-14): SegmentSmack in VxWorks-based Industrial Devices
Title
SSA-102233 V2.0 (Last Update: 2022-06-14): SegmentSmack in VxWorks-based Industrial Devices
Published
June 14, 2022, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-102233.pdf
Summary
The products listed below contain a vulnerability that could allow remote attackers to affect the availability of the devices under certain conditions. The underlying TCP stack can be forced to make very computation expensive calls for every incoming packet which can lead to a Denial-of-Service. Siemens has released an update ...
08.06.2022
US CERT
AA22-158A: People’s Republic of China State-Sponsored Cyber Actors Exploit Network Providers and Devices
Title
AA22-158A: People’s Republic of China State-Sponsored Cyber Actors Exploit Network Providers and Devices
Published
June 8, 2022, midnight
URL
https://us-cert.cisa.gov/ncas/alerts/aa22-158a
Summary
Original release date: June 7, 2022SummaryBest Practices • Apply patches as soon as possible • Disable unnecessary ports and protocols • Replace end-of-life infrastructure • Implement a centralized patch management system This joint Cybersecurity Advisory describes the ways in which People’s Republic of China (PRC) state-sponsored cyber actors continue to ...
07.06.2022
US CERT (ICS)
Mitsubishi Electric MELSEC and MELIPC Series (Update C)
Title
Mitsubishi Electric MELSEC and MELIPC Series (Update C)
Published
June 7, 2022, 4 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-334-02
Summary
This updated advisory is a follow up to the advisory update titled ICSA-21-334-02 Mitsubishi Electric MELSEC and MELIPC Series (Update B) that was published April 26, 2022, to the ICS webpage on cisa.gov/ics. This advisory contains mitigations for Uncontrolled Resource Consumption, Improper Handling of Length Parameter Inconsistency, and Improper Input ...
03.06.2022
US CERT (ICS)
Vulnerabilities Affecting Dominion Voting Systems ImageCast X
Title
Vulnerabilities Affecting Dominion Voting Systems ImageCast X
Published
June 3, 2022, 9 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-154-01
Summary
This advisory contains mitigations for Improper Verification of Cryptographic Signature, Mutable Attestation of Measurement Reporting Data, Hidden Functionality, Improper Protection of Alternate Path, Path Traversal: ''../filedir', Execution with Unnecessary Privileges, Authentication Bypass Spoofing, Incorrect Privilege Assignment, and Origin Validation Error vulnerabilities in versions of Dominion Voting Systems Democracy Suite ImageCast ...
02.06.2022
US CERT (ICS)
Carrier LenelS2 HID Mercury access panels
Title
Carrier LenelS2 HID Mercury access panels
Published
June 2, 2022, 4:05 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-153-01
Summary
This advisory contains mitigations for Protection Mechanism Failure, Forced Browsing, Classic Buffer Overflow, Path Traversal, and OS Command Injection vulnerabilities in Carrier HID Mercury access panels sold by LenlS2.
02.06.2022
US CERT (ICS)
Illumina Local Run Manager
Title
Illumina Local Run Manager
Published
June 2, 2022, 4 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-153-02
Summary
This advisory contains mitigations for Path Traversal, Unrestricted Upload of File with Dangerous Type, Improper Access Control, and Cleartext Transmission of Sensitive Information vulnerabilities in Illumina devices using Local Run Manager software.
01.06.2022
US CERT
AA22-152A: Karakurt Data Extortion Group
Title
AA22-152A: Karakurt Data Extortion Group
Published
June 1, 2022, 4 p.m.
URL
https://us-cert.cisa.gov/ncas/alerts/aa22-152a
Summary
Original release date: June 1, 2022SummaryActions to take today to mitigate cyber threats from ransomware: • Prioritize patching known exploited vulnerabilities. • Train users to recognize and report phishing attempts. • Enforce multifactor authentication. The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the Department of ...
May 2022
31.05.2022
US CERT (ICS)
BD Synapsys
Title
BD Synapsys
Published
May 31, 2022, 4:25 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsma-22-151-02
Summary
This advisory contains mitigations for an Insufficient Session Expiration vulnerability in the BD Synapsys microbiology informatics software platform.
31.05.2022
US CERT (ICS)
Mitsubishi Electric MELSEC iQ-F Series (Update A)
Title
Mitsubishi Electric MELSEC iQ-F Series (Update A)
Published
May 31, 2022, 4:15 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-139-01
Summary
This updated advisory is a follow-up to the original advisory titled ICSA-22-139-01 Mitsubishi Electric MELSEC iQ-F Series that was published May 19, 2022, on the ICS webpage at cisa.gov/ics. This advisory contains mitigations for Improper Input Validation vulnerabilities in Mitsubishi Electric MELSEC iQ-F Series CPU modules.
31.05.2022
US CERT (ICS)
Mitsubishi Electric FA Products (Update A)
Title
Mitsubishi Electric FA Products (Update A)
Published
May 31, 2022, 4:10 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-090-04
Summary
This updated advisory is a follow-up to the original advisory titled ICSA-22-090-04 Mitsubishi Electric FA Products that was published March 31, 2022, on the ICS webpage on cisa.gov/ics. This advisory contains mitigations for a Use of Password Hash Instead of Password for Authentication, Use of Weak Hash, Cleartext Storage of ...
31.05.2022
US CERT (ICS)
Mitsubishi Electric Multiple Products (Update D)
Title
Mitsubishi Electric Multiple Products (Update D)
Published
May 31, 2022, 4:05 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-20-245-01
Summary
This updated advisory is a follow-up to the advisory update titled ICSA-20-245-01 Mitsubishi Electric Multiple Products (Update C) that was published September 9, 2021, to the ICS webpage on cisa.gov/ics. This advisory contains mitigations for a Predictable Exact Value from Previous Values vulnerability in several Mitsubishi Electric devices.
31.05.2022
US CERT (ICS)
Mitsubishi Electric Factory Automation Engineering Software (Update B)
Title
Mitsubishi Electric Factory Automation Engineering Software (Update B)
Published
May 31, 2022, 4 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-20-212-02
Summary
This updated advisory is a follow-up to the advisory update titled ICSA-20-212-02 Mitsubishi Electric Factory Automation Engineering Software (Update A) that was published January 5, 2021, to the ICS webpage on ucisa.gov/ics. This advisory contains mitigations for a Permission Issues vulnerability in Mitsubishi Electric Factory Automation Engineering software products.
26.05.2022
US CERT (ICS)
Keysight N6854A Geolocation server and N6841A RF Sensor software
Title
Keysight N6854A Geolocation server and N6841A RF Sensor software
Published
May 26, 2022, 4:05 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-146-01
Summary
This advisory contains mitigations for Relative Path Traversal, and Deserialization of Untrusted Data vulnerabilities in Keysight N6854A Geolocation and server and N6841A Sensor software, a spectrum monitoring platform.
26.05.2022
US CERT (ICS)
Horner Automation Cscape Csfont
Title
Horner Automation Cscape Csfont
Published
May 26, 2022, 4 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-146-02
Summary
This advisory contains mitigations for Out-of-bounds Write, Out-of-bounds Read, and Heap-based Buffer Overflow vulnerabilities in Horner Automation Cscape PLC management software.
24.05.2022
US CERT (ICS)
Matrikon OPC Server
Title
Matrikon OPC Server
Published
May 24, 2022, 4:10 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-144-02
Summary
This advisory contains mitigations for an Improper Access Control vulnerability in Makitron OPC software.
24.05.2022
US CERT (ICS)
Mitsubishi Electric FA Engineering Software Products (Update E)
Title
Mitsubishi Electric FA Engineering Software Products (Update E)
Published
May 24, 2022, 4:05 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-049-02
Summary
This updated advisory is a follow-up to the advisory update titled ICSA-21-049-02 Mitsubishi Electric FA Engineering Software Products (Update D) that was published February 8, 2022, to the ICS webpage on cisa.gov/ics. This advisory contains mitigations for Heap-based Buffer Overflow, and Improper Handling of Length Parameter Inconsistency vulnerabilities in Mitsubishi ...
24.05.2022
US CERT (ICS)
Mitsubishi Electric Factory Automation Engineering Products (Update G)
Title
Mitsubishi Electric Factory Automation Engineering Products (Update G)
Published
May 24, 2022, 4 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-20-212-04
Summary
This updated advisory is a follow-up to the advisory update titled ICSA-20-212-04 Mitsubishi Electric Factory Automation Engineering Products (Update F) that was published February 8, 2022, to the ICS webpage on cisa.gov/ics. This advisory contains mitigations for an Unquoted Search Path or Element vulnerability in Mitsubishi Electric Factory Automation Engineering ...

Last Updates

BOSCH PSIRT
10.06.2025
SIEMENS CERT
12.06.2025
US CERT
12.06.2025
US CERT (ICS)
12.06.2025

By Source

Archive

2025
2024
2023
2022
2021
2020
2019
2018
2017

Feeds