April 2022
Title
Elcomplus SmartPPT SCADA
Published
April 19, 2022, 4:10 p.m.
Summary
This advisory contains mitigations for Path Traversal, Unrestricted Upload of File with Dangerous Type, Improper Authorization, and Cross-site Scripting vulnerabilities in Elcomplus SmartPPT SCADA voice and data dispatch software.
Title
Elcomplus SmartPPT SCADA Server
Published
April 19, 2022, 4:05 p.m.
Summary
This advisory contains mitigations for Cross-site Scripting, Unauthorized Exposure to Sensitive Information, Unrestricted Upload of File with Dangerous Type, Path Traversal, and Cross-site Request Forgery vulnerabilities in the Elcomplus SmartPPT SCADA Server voice and data dispatch software.
Title
Elcomplus SmartPTT SCADA Server
Published
April 19, 2022, 4:05 p.m.
Summary
This advisory contains mitigations for Cross-site Scripting, Unauthorized Exposure to Sensitive Information, Unrestricted Upload of File with Dangerous Type, Path Traversal, and Cross-site Request Forgery vulnerabilities in the Elcomplus SmartPTT SCADA Server voice and data dispatch software.
Title
Multiple RTOS (Update E)
Published
April 19, 2022, 4 p.m.
Summary
This updated advisory is a follow-up to the advisory update titled ICSA-21-119-04 Multiple RTOS (Update D) that was published November 30, 2021, to the ICS webpage on www.cisa.gov/uscert. CISA is aware of a public report, known as “BadAlloc” that details vulnerabilities found in multiple real-time operating systems (RTOS) and supporting ...
Title
SSA-254054 V1.0: Spring Framework Vulnerability (Spring4Shell or SpringShell, CVE-2022-22965) - Impact to Siemens Products
Published
April 19, 2022, 2 a.m.
Summary
A vulnerability in Spring Framework was disclosed, that could allow remote unauthenticated attackers to execute code on vulnerable systems. The vulnerability is tracked as CVE-2022-22965 and is also known as “Spring4Shell” or “SpringShell”. Siemens is currently investigating to determine which products are affected and is continuously updating this advisory as ...
Title
AA22-108A: TraderTraitor: North Korean State-Sponsored APT Targets Blockchain Companies
Published
April 18, 2022, 3:38 p.m.
Summary
Original release date: April 18, 2022SummaryActions to take today to mitigate cyber threats to cryptocurrency: • Patch all systems. • Prioritize patching known exploited vulnerabilities. • Train users to recognize and report phishing attempts. • Use multifactor authentication. The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency ...
Title
Siemens RUGGEDCOM Devices (Update A)
Published
April 15, 2022, 4:46 a.m.
Summary
This updated advisory is a follow-up to the original advisory titled ICSA-22-069-01 Siemens RUGGEDCOM Devices that was published March 10, 2022, to the ICS webpage on www.cisa.gov/uscert. This advisory contains mitigations for a Missing Encryption of Sensitive Data vulnerability in devices using the Siemens RUGGEDCOM software platform.
Title
Delta Electronics DMARS
Published
April 14, 2022, 5:20 p.m.
Summary
This advisory contains mitigations for an Improper Restriction of XML External Entity Reference vulnerability in the Delta Electronics DMARS program development tool.
Title
Red Lion DA50N
Published
April 14, 2022, 5:16 p.m.
Summary
This advisory contains mitigation for Insufficient Verification of Data Authenticity, Weak Password Requirements, Use of Unmaintained Third-Party Components, and Insufficiently Protected Credentials vulnerabilities in the Red Lion DA50N networking gateway.
Title
Siemens SCALANCE FragAttacks
Published
April 14, 2022, 5:14 p.m.
Summary
This advisory contains mitigations for Improper Authentication, Injection, Improper Validation of Integrity Check, and Improper Input Validation vulnerabilities in the Siemens SCALANCE FragAttacks.
Title
Siemens OpenSSL Vulnerabilities in Industrial Products
Published
April 14, 2022, 5:12 p.m.
Summary
This advisory contains mitigations for a NULL Pointer Dereference vulnerability in the Siemens OpenSSL.
Title
Siemens PROFINET Stack Integrated on Interniche Stack
Published
April 14, 2022, 5:10 p.m.
Summary
This advisory contains mitigations for an Uncontrolled Resource Consumption vulnerability in the Siemens PROFINET Stack Integrated on Interniche Stack.
Title
Siemens Mendix
Published
April 14, 2022, 5:08 p.m.
Summary
This advisory contains mitigations for an Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Siemens Mendix, a software platform to build mobile and web applications.
Title
Siemens SCALANCE W1700
Published
April 14, 2022, 5:06 p.m.
Summary
This advisory contains mitigations for Race Condition, and Improper Input Validation vulnerabilities in the Siemens SCALANCE W1700 wireless communication device.
Title
Siemens SCALANCE X-300 Switches
Published
April 14, 2022, 5:04 p.m.
Summary
This advisory contains mitigations for Improper Input Validation, Use of Insufficiently Random Values, Stack-based Buffer Overflow, Cross-site Request Forgery, Improper Access Control, Basic XSS, Classic Buffer Overflow, Out-of-bounds Read vulnerabilities in Siemens SCALANCE X-300 Switches.
Title
AA22-103A: APT Cyber Tools Targeting ICS/SCADA Devices
Published
April 13, 2022, 7 p.m.
Summary
Original release date: April 13, 2022SummaryActions to Take Today to Protect ICS/SCADA Devices: • Enforce multifactor authentication for all remote access to ICS networks and devices whenever possible. • Change all passwords to ICS/SCADA devices and systems on a consistent schedule, especially all default passwords, to device-unique strong passwords to ...
Title
Valmet DNA
Published
April 12, 2022, 4:20 p.m.
Summary
This advisory contains mitigations for an Inadequate Encryption Strength vulnerability in Valmet DNA distributed control system products.
Title
Mitsubishi Electric MELSEC-Q Series C Controller Module
Published
April 12, 2022, 4:15 p.m.
Summary
This advisory contains mitigations for a Heap-based Buffer Overflow vulnerability in some MELSEC-Q Series C Controller Modules using Wind River VxWorks Version 6.4.
Title
Mitsubishi Electric GT25-WLAN
Published
April 12, 2022, 4:05 p.m.
Summary
This advisory contains mitigations for Improper Removal of Sensitive Information Before Storage or Transfer, Inadequate Encryption Strength, Missing Authentication for Critical Function, Injection, and Improper Input Validation vulnerabilities in Mitsubishi Electric GT25-WLAN wireless communication units.
Title
Aethon TUG Home Base Server
Published
April 12, 2022, 4 p.m.
Summary
This advisory contains mitigations for Missing Authorization, Channel Accessible by Non-endpoint, and Cross-site Scripting vulnerabilities in the Aethon TUG Home Base Server; a server used to control and communicate with autonomous mobile robots in hospitals.
Title
SSA-270778 V1.7 (Last Update: 2022-04-12): Denial-of-Service Vulnerability in SIMATIC PCS 7, SIMATIC WinCC and SIMATIC NET PC Software
Published
April 12, 2022, 2 a.m.
Summary
A Denial-of-Service vulnerability was found in SIMATIC PCS 7, SIMATIC WinCC and SIMATIC NET PC software when encrypted communication is enabled. The vulnerability could allow an attacker with network access to cause a Denial-of-Service condition under certain circumstances (versions prior to SIMATIC WinCC V7.3 or SIMATIC PCS 7 V8.1 are ...
Title
SSA-995338 V1.2 (Last Update: 2022-04-12): Multiple Vulnerabilities in COMOS Web
Published
April 12, 2022, 2 a.m.
Summary
Multiple vulnerabilities were identified in the web components of COMOS that could allow an attacker to conduct code injections, store data in undesired locations, execute arbitrary SQL statements, and run cross-site request forgery attacks. Siemens has released updates for several affected products and recommends to update to the latest versions. ...
Title
SSA-978220 V1.6 (Last Update: 2022-04-12): Denial of Service Vulnerability over SNMP in Multiple Industrial Products
Published
April 12, 2022, 2 a.m.
Summary
Several industrial products are affected by a vulnerability that could allow remote attackers to conduct a denial of service attack by sending specially crafted packets to port 161/udp (SNMP). Siemens has released updates for several affected products and recommends to update to the new versions. Siemens is preparing further updates ...
Title
SSA-914168 V1.1 (Last Update: 2022-04-12): Multiple Vulnerabilities in SIMATIC WinCC Affecting Other SIMATIC Software Products
Published
April 12, 2022, 2 a.m.
Summary
Multiple vulnerabilities were found in SIMATIC WinCC that ultimately could allow attackers to retrieve and brute force password hashes and access other systems. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products ...
Title
SSA-840188 V1.3 (Last Update: 2022-04-12): Multiple Vulnerabilities in SIMATIC WinCC Affecting Other SIMATIC Software Products
Published
April 12, 2022, 2 a.m.
Summary
Multiple vulnerabilities were found in SIMATIC WinCC that ultimately could allow local or remote attackers to escalate privileges and read, write or delete critical files. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures ...
Last Updates
BOSCH PSIRT
10.06.2025
SIEMENS CERT
24.06.2025
US CERT
12.06.2025
US CERT (ICS)
26.06.2025
By Source
- BOSCH PSIRT (89)
- SIEMENS CERT (2059)
- US CERT (178)
- US CERT (ICS) (1884)
Archive
2025
2024
- December (57)
- November (53)
- October (66)
- September (69)
- August (59)
- July (63)
- June (53)
- May (64)
- April (41)
- March (45)
- February (45)
- January (41)
2023
- December (57)
- November (58)
- October (46)
- September (51)
- August (62)
- July (49)
- June (49)
- May (52)
- April (67)
- March (67)
- February (71)
- January (60)
2022
- December (65)
- November (46)
- October (61)
- September (55)
- August (88)
- July (61)
- June (91)
- May (58)
- April (83)
- March (72)
- February (70)
- January (37)
2021
- December (73)
- November (46)
- October (49)
- September (73)
- August (33)
- July (33)
- June (30)
- May (30)
- April (37)
- March (46)
- February (42)
- January (27)
2020
- December (32)
- November (19)
- October (30)
- September (33)
- August (26)
- July (51)
- June (51)
- May (26)
- April (39)
- March (45)
- February (106)
- January (35)
2019
- December (33)
- November (14)
- October (37)
- September (34)
- August (26)
- July (28)
- June (22)
- May (37)
- April (28)
- March (19)
- February (36)
- January (37)
2018
- December (36)
- November (36)
- October (34)
- September (22)
- August (26)
- July (18)
- June (26)
- May (42)
- April (31)
- March (37)
- February (24)
- January (10)