Bulletins | CERT@VDE

Siemens PROFINET Stack Integrated on Interniche Stack

Title

Siemens PROFINET Stack Integrated on Interniche Stack

Published

April 14, 2022, 5:10 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-104-06

Summary

This advisory contains mitigations for an Uncontrolled Resource Consumption vulnerability in the Siemens PROFINET Stack Integrated on Interniche Stack.

https://us-cert.cisa.gov/ics/advisories/icsa-22-104-07

Siemens Mendix

Title

Siemens Mendix

Published

April 14, 2022, 5:08 p.m.

URL

Summary

This advisory contains mitigations for an Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Siemens Mendix, a software platform to build mobile and web applications.

Siemens SCALANCE W1700

Title

Siemens SCALANCE W1700

Published

April 14, 2022, 5:06 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-104-08

Summary

This advisory contains mitigations for Race Condition, and Improper Input Validation vulnerabilities in the Siemens SCALANCE W1700 wireless communication device.

Siemens SCALANCE X-300 Switches

Title

Siemens SCALANCE X-300 Switches

Published

April 14, 2022, 5:04 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-104-09

Summary

This advisory contains mitigations for Improper Input Validation, Use of Insufficiently Random Values, Stack-based Buffer Overflow, Cross-site Request Forgery, Improper Access Control, Basic XSS, Classic Buffer Overflow, Out-of-bounds Read vulnerabilities in Siemens SCALANCE X-300 Switches.

13.04.2022

US CERT

AA22-103A: APT Cyber Tools Targeting ICS/SCADA Devices

Title

AA22-103A: APT Cyber Tools Targeting ICS/SCADA Devices

Published

April 13, 2022, 7 p.m.

URL

https://us-cert.cisa.gov/ncas/alerts/aa22-103a

Summary

Original release date: April 13, 2022SummaryActions to Take Today to Protect ICS/SCADA Devices: • Enforce multifactor authentication for all remote access to ICS networks and devices whenever possible. • Change all passwords to ICS/SCADA devices and systems on a consistent schedule, especially all default passwords, to device-unique strong passwords to ...

https://us-cert.cisa.gov/ics/advisories/icsa-22-102-01

Valmet DNA

Title

Valmet DNA

Published

April 12, 2022, 4:20 p.m.

URL

Summary

This advisory contains mitigations for an Inadequate Encryption Strength vulnerability in Valmet DNA distributed control system products.

Mitsubishi Electric MELSEC-Q Series C Controller Module

Title

Mitsubishi Electric MELSEC-Q Series C Controller Module

Published

April 12, 2022, 4:15 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-102-02

Summary

This advisory contains mitigations for a Heap-based Buffer Overflow vulnerability in some MELSEC-Q Series C Controller Modules using Wind River VxWorks Version 6.4.

Mitsubishi Electric GT25-WLAN

Title

Mitsubishi Electric GT25-WLAN

Published

April 12, 2022, 4:05 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-102-04

Summary

This advisory contains mitigations for Improper Removal of Sensitive Information Before Storage or Transfer, Inadequate Encryption Strength, Missing Authentication for Critical Function, Injection, and Improper Input Validation vulnerabilities in Mitsubishi Electric GT25-WLAN wireless communication units.