• 1
  • 2
  • 3 (current)
Tuesday, 08.08.2023
Title
SSA-811403 V1.0: Multiple File Parsing Vulnerabilities in Solid Edge before V223 Update 7
Published
Aug. 8, 2023, 2 a.m.
Summary
Solid Edge is affected by multiple memory corruption vulnerabilities that could be triggered when the application reads specially crafted files in various formats such as DFT, PAR or PSM format. If a user is tricked to open a malicious file with the affected application, an attacker could leverage the vulnerability ...
Title
SSA-851884 V1.2 (Last Update: 2023-08-08): Authentication Bypass Vulnerability in Mendix SAML Module
Published
Aug. 8, 2023, 2 a.m.
Summary
The Mendix SAML module insufficiently verifies the SAML assertions. This could allow unauthenticated remote attackers to bypass authentication and get access to the application. Mendix has provided fix releases for the Mendix SAML module and recommends to update to the latest version. Note: For compatibility reasons, fixes for several versions ...
Title
SSA-908185 V1.0: Mirror Port Isolation Vulnerability in RUGGEDCOM ROS Devices
Published
Aug. 8, 2023, 2 a.m.
Summary
A vulnerability was identified in RUGGEDCOM ROS devices with mirror port enabled, that could allow an attacker to inject information into the network via the mirror port. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends ...
Title
SSA-478960 V1.6 (Last Update: 2023-08-08): Missing CSRF Protection in the Web Server Login Page of Industrial Controllers
Published
Aug. 8, 2023, 2 a.m.
Summary
The web server login page of affected products does not apply proper origin checking. This could allow authenticated remote attackers to track the activities of other users via a login cross-site request forgery attack.. Siemens has released updates for several affected products and recommends to update to the latest versions. ...
Title
SSA-472630 V1.0: Security Vulnerabilities Fixed in RUGGEDCOM CROSSBOW V5.4
Published
Aug. 8, 2023, 2 a.m.
Summary
The RUGGEDCOM CROSSBOW server application before V5.4 contains multiple vulnerabilities that could allow an attacker to execute arbitrary database queries via SQL injection attacks, to create a denial of service condition, or to write arbitrary files to the application’s file system. Siemens has released an update for RUGGEDCOM CROSSBOW and ...
Thursday, 03.08.2023
Title
​Sensormatic Electronics VideoEdge
Published
Aug. 3, 2023, 2 p.m.
Summary
1. EXECUTIVE SUMMARY ​CVSS v3 7.1 ​ATTENTION: Low attack complexity ​Vendor: Sensormatic Electronics, LLC, a subsidiary of Johnson Controls Inc. ​Equipment: VideoEdge ​Vulnerability: Acceptance of Extraneous Untrusted Data with Trusted Data 2. RISK EVALUATION ​Successful exploitation of this vulnerability could allow a local user to edit the VideoEdge configuration file ...
Title
​Mitsubishi Electric GOT2000 and GOT SIMPLE
Published
Aug. 3, 2023, 2 p.m.
Summary
1. EXECUTIVE SUMMARY ​CVSS v3 5.9 ​ATTENTION: Exploitable remotely ​Vendor: Mitsubishi Electric ​Equipment: GOT2000 Series and GOT SIMPLE Series ​Vulnerability: Predictable Exact Value from Previous Values 2. RISK EVALUATION ​Successful exploitation of this vulnerability could allow an attacker to hijack data connections or prevent legitimate users from establishing data connections. ...
Title
TEL-STER TelWin SCADA WebInterface
Published
Aug. 3, 2023, 2 p.m.
Summary
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: TEL-STER Sp. z o. o. Equipment: TelWin SCADA WebInterface Vulnerability: Path Traversal 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated attacker to read files on the system. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS TEL-STER ...
Title
​Mitsubishi Electric GT and GOT Series Products
Published
Aug. 3, 2023, 2 p.m.
Summary
1. EXECUTIVE SUMMARY ​CVSS v3 7.5 ​ATTENTION: Exploitable remotely/low attack complexity ​Vendor: Mitsubishi Electric ​Equipment: GT Designer3, GOT2000 Series, GOT SIMPLE Series, and GT SoftGOT2000 ​Vulnerability: Weak Encoding for Password 2. RISK EVALUATION ​Successful exploitation of this vulnerability could allow an attacker to obtain plaintext passwords by sniffing packets containing ...
Wednesday, 02.08.2023
Title
2022 Top Routinely Exploited Vulnerabilities
Published
Aug. 2, 2023, 8:57 p.m.
Summary
SUMMARY The following cybersecurity agencies coauthored this joint Cybersecurity Advisory (CSA): United States: The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Federal Bureau of Investigation (FBI) Australia: Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) Canada: Canadian Centre for Cyber Security (CCCS) New Zealand: New Zealand ...
Tuesday, 01.08.2023
Title
Threat Actors Exploiting Ivanti EPMM Vulnerabilities
Published
Aug. 1, 2023, 4:42 p.m.
Summary
SUMMARY The Cybersecurity and Infrastructure Security Agency (CISA) and the Norwegian National Cyber Security Centre (NCSC-NO) are releasing this joint Cybersecurity Advisory (CSA) in response to active exploitation of CVE-2023-35078 and CVE-2023-35081. Advanced persistent threat (APT) actors exploited CVE-2023-35078 as a zero day from at least April 2023 through July ...
Title
​APSystems Altenergy Power Control
Published
Aug. 1, 2023, 2 p.m.
Summary
1. EXECUTIVE SUMMARY ​CVSS v3 9.8 ​ATTENTION: Exploitable remotely / low attack complexity / public exploits available ​Vendor: APSystems ​Equipment: Altenergy Power Control ​Vulnerability: OS Command Injection 2. RISK EVALUATION ​Successful exploitation of this vulnerability may allow remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ​The following versions of ...
  • 1
  • 2
  • 3 (current)

Last Updates

BOSCH PSIRT
06.12.2024
SIEMENS CERT
16.12.2024
US CERT
08.11.2024
US CERT (ICS)
19.12.2024

By Source

Archive

2024
2023
2022
2021
2020
2019
2018
2017

Feeds