• 1 (current)
  • 2
  • 3
Thursday, 19.12.2024
13:00
US CERT (ICS)
Hitachi Energy SDM600
Title
Hitachi Energy SDM600
Published
Dec. 19, 2024, 1 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-24-354-02
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.0 ATTENTION: Exploitable from adjacent network Vendor: Hitachi Energy Equipment: SDM600 Vulnerabilities: Origin Validation Error, Incorrect Authorization 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to escalate privileges and access sensitive information. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Hitachi ...
13:00
US CERT (ICS)
Schneider Electric Accutech Manager
Title
Schneider Electric Accutech Manager
Published
Dec. 19, 2024, 1 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-24-354-06
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: Accutech Manager Vulnerability: Classic Buffer Overflow 2. RISK EVALUATION Successful exploitation could allow an attacker to cause a crash of the Accutech Manager when receiving a specially crafted request over port 2536/TCP. 3. ...
13:00
US CERT (ICS)
Hitachi Energy RTU500 series CMU
Title
Hitachi Energy RTU500 series CMU
Published
Dec. 19, 2024, 1 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-24-354-01
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.9 ATTENTION: Exploitable remotely Vendor: Hitachi Energy Equipment: RTU500 series CMU Vulnerability: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 ...
13:00
US CERT (ICS)
Delta Electronics DTM Soft
Title
Delta Electronics DTM Soft
Published
Dec. 19, 2024, 1 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-24-354-03
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Low attack complexity Vendor: Delta Electronics Equipment: DTM Soft Vulnerability: Deserialization of Untrusted Data 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Delta Electronics products ...
13:00
US CERT (ICS)
Tibbo AggreGate Network Manager
Title
Tibbo AggreGate Network Manager
Published
Dec. 19, 2024, 1 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-24-354-05
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Tibbo Equipment: AggreGate Network Manager Vulnerability: Unrestricted Upload of File with Dangerous Type 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to achieve code execution on the affected device. 3. TECHNICAL DETAILS ...
13:00
US CERT (ICS)
Siemens User Management Component
Title
Siemens User Management Component
Published
Dec. 19, 2024, 1 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-24-354-04
Summary
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS ...
Tuesday, 17.12.2024
13:00
US CERT (ICS)
Rockwell Automation PowerMonitor 1000 Remote
Title
Rockwell Automation PowerMonitor 1000 Remote
Published
Dec. 17, 2024, 1 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-24-352-03
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: PowerMonitor 1000 Remote Vulnerabilities: Unprotected Alternate Channel, Heap-based Buffer Overflow, Classic Buffer Overflow 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to perform edit operations, create admin users, perform ...
13:00
US CERT (ICS)
ThreatQuotient ThreatQ Platform
Title
ThreatQuotient ThreatQ Platform
Published
Dec. 17, 2024, 1 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-24-352-01
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: ThreatQuotient Inc. Equipment: ThreatQ Platform Vulnerability: Command Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to perform remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of ThreatQuotient ...
13:00
US CERT (ICS)
Hitachi Energy TropOS Devices Series 1400/2400/6400
Title
Hitachi Energy TropOS Devices Series 1400/2400/6400
Published
Dec. 17, 2024, 1 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-24-352-02
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: TropOS Devices Series 1400/2400/6400 Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following ...
13:00
US CERT (ICS)
Schneider Electric Modicon
Title
Schneider Electric Modicon
Published
Dec. 17, 2024, 1 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-24-352-04
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: Modicon M241 / M251 / M258 / LMC058 Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could lead to a denial-of-service and a loss of confidentiality and integrity in ...
Monday, 16.12.2024
01:00
SIEMENS CERT
SSA-928984 V1.0: Heap-based Buffer Overflow Vulnerability in User Management Component (UMC)
Title
SSA-928984 V1.0: Heap-based Buffer Overflow Vulnerability in User Management Component (UMC)
Published
Dec. 16, 2024, 1 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-928984.html
Summary
Siemens User Management Component (UMC) is affected by a heap-based buffer overflow vulnerability which could allow an unauthenticated remote attacker arbitrary code execution. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends countermeasures for ...
Thursday, 12.12.2024
13:00
US CERT (ICS)
Siemens CPCI85 Central Processing/Communication
Title
Siemens CPCI85 Central Processing/Communication
Published
Dec. 12, 2024, 1 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-24-347-01
Summary
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS ...
13:00
US CERT (ICS)
Siemens Solid Edge SE2024
Title
Siemens Solid Edge SE2024
Published
Dec. 12, 2024, 1 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-24-347-07
Summary
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS ...
13:00
US CERT (ICS)
Siemens SENTRON Powercenter 1000
Title
Siemens SENTRON Powercenter 1000
Published
Dec. 12, 2024, 1 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-24-347-10
Summary
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY ...
13:00
US CERT (ICS)
Siemens Teamcenter Visualization
Title
Siemens Teamcenter Visualization
Published
Dec. 12, 2024, 1 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-24-347-09
Summary
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS ...
01:00
SIEMENS CERT
SSA-097435 V1.7 (Last Update: 2024-12-12): Usernames Disclosure Vulnerability in Mendix Runtime
Title
SSA-097435 V1.7 (Last Update: 2024-12-12): Usernames Disclosure Vulnerability in Mendix Runtime
Published
Dec. 12, 2024, 1 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-097435.html
Summary
Mendix Runtime contains an observable response discrepancy vulnerability when validating usernames during authentication. This could allow unauthenticated remote attackers to distinguish between valid and invalid usernames. Siemens has released new versions for the affected products and recommends to update to the latest versions. Note that some, Mendix Runtime version lines ...
01:00
SIEMENS CERT
SSA-979056 V1.1 (Last Update: 2024-12-12): Out of Bounds Write Vulnerability in Parasolid
Title
SSA-979056 V1.1 (Last Update: 2024-12-12): Out of Bounds Write Vulnerability in Parasolid
Published
Dec. 12, 2024, 1 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-979056.html
Summary
Parasolid is affected by an out of bounds write vulnerability that could be triggered when the application is parsing X_T data or a specially crafted file in X_T format. If a user is tricked to open a malicious file with the affected applications, an attacker could leverage the vulnerability to ...
Tuesday, 10.12.2024
13:00
US CERT (ICS)
Rockwell Automation Arena (Update A)
Title
Rockwell Automation Arena (Update A)
Published
Dec. 10, 2024, 1 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-24-345-06
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Low attack complexity Vendor: Rockwell Automation Equipment: Arena Vulnerabilities: Use After Free, Out-of-bounds Write, Improper Initialization, Out-of-bounds Read, Dependency on Vulnerable Third-Party Component 2. RISK EVALUATION Successful exploitation of these vulnerabilities could result in execution of arbitrary code. 3. TECHNICAL DETAILS ...
13:00
US CERT (ICS)
Schneider Electric EcoStruxure Foxboro DCS Core Control Services
Title
Schneider Electric EcoStruxure Foxboro DCS Core Control Services
Published
Dec. 10, 2024, 1 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-24-345-02
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low Attack Complexity Vendor: Schneider Electric Equipment: EcoStruxure Foxboro DCS Core Control Services Vulnerabilities: Out-of-bounds Write, Improper Validation of Array Index, Improper Input Validation 2. RISK EVALUATION Successful exploitation of these vulnerabilities could lead to a loss of system functionality or ...
13:00
US CERT (ICS)
Schneider Electric FoxRTU Station
Title
Schneider Electric FoxRTU Station
Published
Dec. 10, 2024, 1 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-24-345-03
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.3 ATTENTION: Low Attack Complexity Vendor: Schneider Electric Equipment: FoxRTU Station Vulnerability: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to perform remote code execution. 3. TECHNICAL DETAILS ...
13:00
US CERT (ICS)
MOBATIME Network Master Clock
Title
MOBATIME Network Master Clock
Published
Dec. 10, 2024, 1 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-24-345-01
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/Low attack complexity Vendor: MOBATIME Equipment: Network Master Clock - DTS 4801 Vulnerability: Use of Default Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to take control of the operating system for this product. 3. ...
01:00
SIEMENS CERT
SSA-773256 V1.2 (Last Update: 2024-12-10): Impact of Socket.IO CVE-2024-38355 on Siemens Industrial Products
Title
SSA-773256 V1.2 (Last Update: 2024-12-10): Impact of Socket.IO CVE-2024-38355 on Siemens Industrial Products
Published
Dec. 10, 2024, 1 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-773256.html
Summary
A Socket.IO vulnerability affects multiple Siemens industrial products. This vulnerability consists of a specially crafted Socket.IO packet that triggers an uncaught exception on the Socket.IO server killing the Node.js process allowing a remote attacker to cause Denial-of-Service condition in the affected products. Siemens has released new versions for several affected ...
01:00
SIEMENS CERT
SSA-800126 V1.0: Deserialization Vulnerability in Siemens Engineering Platforms before V20
Title
SSA-800126 V1.0: Deserialization Vulnerability in Siemens Engineering Platforms before V20
Published
Dec. 10, 2024, 1 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-800126.html
Summary
Affected products do not properly sanitize user-controllable input when parsing files. This could allow an attacker to cause a type confusion and execute arbitrary code within the affected application. Siemens is preparing fix versions and recommends countermeasures for products where fixes are not, or not yet available. Siemens has released ...
01:00
SIEMENS CERT
SSA-398330 V2.1 (Last Update: 2024-12-10): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 151...
Title
SSA-398330 V2.1 (Last Update: 2024-12-10): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
Published
Dec. 10, 2024, 1 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-398330.html
Summary
Multiple vulnerabilities have been identified in the additional GNU/Linux subsystem of the firmware version V3.1 for the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP (incl. SIPLUS variant). These GNU/Linux vulnerabilities have been externally identified. Siemens is preparing fix versions and recommends specific countermeasures for products where fixes are not, or not ...
01:00
SIEMENS CERT
SSA-822518 V1.2 (Last Update: 2024-12-10): Multiple Vulnerabilities in Palo Alto Networks Virtual NGFW Before V11.0.1 on RUGGED...
Title
SSA-822518 V1.2 (Last Update: 2024-12-10): Multiple Vulnerabilities in Palo Alto Networks Virtual NGFW Before V11.0.1 on RUGGEDCOM APE1808 Devices
Published
Dec. 10, 2024, 1 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-822518.html
Summary
Palo Alto Networks has published [1] information on vulnerabilities in PAN-OS. This advisory lists the related Siemens Industrial products affected by these vulnerabilities. Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available. Customers are advised to consult and implement the workarounds ...
  • 1 (current)
  • 2
  • 3

Last Updates

BOSCH PSIRT
15.01.2025
SIEMENS CERT
15.01.2025
US CERT
08.11.2024
US CERT (ICS)
16.01.2025

By Source

Archive

2025
2024
2023
2022
2021
2020
2019
2018
2017

Feeds