Bulletins | CERT@VDE

ARC Informatique PcVue (Update A)

Title

ARC Informatique PcVue (Update A)

Published

Sept. 29, 2022, 4:20 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-235-01-0

Summary

This updated advisory is a follow-up to the advisory update titled ICSA-22-235-01 ARC Informatique PcVue that was published August 23, 2022 to the ICS webpage on cisa.gov/ics. This advisory contains mitigations for a Cleartext Storage of Sensitive Information vulnerability in various components of ARC Informatique products.

29.09.2022

Hitachi Energy MicroSCADA Pro X SYS600

Title

Hitachi Energy MicroSCADA Pro X SYS600

Published

Sept. 29, 2022, 4:05 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-272-02

Summary

This advisory contains mitigations for NULL Pointer Dereference and Infinite Loop vulnerabilities in Hitachi Energy MicroSCADA Pro/X SYS600 products.

27.09.2022

Hitachi Energy AFS660/AFS665

Title

Hitachi Energy AFS660/AFS665

Published

Sept. 27, 2022, 4:20 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-270-01

Summary

This advisory contains mitigations for an Improper Input Validation vulnerability in Hitachi Energy AFS660 and AFS665 industrial switches.

27.09.2022

Rockwell Automation ThinManager ThinServer

Title

Rockwell Automation ThinManager ThinServer

Published

Sept. 27, 2022, 4 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-270-03

Summary

This advisory contains mitigations for a Heap-based Buffer Overflow vulnerability in Rockwell Automation ThinManager ThinServer, a thin client and remote desktop protocol (RDP) server management software.

22.09.2022

Mitsubishi Electric Factory Automation Engineering Software (Update D)

Title

Mitsubishi Electric Factory Automation Engineering Software (Update D)

Published

Sept. 22, 2022, 4:10 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-20-212-02

Summary

This updated advisory is a follow-up to the advisory update titled ICSA-20-212-02 Mitsubishi Electric Factory Automation Engineering Software (Update C) that was published July 28, 2022, to the ICS webpage on cisa.gov/ics.This advisory contains mitigations for a Permission Issues vulnerability in versions of Mitsubishi Electric Factory Automation Engineering Software products.

22.09.2022

Mitsubishi Electric Multiple Products (Update E)

Title

Mitsubishi Electric Multiple Products (Update E)

Published

Sept. 22, 2022, 4 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-20-245-01

Summary

This updated advisory is a follow-up to the advisory update titled ICSA-20-245-01 Mitsubishi Electric Multiple Products (Update D) that was published May 31, 2022 to the ICS webpage on cisa.gov/ics. This advisory contains mitigations for a Predictable Exact Value from Previous Values vulnerabilit in versions of several Mitsubishi Electric products.

Hitachi Energy PROMOD IV

Title

Hitachi Energy PROMOD IV

Published

Sept. 20, 2022, 4:35 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-263-01

Summary

This advisory contains mitigations for an Improper Access Control vulnerability in PROMOD IV.

Hitachi Energy AFF660/665 Series

Title

Hitachi Energy AFF660/665 Series

Published

Sept. 20, 2022, 4:30 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-263-02

Summary

This advisory contains mitigations for a Stack-base Buffer Overflow vulnerability in versions of Hitachi Energy AFF660/665 Firewall software.

Medtronic NGP 600 Series Insulin Pumps

Title

Medtronic NGP 600 Series Insulin Pumps

Published

Sept. 20, 2022, 4:25 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsma-22-263-01

Summary

This advisory contains mitigations for a Protection Mechanism Failure vulnerability in versions of Medtronic NGP 600 Series Insulin Pumps and accessory components.

https://us-cert.cisa.gov/ics/advisories/icsa-22-263-03

Dataprobe iBoot-PDU

Title

Dataprobe iBoot-PDU

Published

Sept. 20, 2022, 4:20 p.m.

URL

Summary

This advisory contains mitigations for OS Command Injection, Path Traversal, Exposure of Sensitive Information to an Unauthorized Actor, Improper Access Control, Improper Authorization, Incorrect Authorization, and SSRF vulnerabilities in versions of Dataprobe iBoot-PDU FW products.

Host Engineering Communications Module

Title

Host Engineering Communications Module

Published

Sept. 20, 2022, 4:15 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-263-04

Summary

This advisory contains mitigations for a Stack-based Buffer overflow vulnerability in versions of Host Engineering H0-ECOM100 Communications Module products.

AutomationDirect DirectLOGIC with Ethernet (Update A)

Title

AutomationDirect DirectLOGIC with Ethernet (Update A)

Published

Sept. 20, 2022, 4:10 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-167-03

Summary

This updated advisory is a follow-up to the original advisory titled ICSA-22.167-03 AutomationDirect DirectLOGIC with Ethernet that was published June 16, 2022, on the ICS webpage on cisa.gov/ICS. This advisory contains mitigations for Uncontrolled Resource Consumption and Cleartext Transmission of Sensitive Information vulnerabilities in versions of AutomationDirect DirectLOGIC with Ethernet ...

AutomationDirect DirectLOGIC with Serial Communication (Update A)

Title

AutomationDirect DirectLOGIC with Serial Communication (Update A)

Published

Sept. 20, 2022, 4:05 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-167-02

Summary

This updated advisory is a follow-up to the original advisory titled ICSA-22.167-02 AutomationDirect DirectLOGIC with Serial Communication that was published June 16, 2022, on the ICS webpage on cisa.gov/ICS. This advisory contains mitigations for a Cleartext Transmission of Sensitive Information vulnerability in versions of AutomationDirect DirectLOGIC with Serial Communication products.

MiCODUS MV720 GPS tracker (Update A)

Title

MiCODUS MV720 GPS tracker (Update A)

Published

Sept. 20, 2022, 4 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-200-01

Summary

This updated advisory is a follow-up to the original advisory titled ICSA-22-200-01 MiCODUS MV720 GPS tracker that was published July 19, 2022, on the ICS webpage on cisa.gov/ICS. This advisory contains mitigations for Use of Hard-coded Credentials, Improper Authentication, Cross-site Scripting, and Authorization Bypass Through User-controlled Key vulnerabilities in versions ...

Siemens Mobility CoreShield OWG Software

Title

Siemens Mobility CoreShield OWG Software

Published

Sept. 15, 2022, 4:50 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-258-01

Summary

This advisory contains mitigations for an Improper Access Control vulnerability in versions of Siemens CoreShield One-Way Gateway (OWG) Software.

Siemens Simcenter Femap and Parasolid

Title

Siemens Simcenter Femap and Parasolid

Published

Sept. 15, 2022, 4:45 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-258-02

Summary

This advisory contains mitigations for Multiple File Parsing vulnerabilities in Siemens Simcenter Femap and Parasolid products.

Siemens Industrial Products Intel CPUs (Update F)

Title

Siemens Industrial Products Intel CPUs (Update F)

Published

Sept. 15, 2022, 4:38 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-21-222-05

Summary

This updated advisory is a follow-up to the advisory update titled ICSA-21-222-05 Siemens Industrial Products Intel CPU (Update E) that was published August 11, 2022, to the ICS webpage on www.cisa.gov/ics. This advisory contains mitigations for a Missing Encryption of Sensitive Data vulnerability in versions of Siemens Industrial Products Intel ...

Siemens RUGGEDCOM ROS (Update A)

Title

Siemens RUGGEDCOM ROS (Update A)

Published

Sept. 15, 2022, 4:25 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-19-344-03

Summary

This updated advisory is a follow-up to the original advisory titled ICSA-19-344-03 Siemens RUGGEDCOM ROS that was published December 10, 2019, on the ICS webpage on cisa.gov/ICS. This advisory contains mitigations for Improper Restriction of Operations within the Bounds of a Memory Buffer and Resource Management Errors vulnerabilities in multiple ...

Simcenter Femap and Parasolid (Update B)

Title

Simcenter Femap and Parasolid (Update B)

Published

Sept. 15, 2022, 4:20 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-195-09

Summary

This updated advisory is a follow-up to the original advisory titled ICSA-22-195-09 Simcenter Femap and Parasolid (Update A) that was published July 14, 2022, on the ICS webpage on cisa.gov/ics. This advisory contains mitigations for an Out-of-bounds Read vulnerability Simcenter Femap, an advanced simulation application, and Parasolid, a 3D geometric ...

Siemens OpenSSL Affected Industrial Products (Update C)

Title

Siemens OpenSSL Affected Industrial Products (Update C)

Published

Sept. 15, 2022, 4:10 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-167-14

Summary

This updated advisory is a follow-up to the original advisory titled ICSA-22-167-14 Siemens OpenSSL Affected Industrial Products (Update B) that was published August 18, 2022, on the ICS webpage on cisa.gov/ics. This advisory contains mitigations for an Infinite Loop vulnerability in multiple Siemens industrial products.