June 2022
21.06.2022
US CERT (ICS)
Phoenix Contact ProConOS and MULTIPROG
Title
Phoenix Contact ProConOS and MULTIPROG
Published
June 21, 2022, 4:10 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-172-04
Summary
This advisory contains mitigations for an Insufficient Verification of Data Authenticity vulnerability in the Phoenix Contact ProConOS and MULTIPROG software development kit.
21.06.2022
US CERT (ICS)
Phoenix Contact Classic Line Industrial Controllers
Title
Phoenix Contact Classic Line Industrial Controllers
Published
June 21, 2022, 4:05 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-172-05
Summary
This advisory contains mitigations for an Insufficient Verification of Data Authenticity vulnerability in the Phoenix Contact Classic Line Industrial Controllers.
21.06.2022
US CERT (ICS)
Siemens WinCC OA
Title
Siemens WinCC OA
Published
June 21, 2022, 4 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-172-06
Summary
This advisory contains mitigations for a Use of Client-side Authentication vulnerability in the Siemens SIMATIC WinCC OA SCADA HMI system.
17.06.2022
US CERT (ICS)
Hillrom Medical Device Management
Title
Hillrom Medical Device Management
Published
June 17, 2022, 5:08 a.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsma-22-167-01
Summary
This advisory contains mitigations for Use of Hard-coded Password, and Improper Access Control vulnerability in Welch Allyn resting electrocardiograph devices. Hillrom Medical. Welch Allyn, and ELI are registered trademarks of Baxter International, Inc., or its subsidiaries.
17.06.2022
US CERT (ICS)
AutomationDirect C-More EA9 HMI
Title
AutomationDirect C-More EA9 HMI
Published
June 17, 2022, 5:06 a.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-167-01
Summary
This advisory contains mitigations for Uncontrolled Search Path Element, Cleartext Transmission of Sensitive Information vulnerabilities in AutomationDirect C-More EA9 human-machine interface products.
16.06.2022
US CERT (ICS)
AutomationDirect DirectLOGIC with Serial Communication
Title
AutomationDirect DirectLOGIC with Serial Communication
Published
June 16, 2022, 5:04 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-167-02
Summary
This advisory contains mitigations for a Cleartext Transmission of Sensitive Information vulnerability in DirectLOGIC programmable controllers with serial communication.
16.06.2022
US CERT (ICS)
AutomationDirect DirectLOGIC with Ethernet
Title
AutomationDirect DirectLOGIC with Ethernet
Published
June 16, 2022, 5:02 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-167-03
Summary
This advisory contains mitigations for Uncontrolled Resource Consumption, and Cleartext Transmission of Sensitive Information vulnerabilities in AutomationDirect DirectLOGIC programmable logic Ethernet controllers.
16.06.2022
US CERT (ICS)
Siemens Mendix SAML Module
Title
Siemens Mendix SAML Module
Published
June 16, 2022, 5 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-167-04
Summary
This advisory contains mitigations for Improper Restriction of XML External Entity Reference, and Cross-site Scripting vulnerabilities in the Siemens Mendix SAML Module.
16.06.2022
US CERT (ICS)
Siemens Apache HTTP Server
Title
Siemens Apache HTTP Server
Published
June 16, 2022, 4:56 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-167-06
Summary
This advisory contains mitigations for NULL Pointer Dereference, Out-of-bounds Write, and Server-side Request Forgery (SSRF) vulnerabilities in the Siemens Apache HTTP Server.
16.06.2022
US CERT (ICS)
Siemens SICAM GridEdge
Title
Siemens SICAM GridEdge
Published
June 16, 2022, 4:52 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-167-08
Summary
This advisory contains mitigations for Missing Authentication for Critical Function, and Resource Leak vulnerabilities in the Siemens SICAM GridEdge Essential ARM.
16.06.2022
US CERT (ICS)
Siemens SCALANCE LPE9403 Third-Party Vulnerabilities
Title
Siemens SCALANCE LPE9403 Third-Party Vulnerabilities
Published
June 16, 2022, 4:50 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-167-09
Summary
This advisory contains mitigations for vulnerabilities in the Siemens SCALANCE LPE9403, a processing power extension for the SCALANCE family of products.
16.06.2022
US CERT (ICS)
Siemens SCALANCE XM-400 and XR-500
Title
Siemens SCALANCE XM-400 and XR-500
Published
June 16, 2022, 4:48 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-167-10
Summary
This advisory contains mitigations for an Improper Validation of Integrity Check Value vulnerability in the Siemens SCALANCE XM-400 and XR-500 industrial switches.
16.06.2022
US CERT (ICS)
Siemens Xpedition Designer
Title
Siemens Xpedition Designer
Published
June 16, 2022, 4:46 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-167-11
Summary
This advisory contains mitigations for an Incorrect Permission Assignment for Critical Resource vulnerability in the Siemens Xpedition Designer PCB design flow products.
16.06.2022
US CERT (ICS)
Siemens Spectrum Power Systems
Title
Siemens Spectrum Power Systems
Published
June 16, 2022, 4:44 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-167-12
Summary
This advisory contains mitigations for a Use of Hard-coded Credentials vulnerability in the Siemens Spectrum Power data modelling and monitoring system.
16.06.2022
US CERT (ICS)
Siemens OpenSSL Affected Industrial Products
Title
Siemens OpenSSL Affected Industrial Products
Published
June 16, 2022, 4:40 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-167-14
Summary
This advisory contains mitigations for an Infinite Loop vulnerability in the Siemens OpenSSL Affected Industrial Products.
14.06.2022
US CERT (ICS)
Johnson Controls Metasys ADS ADX OAS Servers
Title
Johnson Controls Metasys ADS ADX OAS Servers
Published
June 14, 2022, 4:10 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-165-01
Summary
This advisory contains mitigations for Unverified Password Change, and Cross-site Scripting vulnerabilities in the Johnson Controls Metasys ADS ADX OAS Servers.
14.06.2022
US CERT (ICS)
Meridian Cooperative Meridian
Title
Meridian Cooperative Meridian
Published
June 14, 2022, 4:05 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-165-02
Summary
This advisory contains mitigations for an Improper Access Control vulnerability in Meridian utility software.
14.06.2022
US CERT (ICS)
Mitsubishi Electric MELSEC-Q/L and MELSEC iQ-R
Title
Mitsubishi Electric MELSEC-Q/L and MELSEC iQ-R
Published
June 14, 2022, 4 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-165-03
Summary
This advisory contains mitigations for an Improper Input Validation vulnerability in the Mitsubishi Electric MELSEC-Q/L Series and MELSEC iQ-R Series Interface Modules.
07.06.2022
US CERT (ICS)
Mitsubishi Electric MELSEC and MELIPC Series (Update C)
Title
Mitsubishi Electric MELSEC and MELIPC Series (Update C)
Published
June 7, 2022, 4 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-334-02
Summary
This updated advisory is a follow up to the advisory update titled ICSA-21-334-02 Mitsubishi Electric MELSEC and MELIPC Series (Update B) that was published April 26, 2022, to the ICS webpage on cisa.gov/ics. This advisory contains mitigations for Uncontrolled Resource Consumption, Improper Handling of Length Parameter Inconsistency, and Improper Input ...
03.06.2022
US CERT (ICS)
Vulnerabilities Affecting Dominion Voting Systems ImageCast X
Title
Vulnerabilities Affecting Dominion Voting Systems ImageCast X
Published
June 3, 2022, 9 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-154-01
Summary
This advisory contains mitigations for Improper Verification of Cryptographic Signature, Mutable Attestation of Measurement Reporting Data, Hidden Functionality, Improper Protection of Alternate Path, Path Traversal: ''../filedir', Execution with Unnecessary Privileges, Authentication Bypass Spoofing, Incorrect Privilege Assignment, and Origin Validation Error vulnerabilities in versions of Dominion Voting Systems Democracy Suite ImageCast ...
02.06.2022
US CERT (ICS)
Carrier LenelS2 HID Mercury access panels
Title
Carrier LenelS2 HID Mercury access panels
Published
June 2, 2022, 4:05 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-153-01
Summary
This advisory contains mitigations for Protection Mechanism Failure, Forced Browsing, Classic Buffer Overflow, Path Traversal, and OS Command Injection vulnerabilities in Carrier HID Mercury access panels sold by LenlS2.
02.06.2022
US CERT (ICS)
Illumina Local Run Manager
Title
Illumina Local Run Manager
Published
June 2, 2022, 4 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-153-02
Summary
This advisory contains mitigations for Path Traversal, Unrestricted Upload of File with Dangerous Type, Improper Access Control, and Cleartext Transmission of Sensitive Information vulnerabilities in Illumina devices using Local Run Manager software.
May 2022
31.05.2022
US CERT (ICS)
BD Synapsys
Title
BD Synapsys
Published
May 31, 2022, 4:25 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsma-22-151-02
Summary
This advisory contains mitigations for an Insufficient Session Expiration vulnerability in the BD Synapsys microbiology informatics software platform.
31.05.2022
US CERT (ICS)
Mitsubishi Electric MELSEC iQ-F Series (Update A)
Title
Mitsubishi Electric MELSEC iQ-F Series (Update A)
Published
May 31, 2022, 4:15 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-139-01
Summary
This updated advisory is a follow-up to the original advisory titled ICSA-22-139-01 Mitsubishi Electric MELSEC iQ-F Series that was published May 19, 2022, on the ICS webpage at cisa.gov/ics. This advisory contains mitigations for Improper Input Validation vulnerabilities in Mitsubishi Electric MELSEC iQ-F Series CPU modules.
31.05.2022
US CERT (ICS)
Mitsubishi Electric FA Products (Update A)
Title
Mitsubishi Electric FA Products (Update A)
Published
May 31, 2022, 4:10 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-090-04
Summary
This updated advisory is a follow-up to the original advisory titled ICSA-22-090-04 Mitsubishi Electric FA Products that was published March 31, 2022, on the ICS webpage on cisa.gov/ics. This advisory contains mitigations for a Use of Password Hash Instead of Password for Authentication, Use of Weak Hash, Cleartext Storage of ...

Last Updates

BOSCH PSIRT
31.10.2024
SIEMENS CERT
22.11.2024
US CERT
08.11.2024
US CERT (ICS)
21.11.2024

By Source

Archive

2024
2023
2022
2021
2020
2019
2018
2017

Feeds