April 2022
19.04.2022
US CERT (ICS)
Elcomplus SmartPTT SCADA Server
Title
Elcomplus SmartPTT SCADA Server
Published
April 19, 2022, 4:05 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-109-05
Summary
This advisory contains mitigations for Cross-site Scripting, Unauthorized Exposure to Sensitive Information, Unrestricted Upload of File with Dangerous Type, Path Traversal, and Cross-site Request Forgery vulnerabilities in the Elcomplus SmartPTT SCADA Server voice and data dispatch software.
19.04.2022
US CERT (ICS)
Elcomplus SmartPPT SCADA Server
Title
Elcomplus SmartPPT SCADA Server
Published
April 19, 2022, 4:05 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-109-05
Summary
This advisory contains mitigations for Cross-site Scripting, Unauthorized Exposure to Sensitive Information, Unrestricted Upload of File with Dangerous Type, Path Traversal, and Cross-site Request Forgery vulnerabilities in the Elcomplus SmartPPT SCADA Server voice and data dispatch software.
19.04.2022
US CERT (ICS)
Multiple RTOS (Update E)
Title
Multiple RTOS (Update E)
Published
April 19, 2022, 4 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-119-04
Summary
This updated advisory is a follow-up to the advisory update titled ICSA-21-119-04 Multiple RTOS (Update D) that was published November 30, 2021, to the ICS webpage on www.cisa.gov/uscert. CISA is aware of a public report, known as “BadAlloc” that details vulnerabilities found in multiple real-time operating systems (RTOS) and supporting ...
15.04.2022
US CERT (ICS)
Siemens RUGGEDCOM Devices (Update A)
Title
Siemens RUGGEDCOM Devices (Update A)
Published
April 15, 2022, 4:46 a.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-069-01
Summary
This updated advisory is a follow-up to the original advisory titled ICSA-22-069-01 Siemens RUGGEDCOM Devices that was published March 10, 2022, to the ICS webpage on www.cisa.gov/uscert. This advisory contains mitigations for a Missing Encryption of Sensitive Data vulnerability in devices using the Siemens RUGGEDCOM software platform.
14.04.2022
US CERT (ICS)
Delta Electronics DMARS
Title
Delta Electronics DMARS
Published
April 14, 2022, 5:20 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-104-01
Summary
This advisory contains mitigations for an Improper Restriction of XML External Entity Reference vulnerability in the Delta Electronics DMARS program development tool.
14.04.2022
US CERT (ICS)
Red Lion DA50N
Title
Red Lion DA50N
Published
April 14, 2022, 5:16 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-104-03
Summary
This advisory contains mitigation for Insufficient Verification of Data Authenticity, Weak Password Requirements, Use of Unmaintained Third-Party Components, and Insufficiently Protected Credentials vulnerabilities in the Red Lion DA50N networking gateway.
14.04.2022
US CERT (ICS)
Siemens SCALANCE FragAttacks
Title
Siemens SCALANCE FragAttacks
Published
April 14, 2022, 5:14 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-104-04
Summary
This advisory contains mitigations for Improper Authentication, Injection, Improper Validation of Integrity Check, and Improper Input Validation vulnerabilities in the Siemens SCALANCE FragAttacks.
14.04.2022
US CERT (ICS)
Siemens OpenSSL Vulnerabilities in Industrial Products
Title
Siemens OpenSSL Vulnerabilities in Industrial Products
Published
April 14, 2022, 5:12 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-104-05
Summary
This advisory contains mitigations for a NULL Pointer Dereference vulnerability in the Siemens OpenSSL.
14.04.2022
US CERT (ICS)
Siemens PROFINET Stack Integrated on Interniche Stack
Title
Siemens PROFINET Stack Integrated on Interniche Stack
Published
April 14, 2022, 5:10 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-104-06
Summary
This advisory contains mitigations for an Uncontrolled Resource Consumption vulnerability in the Siemens PROFINET Stack Integrated on Interniche Stack.
14.04.2022
US CERT (ICS)
Siemens Mendix
Title
Siemens Mendix
Published
April 14, 2022, 5:08 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-104-07
Summary
This advisory contains mitigations for an Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Siemens Mendix, a software platform to build mobile and web applications.
14.04.2022
US CERT (ICS)
Siemens SCALANCE W1700
Title
Siemens SCALANCE W1700
Published
April 14, 2022, 5:06 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-104-08
Summary
This advisory contains mitigations for Race Condition, and Improper Input Validation vulnerabilities in the Siemens SCALANCE W1700 wireless communication device.
14.04.2022
US CERT (ICS)
Siemens SCALANCE X-300 Switches
Title
Siemens SCALANCE X-300 Switches
Published
April 14, 2022, 5:04 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-104-09
Summary
This advisory contains mitigations for Improper Input Validation, Use of Insufficiently Random Values, Stack-based Buffer Overflow, Cross-site Request Forgery, Improper Access Control, Basic XSS, Classic Buffer Overflow, Out-of-bounds Read vulnerabilities in Siemens SCALANCE X-300 Switches.
12.04.2022
US CERT (ICS)
Valmet DNA
Title
Valmet DNA
Published
April 12, 2022, 4:20 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-102-01
Summary
This advisory contains mitigations for an Inadequate Encryption Strength vulnerability in Valmet DNA distributed control system products.
12.04.2022
US CERT (ICS)
Mitsubishi Electric MELSEC-Q Series C Controller Module
Title
Mitsubishi Electric MELSEC-Q Series C Controller Module
Published
April 12, 2022, 4:15 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-102-02
Summary
This advisory contains mitigations for a Heap-based Buffer Overflow vulnerability in some MELSEC-Q Series C Controller Modules using Wind River VxWorks Version 6.4.
12.04.2022
US CERT (ICS)
Mitsubishi Electric GT25-WLAN
Title
Mitsubishi Electric GT25-WLAN
Published
April 12, 2022, 4:05 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-102-04
Summary
This advisory contains mitigations for Improper Removal of Sensitive Information Before Storage or Transfer, Inadequate Encryption Strength, Missing Authentication for Critical Function, Injection, and Improper Input Validation vulnerabilities in Mitsubishi Electric GT25-WLAN wireless communication units.
12.04.2022
US CERT (ICS)
Aethon TUG Home Base Server
Title
Aethon TUG Home Base Server
Published
April 12, 2022, 4 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-102-05
Summary
This advisory contains mitigations for Missing Authorization, Channel Accessible by Non-endpoint, and Cross-site Scripting vulnerabilities in the Aethon TUG Home Base Server; a server used to control and communicate with autonomous mobile robots in hospitals.
07.04.2022
US CERT (ICS)
Pepperl+Fuchs WirelessHART-Gateway
Title
Pepperl+Fuchs WirelessHART-Gateway
Published
April 7, 2022, 4:10 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-097-01
Summary
This advisory contains mitigations for several vulnerabilities in Pepperl+Fuchs WirelessHART-Gateway industrial networking devices.
07.04.2022
US CERT (ICS)
ABB SPIET800 and PNI800
Title
ABB SPIET800 and PNI800
Published
April 7, 2022, 4:05 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-097-02
Summary
This advisory contains mitigations for Incomplete Internal State Distinction, Improper Handling of Unexpected Data Type, and Uncontrolled Resource Consumption vulnerabilities in ABB Symphony Plus SPIET800 and PNI800 network interface modules.
05.04.2022
US CERT (ICS)
LifePoint Informatics Patient Portal
Title
LifePoint Informatics Patient Portal
Published
April 5, 2022, 4:15 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsma-22-095-01
Summary
This advisory contains mitigations for an Authentication Bypass Using Alternate Path or Channel vulnerability in the LifePoint Informatics Patient Portal, a website containing patient health data.
05.04.2022
US CERT (ICS)
Philips Vue PACS (Update B)
Title
Philips Vue PACS (Update B)
Published
April 5, 2022, 4 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsma-21-187-01
Summary
This updated advisory is a follow-up to the advisory update titled ICSMA-21-87-01 Philips Vue PACS (Update A) that was published January 20, 2022, to the ICS webpage on www.cisa.gov/uscert/ics. This advisory contains mitigations for numerous vulnerabilities in Philips Vue PACS products.
March 2022
31.03.2022
US CERT (ICS)
Schneider Electric SCADAPack Workbench
Title
Schneider Electric SCADAPack Workbench
Published
March 31, 2022, 4:40 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-090-01
Summary
This advisory contains mitigations for an Improper Restriction of XML External Entity Reference vulnerability in Schneider Electric SCADAPack Workbench software.
31.03.2022
US CERT (ICS)
Hitachi Energy e-mesh EMS
Title
Hitachi Energy e-mesh EMS
Published
March 31, 2022, 4:35 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-090-02
Summary
This advisory contains mitigations for Improper Restriction of Operations Within the Bounds of a Memory Buffer, Use After Free, and Uncontrolled Resource Consumption vulnerabilities in Hitachi Energy e-mesh EMS, an optimizer software for energy resources.
31.03.2022
US CERT (ICS)
Fuji Electric Alpha5
Title
Fuji Electric Alpha5
Published
March 31, 2022, 4:30 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-090-03
Summary
This advisory contains mitigations for Access of Uninitialized Pointer, Out-of-bound Read, Stack-based Buffer Overflow, and Heap-based Buffer Overflow vulnerabilities in the Fuji Electric Alpha5 servo drive system.
31.03.2022
US CERT (ICS)
Mitsubishi Electric FA Products
Title
Mitsubishi Electric FA Products
Published
March 31, 2022, 4:25 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-090-04
Summary
This advisory contains mitigations for a Use of Password Hash Instead of Password for Authentication, Use of Weak Hash, Cleartext Storage of Sensitive Information, and Authentication Bypass by Capture-replay vulnerabilities in Mitsubishi Electric FA CPU module products.
31.03.2022
US CERT (ICS)
General Electric Renewable Energy MDS Radios
Title
General Electric Renewable Energy MDS Radios
Published
March 31, 2022, 4:15 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-090-06
Summary
This advisory contains mitigations for Improper Input Validation, Hidden Functionality, Inadequate Encryption Strength, Uncontrolled Resource Consumption, Plaintext Storage of a Password, and Download of Code Without Integrity Check vulnerabilities in General Electric Renewable Energy MDS Radios.

Last Updates

BOSCH PSIRT
21.08.2024
SIEMENS CERT
12.09.2024
US CERT
19.09.2024
US CERT (ICS)
19.09.2024

By Source

Archive

2024
2023
2022
2021
2020
2019
2018
2017

Feeds