Bulletins | CERT@VDE

This advisory contains mitigations for Observable Discrepancy, HTTP Request Smuggling, Classic Buffer Overflow, Improper Certificate Validation, Improper Restriction of Operations within the Bounds of a Memory Buffer, and Exposure of Sensitive Information to an Unauthorized Actor vulnerabilities in the Hitachi Energy MicroSCADA Pro/X SYS600 SCADA product.

19.04.2022

US CERT (ICS)

Interlogix Hills ComNav

Title

Interlogix Hills ComNav

Published

April 19, 2022, 4:25 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-109-01

Summary

This advisory contains mitigations for Improper Restriction of Excessive Authentication Attempts, and Inadequate Encryption Strength vulnerability in Interlogix Hills ComNav remote access integration modules.

19.04.2022

US CERT (ICS)

Automated Logic WebCTRL

Title

Automated Logic WebCTRL

Published

April 19, 2022, 4:20 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-109-02

Summary

This advisory contains mitigations for n Open Redirect vulnerability inAutomated Logic WebCTRL building automation software.

19.04.2022

US CERT (ICS)

FANUC ROBOGUIDE Simulation Platform

Title

FANUC ROBOGUIDE Simulation Platform

Published

April 19, 2022, 4:15 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-109-03

Summary

This advisory contains mitigations for Incorrect Permission Assignment for Critical Resource, Improper Access Control, Path Traversal, Improper Restriction of XML External Entity Reference, and Uncontrolled Resource Consumption vulnerabilities in FANUC ROBOGUIDE simulation software for FANUC robots.

19.04.2022

US CERT (ICS)

Elcomplus SmartPPT SCADA

Title

Elcomplus SmartPPT SCADA

Published

April 19, 2022, 4:10 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-109-04

Summary

This advisory contains mitigations for Path Traversal, Unrestricted Upload of File with Dangerous Type, Improper Authorization, and Cross-site Scripting vulnerabilities in Elcomplus SmartPPT SCADA voice and data dispatch software.

19.04.2022

US CERT (ICS)

Elcomplus SmartPTT SCADA

Title

Elcomplus SmartPTT SCADA

Published

April 19, 2022, 4:10 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-109-04

Summary

19.04.2022

US CERT (ICS)

Elcomplus SmartPPT SCADA Server

Title

Elcomplus SmartPPT SCADA Server

Published

April 19, 2022, 4:05 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-109-05

Summary

This advisory contains mitigations for Cross-site Scripting, Unauthorized Exposure to Sensitive Information, Unrestricted Upload of File with Dangerous Type, Path Traversal, and Cross-site Request Forgery vulnerabilities in the Elcomplus SmartPPT SCADA Server voice and data dispatch software.

19.04.2022

US CERT (ICS)

Elcomplus SmartPTT SCADA Server

Title

Elcomplus SmartPTT SCADA Server

Published

April 19, 2022, 4:05 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-109-05

Summary

19.04.2022

US CERT (ICS)

Multiple RTOS (Update E)

Title

Multiple RTOS (Update E)

Published

April 19, 2022, 4 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-21-119-04

Summary

This updated advisory is a follow-up to the advisory update titled ICSA-21-119-04 Multiple RTOS (Update D) that was published November 30, 2021, to the ICS webpage on www.cisa.gov/uscert. CISA is aware of a public report, known as “BadAlloc” that details vulnerabilities found in multiple real-time operating systems (RTOS) and supporting ...

15.04.2022

US CERT (ICS)

Siemens RUGGEDCOM Devices (Update A)

Title

Siemens RUGGEDCOM Devices (Update A)

Published

April 15, 2022, 4:46 a.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-069-01

Summary

This updated advisory is a follow-up to the original advisory titled ICSA-22-069-01 Siemens RUGGEDCOM Devices that was published March 10, 2022, to the ICS webpage on www.cisa.gov/uscert. This advisory contains mitigations for a Missing Encryption of Sensitive Data vulnerability in devices using the Siemens RUGGEDCOM software platform.

14.04.2022

US CERT (ICS)

Delta Electronics DMARS

Title

Delta Electronics DMARS

Published

April 14, 2022, 5:20 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-104-01

Summary

This advisory contains mitigations for an Improper Restriction of XML External Entity Reference vulnerability in the Delta Electronics DMARS program development tool.

14.04.2022

US CERT (ICS)

Red Lion DA50N

Title

Red Lion DA50N

Published

April 14, 2022, 5:16 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-104-03

Summary

This advisory contains mitigation for Insufficient Verification of Data Authenticity, Weak Password Requirements, Use of Unmaintained Third-Party Components, and Insufficiently Protected Credentials vulnerabilities in the Red Lion DA50N networking gateway.

14.04.2022

US CERT (ICS)

Siemens SCALANCE FragAttacks

Title

Siemens SCALANCE FragAttacks

Published

April 14, 2022, 5:14 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-104-04

Summary

This advisory contains mitigations for Improper Authentication, Injection, Improper Validation of Integrity Check, and Improper Input Validation vulnerabilities in the Siemens SCALANCE FragAttacks.

14.04.2022

US CERT (ICS)

Siemens OpenSSL Vulnerabilities in Industrial Products

Title

Siemens OpenSSL Vulnerabilities in Industrial Products

Published

April 14, 2022, 5:12 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-104-05

Summary

This advisory contains mitigations for a NULL Pointer Dereference vulnerability in the Siemens OpenSSL.

14.04.2022

US CERT (ICS)

Siemens PROFINET Stack Integrated on Interniche Stack

Title

Siemens PROFINET Stack Integrated on Interniche Stack

Published

April 14, 2022, 5:10 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-104-06

Summary

This advisory contains mitigations for an Uncontrolled Resource Consumption vulnerability in the Siemens PROFINET Stack Integrated on Interniche Stack.

14.04.2022

US CERT (ICS)

Siemens Mendix

Title

Siemens Mendix

Published

April 14, 2022, 5:08 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-104-07

Summary

This advisory contains mitigations for an Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Siemens Mendix, a software platform to build mobile and web applications.

14.04.2022

US CERT (ICS)

Siemens SCALANCE W1700

Title

Siemens SCALANCE W1700

Published

April 14, 2022, 5:06 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-104-08

Summary

This advisory contains mitigations for Race Condition, and Improper Input Validation vulnerabilities in the Siemens SCALANCE W1700 wireless communication device.

14.04.2022

US CERT (ICS)

Siemens SCALANCE X-300 Switches

Title

Siemens SCALANCE X-300 Switches

Published

April 14, 2022, 5:04 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-104-09

Summary

This advisory contains mitigations for Improper Input Validation, Use of Insufficiently Random Values, Stack-based Buffer Overflow, Cross-site Request Forgery, Improper Access Control, Basic XSS, Classic Buffer Overflow, Out-of-bounds Read vulnerabilities in Siemens SCALANCE X-300 Switches.

12.04.2022

US CERT (ICS)

Valmet DNA

Title

Valmet DNA

Published

April 12, 2022, 4:20 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-102-01

Summary

This advisory contains mitigations for an Inadequate Encryption Strength vulnerability in Valmet DNA distributed control system products.

12.04.2022

US CERT (ICS)

Mitsubishi Electric MELSEC-Q Series C Controller Module

Title

Mitsubishi Electric MELSEC-Q Series C Controller Module

Published

April 12, 2022, 4:15 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-102-02

Summary

This advisory contains mitigations for a Heap-based Buffer Overflow vulnerability in some MELSEC-Q Series C Controller Modules using Wind River VxWorks Version 6.4.

12.04.2022

US CERT (ICS)

Mitsubishi Electric GT25-WLAN

Title

Mitsubishi Electric GT25-WLAN

Published

April 12, 2022, 4:05 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-102-04

Summary

This advisory contains mitigations for Improper Removal of Sensitive Information Before Storage or Transfer, Inadequate Encryption Strength, Missing Authentication for Critical Function, Injection, and Improper Input Validation vulnerabilities in Mitsubishi Electric GT25-WLAN wireless communication units.

12.04.2022

US CERT (ICS)

Aethon TUG Home Base Server

Title

Aethon TUG Home Base Server

Published

April 12, 2022, 4 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-102-05

Summary

This advisory contains mitigations for Missing Authorization, Channel Accessible by Non-endpoint, and Cross-site Scripting vulnerabilities in the Aethon TUG Home Base Server; a server used to control and communicate with autonomous mobile robots in hospitals.

07.04.2022

US CERT (ICS)

Pepperl+Fuchs WirelessHART-Gateway

Title

Pepperl+Fuchs WirelessHART-Gateway

Published

April 7, 2022, 4:10 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-097-01

Summary

This advisory contains mitigations for several vulnerabilities in Pepperl+Fuchs WirelessHART-Gateway industrial networking devices.

…
31
32
33 (current)
34
35
…

Last Updates

By Source

Archive

2024

2023

2022

2021

2020

2019

2018

2017

Feeds