Bulletins | CERT@VDE

Siemens LOGO! CMR and SIMATIC RTU 3000 (Update A)

Title

Siemens LOGO! CMR and SIMATIC RTU 3000 (Update A)

Published

Feb. 10, 2022, 4:35 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-21-257-13

Summary

This updated advisory is a follow-up to the original advisory titled ICSA-21-257-13 Siemens LOGO! CMR and SIMATIC RTU 3000 that was published September 14, 2021, on the ICS webpage on www.cisa.gov/uscert. This advisory contains mitigations for a Use of Insufficiently Random Values vulnerability in Siemens LOGO! CMR controllers and SIMATIC ...

08.02.2022

Mitsubishi Electric FA Engineering Software Products (Update D)

Title

Mitsubishi Electric FA Engineering Software Products (Update D)

Published

Feb. 8, 2022, 4:05 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-21-049-02

Summary

This updated advisory is a follow-up to the advisory update titled ICSA-21-049-02 Mitsubishi Electric FA Engineering Software Products (Update C) that was published November 16, 2021, to the ICS webpage on www.cisa.gov/uscert.This advisory contains mitigations for Heap-based Buffer Overflow, and Improper Handling of Length Parameter Inconsistency vulnerabilities in Mitsubishi Electric ...

08.02.2022

Mitsubishi Electric Factory Automation Engineering Products (Update F)

Title

Mitsubishi Electric Factory Automation Engineering Products (Update F)

Published

Feb. 8, 2022, 4 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-20-212-04

Summary

This updated advisory is a follow-up to the advisory update titled ICSA-20-212-04 Mitsubishi Electric Factory Automation Engineering Products (Update E) that was published November 18, 2021, to the ICS webpage on www.cisa.gov/uscert. This advisory contains mitigations for an Unquoted Search Path or Element vulnerability in Mitsubishi Electric Factory Automation Engineering ...

03.02.2022

Sensormatic PowerManage

Title

Sensormatic PowerManage

Published

Feb. 3, 2022, 4:10 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-034-01

Summary

This advisory contains mitigations for an Improper Input Validation vulnerability in the Sensormatic PowerManage operating platform.

03.02.2022

Airspan Networks Mimosa

Title

Airspan Networks Mimosa

Published

Feb. 3, 2022, 4:05 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-034-02

Summary

This advisory contains mitigations for Improper Authorization, Incorrect Authorization, Server-side Request Forgery, SQL Injection, Deserialization of Untrusted Data, OS Command Injection, and Use of a Broken or Risky Cryptographic Algorithm vulnerabilities in Airspan Networks Mimosa network management software.

03.02.2022

FANUC Robot Controllers (Update A)

Title

FANUC Robot Controllers (Update A)

Published

Feb. 3, 2022, 4 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-21-243-02

Summary

This advisory is a follow-up to the original advisory titled ICSA-21-243-02P FANUC Robot Controllers that was posted to the HSIN ICS library on August 31, 2021 and subsequently published December 7, 2021, to the ICS webpage on www.cisa.gov/uscert/ics.This advisory contains mitigations for Integer Coercion Error, and Out-of-bounds Write vulnerabilities in ...

01.02.2022

Ricon Mobile Industrial Cellular Router

Title

Ricon Mobile Industrial Cellular Router

Published

Feb. 1, 2022, 4:10 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-032-01

Summary

This advisory contains mitigations for an OS Command Injection vulnerability in the Ricon Mobile Industrial Cellular Router mobile network router.

01.02.2022

https://us-cert.cisa.gov/ics/advisories/icsa-22-032-02

Advantech ADAM-3600

Title

Advantech ADAM-3600

Published

Feb. 1, 2022, 4:05 p.m.

URL

Summary

This advisory contains mitigations for a Use of Hard-coded Cryptographic Key vulnerability in Advantech ADAM-3600 remote terminal units.

01.02.2022

Multiple Data Distribution Service (DDS) Implementations (Update A)

Title

Multiple Data Distribution Service (DDS) Implementations (Update A)

Published

Feb. 1, 2022, 4 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-21-315-02

Summary

This updated advisory is a follow-up to the original advisory titled ICSA-21-315-02 Multiple Data Distribution Service (DDS) Implementations that was published November 11, 2021, to the ICS webpage on www.cisa.gov/uscert. This advisory contains mitigations for several vulnerabilities in Multiple Data Distribution Service (DDS) Implementations developed by a number of different ...

January 2022

27.01.2022

Fresenius Kabi Agilia Connect Infusion System (Update A)

Title

Fresenius Kabi Agilia Connect Infusion System (Update A)

Published

Jan. 27, 2022, 4:05 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsma-21-355-01

Summary

This updated advisory is a follow-up to the original advisory titled ICSMA-21-355-01 Fresenius Kabi Agilia Connect Infusion System that was published December 21, 2021, to the ICS webpage on www.cisa.gov/uscert. This advisory contains mitigations for several vulnerabilities in the Fresenius Kabi Agilia Connect Infusion System.

27.01.2022

Mitsubishi Electric MELSEC and MELIPC Series (Update A)

Title

Mitsubishi Electric MELSEC and MELIPC Series (Update A)

Published

Jan. 27, 2022, 4 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-21-334-02

Summary

This updated advisory is a follow up to the original advisory titled ICSA-21-334-02 Mitsubishi Electric MELSEC and MELIPC Series that was published on November 30, 2021, to the ICS webpage on www.cisa.gov/uscert. This advisory contains mitigations for Uncontrolled Resource Consumption, Improper Handling of Length Parameter Inconsistency, and Improper Input Validation ...

ICONICS and Mitsubishi Electric HMI SCADA

Title

ICONICS and Mitsubishi Electric HMI SCADA

Published

Jan. 20, 2022, 4:15 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-020-01

Summary

This advisory contains mitigations for Cross-site Scripting, Incomplete List of Disallowed Inputs, Plaintext Storage of a Password, and Buffer Over-read vulnerabilities in ICONICS Product Suite and Mitsubishi Electric MC Works64 HMI SCADA products.

Philips Vue PACS (Update A)

Title

Philips Vue PACS (Update A)

Published

Jan. 20, 2022, 4:10 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsma-21-187-01

Summary

This updated advisory is a follow-up to the original advisory titled ICSMA-21-87-01 Philips Vue PACS that was published July 6, 2021, to the ICS webpage on www.cisa.gov/uscert/ics. This advisory contains mitigations for numerous vulnerabilities in Philips Vue PACS products.

Mitsubishi Electric GOT and Tension Controller (Update A)

Title

Mitsubishi Electric GOT and Tension Controller (Update A)

Published

Jan. 20, 2022, 4:05 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-21-131-02

Summary

This updated advisory is a follow-up to the original advisory titled ICSA-21-131-02 Mitsubishi Electric GOT and Tension Controller that was published May 11, 2021, to the ICS webpage on www.cisa.gov/uscert/ics. This advisory contains mitigations for a Buffer Access with Incorrect Length Value vulnerability in Mitsubishi Electric GOT and Tension Controller ...

Mitsubishi Electric GOT and Tension Controller (Update B)

Title

Mitsubishi Electric GOT and Tension Controller (Update B)

Published

Jan. 20, 2022, 4 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-20-343-02

Summary

This updated advisory is a follow-up to the advisory update titled ICSA-20-343-02 Mitsubishi Electric GOT and Tension Controller (Update A) that was published May 11, 2021, to the ICS webpage on www.cisa.gov/uscert/ics. This advisory contains mitigations for an Out-of-bounds Read vulnerability in Mitsubishi Electric GOT human-machine interface and Tension Controller ...

Mitsubishi Electric MELSEC-F Series

Title

Mitsubishi Electric MELSEC-F Series

Published

Jan. 13, 2022, 4:45 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-013-01

Summary

This advisory contains mitigations for a Lack of Administrator Control Over Security vulnerability in the Mitsubishi Electric MELSEC-F Series FX3U-ENET Ethernet-Internet block.

https://us-cert.cisa.gov/ics/advisories/icsa-22-013-02

Siemens SICAM A8000

Title

Siemens SICAM A8000

Published

Jan. 13, 2022, 4:40 p.m.

URL

Summary

This advisory contains mitigations for Use of Hard-coded Credentials, and Improper Access Control vulnerabilities in Siemens SICAM A8000 remote terminal units.

Siemens Energy PLUSCONTROL

Title

Siemens Energy PLUSCONTROL

Published

Jan. 13, 2022, 4:35 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-013-03

Summary

This advisory contains mitigations for Type Confusion, Improper Validation of Specified Quantity in Input, Buffer Access with Incorrect Length Value, Integer Underflow, and Improper Handling of Inconsistent Structural Elements vulnerabilities in Siemens Energy PLUSCONTROL high-power energy transmission control devices.

Siemens SIPROTEC 5 Devices

Title

Siemens SIPROTEC 5 Devices

Published

Jan. 13, 2022, 4:30 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-013-04

Summary

This advisory contains mitigations for an Improper Input Validation vulnerability in Siemens SIPROTEC 5 digital field devices.

https://us-cert.cisa.gov/ics/advisories/icsa-22-013-05

Siemens COMOS Web

Title

Siemens COMOS Web

Published

Jan. 13, 2022, 4:25 p.m.

URL

Summary

This advisory contains mitigations for Basic XSS, Relative Path Traversal, SQL Injection, abd Cross-site Request Forgery vulnerabilities in the Siemens COMOS Web unified data platform.

Siemens SICAM PQ Analyzer

Title

Siemens SICAM PQ Analyzer

Published

Jan. 13, 2022, 4:20 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-013-06

Summary

This advisory contains mitigations for an Unquoted Search Path or Element vulnerability in the Siemens SICAM PQ Analyzer power quality system software.

Trane Symbio (Update B)

Title

Trane Symbio (Update B)

Published

Jan. 13, 2022, 4:10 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-21-266-01

Summary

The updated advisory is a follow-up to the advisory update titled ICSA-21-266-01 Trane Symbio (Update A) that was published on November 18, 2021, to the ICS webpage on www.cisa.gov/uscert. This advisory contains mitigations for a Code Injection vulnerability in Trane Symbio 700 and Symbio 800 controllers.

Siemens Nucleus DNS (Update A)

Title

Siemens Nucleus DNS (Update A)

Published

Jan. 13, 2022, 4:05 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-21-103-14

Summary

This updated advisory is a follow-up to the original advisory titled ICSA-21-103-14 Siemens Nucleus DNS that was published April 13, 2021, to the ICS webpage on www.cisa.gov/uscert. This advisory contains mitigations for a Use of Insufficiently Random Values vulnerability in Siemens Nucleus industrial software products.

Mitsubishi Electric MELSEC iQ-R, Q and L Series (Update B)

Title

Mitsubishi Electric MELSEC iQ-R, Q and L Series (Update B)

Published

Jan. 13, 2022, 4 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-20-303-01

Summary

This updated advisory is a follow-up to the advisory update ICSA-20-303-01 Mitsubishi Electric MELSEC iQ-R, Q and L Series (Update A) that was published May 18, 2021, to the ICS webpage on www.cisa.gov/uscert. This advisory contains mitigations for an Uncontrolled Resource Consumption vulnerability in Mitsubishi Electric's MELSEC iQ-R, Q and ...

11.01.2022