May 2022
12.05.2022
US CERT (ICS)
Siemens SICAM P850 and SICAM P855
Title
Siemens SICAM P850 and SICAM P855
Published
May 12, 2022, 4:40 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-132-07
Summary
This advisory contains mitigations for Improper Neutralization of Parameter/Argument Delimiters, Cleartext Transmission of Sensitive Information, Cross-site Scripting, Missing Authentication for Critical Function, Authentication Bypass by Capture-replay, and Improper Authentication vulnerabilities in Siemens SICAM P850 and SICAM P855.
12.05.2022
US CERT (ICS)
Siemens JT2GO and Teamcenter Visualization
Title
Siemens JT2GO and Teamcenter Visualization
Published
May 12, 2022, 4:36 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-132-09
Summary
This advisory contains mitigations for Infinite Loop, Null Pointer Dereference, Integer Overflow to Buffer Overflow, Double Free, and Access of Uninitialized Pointer vulnerabilities in Siemens JT2GO, Teamcenter Visualization products.
12.05.2022
US CERT (ICS)
Siemens Desigo PXC and DXR Devices
Title
Siemens Desigo PXC and DXR Devices
Published
May 12, 2022, 4:34 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-132-10
Summary
This advisory contains mitigations for an Uncaught Exception vulnerability in the Siemens Desigo DXR and PXC controllers.
10.05.2022
US CERT (ICS)
Adminer in Industrial Products
Title
Adminer in Industrial Products
Published
May 10, 2022, 4:25 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-130-01
Summary
This advisory contains mitigations for a Files or Directories Accessible to External Parties vulnerability in the Adminer database tool.
10.05.2022
US CERT (ICS)
Eaton Intelligent Power Protector
Title
Eaton Intelligent Power Protector
Published
May 10, 2022, 4:20 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-130-02
Summary
This advisory contains mitigations for a Cross-site Scripting vulnerability in the Eaton Intelligent Power Protector (IPP) power protection platform.
10.05.2022
US CERT (ICS)
Eaton Intelligent Power Manager Infrastructure
Title
Eaton Intelligent Power Manager Infrastructure
Published
May 10, 2022, 4:15 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-130-03
Summary
This advisory contains mitigations for Cross-site Scripting, Reflected Cross-site Scripting, and Improper Neutralization of Formula in a CSV File vulnerabilities in Eaton Intelligent Power Manager Infrastructure power monitoring products.
10.05.2022
US CERT (ICS)
AVEVA InTouch Access Anywhere and Plant SCADA Access Anywhere
Title
AVEVA InTouch Access Anywhere and Plant SCADA Access Anywhere
Published
May 10, 2022, 4:05 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-130-05
Summary
This advisory contains mitigations for an Exposure of Resource to Wrong Sphere vulnerability in AVEVA InTouch Access Anywhere and Plant SCADA Access Anywhere HMI products.
10.05.2022
US CERT (ICS)
Mitsubishi Electric MELSOFT GT OPC UA
Title
Mitsubishi Electric MELSOFT GT OPC UA
Published
May 10, 2022, 4 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-130-06
Summary
This advisory contains mitigations for Out-of-bounds Read, and Integer Overflow or Wraparound vulnerabilities in Mitsubishi Electric MELSOFT GT OPC UA client connection products.
03.05.2022
US CERT (ICS)
Yokogawa CENTUM and ProSafe-RS
Title
Yokogawa CENTUM and ProSafe-RS
Published
May 3, 2022, 4 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-123-01
Summary
This advisory contains mitigations for a OS Command Injection, Improper Authentication, NULL Pointer Dereference, Improper Input Validation, Resource Management Errors vulnerabilities in Yokogawa CENTUM and ProSafe-RS Distributed Control System and Safety Instrumented System products.
April 2022
26.04.2022
US CERT (ICS)
Hitachi Energy System Data Manager
Title
Hitachi Energy System Data Manager
Published
April 26, 2022, 4:05 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-116-01
Summary
This advisory contains mitigations for a Integer Overflow or Wraparound, Reachable Assertion, Type Confusion, Uncontrolled Recursion, and Observable Discrepancy vulnerabilities in Hitachi Energy System Data Manager products.
26.04.2022
US CERT (ICS)
Mitsubishi Electric MELSEC and MELIPC Series (Update B)
Title
Mitsubishi Electric MELSEC and MELIPC Series (Update B)
Published
April 26, 2022, 4 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-334-02
Summary
This updated advisory is a follow up to the advisory update titled ICSA-21-334-02 Mitsubishi Electric MELSEC and MELIPC Series (Update A) that was published January 27, 2022, to the ICS webpage on www.cisa.gov/uscert. This advisory contains mitigations for Uncontrolled Resource Consumption, Improper Handling of Length Parameter Inconsistency, and Improper Input ...
21.04.2022
US CERT (ICS)
Delta Electronics ASDA-Soft
Title
Delta Electronics ASDA-Soft
Published
April 21, 2022, 4:10 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-111-01
Summary
This advisory contains mitigations for Out-of-bounds Write, and Out-of-bounds Read vulnerabilities in Delta Electronics ASDA-Soft servo software.
21.04.2022
US CERT (ICS)
Johnson Controls Metasys SCT Pro
Title
Johnson Controls Metasys SCT Pro
Published
April 21, 2022, 4:05 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-111-02
Summary
This advisory contains mitigations for a Server-side Request Forgery vulnerability in Johnson Controls Metasys SCT Pro building automation software.
21.04.2022
US CERT (ICS)
Hitachi Energy MicroSCADA Pro/X SYS600
Title
Hitachi Energy MicroSCADA Pro/X SYS600
Published
April 21, 2022, 4 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-111-03
Summary
This advisory contains mitigations for Observable Discrepancy, HTTP Request Smuggling, Classic Buffer Overflow, Improper Certificate Validation, Improper Restriction of Operations within the Bounds of a Memory Buffer, and Exposure of Sensitive Information to an Unauthorized Actor vulnerabilities in the Hitachi Energy MicroSCADA Pro/X SYS600 SCADA product.
19.04.2022
US CERT (ICS)
Interlogix Hills ComNav
Title
Interlogix Hills ComNav
Published
April 19, 2022, 4:25 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-109-01
Summary
This advisory contains mitigations for Improper Restriction of Excessive Authentication Attempts, and Inadequate Encryption Strength vulnerability in Interlogix Hills ComNav remote access integration modules.
19.04.2022
US CERT (ICS)
Automated Logic WebCTRL
Title
Automated Logic WebCTRL
Published
April 19, 2022, 4:20 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-109-02
Summary
This advisory contains mitigations for n Open Redirect vulnerability inAutomated Logic WebCTRL building automation software.
19.04.2022
US CERT (ICS)
FANUC ROBOGUIDE Simulation Platform
Title
FANUC ROBOGUIDE Simulation Platform
Published
April 19, 2022, 4:15 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-109-03
Summary
This advisory contains mitigations for Incorrect Permission Assignment for Critical Resource, Improper Access Control, Path Traversal, Improper Restriction of XML External Entity Reference, and Uncontrolled Resource Consumption vulnerabilities in FANUC ROBOGUIDE simulation software for FANUC robots.
19.04.2022
US CERT (ICS)
Elcomplus SmartPTT SCADA
Title
Elcomplus SmartPTT SCADA
Published
April 19, 2022, 4:10 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-109-04
Summary
This advisory contains mitigations for Path Traversal, Unrestricted Upload of File with Dangerous Type, Improper Authorization, and Cross-site Scripting vulnerabilities in Elcomplus SmartPTT SCADA voice and data dispatch software.
19.04.2022
US CERT (ICS)
Elcomplus SmartPPT SCADA
Title
Elcomplus SmartPPT SCADA
Published
April 19, 2022, 4:10 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-109-04
Summary
This advisory contains mitigations for Path Traversal, Unrestricted Upload of File with Dangerous Type, Improper Authorization, and Cross-site Scripting vulnerabilities in Elcomplus SmartPPT SCADA voice and data dispatch software.
19.04.2022
US CERT (ICS)
Elcomplus SmartPTT SCADA Server
Title
Elcomplus SmartPTT SCADA Server
Published
April 19, 2022, 4:05 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-109-05
Summary
This advisory contains mitigations for Cross-site Scripting, Unauthorized Exposure to Sensitive Information, Unrestricted Upload of File with Dangerous Type, Path Traversal, and Cross-site Request Forgery vulnerabilities in the Elcomplus SmartPTT SCADA Server voice and data dispatch software.
19.04.2022
US CERT (ICS)
Elcomplus SmartPPT SCADA Server
Title
Elcomplus SmartPPT SCADA Server
Published
April 19, 2022, 4:05 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-109-05
Summary
This advisory contains mitigations for Cross-site Scripting, Unauthorized Exposure to Sensitive Information, Unrestricted Upload of File with Dangerous Type, Path Traversal, and Cross-site Request Forgery vulnerabilities in the Elcomplus SmartPPT SCADA Server voice and data dispatch software.
19.04.2022
US CERT (ICS)
Multiple RTOS (Update E)
Title
Multiple RTOS (Update E)
Published
April 19, 2022, 4 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-119-04
Summary
This updated advisory is a follow-up to the advisory update titled ICSA-21-119-04 Multiple RTOS (Update D) that was published November 30, 2021, to the ICS webpage on www.cisa.gov/uscert. CISA is aware of a public report, known as “BadAlloc” that details vulnerabilities found in multiple real-time operating systems (RTOS) and supporting ...
15.04.2022
US CERT (ICS)
Siemens RUGGEDCOM Devices (Update A)
Title
Siemens RUGGEDCOM Devices (Update A)
Published
April 15, 2022, 4:46 a.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-069-01
Summary
This updated advisory is a follow-up to the original advisory titled ICSA-22-069-01 Siemens RUGGEDCOM Devices that was published March 10, 2022, to the ICS webpage on www.cisa.gov/uscert. This advisory contains mitigations for a Missing Encryption of Sensitive Data vulnerability in devices using the Siemens RUGGEDCOM software platform.
14.04.2022
US CERT (ICS)
Delta Electronics DMARS
Title
Delta Electronics DMARS
Published
April 14, 2022, 5:20 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-104-01
Summary
This advisory contains mitigations for an Improper Restriction of XML External Entity Reference vulnerability in the Delta Electronics DMARS program development tool.
14.04.2022
US CERT (ICS)
Red Lion DA50N
Title
Red Lion DA50N
Published
April 14, 2022, 5:16 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-104-03
Summary
This advisory contains mitigation for Insufficient Verification of Data Authenticity, Weak Password Requirements, Use of Unmaintained Third-Party Components, and Insufficiently Protected Credentials vulnerabilities in the Red Lion DA50N networking gateway.

Last Updates

BOSCH PSIRT
15.01.2025
SIEMENS CERT
17.04.2025
US CERT
01.04.2025
US CERT (ICS)
17.04.2025

By Source

Archive

2025
2024
2023
2022
2021
2020
2019
2018
2017

Feeds