March 2022
29.03.2022
US CERT (ICS)
Hitachi Energy LinkOne WebView
Title
Hitachi Energy LinkOne WebView
Published
March 29, 2022, 4:10 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-088-03
Summary
This advisory contains mitigations for Cross-site Scripting, Use of a Password System for Primary Authentication, Configuration, and Exposure of Sensitive Information to an Unauthorized Actor vulnerabilities in the Hitachi Energy LinkOne WebView graphical parts catalog.
29.03.2022
US CERT (ICS)
Modbus Tools Modbus Slave
Title
Modbus Tools Modbus Slave
Published
March 29, 2022, 4:05 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-088-04
Summary
This advisory contains mitigations for a Stack-based Buffer Overflow vulnerability in the Modbus Tools Modbus Slave PLC programming simulation tool.
29.03.2022
US CERT (ICS)
Delta Electronics DIAEnergie (Update A)
Title
Delta Electronics DIAEnergie (Update A)
Published
March 29, 2022, 4 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-081-01
Summary
This updated advisory is a follow-up to the original advisory titled ICSA-22-081-01 Delta Electronics DIAEnergie that was published March 22, 2022, on the ICS webpage at www.cisa.gov/uscert. This advisory contains mitigations for Path Traversal, Incorrect Default Permissions, and SQL Injection vulnerabilities in the Delta Electronics DIAEnergie industrial energy management system.
22.03.2022
US CERT (ICS)
Delta Electronics DIAEnergie (Update B)
Title
Delta Electronics DIAEnergie (Update B)
Published
March 22, 2022, 3 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-238-03
Summary
This updated advisory is a follow-up to the advisory update titled ICSA-21-238-03 Delta Electronics DIAEnergie (Update A) that was published December 16, 2021, on the ICS webpage at www.cisa.gov/uscert. This advisory contains mitigations for several vulnerabilities in the Delta Electronics DIAEnergie industrial energy management system.
17.03.2022
US CERT (ICS)
Treck TCP/IP Stack (Update H)
Title
Treck TCP/IP Stack (Update H)
Published
March 17, 2022, 3 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-20-168-01
Summary
This updated advisory is a follow-up to the advisory update titled ICSA-20-168-01 Treck TCP/IP Stack (Update G) that was published Aug 20, 2020, to the ICS webpage on www.cisa.gov/uscert. This advisory contains mitigations for Improper Handling of Length Parameter Inconsistency, Improper Input Validation, Double Free, Out-of-bounds Read, Integer Overflow or ...
15.03.2022
US CERT (ICS)
ABB OPC Server for AC 800M
Title
ABB OPC Server for AC 800M
Published
March 15, 2022, 3:05 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-074-01
Summary
This advisory contains mitigations for an Execution with Unnecessary Privileges vulnerability in the ABB OPC Server for AC 800M run-time data reader.
15.03.2022
US CERT (ICS)
PTC Axeda agent and Axeda Desktop Server (Update B)
Title
PTC Axeda agent and Axeda Desktop Server (Update B)
Published
March 15, 2022, 3 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-067-01
Summary
This updated advisory is a follow-up to the original advisory titled ICSA-22-067-01 PTC Axeda agent and Axeda Desktop Server (Update A) that was published March 10, 2022, on the ICS webpage on www.cisa.gov/uscert. This advisory contains mitigations for Use of Hard-coded Credentials, Missing Authentication for Critical Function, Exposure of Sensitive ...
11.03.2022
US CERT (ICS)
Siemens RUGGEDCOM Devices
Title
Siemens RUGGEDCOM Devices
Published
March 11, 2022, 5:55 a.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-069-01
Summary
This advisory contains mitigations for a Missing Encryption of Sensitive Data vulnerability in devices using the Siemens RUGGEDCOM software platform.
10.03.2022
US CERT (ICS)
Siemens SIMOTICS CONNECT 400
Title
Siemens SIMOTICS CONNECT 400
Published
March 10, 2022, 5:50 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-069-02
Summary
This advisory contains mitigations for Type Confusion, Improper Validation of Specified Quantity in Input, Wrap or Wraparound, Improper Handling of Inconsistent Structural Elements vulnerabilities in the Siemens SIMOTICS CONNECT 400 connectivity module.
10.03.2022
US CERT (ICS)
Siemens SINEMA Mendix Forgot Password Appstore
Title
Siemens SINEMA Mendix Forgot Password Appstore
Published
March 10, 2022, 5:40 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-069-04
Summary
This advisory contains mitigations for Improper Access Control, an d Improper Restriction of Excessive Authentication Attempts vulnerabilities in the Siemens SINEMA Mendix Forgot Password Appstore password management module.
10.03.2022
US CERT (ICS)
Siemens COMOS
Title
Siemens COMOS
Published
March 10, 2022, 5:30 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-069-06
Summary
This advisory contains mitigations for Memory Allocation with Excessive Size Value, Untrusted Pointer Dereference, Type Confusion, Stack-based Buffer Overflow, Out-of-bounds Write, Out-of-bounds Read, Use After Free, Improper Check for Unusual or Exceptional Conditions vulnerabilities in Siemens COM collaborative plan design software.
10.03.2022
US CERT (ICS)
Siemens Climatix POL909
Title
Siemens Climatix POL909
Published
March 10, 2022, 5:25 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-069-07
Summary
This advisory contains mitigations for Cross-site Scripting, and Improper Access Control vulnerabilities in of Climatix POL909 AWM and AWB web modules.
10.03.2022
US CERT (ICS)
Siemens Polarion ALM
Title
Siemens Polarion ALM
Published
March 10, 2022, 5:20 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-069-08
Summary
This advisory contains mitigations for a Cross-site Scripting vulnerability in Siemens Siemens Polarion ALM management software.
10.03.2022
US CERT (ICS)
Siemens SINEC INS
Title
Siemens SINEC INS
Published
March 10, 2022, 5:15 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-069-09
Summary
This advisory contains mitigations for a Using Components with Known Vulnerabilities vulnerability in the Siemens SINECC INS web-based application.
08.03.2022
US CERT (ICS)
PTC Axeda agent and Axeda Desktop Server
Title
PTC Axeda agent and Axeda Desktop Server
Published
March 8, 2022, 4:10 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-067-01
Summary
This advisory contains mitigations for Use of Hard-coded Credentials, Missing Authentication for Critical Function, Exposure of Sensitive Information to an Unauthorized Actor, Path Traversal, Improper Check or Handling of Exceptional Conditions vulnerabilities in Axeda agent and Axeda Desktop Server, a remote asset connectivity software used as part of a cloud ...
08.03.2022
US CERT (ICS)
AVEVA System Platform
Title
AVEVA System Platform
Published
March 8, 2022, 4:05 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-067-02
Summary
This advisory contains mitigations for a Cleartext Storage of Sensitive Information in Memory vulnerability in the AVEVA System Platform, a software management product.
08.03.2022
US CERT (ICS)
Sensormatic PowerManage (Update A)
Title
Sensormatic PowerManage (Update A)
Published
March 8, 2022, 4 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-034-01
Summary
This update advisory is a follow-up to the original advisory titled ICSA-22-034-01 Sensormatic PowerManage that was published February 3, 2022, on the ICS webpage on www.cisa.gov/uscert. This advisory contains mitigations for an Improper Input Validation vulnerability in the Sensormatic PowerManage operating platform.
04.03.2022
US CERT (ICS)
Trailer Power Line Communications (PLC) J2497
Title
Trailer Power Line Communications (PLC) J2497
Published
March 4, 2022, 4 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-063-01
Summary
This advisory contains mitigations for Missing Authentication for Critical Function, and Improper Protection against Electromagnetic Fault Injection vulnerabilities in Power Line Communications (PLC): J2497 (a.k.a. PLC4TRUCKS), a bidirectional, serial communications link over a vehicle power supply line.
03.03.2022
US CERT (ICS)
BD Viper LT
Title
BD Viper LT
Published
March 3, 2022, 4:05 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsma-22-062-02
Summary
This advisory contains mitigations for a Use of Hard-coded Credentials vulnerability in the BD Viper LT automated molecular testing system.
03.03.2022
US CERT (ICS)
IPCOMM ipDIO
Title
IPCOMM ipDIO
Published
March 3, 2022, 4 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-062-01
Summary
This advisory contains mitigations for a Cross-site Scripting, and Code Injection vulnerabilities in the IPCOMM ipDIO telecontrol communication device.
February 2022
24.02.2022
US CERT (ICS)
FATEK Automation FvDesigner
Title
FATEK Automation FvDesigner
Published
Feb. 24, 2022, 4:15 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-055-01
Summary
This advisory contains mitigations for Stack-based Buffer Overflow, Out-of-bounds Write, and Out-of-bounds Read vulnerabilities in FATEK Automation FvDesigner HMI products.
24.02.2022
US CERT (ICS)
Mitsubishi Electric EcoWebServerIII
Title
Mitsubishi Electric EcoWebServerIII
Published
Feb. 24, 2022, 4:10 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-055-02
Summary
This advisory contains mitigations for Improper Neutralization of Input During Web Page Generation, Uncontrolled Resource Consumption, and Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerabilities in the Mitsubishi Electric EcoWebServerIII energy saving data collecting server.
24.02.2022
US CERT (ICS)
Schneider Electric Easergy P5 and P3
Title
Schneider Electric Easergy P5 and P3
Published
Feb. 24, 2022, 4:05 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-055-03
Summary
This advisory contains mitigations for Use of Hard-coded Credentials, and Classic Buffer Overflow vulnerabilities in Schneider Electric Easergy P5 and P3 medium voltage protection relays.
24.02.2022
US CERT (ICS)
Baker Hughes Bently Nevada 3500
Title
Baker Hughes Bently Nevada 3500
Published
Feb. 24, 2022, 4 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-231-02
Summary
This advisory was originally posted to the HSIN ICS library on August 19, 2021, and is being released to the ICS webpage on www.cisa.gov/uscert. This advisory contains mitigations for a Use of Password Hash with Insufficient Computational Effort vulnerability in the Bently Nevada 3500 machinery protection and monitoring systems.
22.02.2022
US CERT (ICS)
GE Proficy CIMPLICITY-IPM
Title
GE Proficy CIMPLICITY-IPM
Published
Feb. 22, 2022, 4:10 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-053-01
Summary
This advisory contains mitigations for an Improper Privilege Management vulnerability in GE Proficy CIMPLICITY, a HMI and SCADA platform.

Last Updates

BOSCH PSIRT
15.01.2025
SIEMENS CERT
17.04.2025
US CERT
01.04.2025
US CERT (ICS)
17.04.2025

By Source

Archive

2025
2024
2023
2022
2021
2020
2019
2018
2017

Feeds