Bulletins | CERT@VDE

Rockwell Automation Logix Controllers

Title

Rockwell Automation Logix Controllers

Published

Feb. 25, 2021, 4:05 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-21-056-03

Summary

This advisory contains mitigations for a n Insufficiently Protected Credentials vulnerability in Rockwell Automation Studio 5000 Logix Designer, RSLogix 5000, and Logix Controllers.

25.02.2021

ProSoft Technology ICX35

Title

ProSoft Technology ICX35

Published

Feb. 25, 2021, 4 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-21-056-04

Summary

This advisory contains mitigations for a Permissions, Privileges, and Access Controls vulnerability in ProSoft Technology ICX35 industrial cellular gateways.

23.02.2021

Advantech BB-ESWGP506-2SFP-T

Title

Advantech BB-ESWGP506-2SFP-T

Published

Feb. 23, 2021, 4:05 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-21-054-02

Summary

This advisory contains mitigations for a Use of Hard-coded Credentials vulnerability in Advantech BB-ESWGP506-2SFP-T industrial ethernet switches.

23.02.2021

Advantech Spectre RT Industrial Routers

Title

Advantech Spectre RT Industrial Routers

Published

Feb. 23, 2021, 4 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-21-054-03

Summary

This advisory contains mitigations for Improper Neutralization of Input During Web Page Generation, Cleartext Transmission of Sensitive Information, Improper Restriction of Excessive Authentication Attempts, Use of a Broken or Risky Cryptographic Algorithm, and Use of Platform-Dependent Third-party Components vulnerabilities in Advantech Spectre RT Industrial Routers.

11.02.2021

Multiple Embedded TCP/IP stacks

Title

Multiple Embedded TCP/IP stacks

Published

Feb. 11, 2021, 4:10 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-21-042-01

Summary

This advisory contains mitigations for Use of Insufficiently Random Values vulnerabilities in Nut/Net, CycloneTCP, NDKTCPIP, FNET, uIP-Contiki-OS, uC/TCP-IP, uIP-Contiki-NG, uIP, picoTCP-NG, picoTCP, MPLAB Net, Nucleus NET, Nucleus ReadyStart TCP/IP stacks.

11.02.2021

Rockwell Automation DriveTools SP and Drives AOP

Title

Rockwell Automation DriveTools SP and Drives AOP

Published

Feb. 11, 2021, 4:05 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-21-042-02

Summary

This advisory contains mitigations for an Uncontrolled Search Path Element vulnerability in Rockwell Automation DriveTools SP and Drives AOP software.

11.02.2021

Wibu-Systems CodeMeter (Update E)

Title

Wibu-Systems CodeMeter (Update E)

Published

Feb. 11, 2021, 4 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-20-203-01

Summary

This updated advisory is a follow-up to the advisory update titled ICSA-20-203-01 Wibu-Systems CodeMeter (Update D) that was published December 3, 2020, to the ICS webpage on us-cert.gov. This advisory contains mitigations for Buffer Access with Incorrect Length Value, Inadequate Encryption Strength, Origin Validation Error, Improper Input Validation, Improper Verification ...

GE Digital HMI/SCADA iFIX

Title

GE Digital HMI/SCADA iFIX

Published

Feb. 9, 2021, 5:50 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-21-040-01

Summary

This advisory contains mitigations for Incorrect Permission Assignment for Critical Resource vulnerabilities in the GE Digital HMI/SCADA iFIX software component.

Siemens SINEMA Server & SINEC NMS

Title

Siemens SINEMA Server & SINEC NMS

Published

Feb. 9, 2021, 5:40 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-21-040-03

Summary

This advisory contains mitigations for a Path Traversal vulnerability in Siemens SINEMA server and SINEC NMS products.

Siemens TIA Administrator

Title

Siemens TIA Administrator

Published

Feb. 9, 2021, 5:30 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-21-040-05

Summary

This advisory contains mitigations for an Improper Access Control vulnerability in Siemens TIA Administrator products.

Siemens SCALANCE W780 and W740

Title

Siemens SCALANCE W780 and W740

Published

Feb. 9, 2021, 5:20 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-21-040-07

Summary

This advisory contains mitigations for an Allocation of Resources Without Limits or Throttling vulnerability in Siemens SCALANCE W780 and W740 industrial wireless LAN products.

January 2021

SOOIL Dana Diabecare RS Products

Title

SOOIL Dana Diabecare RS Products

Published

Jan. 12, 2021, 5 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsma-21-012-01

Summary

This advisory contains mitigations for Use of Hard Coded Credentials, Insufficiently Protected Credentials, Use of Insufficiently Random Values, Use of Client-side Authentication, Client-side Enforcement of Server-side Security, Authentication Bypass by Capture-Replay, Unprotected Transport of Credentials, Key Exchange Without Entity Authentication, and Authentication Bypass by Spoofing vulnerabilities in SOOIL Dana Diabecare ...

Schneider Electric EcoStruxure Power Build-Rapsody

Title

Schneider Electric EcoStruxure Power Build-Rapsody

Published

Jan. 12, 2021, 4:55 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-21-012-01

Summary

This advisory contains mitigations for an Unrestricted Upload of File with Dangerous Type vulnerability in the Schneider Electric EcoStruxure Power Build-Rapsody software.

Siemens JT2Go and Teamcenter Visualization

Title

Siemens JT2Go and Teamcenter Visualization

Published

Jan. 12, 2021, 4:45 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-21-012-03

Summary

This advisory contains mitigations for a Type Confusion, Improper Restriction of XML External Entity Reference, Out-of-bounds Write, Heap-based Buffer Overflow, Stack-based Buffer Overflow, Untrusted Pointer Dereference, and Out-of-bounds Read vulnerabilities in Siemens JT2Go and Teamcenter Visualization software products.

https://us-cert.cisa.gov/ics/advisories/icsa-21-012-04

Siemens Solid Edge

Title

Siemens Solid Edge

Published

Jan. 12, 2021, 4:40 p.m.

URL

Summary

This advisory contains mitigations for Out-of-bounds Write, and Stack-based Buffer Overflow vulnerabilities in Siemens Solid Edge software tools.

Siemens SCALANCE X Products

Title

Siemens SCALANCE X Products

Published

Jan. 12, 2021, 4:35 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-21-012-05

Summary

This advisory contains mitigations for Missing Authentication for Critical Function, and Heap-based Buffer Overflow vulnerabilities in Siemens SCALANCE X switches.

Siemens Opcenter Execution Core (Update B)

Title

Siemens Opcenter Execution Core (Update B)

Published

Jan. 12, 2021, 4:30 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-20-196-07

Summary

This updated advisory is a follow-up to the original advisory titled ICSA-20-196-07 Siemens Opcenter Execution Core (Update A) that was published August 11, 2020, to the ICS webpage on us-cert.cisa.gov. This advisory contains mitigations for Cross-site Scripting, SQL Injection, and Improper Access Control vulnerabilities in Siemens Opcenter Execution Core software.

Siemens SIMATIC, SINAMICS, SINEC, SINEMA, SINUMERIK (Update E)

Title

Siemens SIMATIC, SINAMICS, SINEC, SINEMA, SINUMERIK (Update E)

Published

Jan. 12, 2021, 4:25 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-20-161-04

Summary

This updated advisory is a follow-up to the advisory update titled ICSA-20-161-04 Siemens SIMATIC, SINAMICS, SINEC, SINEMA, SINUMERIK (Update D) that was published December 8, 2020, to the ICS webpage on us-cert.cisa.gov. This advisory contains mitigations for an Unquoted Search Path or Element vulnerability in Siemens SIMATIC, SINAMICS, SINEC, SINEMA, ...

Siemens SIMOTICS, Desigo, APOGEE, and TALON (Update A)

Title

Siemens SIMOTICS, Desigo, APOGEE, and TALON (Update A)

Published

Jan. 12, 2021, 4:20 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-20-105-06

Summary

This updated advisory is a follow-up to the original advisory titled ICSA-20-105-06 Siemens SIMOTICS, Desigo, APOGEE, and TALON that was published April 14, 2020, to the ICS webpage on us-cert.cisa.gov. This advisory contains mitigations for a business logic errors vulnerability in Siemens SIMOTICS, Desigo, APOGEE, and TALON products.

Siemens SCALANCE & SIMATIC (Update C)

Title

Siemens SCALANCE & SIMATIC (Update C)

Published

Jan. 12, 2021, 4:15 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-20-105-07

Summary

This updated advisory is a follow-up to the advisory update titled ICSA-20-105-07 Siemens SCALANCE & SIMATIC (Update B) that was published September 8, 2020, to the ICS webpage on us-cert.cisa.gov. This advisory contains mitigations for a resource exhaustion vulnerability in Siemens SCALANCE and SIMATIC products.

December 2020

01.12.2020

Schneider Electric EcoStruxure Operator Terminal Expert runtime (Vijeo XD)

Title

Schneider Electric EcoStruxure Operator Terminal Expert runtime (Vijeo XD)

Published

Dec. 1, 2020, 4 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-20-336-01

Summary

This advisory contains mitigations for an Improper Privilege Management vulnerability in Schneider Electric EcoStruxure Operator Terminal Expert products.

November 2020

24.11.2020