Bulletins | CERT@VDE

3S CoDeSys (Update A)

Title

3S CoDeSys (Update A)

Published

Sept. 24, 2020, 4 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/ICSA-13-011-01

Summary

This updated advisory is a follow-up to the original advisory titled ICSA-13-011-01 3S CoDeSys that was published January 10, 2013, to the ICS webpage on us-cert.gov. This advisory contains mitigations for Improper Access Control, and Relative Path Traversal vulnerabilities in 3S-Smart Software Solutions software.

22.09.2020

GE Digital APM Classic

Title

GE Digital APM Classic

Published

Sept. 22, 2020, 4:05 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-20-266-01

Summary

This advisory contains mitigations for Authorization Bypass Through User-controlled Key, and Use of a One-Way Hash Without a Salt vulnerabilities in GE's APM Classic module, a data analysis and processing tool.

22.09.2020

GE Reason S20 Ethernet Switch

Title

GE Reason S20 Ethernet Switch

Published

Sept. 22, 2020, 4 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-20-266-02

Summary

This advisory contains mitigations for Cross-site Scripting vulnerabilities in GE's Reason S20 Ethernet Switch.

17.09.2020

Philips Clinical Collaboration Platform

Title

Philips Clinical Collaboration Platform

Published

Sept. 17, 2020, 4:10 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsma-20-261-01

Summary

This advisory contains mitigations for Cross-site Request Forgery, Improper Neutralization of Script in Attributes in a Web Page, Protection Mechanism Failure, Algorithm Downgrade, and Configuration vulnerabilities in Philips Clinical Collaboration Platform HMI data management software.

15.09.2020

ENTTEC Lighting Controllers (Update A)

Title

ENTTEC Lighting Controllers (Update A)

Published

Sept. 15, 2020, 4 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-20-177-01

Summary

This updated advisory is a follow-up to the original advisory titled ICSA-20-177-01 ENTTEC Lighting Controllers that was published June 25, 2020, to the ICS webpage on us-cert.gov. This advisory contains mitigations for Use of Hard-coded Cryptographic Key, Cross-site Scripting, Improper Access Control, and Incorrect Permission Assignment for Critical Resource vulnerabilities ...

August 2020

04.08.2020

https://us-cert.cisa.gov/ics/alerts/ics-alert-20-217-01

Robot Motion Servers

Title

Robot Motion Servers

Published

Aug. 4, 2020, 4:10 p.m.

URL

Summary

This Alert contains a public report of a Remote Code Execution vulnerability affecting robot motion servers written in OEM exclusive programming languages running on the robot controller.

04.08.2020

Treck TCP/IP Stack (Update F)

Title

Treck TCP/IP Stack (Update F)

Published

Aug. 4, 2020, 4 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-20-168-01

Summary

This updated advisory is a follow-up to the original advisory titled ICSA-20-168-01 Treck TCP/IP Stack (Update E) that was published July 21, 2020, to the ICS webpage on us-cert.gov. This advisory contains mitigations for Improper Handling of Length Parameter Inconsistency, Improper Input Validation, Double Free, Out-of-bounds Read, Integer Overflow or ...

July 2020

https://us-cert.cisa.gov/ics/advisories/icsma-20-212-01

Philips DreamMapper

Title

Philips DreamMapper

Published

July 30, 2020, 4:20 p.m.

URL

Summary

This advisory contains mitigations for an Insertion of Sensitive Information into Log File vulnerability in Philips DreamMapper mobile app.

Inductive Automation Ignition 8

Title

Inductive Automation Ignition 8

Published

July 30, 2020, 4:15 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-20-212-01

Summary

This advisory contains mitigations for a Missing Authorization vulnerability in #Inductive Automation Ignition 8 software.

Mitsubishi Electric Multiple Factory Automation Engineering Software Products

Title

Mitsubishi Electric Multiple Factory Automation Engineering Software Products

Published

July 30, 2020, 4:10 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-20-212-02

Summary

This advisory contains mitigations for a Permission Issues vulnerability in Mitsubishi Electric Factory Automation Engineering software products.

Mitsubishi Electric Factory Automation Products Path Traversal

Title

Mitsubishi Electric Factory Automation Products Path Traversal

Published

July 30, 2020, 4:05 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-20-212-03

Summary

This advisory contains mitigations for a Path Traversal vulnerability in Mitsubishi Electric Factory Automation products.

Mitsubishi Electric Factory Automation Engineering Products

Title

Mitsubishi Electric Factory Automation Engineering Products

Published

July 30, 2020, 4 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-20-212-04

Summary

This advisory contains mitigations for an Unquoted Search Path or Element vulnerability in Mitsubishi Electric Factory Automation Engineering products.

https://us-cert.cisa.gov/ics/advisories/icsa-20-210-01

Secomea GateManager

Title

Secomea GateManager

Published

July 28, 2020, 4:15 p.m.

URL

Summary

This advisory contains mitigations for Improper Neutralization of Null Byte or NUL Character, Off-by-one Error, Use of Hard-coded Credentials, Use of Password Hash with Insufficient Computational Effort vulnerabilities in Secomea GateManager, a VPN server.

Softing Industrial Automation OPC

Title

Softing Industrial Automation OPC

Published

July 28, 2020, 4:10 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-20-210-02

Summary

This advisory contains mitigations for a Heap-based Buffer Overflow, and Uncontrolled Resource Consumption vulnerabilities in Softing Industrial Automation's OPC products.

HMS Industrial Networks eCatcher

Title

HMS Industrial Networks eCatcher

Published

July 28, 2020, 4:05 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-20-210-03

Summary

This advisory contains mitigations for a Stack-based Buffer Overflow vulnerability in HMS Industrial Networks eCatcher VPN client.

Delta Industrial Automation DOPSoft (Update A)

Title

Delta Industrial Automation DOPSoft (Update A)

Published

July 28, 2020, 4 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-20-182-01

Summary

This updated advisory is a follow-up to the original advisory titled ICSA-20-182-01 Delta Industrial Automation DOPSoft that was published June 30, 2020, on the ICS webpage on us-cert.gov. This advisory contains mitigations for out-of-bounds read and heap-based buffer overflow vulnerabilities in Delta Industrial Automation DOPSoft products.

23.07.2020

Schneider Electric Triconex TriStation and Tricon Communication Module

Title

Schneider Electric Triconex TriStation and Tricon Communication Module

Published

July 23, 2020, 4 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-20-205-01

Summary

This advisory contains mitigations for Cleartext Transmission of Sensitive Information, Uncontrolled Resource Consumption, Hidden Functionality, and Improper Access Control vulnerabilities in Schneider Electric's Triconex TriStation and Tricon Communication Module products.

21.07.2020

Treck TCP/IP Stack (Update E)

Title

Treck TCP/IP Stack (Update E)

Published

July 21, 2020, 4 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-20-168-01

Summary

This updated advisory is a follow-up to the original advisory titled ICSA-20-168-01 Treck TCP/IP Stack (Update D) that was published July 14, 2020, to the ICS webpage on us-cert.gov. This advisory contains mitigations for Improper Handling of Length Parameter Inconsistency, Improper Input Validation, Double Free, Out-of-bounds Read, Integer Overflow or ...

Capsule Technologies SmartLinx Neuron 2

Title

Capsule Technologies SmartLinx Neuron 2

Published

July 14, 2020, 5:40 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsma-20-196-01

Summary

This advisory contains mitigations for a Protection Mechanism Failure vulnerability in Capsule Technologies' SmartLinx Neuron 2, a bedside mobile clinical monitoring system.

https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01

Advantech iView

Title

Advantech iView

Published

July 14, 2020, 5:35 p.m.

URL

Summary

This advisory contains mitigations for SQL Injection, Path Traversal, Command Injection, Improper Input Validation, Missing Authentication for Critical Function, Improper Access Control vulnerabilities in Advantech's iView device management application.

Moxa EDR-G902 and EDR-G903 Series Routers

Title

Moxa EDR-G902 and EDR-G903 Series Routers

Published

July 14, 2020, 5:30 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-20-196-02

Summary

This advisory contains mitigations for a Stack-based Buffer Overflow vulnerability in Moxa's a EDR-G902 and EDR-G903 Series Routers.

Siemens SICAM MMU, SICAM T, and SICAM SGU

Title

Siemens SICAM MMU, SICAM T, and SICAM SGU

Published

July 14, 2020, 5:25 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-20-196-03

Summary

This advisory contains mitigations for Out-of-bounds Read, Missing Authentication for Critical Function, Missing Encryption of Sensitive Data, Use of Password Hash with Insufficient Computational Effort, Cross-site Scripting, Classic Buffer Overflow, Basic XSS, Authentication Bypass by Capture-replay vulnerabilities in Siemens' SICAM MMU, SICAM T, and SICAM SGU products.