• 1 (current)
  • 2
  • 3
Donnerstag, 30.09.2021
Titel
Boston Scientific Zoom Latitude
Veröffentlicht
30. September 2021 16:00
Text
This advisory contains mitigations for Use of Password Hash with Insufficient Computational Effort, Missing Protection Against Hardware Reverse Engineering Using Integrated Circuit (IC) Imaging Techniques, Improper Access Control, Missing Support for Integrity Check, and Reliance on Component That is Not Updateable vulnerabilities in the Boston Scientific Zoom Latitude programmer/recorder/monitor (PRM) ...
Dienstag, 28.09.2021
Titel
SSA-728618 V1.0: Multiple Vulnerabilities in Solid Edge before SE2021MP8
Veröffentlicht
28. September 2021 02:00
Text
Siemens has released a new version for Solid Edge that fixes multiple file parsing vulnerabilities which could be triggered when the application reads files in IFC, JT or OBJ formats. If a user is tricked to opening a malicious file using the affected application this could lead the application to ...
Donnerstag, 23.09.2021
Titel
Trane Symbio
Veröffentlicht
23. September 2021 16:10
Text
This advisory contains mitigations for a Code Injection vulnerability in Trane Symbio 700 and Symbio 800 controllers.
Titel
Trane Tracer
Veröffentlicht
23. September 2021 16:05
Text
This advisory contains mitigations for a Code Injection vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge building automation products.
Titel
Ovarro TBox (Update A)
Veröffentlicht
23. September 2021 16:00
Text
This updated advisory is a follow-up to the advisory update titled ICSA-21-054-04 Ovarro TBox that was published March 23, 2021, to the ICS webpage on us-cert.cisa.gov. The original advisory was titled ICSA-21-054-04P Ovarro TBox and posted to the HSIN ICS library on February 23, 2021. This advisory contains mitigations for ...
Mittwoch, 22.09.2021
Titel
AA21-265A: Conti Ransomware
Veröffentlicht
22. September 2021 19:00
Text
Original release date: September 22, 2021SummaryImmediate Actions You Can Take Now to Protect Against Conti Ransomware • Use multi-factor authentication. • Segment and segregate networks and functions. • Update your operating system and software. Note: This Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework, version 9. ...
Donnerstag, 16.09.2021
Titel
AA21-259A: APT Actors Exploiting Newly Identified Vulnerability in ManageEngine ADSelfService Plus
Veröffentlicht
16. September 2021 19:00
Text
Original release date: September 16, 2021SummaryThis Joint Cybersecurity Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework, Version 8. See the ATT&CK for Enterprise for referenced threat actor tactics and for techniques. This joint advisory is the result of analytic efforts between the Federal Bureau of Investigation ...
Titel
Siemens RUGGEDCOM ROX
Veröffentlicht
16. September 2021 16:05
Text
This advisory contains mitigations for Exposure of Sensitive Information to an Unauthorized Actor, Execution with Unnecessary Privileges, and Improper Handling of Insufficient Permissions or Privileges vulnerabilities in Siemens RUGGEDCOM ROX devices.
Titel
Schneider Electric EcoStruxure and SCADAPack
Veröffentlicht
16. September 2021 16:00
Text
This advisory contains mitigations for a Path Traversal vulnerability in Schneider Electric EcoStruxure Control Expert, EcoStruxure Process Expert, SCADAPack RemoteConnect software designed for the x70 SCADAPack system.
Dienstag, 14.09.2021
Titel
Digi PortServer TS 16
Veröffentlicht
14. September 2021 17:26
Text
This advisory contains mitigations for an Improper Authentication vulnerability in Digi PortServer TS 16 terminal servers.
Titel
Johnson Controls Sensormatic Electronics KT-1
Veröffentlicht
14. September 2021 17:24
Text
This advisory contains mitigations for an Authentication Bypass by Capture-replay vulnerability in Sensormatic Electronics KT-1 door controllers. Sensormatic Electronics is a subsidiary of Johnson Controls.
Titel
Schneider Electric Struxureware Data Center Expert
Veröffentlicht
14. September 2021 17:22
Text
This advisory contains mitigations for OS Command Injection, and Path Traversal vulnerabilities in Schneider Electric Struxureware Data Center Expert monitoring software.
Titel
Siemens Simcenter Femap
Veröffentlicht
14. September 2021 17:20
Text
This advisory contains mitigations for an Out-of-bounds Read vulnerability in the Siemens Simenter Femap simulation application.
Titel
Siemens Simcenter STAR-CCM+ Viewer
Veröffentlicht
14. September 2021 17:18
Text
This advisory contains mitigations for an Out-of-bounds Write vulnerability in the Siemens Simcenter Star-CCM+ Viewer simulation application.
Titel
Siemens SIMATIC CP
Veröffentlicht
14. September 2021 17:16
Text
This advisory contains mitigations for a Cleartext Storage of Sensitive Information vulnerability in Siemens SIMATIC CP communication processors.
Titel
Siemens APOGEE and TALON
Veröffentlicht
14. September 2021 17:14
Text
This advisory contains mitigations for a Classic Buffer Overflow vulnerability in Siemens APOGEE and TALON building automation systems.
Titel
Siemens Teamcenter
Veröffentlicht
14. September 2021 17:12
Text
This advisory contains mitigations for Privilege Defined with Unsafe Actions, Authorization Bypass Through User-Controlled Key, and Improper Restriction of XML External Entity Reference vulnerabilities in the Siemens Teamcenter virtualization platform.
Titel
Siemens Teamcenter Active Workspace
Veröffentlicht
14. September 2021 17:12
Text
This advisory contains mitigations for a Path Traversal vulnerability in the Siemens Teamcenter Active Workspace product lifecycle management system.
Titel
Siemens NX
Veröffentlicht
14. September 2021 17:10
Text
This advisory contains mitigations for Use After Free, and Out-of-bounds Read vulnerabilities in Siemens NX industrial software.
Titel
Siemens SIPROTEC 5 relays
Veröffentlicht
14. September 2021 17:08
Text
This advisory contains mitigations for Classic Buffer Overflow vulnerabilities in Siemens SIPROTEC 5 relays.
Titel
SSA-413407 V1.0: Path Traversal Vulnerability in Teamcenter Active Workspace
Veröffentlicht
14. September 2021 02:00
Text
Teamcenter Active Workspace contains a path traversal vulnerability that could lead to access control violations. Siemens has released updates for the affected products and recommends to update to the latest versions.
Titel
SSA-316383 V1.0: NumberJack Vulnerability in LOGO! CMR family and SIMATIC RTU 3000 family
Veröffentlicht
14. September 2021 02:00
Text
A vulnerability has been identified in the underlying TCP/IP stack of LOGO! CMR family and SIMATIC RTU 3000 family devices. It could allow an attacker with network access to the LAN interface of an affected device to hijack an ongoing connection or spoof a new one. The WAN interface, however, ...
Titel
SSA-288459 V1.0: Heap Overflow Vulnerability in RFID terminals
Veröffentlicht
14. September 2021 02:00
Text
A heap overflow vulnerability in dhclient of the affected products, which has been published alongside other vulnerabilities as part of NAME:WRECK could allow an attacker to potentially remotely execute code. Siemens recommends specific countermeasures for products.
Titel
SSA-535997 V1.0: Cleartext Storage of Sensitive Information in Multiple SIMATIC Products
Veröffentlicht
14. September 2021 02:00
Text
A cleartext vulnerability was found in the SIMATIC communication processors CP 1543-1 and CP 1545-1 that could allow an attacker to read sensitive information. Siemens has released an update for the SIMATIC CP 1543-1 (incl. SIPLUS variants) and recommends to update to the latest version. Siemens is preparing further updates ...
Titel
SSA-549234 V1.0: Denial-of-Service Vulnerability in SIMATIC NET CP Modules
Veröffentlicht
14. September 2021 02:00
Text
A Denial of Service vulnerability was identified in different types of Communication Processors. An attacker could exploit this vulnerability causing the device to become un-operational until the device is restarted. Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available.
  • 1 (current)
  • 2
  • 3

Letzte Updates

BOSCH PSIRT
04.10.2021
CODESYS
19.11.2021
SIEMENS CERT
09.11.2021
US CERT
17.11.2021
US CERT (ICS)
18.11.2021

Nach Quelle

Archiv

2021
2020
2019
2018
2017

Feeds