Dienstag, 12.04.2022
Titel
SSA-593272 V1.6 (Last Update: 2022-04-12): SegmentSmack in Interniche IP-Stack based Industrial Devices
Veröffentlicht
12. April 2022 02:00
Text
A vulnerability exists in affected products that could allow remote attackers to affect the availability of the devices under certain conditions. The underlying TCP stack can be forced to make very computation expensive calls for every incoming packet which can lead to a Denial-of-Service.
Titel
SSA-599968 V1.5 (Last Update: 2022-04-12): Denial-of-Service Vulnerability in Profinet Devices
Veröffentlicht
12. April 2022 02:00
Text
A vulnerability in affected devices could allow an attacker to perform a denial-of-service attack if a large amount of Profinet Discovery and Configuration Protocol (DCP) reset packets is sent to the affected devices. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens ...
Titel
SSA-913875 V1.3 (Last Update: 2022-04-12): Frame Aggregation and Fragmentation Vulnerabilities in 802.11
Veröffentlicht
12. April 2022 02:00
Text
Twelve vulnerabilities in the implementation of frame aggregation and fragmentation of the 802.11 standard, under the name of FragAttacks, have been published. Successful exploitation of these vulnerabilities could allow an attacker within Wi-Fi range to forge encrypted frames, which could result in sensitive data disclosure and possibly traffic manipulation. The ...
Titel
SSA-661247 V2.7 (Last Update: 2022-04-12): Apache Log4j Vulnerabilities (Log4Shell, CVE-2021-44228, CVE-2021-45046) - Impact to Siemens Products
Veröffentlicht
12. April 2022 02:00
Text
On 2021-12-09, a vulnerability in Apache Log4j (a logging tool used in many Java-based applications) was disclosed, that could allow remote unauthenticated attackers to execute code on vulnerable systems. The vulnerability is tracked as CVE-2021-44228 and is also known as “Log4Shell”. On 2021-12-14 an additional denial of service vulnerability (CVE-2021-45046) ...
Titel
SSA-672373 V1.2 (Last Update: 2022-04-12): Vulnerabilities in CP 1543-1 before V2.0.28
Veröffentlicht
12. April 2022 02:00
Text
SIMATIC CP 1543-1 devices before V2.0.28 contain two vulnerabilities that could allow authorized users to escalate their privileges on the CP or create a denial of service condition. Siemens has released updates for the affected products and recommends to update to the latest versions.
Donnerstag, 07.04.2022
Titel
Pepperl+Fuchs WirelessHART-Gateway
Veröffentlicht
7. April 2022 16:10
Text
This advisory contains mitigations for several vulnerabilities in Pepperl+Fuchs WirelessHART-Gateway industrial networking devices.
Titel
ABB SPIET800 and PNI800
Veröffentlicht
7. April 2022 16:05
Text
This advisory contains mitigations for Incomplete Internal State Distinction, Improper Handling of Unexpected Data Type, and Uncontrolled Resource Consumption vulnerabilities in ABB Symphony Plus SPIET800 and PNI800 network interface modules.
Mittwoch, 06.04.2022
Titel
Sicherheitsupdate: CODESYS Security Advisories 2022-02 bis 2022-07
Veröffentlicht
6. April 2022 08:54
Text
Please check source url for more information.
Dienstag, 05.04.2022
Titel
LifePoint Informatics Patient Portal
Veröffentlicht
5. April 2022 16:15
Text
This advisory contains mitigations for an Authentication Bypass Using Alternate Path or Channel vulnerability in the LifePoint Informatics Patient Portal, a website containing patient health data.
Titel
Philips Vue PACS (Update B)
Veröffentlicht
5. April 2022 16:00
Text
This updated advisory is a follow-up to the advisory update titled ICSMA-21-87-01 Philips Vue PACS (Update A) that was published January 20, 2022, to the ICS webpage on www.cisa.gov/uscert/ics. This advisory contains mitigations for numerous vulnerabilities in Philips Vue PACS products.

Letzte Updates

BOSCH PSIRT
11.08.2022
CODESYS
27.07.2022
SIEMENS CERT
09.08.2022
US CERT
16.08.2022
US CERT (ICS)
16.08.2022

Nach Quelle

Archiv

2022
2021
2020
2019
2018
2017

Feeds