Bulletins | CERT@VDE

Hillrom Medical Device Management

Titel

Hillrom Medical Device Management

Veröffentlicht

17. Juni 2022 05:08

URL

https://us-cert.cisa.gov/ics/advisories/icsma-22-167-01

Text

This advisory contains mitigations for Use of Hard-coded Password, and Improper Access Control vulnerability in Welch Allyn resting electrocardiograph devices. Hillrom Medical. Welch Allyn, and ELI are registered trademarks of Baxter International, Inc., or its subsidiaries.

05:06

AutomationDirect C-More EA9 HMI

Titel

AutomationDirect C-More EA9 HMI

Veröffentlicht

17. Juni 2022 05:06

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-167-01

Text

This advisory contains mitigations for Uncontrolled Search Path Element, Cleartext Transmission of Sensitive Information vulnerabilities in AutomationDirect C-More EA9 human-machine interface products.

Donnerstag, 16.06.2022

17:04

AutomationDirect DirectLOGIC with Serial Communication

Titel

AutomationDirect DirectLOGIC with Serial Communication

Veröffentlicht

16. Juni 2022 17:04

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-167-02

Text

This advisory contains mitigations for a Cleartext Transmission of Sensitive Information vulnerability in DirectLOGIC programmable controllers with serial communication.

17:02

AutomationDirect DirectLOGIC with Ethernet

Titel

AutomationDirect DirectLOGIC with Ethernet

Veröffentlicht

16. Juni 2022 17:02

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-167-03

Text

This advisory contains mitigations for Uncontrolled Resource Consumption, and Cleartext Transmission of Sensitive Information vulnerabilities in AutomationDirect DirectLOGIC programmable logic Ethernet controllers.

17:00

Siemens Mendix SAML Module

Titel

Siemens Mendix SAML Module

Veröffentlicht

16. Juni 2022 17:00

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-167-04

Text

This advisory contains mitigations for Improper Restriction of XML External Entity Reference, and Cross-site Scripting vulnerabilities in the Siemens Mendix SAML Module.

16:56

Siemens Apache HTTP Server

Titel

Siemens Apache HTTP Server

Veröffentlicht

16. Juni 2022 16:56

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-167-06

Text

This advisory contains mitigations for NULL Pointer Dereference, Out-of-bounds Write, and Server-side Request Forgery (SSRF) vulnerabilities in the Siemens Apache HTTP Server.

16:52

Siemens SICAM GridEdge

Titel

Siemens SICAM GridEdge

Veröffentlicht

16. Juni 2022 16:52

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-167-08

Text

This advisory contains mitigations for Missing Authentication for Critical Function, and Resource Leak vulnerabilities in the Siemens SICAM GridEdge Essential ARM.

16:50

Siemens SCALANCE LPE9403 Third-Party Vulnerabilities

Titel

Siemens SCALANCE LPE9403 Third-Party Vulnerabilities

Veröffentlicht

16. Juni 2022 16:50

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-167-09

Text

This advisory contains mitigations for vulnerabilities in the Siemens SCALANCE LPE9403, a processing power extension for the SCALANCE family of products.

16:48

Siemens SCALANCE XM-400 and XR-500

Titel

Siemens SCALANCE XM-400 and XR-500

Veröffentlicht

16. Juni 2022 16:48

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-167-10

Text

This advisory contains mitigations for an Improper Validation of Integrity Check Value vulnerability in the Siemens SCALANCE XM-400 and XR-500 industrial switches.

16:46

Siemens Xpedition Designer

Titel

Siemens Xpedition Designer

Veröffentlicht

16. Juni 2022 16:46

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-167-11

Text

This advisory contains mitigations for an Incorrect Permission Assignment for Critical Resource vulnerability in the Siemens Xpedition Designer PCB design flow products.

16:44

Siemens Spectrum Power Systems

Titel

Siemens Spectrum Power Systems

Veröffentlicht

16. Juni 2022 16:44

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-167-12

Text

This advisory contains mitigations for a Use of Hard-coded Credentials vulnerability in the Siemens Spectrum Power data modelling and monitoring system.

16:40

Siemens OpenSSL Affected Industrial Products

Titel

Siemens OpenSSL Affected Industrial Products

Veröffentlicht

16. Juni 2022 16:40

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-167-14

Text

This advisory contains mitigations for an Infinite Loop vulnerability in the Siemens OpenSSL Affected Industrial Products.

Dienstag, 14.06.2022

16:10

Johnson Controls Metasys ADS ADX OAS Servers

Titel

Johnson Controls Metasys ADS ADX OAS Servers

Veröffentlicht

14. Juni 2022 16:10

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-165-01

Text

This advisory contains mitigations for Unverified Password Change, and Cross-site Scripting vulnerabilities in the Johnson Controls Metasys ADS ADX OAS Servers.

16:05

Meridian Cooperative Meridian

Titel

Meridian Cooperative Meridian

Veröffentlicht

14. Juni 2022 16:05

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-165-02

Text

This advisory contains mitigations for an Improper Access Control vulnerability in Meridian utility software.

16:00

Mitsubishi Electric MELSEC-Q/L and MELSEC iQ-R

Titel

Mitsubishi Electric MELSEC-Q/L and MELSEC iQ-R

Veröffentlicht

14. Juni 2022 16:00

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-165-03

Text

This advisory contains mitigations for an Improper Input Validation vulnerability in the Mitsubishi Electric MELSEC-Q/L Series and MELSEC iQ-R Series Interface Modules.

SSA-145224 V1.0: Vulnerability in OSPF Packet Handling of SCALANCE XM-400 and XR-500 Devices

Titel

SSA-145224 V1.0: Vulnerability in OSPF Packet Handling of SCALANCE XM-400 and XR-500 Devices

Veröffentlicht

14. Juni 2022 02:00

URL

https://cert-portal.siemens.com/productcert/pdf/ssa-145224.pdf

Text

SCALANCE XM-400 and XR-500 devices contain a vulnerability in the OSPF protocol implementation that could allow an unauthenticated remote attacker to cause interruptions in the network. Siemens has released updates for the affected products and recommends to update to the latest versions.

SSA-102233 V2.0 (Last Update: 2022-06-14): SegmentSmack in VxWorks-based Industrial Devices

Titel

SSA-102233 V2.0 (Last Update: 2022-06-14): SegmentSmack in VxWorks-based Industrial Devices

Veröffentlicht

14. Juni 2022 02:00

URL

https://cert-portal.siemens.com/productcert/pdf/ssa-102233.pdf

Text

The products listed below contain a vulnerability that could allow remote attackers to affect the availability of the devices under certain conditions. The underlying TCP stack can be forced to make very computation expensive calls for every incoming packet which can lead to a Denial-of-Service. Siemens has released an update ...

SSA-222547 V1.0: Third-Party Component Vulnerabilities in SCALANCE LPE9403 before V2.0

Titel

SSA-222547 V1.0: Third-Party Component Vulnerabilities in SCALANCE LPE9403 before V2.0

Veröffentlicht

14. Juni 2022 02:00

URL

https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf

Text

Multiple vulnerabilities in the third-party components CivetWeb, Docker, Linux Kernel and systemd could allow an attacker to impact SCALANCE LPE9403 confidentiality, integrity and availability. Siemens has released an update for the SCALANCE LPE9403 and recommends to update to the latest version.

SSA-988345 V1.0: Local Privilege Escalation Vulnerability in Xpedition Designer

Titel

SSA-988345 V1.0: Local Privilege Escalation Vulnerability in Xpedition Designer

Veröffentlicht

14. Juni 2022 02:00

URL

https://cert-portal.siemens.com/productcert/pdf/ssa-988345.pdf

Text

A vulnerability in Xpedition Designer could allow an attacker with an unprivileged account to override or modify the service executable and subsequently gain elevated privileges. Siemens has released an update for the Xpedition Designer and recommends to update to the latest version.

SSA-693555 V1.0: Memory Corruption Vulnerability in EN100 Ethernet Module

Titel

SSA-693555 V1.0: Memory Corruption Vulnerability in EN100 Ethernet Module

Veröffentlicht

14. Juni 2022 02:00

URL

https://cert-portal.siemens.com/productcert/pdf/ssa-693555.pdf

Text

EN100 Ethernet module is affected by memory corruption vulnerability (CVE-2022-30937). Siemens has released an update for the EN100 Ethernet module IEC 61850 variant and recommends to update to the latest version. Siemens recommends specific countermeasures for products where updates are not, or not yet available.

SSA-978220 V1.7 (Last Update: 2022-06-14): Denial of Service Vulnerability over SNMP in Multiple Industrial Products

Titel

SSA-978220 V1.7 (Last Update: 2022-06-14): Denial of Service Vulnerability over SNMP in Multiple Industrial Products

Veröffentlicht

14. Juni 2022 02:00

URL

https://cert-portal.siemens.com/productcert/pdf/ssa-978220.pdf

Text

Several industrial products are affected by a vulnerability that could allow remote attackers to conduct a denial of service attack by sending specially crafted packets to port 161/udp (SNMP). Siemens has released updates for several affected products and recommends to update to the new versions. Siemens is preparing further updates ...

SSA-941426 V1.2 (Last Update: 2022-06-14): Multiple LLDP Vulnerabilities in Industrial Products

Titel

SSA-941426 V1.2 (Last Update: 2022-06-14): Multiple LLDP Vulnerabilities in Industrial Products

Veröffentlicht

14. Juni 2022 02:00

URL

https://cert-portal.siemens.com/productcert/pdf/ssa-941426.pdf

Text

There are multiple vulnerabilities in an underlying Link Layer Discovery Protocol (LLDP) third party library. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.