• 1 (current)
  • 2
  • 3
Donnerstag, 30.11.2023
13:00
US CERT (ICS)
Mitsubishi Electric FA Engineering Software Products
Titel
Mitsubishi Electric FA Engineering Software Products
Veröffentlicht
30. November 2023 13:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-334-04
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Mitsubishi Electric Equipment: FA Engineering Software Products Vulnerability: External Control of File Name or Path 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a malicious attacker to execute malicious code by tricking legitimate users to ...
13:00
US CERT (ICS)
PTC KEPServerEx
Titel
PTC KEPServerEx
Veröffentlicht
30. November 2023 13:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-334-03
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: PTC Equipment: KEPServerEX, ThingWorx, OPC-Aggregator Vulnerabilities: Heap-based Buffer Overflow, Improper Validation of Certificate with Host Mismatch 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker gaining Windows SYSTEM-level code execution on the service ...
Dienstag, 28.11.2023
13:00
US CERT (ICS)
Franklin Electric Fueling Systems Colibri
Titel
Franklin Electric Fueling Systems Colibri
Veröffentlicht
28. November 2023 13:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-331-02
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: Franklin Electric Fueling Systems Equipment: Colibri Vulnerability: Path Traversal 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to obtain login credentials for other users. 3. TECHNICAL DETAILS 3.1 AFFECTED ...
Dienstag, 21.11.2023
14:50
US CERT
#StopRansomware: LockBit 3.0 Ransomware Affiliates Exploit CVE 2023-4966 Citrix Bleed Vulnerability
Titel
#StopRansomware: LockBit 3.0 Ransomware Affiliates Exploit CVE 2023-4966 Citrix Bleed Vulnerability
Veröffentlicht
21. November 2023 14:50
URL
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-325a
Text
SUMMARY Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations ...
01:00
BOSCH PSIRT
Multiple vulnerabilities on ctrlX HMI / WR21
Titel
Multiple vulnerabilities on ctrlX HMI / WR21
Veröffentlicht
21. November 2023 01:00
URL
https://psirt.bosch.com/security-advisories/bosch-sa-175607.html
Text

BOSCH-SA-175607: The operating system of the ctrlX HMI/ WR21 before build date 20231107 has some vulnerabilities when the kiosk mode is used in conjunction with Google Chrome. Therefore, it is possible in worst case that an attacker with physical access to the device can get root access without normal authentication ...

Donnerstag, 16.11.2023
13:00
US CERT (ICS)
Red Lion Sixnet RTUs
Titel
Red Lion Sixnet RTUs
Veröffentlicht
16. November 2023 13:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-320-01
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Red Lion Equipment: Sixnet RTU Vulnerabilities: Authentication Bypass using an Alternative Path or Channel, Exposed Dangerous Method or Function 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an unauthenticated attacker to execute commands with ...
13:00
US CERT (ICS)
Siemens RUGGEDCOM APE1808 Devices
Titel
Siemens RUGGEDCOM APE1808 Devices
Veröffentlicht
16. November 2023 13:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-320-14
Text
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY ...
13:00
US CERT (ICS)
Siemens PNI
Titel
Siemens PNI
Veröffentlicht
16. November 2023 13:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-320-12
Text
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY ...
13:00
US CERT (ICS)
Siemens Mendix Studio Pro
Titel
Siemens Mendix Studio Pro
Veröffentlicht
16. November 2023 13:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-320-11
Text
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY ...
13:00
US CERT (ICS)
Siemens SCALANCE Family Products
Titel
Siemens SCALANCE Family Products
Veröffentlicht
16. November 2023 13:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-320-08
Text
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY ...
13:00
US CERT (ICS)
Siemens SIMATIC PCS neo
Titel
Siemens SIMATIC PCS neo
Veröffentlicht
16. November 2023 13:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-320-06
Text
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY ...
13:00
US CERT (ICS)
Siemens OPC UA Modeling Editor (SiOME)
Titel
Siemens OPC UA Modeling Editor (SiOME)
Veröffentlicht
16. November 2023 13:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-320-07
Text
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY ...
13:00
US CERT (ICS)
Siemens Mendix Runtime
Titel
Siemens Mendix Runtime
Veröffentlicht
16. November 2023 13:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-320-04
Text
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY ...
13:00
US CERT (ICS)
Siemens Desigo CC product family
Titel
Siemens Desigo CC product family
Veröffentlicht
16. November 2023 13:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-320-03
Text
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY ...
Mittwoch, 15.11.2023
15:55
US CERT
Scattered Spider
Titel
Scattered Spider
Veröffentlicht
15. November 2023 15:55
URL
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-320a
Text
SUMMARY The Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint Cybersecurity Advisory (CSA) in response to recent activity by Scattered Spider threat actors against the commercial facilities sectors and subsectors. This advisory provides tactics, techniques, and procedures (TTPs) obtained through FBI investigations ...
Dienstag, 14.11.2023
17:45
US CERT
#StopRansomware: Rhysida Ransomware
Titel
#StopRansomware: Rhysida Ransomware
Veröffentlicht
14. November 2023 17:45
URL
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-319a
Text
SUMMARY Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders detailing various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect ...
13:00
US CERT (ICS)
Rockwell Automation SIS Workstation and ISaGRAF Workbench
Titel
Rockwell Automation SIS Workstation and ISaGRAF Workbench
Veröffentlicht
14. November 2023 13:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-318-02
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Rockwell Automation Equipment: SIS Workstation and ISaGRAF Workbench Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow unprivileged local users to overwrite files replacing them with malicious programs. 3. TECHNICAL DETAILS 3.1 ...
13:00
US CERT (ICS)
AVEVA Operations Control Logger
Titel
AVEVA Operations Control Logger
Veröffentlicht
14. November 2023 13:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-23-318-01
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: AVEVA Equipment: Operations Control Logger Vulnerabilities: Execution with Unnecessary Privileges, External Control of File Name or Path 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow privilege escalation or denial of service. 3. TECHNICAL DETAILS 3.1 ...
01:00
SIEMENS CERT
SSA-764417 V1.8 (Last Update: 2023-11-14): Weak Encryption Vulnerability in RUGGEDCOM ROS Devices
Titel
SSA-764417 V1.8 (Last Update: 2023-11-14): Weak Encryption Vulnerability in RUGGEDCOM ROS Devices
Veröffentlicht
14. November 2023 01:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-764417.html
Text
The SSH server on RUGGEDCOM ROS devices is configured to offer weak ciphers by default. This could allow an unauthorized attacker in a man-in-the-middle position to read and modify any data passed over the connection between legitimate clients and the affected device. Siemens has released updates for the affected products ...
01:00
SIEMENS CERT
SSA-711309 V1.2 (Last Update: 2023-11-14): Denial of Service Vulnerability in the OPC UA Implementations of SIMATIC Products
Titel
SSA-711309 V1.2 (Last Update: 2023-11-14): Denial of Service Vulnerability in the OPC UA Implementations of SIMATIC Products
Veröffentlicht
14. November 2023 01:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-711309.html
Text
The OPC UA implementations (ANSI C and C++) as used in several SIMATIC products contain a denial of service vulnerability that could allow an unauthenticated remote attacker to create a denial of service condition by sending a specially crafted certificate. Siemens has released updates for several affected products and recommends ...
01:00
SIEMENS CERT
SSA-794697 V1.4 (Last Update: 2023-11-14): Vulnerabilities in the Linux Kernel of the SIMATIC S7-1500 TM MFP V1.0
Titel
SSA-794697 V1.4 (Last Update: 2023-11-14): Vulnerabilities in the Linux Kernel of the SIMATIC S7-1500 TM MFP V1.0
Veröffentlicht
14. November 2023 01:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-794697.html
Text
Multiple vulnerabilities have been identified in the Linux Kernel of the SIMATIC S7-1500 TM MFP V1.0. Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available.
01:00
SIEMENS CERT
SSA-831302 V1.2 (Last Update: 2023-11-14): Vulnerabilities in the BIOS of the SIMATIC S7-1500 TM MFP V1.0
Titel
SSA-831302 V1.2 (Last Update: 2023-11-14): Vulnerabilities in the BIOS of the SIMATIC S7-1500 TM MFP V1.0
Veröffentlicht
14. November 2023 01:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-831302.html
Text
Multiple vulnerabilities have been identified in the BIOS of the SIMATIC S7-1500 TM MFP V1.0. Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available.
01:00
SIEMENS CERT
SSA-770902 V1.1 (Last Update: 2023-11-14): Denial of Service Vulnerability in the Web Server of RUGGEDCOM ROS Devices
Titel
SSA-770902 V1.1 (Last Update: 2023-11-14): Denial of Service Vulnerability in the Web Server of RUGGEDCOM ROS Devices
Veröffentlicht
14. November 2023 01:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-770902.html
Text
A denial of service vulnerability could allow an unauthorized attacker to cause total loss of availability in the web server of the affected devices. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends countermeasures for products ...
01:00
SIEMENS CERT
SSA-840800 V1.4 (Last Update: 2023-11-14): Code Injection Vulnerability in RUGGEDCOM ROS
Titel
SSA-840800 V1.4 (Last Update: 2023-11-14): Code Injection Vulnerability in RUGGEDCOM ROS
Veröffentlicht
14. November 2023 01:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-840800.html
Text
RUGGEDCOM ROS-based devices are vulnerable to a web-based code injection attack. To execute this attack, it is necessary to access the system via the Command Line Interface (CLI). Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products ...
01:00
SIEMENS CERT
SSA-887122 V1.0: X_T File Parsing Vulnerabilities in Simcenter Femap
Titel
SSA-887122 V1.0: X_T File Parsing Vulnerabilities in Simcenter Femap
Veröffentlicht
14. November 2023 01:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-887122.html
Text
Simcenter Femap is affected by out of bounds write vulnerabilities that could be triggered when the application reads files in X_T format. If a user is tricked to open a malicious file with the affected applications, an attacker could leverage the vulnerability to perform remote code execution in the context ...
  • 1 (current)
  • 2
  • 3

Letzte Updates

BOSCH PSIRT
20.03.2024
CODESYS
28.06.2023
SIEMENS CERT
19.04.2024
US CERT
17.04.2024
US CERT (ICS)
25.04.2024

Nach Quelle

Archiv

2024
2023
2022
2021
2020
2019
2018
2017

Feeds