Bulletins | CERT@VDE

1
2
3 (current)

Donnerstag, 07.12.2023

13:00

US CERT (ICS)

Johnson Controls Metasys and Facility Explorer

Titel

Johnson Controls Metasys and Facility Explorer

Veröffentlicht

7. Dezember 2023 13:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-23-341-03

Text

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Johnson Controls Equipment: Metasys and Facility Explorer Vulnerability: Uncontrolled Resource Consumption 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service by sending invalid credentials. 3. TECHNICAL DETAILS 3.1 AFFECTED ...

13:00

US CERT (ICS)

Sierra Wireless AirLink with ALEOS firmware

Titel

Sierra Wireless AirLink with ALEOS firmware

Veröffentlicht

7. Dezember 2023 13:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-23-341-06

Text

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Sierra Wireless Equipment: AirLink Vulnerabilities: Infinite Loop, NULL Pointer Dereference, Cross-site Scripting, Reachable Assertion, Use of Hard-coded Credentials, Use of Hard-coded Cryptographic Key 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to ...

13:00

US CERT (ICS)

Schweitzer Engineering Laboratories SEL-411L

Titel

Schweitzer Engineering Laboratories SEL-411L

Veröffentlicht

7. Dezember 2023 13:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-23-341-02

Text

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 4.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schweitzer Engineering Laboratories Equipment: SEL-411L Vulnerability: Improper Restriction of Rendered UI Layers or Frames 2. RISK EVALUATION Successful exploitation of this vulnerability could expose authorized users to clickjacking attacks. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The ...

Mittwoch, 06.12.2023

21:18

US CERT

Russian FSB Cyber Actor Star Blizzard Continues Worldwide Spear-phishing Campaigns

Titel

Russian FSB Cyber Actor Star Blizzard Continues Worldwide Spear-phishing Campaigns

Veröffentlicht

6. Dezember 2023 21:18

URL

https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-341a

Text

The Russia-based actor is targeting organizations and individuals in the UK and other geographical areas of interest. OVERVIEW The Russia-based actor Star Blizzard (formerly known as SEABORGIUM, also known as Callisto Group/TA446/COLDRIVER/TAG-53/BlueCharlie) continues to successfully use spear-phishing attacks against targeted organizations and individuals in the UK, and other geographical areas ...

Dienstag, 05.12.2023

13:00

US CERT (ICS)

Zebra ZTC Industrial ZT400 and ZTC Desktop GK420d

Titel

Zebra ZTC Industrial ZT400 and ZTC Desktop GK420d

Veröffentlicht

5. Dezember 2023 13:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-23-339-01

Text

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.4 ATTENTION: Exploitable with adjacent access/low attack complexity Vendor: Zebra Technologies Equipment: ZTC Industrial ZT410, ZTC Desktop GK420d Vulnerability: Authentication Bypass Using an Alternate Path or Channel 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to send specially crafted ...

Montag, 04.12.2023

19:05

US CERT

Threat Actors Exploit Adobe ColdFusion CVE-2023-26360 for Initial Access to Government Servers

Titel

Threat Actors Exploit Adobe ColdFusion CVE-2023-26360 for Initial Access to Government Servers

Veröffentlicht

4. Dezember 2023 19:05

URL

https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-339a

Text

SUMMARY The Cybersecurity and Infrastructure Security Agency (CISA) is releasing a Cybersecurity Advisory (CSA) in response to confirmed exploitation of CVE-2023-26360 by unidentified threat actors at a Federal Civilian Executive Branch (FCEB) agency. This vulnerability presents as an improper access control issue impacting Adobe ColdFusion versions 2018 Update 15 (and ...

Freitag, 01.12.2023

23:21

US CERT

IRGC-Affiliated Cyber Actors Exploit PLCs in Multiple Sectors, Including U.S. Water and Wastewater Systems Facilities

Titel

IRGC-Affiliated Cyber Actors Exploit PLCs in Multiple Sectors, Including U.S. Water and Wastewater Systems Facilities

Veröffentlicht

1. Dezember 2023 23:21

URL

https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-335a

Text

SUMMARY The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Environmental Protection Agency (EPA), and the Israel National Cyber Directorate (INCD)—hereafter referred to as "the authoring agencies"—are disseminating this joint Cybersecurity Advisory (CSA) to highlight continued malicious cyber activity against operational technology devices ...

1
2
3 (current)

Letzte Updates

BOSCH PSIRT

20.03.2024

CODESYS

28.06.2023

SIEMENS CERT

19.04.2024

US CERT

10.05.2024

US CERT (ICS)

09.05.2024

Nach Quelle

BOSCH PSIRT (76)
CODESYS (36)
SIEMENS CERT (1616)
US CERT (158)
US CERT (ICS) (1518)

Feeds

RSS / Atom

Letzte Updates

Nach Quelle

Archiv

2024

2023

2022

2021

2020

2019

2018

2017

Feeds