• 1 (current)
  • 2
Dienstag, 26.03.2024
Titel
Automation-Direct C-MORE EA9 HMI
Veröffentlicht
26. März 2024 13:00
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: AutomationDirect Equipment: C-MORE EA9 HMI Vulnerabilities: Path Traversal, Stack-Based Buffer Overflow, Plaintext Storage of a Password 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to exploit a remote device and inject malicious ...
Titel
Rockwell Automation FactoryTalk View ME
Veröffentlicht
26. März 2024 13:00
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: FactoryTalk View ME Vulnerability: Cross-site Scripting 2. RISK EVALUATION Successful exploitation of this vulnerability could lead to the loss of view or control of the PanelView product. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ...
Titel
Rockwell Automation Arena Simulation
Veröffentlicht
26. März 2024 13:00
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: low attack complexity Vendor: Rockwell Automation Equipment: Arena Simulation Software Vulnerabilities: Out-of-bounds Write, Heap-based Buffer Overflow, Improper Restriction of Operations within the Bounds of a Memory Buffer, Use After Free, Access of Uninitialized Pointer, Out-of-bounds Read 2. RISK EVALUATION Successful exploitation ...
Titel
Rockwell Automation PowerFlex 527
Veröffentlicht
26. März 2024 13:00
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: PowerFlex 527 Vulnerabilities: Improper Input Validation, Uncontrolled Resource Consumption 2. RISK EVALUATION Successful exploitation of this these vulnerabilities could crash the device and require a manual restart to recover. 3. TECHNICAL DETAILS 3.1 ...
Titel
SSB-201698 V1.0: Risk for Denial of Service attack through Discovery and Basic Configuration Protocol (DCP) communication functionality
Veröffentlicht
26. März 2024 01:00
Text
Mittwoch, 20.03.2024
Titel
Command Injection in Bosch Network Synchronizer
Veröffentlicht
20. März 2024 01:00
Text

BOSCH-SA-152190-BT: A Command Injection vulnerability has been uncovered in the diagnostics interface of the Bosch Network Synchronizer. This vulnerability allows unauthorized users full access to the device.

Dienstag, 19.03.2024
Titel
Franklin Fueling System EVO 550/5000
Veröffentlicht
19. März 2024 13:00
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Franklin Fueling System Equipment: EVO 550, EVO 5000 Vulnerability: Path Traversal 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to read arbitrary files on the system. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ...
Donnerstag, 14.03.2024
Titel
Softing edgeConnector
Veröffentlicht
14. März 2024 13:00
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.2 ATTENTION: Low attack complexity Vendor: Softing Equipment: edgeConnector Vulnerabilities: Cleartext Transmission of Sensitive Information, Path Traversal 2. RISK EVALUATION Successful exploitation of these vulnerabilities could create conditions that may allow remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions ...
Titel
Siemens RUGGEDCOM APE1808 with Fortigate NGFW Devices
Veröffentlicht
14. März 2024 13:00
Text
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY ...
Titel
Mitsubishi Electric MELSEC-Q/L Series
Veröffentlicht
14. März 2024 13:00
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: MELSEC-Q/L Series Vulnerabilities: Incorrect Pointer Scaling, Integer Overflow or Wraparound 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow a remote attacker to be able to read arbitrary information or execute malicious ...
Titel
Siemens SCALANCE XB-200/XC-200/XP-200/XF-200BA/XR-300WG Family
Veröffentlicht
14. März 2024 13:00
Text
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY ...
Titel
Siemens SENTRON
Veröffentlicht
14. März 2024 13:00
Text
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY ...
Titel
Siemens Sinteso EN Cerberus PRO EN Fire Protection Systems
Veröffentlicht
14. März 2024 13:00
Text
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY ...
Titel
Siemens SENTRON 7KM PAC3x20
Veröffentlicht
14. März 2024 13:00
Text
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY ...
Titel
Siemens SINEMA Remote Connect Client
Veröffentlicht
14. März 2024 13:00
Text
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY ...
Titel
Siemens Siveillance Control
Veröffentlicht
14. März 2024 13:00
Text
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY ...
Mittwoch, 13.03.2024
Titel
BVMS affected by Autodesk Design Review Multiple Vulnerabilities
Veröffentlicht
13. März 2024 01:00
Text

BOSCH-SA-246962-BT: BVMS was using Autodesk Design Review for showing 2D/3D files. Autodesk has published multiple vulnerabilities which when successfully exploited could lead to the execution of arbitrary code.Starting from BVMS version 11.0, the Autodesk Design Review is not used anymore in BVMS, but the BVMS setup does not uninstall the ...

Titel
RPS and RPS-LITE operator and communication process vulnerabilities.
Veröffentlicht
13. März 2024 01:00
Text

BOSCH-SA-099637-BT: Security vulnerabilities related to password use, management and communication processes in RPS and RPS-LITE introduce potential for a malicious user to compromise the software. Bosch recommends to update to the latest version as soon as possible.

Dienstag, 12.03.2024
Titel
Schneider Electric EcoStruxure Power Design
Veröffentlicht
12. März 2024 13:00
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low Attack Complexity Vendor: Schneider Electric Equipment: EcoStruxure Power Design Vulnerability: Deserialization of Untrusted Data 2. RISK EVALUATION Successful exploitation of this vulnerability may allow for arbitrary code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Schneider Electric ...
Titel
SSA-225840 V1.0: Vulnerabilities in the Network Communication Stack in Sinteso EN and Cerberus PRO EN Fire Protection Systems
Veröffentlicht
12. März 2024 01:00
Text
Several products used in Sinteso EN and Cerberus PRO EN Fire Protection Systems contain buffer overflow vulnerabilities in the network communication stack. Successful exploitation of the vulnerabilities could allow an unauthenticated attacker, who gained access to the fire protection system network, to execute arbitrary code on the affected products (CVE-2024-22039) ...
Titel
SSA-145196 V1.0: Authorization Bypass Vulnerability in Siveillance Control
Veröffentlicht
12. März 2024 01:00
Text
Siveillance Control does not properly check the list of access groups that are assigned to an individual user. This could enable a locally logged on user to gain write privileges for objects where they only have read privileges. Siemens has released a new version for Siveillance Control and recommends to ...
Titel
SSA-000072 V1.1 (Last Update: 2024-03-12): Multiple File Parsing Vulnerabilities in Simcenter Femap
Veröffentlicht
12. März 2024 01:00
Text
Simcenter Femap contains multiple file parsing vulnerabilities that could be triggered when the application reads files in Catia MODEL file formats. If a user is tricked to open a malicious file with any of the affected products, this could lead the application to crash or potentially lead to arbitrary code ...
Titel
SSA-398330 V1.3 (Last Update: 2024-03-12): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
Veröffentlicht
12. März 2024 01:00
Text
Multiple vulnerabilities have been identified in the additional GNU/Linux subsystem of the firmware version V3.1 for the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP (incl. SIPLUS variant). These GNU/Linux vulnerabilities have been externally identified. Siemens is preparing fix versions and recommends specific countermeasures for products where fixes are not, or not ...
Titel
SSA-968170 V1.2 (Last Update: 2024-03-12): Remote Code Execution Vulnerability in SIMATIC STEP 7 V5.x and Derived Products
Veröffentlicht
12. März 2024 01:00
Text
SIMATIC STEP 7 and PCS 7 contain a database management system that could allow remote users to use embedded functions of the database (local or in a network share) that have impact on the server. An attacker with network access to the server network could leverage these embedded functions to ...
Titel
SSA-943925 V1.1 (Last Update: 2024-03-12): Multiple Vulnerabilities in SINEC NMS before V2.0 SP1
Veröffentlicht
12. März 2024 01:00
Text
SINEC NMS before V2.0 SP1 is affected by multiple vulnerabilities. Siemens has released an update for SINEC NMS and recommends to update to the latest version.
  • 1 (current)
  • 2

Letzte Updates

BOSCH PSIRT
15.05.2024
SIEMENS CERT
14.05.2024
US CERT
10.05.2024
US CERT (ICS)
23.05.2024

Nach Quelle

Archiv

2024
2023
2022
2021
2020
2019
2018
2017

Feeds