July 2024
Title
National Instruments LabVIEW
Published
July 23, 2024, 2 p.m.
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION: Low attack complexity Vendor: National Instruments Equipment: LabVIEW Vulnerabilities: Out-of-Bounds Read, Improper Restriction of Operations within the Bounds of a Memory Buffer 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow a local attacker to disclose information and execute arbitrary ...
Title
National Instruments IO Trace
Published
July 23, 2024, 2 p.m.
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION: Low attack complexity Vendor: National Instruments Equipment: IO Trace Vulnerability: Stack-Based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a local attacker to execute arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following National Instruments I/O ...
Title
Hitachi Energy AFS/AFR Series Products
Published
July 23, 2024, 2 p.m.
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: AFS650, AFS660, AFS665, AFS670, AFS675, AFS677, AFR677 Vulnerabilities: Type Confusion, Use After Free, Double Free, Observable Discrepancy 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to create a denial-of-service ...
Title
SSA-723487 V1.1 (Last Update: 2024-07-22): RADIUS Protocol Susceptible to Forgery Attacks (CVE-2024-3596) - Impact to SCALANCE, RUGGEDCOM and Related Products
Published
July 22, 2024, 2 a.m.
Summary
This advisory documents the impact of CVE-2024-3596 (also dubbed “Blastradius”), a vulnerability in the RADIUS protocol, to SCALANCE, RUGGEDCOM and related products. The vulnerability could allow on-path attackers, located between a Network Access Server (the RADIUS client, e.g., SCALANCE or RUGGEDCOM devices) and a RADIUS server (e.g., SINEC INS), to ...
Title
SSA-071402 V1.0: Multiple Vulnerabilities in SICAM Products
Published
July 22, 2024, 2 a.m.
Summary
Multiple SICAM products are affected by unauthorized password reset and firmware downgrade vulnerabilities that could lead to privilege escalation and potential leak of information, namely: SICAM A8000 Device firmware CPCI85 for CP-8031/CP-8050 SICAM EGS Device firmware CPCI85 SICAM 8 Software Solution SICORE Siemens has released new firmware versions for the ...
Title
"regreSSHion" OpenSSH vulnerability in PRC7000
Published
July 19, 2024, 2 a.m.
Summary

BOSCH-SA-248444: The Qualys Threat Research Unit (TRU) has discovered a Remote Unauthenticated Code Execution (RCE) vulnerability in OpenSSH’s server (sshd) in glibc-based Linux systems. The vulnerability, which is a signal handler race condition in OpenSSH’s server (sshd), allows unauthenticated remote code execution (RCE) as root on glibc-based Linux systems; that ...

Title
Subnet Solutions PowerSYSTEM Center
Published
July 18, 2024, 2 p.m.
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Subnet Solutions Inc. Equipment: Subnet PowerSYSTEM Center Vulnerability: Prototype Pollution 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an authenticated attacker to elevate permissions. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of ...
Title
Mitsubishi Electric MELSOFT MaiLab
Published
July 18, 2024, 2 p.m.
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.2 ATTENTION: Exploitable remotely Vendor: Mitsubishi Electric Corporation Equipment: MELSOFT MaiLab Vulnerability: Improper Verification of Cryptographic Signature 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote attacker to cause a denial-of-service condition in the target product. 3. TECHNICAL DETAILS 3.1 ...
Title
Rockwell Automation Pavilion 8
Published
July 16, 2024, 2 p.m.
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: Pavilion 8 Vulnerability: Incorrect Permission Assignment for Critical Resource 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to create new users and view sensitive data. 3. TECHNICAL DETAILS 3.1 ...
Title
Siemens JT Open and PLM XML SDK
Published
July 11, 2024, 2 p.m.
Summary
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).View CSAF 1. EXECUTIVE SUMMARY CVSS ...
Title
Siemens SIMATIC and SIMIT
Published
July 11, 2024, 2 p.m.
Summary
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).View CSAF 1. EXECUTIVE SUMMARY CVSS ...
Title
Siemens RUGGEDCOM APE 1808
Published
July 11, 2024, 2 p.m.
Summary
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).View CSAF 1. EXECUTIVE SUMMARY CVSS ...
Title
Siemens TIA Portal and SIMATIC STEP 7
Published
July 11, 2024, 2 p.m.
Summary
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).View CSAF 1. EXECUTIVE SUMMARY CVSS ...
Title
Siemens RUGGEDCOM
Published
July 11, 2024, 2 p.m.
Summary
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).View CSAF 1. EXECUTIVE SUMMARY CVSS ...
Title
Siemens Remote Connect Server
Published
July 11, 2024, 2 p.m.
Summary
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).View CSAF 1. EXECUTIVE SUMMARY CVSS ...
Title
Siemens SCALANCE, RUGGEDCOM, SIPLUS, and SINEC
Published
July 11, 2024, 2 p.m.
Summary
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).View CSAF 1. EXECUTIVE SUMMARY CVSS ...
Title
CISA Red Team’s Operations Against a Federal Civilian Executive Branch Organization Highlights the Necessity of Defense-in-Depth
Published
July 9, 2024, 4:09 p.m.
Summary
EXECUTIVE SUMMARY In early 2023, the Cybersecurity and Infrastructure Security Agency (CISA) conducted a SILENTSHIELD red team assessment against a Federal Civilian Executive Branch (FCEB) organization. During SILENTSHIELD assessments, the red team first performs a no-notice, long-term simulation of nation-state cyber operations. The team mimics the techniques, tradecraft, and behaviors ...
Title
Delta Electronics CNCSoft-G2
Published
July 9, 2024, 2 p.m.
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION: Low attack complexity Vendor: Delta Electronics Equipment: CNCSoft-G2 Vulnerabilities: Stack-based Buffer Overflow, Out-of-bounds Write, Out-of-bounds Read, Heap-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of these vulnerabilities could cause a buffer overflow condition and allow remote code execution. 3. TECHNICAL DETAILS ...
Title
Johnson Controls Software House C●CURE 9000
Published
July 9, 2024, 2 p.m.
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.7 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Johnson Controls Inc. Equipment: Software House C●CURE 9000 Vulnerability: Incorrect Default Permissions 2. RISK EVALUATION Successful exploitation of this vulnerability may allow an attacker to access credentials used for access to the application. 3. TECHNICAL DETAILS ...
Title
Mitsubishi Electric MELIPC Series MI5122-VW
Published
July 9, 2024, 2 p.m.
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Low attack complexity Vendor: Mitsubishi Electric Equipment: MI5122-VW Vulnerability: Incorrect Default Permissions 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to tamper with, destroy, disclose, or delete information in the product, or cause a denial-of-service (DoS) condition ...
Title
Johnson Controls Illustra Pro Gen 4
Published
July 9, 2024, 2 p.m.
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.0 ATTENTION: Exploitable remotely Vendor: Johnson Controls, Inc. Equipment: Illustra Pro Gen 4 Vulnerability: Dependency on Vulnerable Third-Party Component 2. RISK EVALUATION Successful exploitation of this vulnerability could impact confidentiality and integrity of the device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Johnson Controls ...
Title
SSA-686975 V1.4 (Last Update: 2024-07-09): IPU 2022.3 Vulnerabilities in Siemens Industrial Products using Intel CPUs
Published
July 9, 2024, 2 a.m.
Summary
Intel has published information on vulnerabilities in Intel products in November 2022. This advisory lists the related Siemens Industrial products affected by these vulnerabilities that can be patched by applying the corresponding BIOS update (“2022.3 IPU – BIOS Advisory” Intel-SA-00688). Siemens is preparing updates and recommends specific countermeasures for products ...
Title
SSA-698820 V1.0: Multiple Vulnerabilities in Fortigate NGFW on RUGGEDCOM APE1808 devices
Published
July 9, 2024, 2 a.m.
Summary
Fortinet has published information on vulnerabilities in FORTIOS. This advisory lists the related Siemens Industrial products. Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available. Siemens recommends to consult and implement the workarounds provided in Fortinet’s upstream security notifications.
Title
SSA-593272 V2.2 (Last Update: 2024-07-09): SegmentSmack in Interniche IP-Stack based Industrial Devices
Published
July 9, 2024, 2 a.m.
Summary
A vulnerability exists in affected products that could allow remote attackers to affect the availability of the devices under certain conditions. The underlying TCP stack can be forced to make very computation expensive calls for every incoming packet which can lead to a Denial-of-Service. Siemens has released new versions for ...
Title
SSA-712929 V2.8 (Last Update: 2024-07-09): Denial of Service Vulnerability in OpenSSL (CVE-2022-0778) Affecting Industrial Products
Published
July 9, 2024, 2 a.m.
Summary
A vulnerability in the openSSL component (CVE-2022-0778, [0]) could allow an attacker to create a denial of service condition by providing specially crafted elliptic curve certificates to products that use a vulnerable version of openSSL. Siemens has released new versions for several affected products and recommends to update to the ...

Last Updates

BOSCH PSIRT
19.07.2024
SIEMENS CERT
22.07.2024
US CERT
09.07.2024
US CERT (ICS)
23.07.2024

By Source

Archive

2024
2023
2022
2021
2020
2019
2018
2017

Feeds