Bulletins | CERT@VDE

https://www.cisa.gov/news-events/ics-advisories/icsa-23-341-05

ControlbyWeb Relay

Title

ControlbyWeb Relay

Published

Dec. 7, 2023, 1 p.m.

URL

Summary

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: ControlByWeb Equipment: X-332 and X-301 Vulnerability: Cross-Site Scripting 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an authenticated attacker to run malicious code during a user's session. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The ...

06.12.2023

Russian FSB Cyber Actor Star Blizzard Continues Worldwide Spear-phishing Campaigns

Title

Russian FSB Cyber Actor Star Blizzard Continues Worldwide Spear-phishing Campaigns

Published

Dec. 6, 2023, 9:18 p.m.

URL

https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-341a

Summary

The Russia-based actor is targeting organizations and individuals in the UK and other geographical areas of interest. OVERVIEW The Russia-based actor Star Blizzard (formerly known as SEABORGIUM, also known as Callisto Group/TA446/COLDRIVER/TAG-53/BlueCharlie) continues to successfully use spear-phishing attacks against targeted organizations and individuals in the UK, and other geographical areas ...

05.12.2023

Zebra ZTC Industrial ZT400 and ZTC Desktop GK420d

Title

Zebra ZTC Industrial ZT400 and ZTC Desktop GK420d

Published

Dec. 5, 2023, 1 p.m.

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-23-339-01

Summary

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.4 ATTENTION: Exploitable with adjacent access/low attack complexity Vendor: Zebra Technologies Equipment: ZTC Industrial ZT410, ZTC Desktop GK420d Vulnerability: Authentication Bypass Using an Alternate Path or Channel 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to send specially crafted ...

04.12.2023

Threat Actors Exploit Adobe ColdFusion CVE-2023-26360 for Initial Access to Government Servers

Title

Threat Actors Exploit Adobe ColdFusion CVE-2023-26360 for Initial Access to Government Servers

Published

Dec. 4, 2023, 7:05 p.m.

URL

https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-339a

Summary

SUMMARY The Cybersecurity and Infrastructure Security Agency (CISA) is releasing a Cybersecurity Advisory (CSA) in response to confirmed exploitation of CVE-2023-26360 by unidentified threat actors at a Federal Civilian Executive Branch (FCEB) agency. This vulnerability presents as an improper access control issue impacting Adobe ColdFusion versions 2018 Update 15 (and ...

01.12.2023

IRGC-Affiliated Cyber Actors Exploit PLCs in Multiple Sectors, Including U.S. Water and Wastewater Systems Facilities

Title

IRGC-Affiliated Cyber Actors Exploit PLCs in Multiple Sectors, Including U.S. Water and Wastewater Systems Facilities

Published

Dec. 1, 2023, 11:21 p.m.

URL

https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-335a

Summary

SUMMARY The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Environmental Protection Agency (EPA), and the Israel National Cyber Directorate (INCD)—hereafter referred to as "the authoring agencies"—are disseminating this joint Cybersecurity Advisory (CSA) to highlight continued malicious cyber activity against operational technology devices ...

November 2023

30.11.2023

Mitsubishi Electric FA Engineering Software Products

Title

Mitsubishi Electric FA Engineering Software Products

Published

Nov. 30, 2023, 1 p.m.

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-23-334-04

Summary

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Mitsubishi Electric Equipment: FA Engineering Software Products Vulnerability: External Control of File Name or Path 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a malicious attacker to execute malicious code by tricking legitimate users to ...

30.11.2023

https://www.cisa.gov/news-events/ics-advisories/icsa-23-334-03

PTC KEPServerEx

Title

PTC KEPServerEx

Published

Nov. 30, 2023, 1 p.m.

URL

Summary

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: PTC Equipment: KEPServerEX, ThingWorx, OPC-Aggregator Vulnerabilities: Heap-based Buffer Overflow, Improper Validation of Certificate with Host Mismatch 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker gaining Windows SYSTEM-level code execution on the service ...

28.11.2023

Franklin Electric Fueling Systems Colibri

Title

Franklin Electric Fueling Systems Colibri

Published

Nov. 28, 2023, 1 p.m.

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-23-331-02

Summary

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: Franklin Electric Fueling Systems Equipment: Colibri Vulnerability: Path Traversal 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to obtain login credentials for other users. 3. TECHNICAL DETAILS 3.1 AFFECTED ...

21.11.2023

#StopRansomware: LockBit 3.0 Ransomware Affiliates Exploit CVE 2023-4966 Citrix Bleed Vulnerability

Title

#StopRansomware: LockBit 3.0 Ransomware Affiliates Exploit CVE 2023-4966 Citrix Bleed Vulnerability

Published

Nov. 21, 2023, 2:50 p.m.

URL

https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-325a

Summary

SUMMARY Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations ...

21.11.2023

BOSCH PSIRT

Multiple vulnerabilities on ctrlX HMI / WR21

Title

Multiple vulnerabilities on ctrlX HMI / WR21

Published

Nov. 21, 2023, 1 a.m.

URL

https://psirt.bosch.com/security-advisories/bosch-sa-175607.html

Summary

BOSCH-SA-175607: The operating system of the ctrlX HMI/ WR21 before build date 20231107 has some vulnerabilities when the kiosk mode is used in conjunction with Google Chrome. Therefore, it is possible in worst case that an attacker with physical access to the device can get root access without normal authentication ...

Siemens RUGGEDCOM APE1808 Devices

Title

Siemens RUGGEDCOM APE1808 Devices

Published

Nov. 16, 2023, 1 p.m.

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-23-320-14

Summary

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY ...

Siemens Desigo CC product family

Title

Siemens Desigo CC product family

Published

Nov. 16, 2023, 1 p.m.

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-23-320-03

Summary

Siemens Mendix Runtime

Title

Siemens Mendix Runtime

Published

Nov. 16, 2023, 1 p.m.

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-23-320-04

Summary

Siemens SIMATIC PCS neo

Title

Siemens SIMATIC PCS neo

Published

Nov. 16, 2023, 1 p.m.

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-23-320-06

Summary

Siemens Mendix Studio Pro

Title

Siemens Mendix Studio Pro

Published

Nov. 16, 2023, 1 p.m.

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-23-320-11

Summary

Siemens SCALANCE Family Products

Title

Siemens SCALANCE Family Products

Published

Nov. 16, 2023, 1 p.m.

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-23-320-08

Summary

Siemens OPC UA Modeling Editor (SiOME)

Title

Siemens OPC UA Modeling Editor (SiOME)

Published

Nov. 16, 2023, 1 p.m.

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-23-320-07

Summary

https://www.cisa.gov/news-events/ics-advisories/icsa-23-320-12

Siemens PNI

Title

Siemens PNI

Published

Nov. 16, 2023, 1 p.m.

URL

Summary

https://www.cisa.gov/news-events/ics-advisories/icsa-23-320-01

Red Lion Sixnet RTUs

Title

Red Lion Sixnet RTUs

Published

Nov. 16, 2023, 1 p.m.

URL

Summary

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Red Lion Equipment: Sixnet RTU Vulnerabilities: Authentication Bypass using an Alternative Path or Channel, Exposed Dangerous Method or Function 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an unauthenticated attacker to execute commands with ...

15.11.2023

https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-320a

Scattered Spider

Title

Scattered Spider

Published

Nov. 15, 2023, 3:55 p.m.

URL

Summary

SUMMARY The Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint Cybersecurity Advisory (CSA) in response to recent activity by Scattered Spider threat actors against the commercial facilities sectors and subsectors. This advisory provides tactics, techniques, and procedures (TTPs) obtained through FBI investigations ...

#StopRansomware: Rhysida Ransomware

Title

#StopRansomware: Rhysida Ransomware

Published

Nov. 14, 2023, 5:45 p.m.

URL

https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-319a

Summary

SUMMARY Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders detailing various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect ...

AVEVA Operations Control Logger

Title

AVEVA Operations Control Logger

Published

Nov. 14, 2023, 1 p.m.

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-23-318-01

Summary

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: AVEVA Equipment: Operations Control Logger Vulnerabilities: Execution with Unnecessary Privileges, External Control of File Name or Path 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow privilege escalation or denial of service. 3. TECHNICAL DETAILS 3.1 ...

Rockwell Automation SIS Workstation and ISaGRAF Workbench

Title

Rockwell Automation SIS Workstation and ISaGRAF Workbench

Published

Nov. 14, 2023, 1 p.m.

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-23-318-02

Summary

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Rockwell Automation Equipment: SIS Workstation and ISaGRAF Workbench Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow unprivileged local users to overwrite files replacing them with malicious programs. 3. TECHNICAL DETAILS 3.1 ...

SSA-794697 V1.4 (Last Update: 2023-11-14): Vulnerabilities in the Linux Kernel of the SIMATIC S7-1500 TM MFP V1.0

SIEMENS CERT

Title

SSA-794697 V1.4 (Last Update: 2023-11-14): Vulnerabilities in the Linux Kernel of the SIMATIC S7-1500 TM MFP V1.0

Published

Nov. 14, 2023, 1 a.m.

URL

https://cert-portal.siemens.com/productcert/html/ssa-794697.html

Summary

Multiple vulnerabilities have been identified in the Linux Kernel of the SIMATIC S7-1500 TM MFP V1.0. Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available.