August 2022
Title
SSA-539476 V1.3 (Last Update: 2022-08-09): Siemens SIMATIC NET CP, SINEMA and SCALANCE Products Affected by Vulnerabilities in Third-Party Component strongSwan
Published
Aug. 9, 2022, 2 a.m.
Summary
Vulnerabilities in the third-party component strongSwan could allow an attacker to cause a denial of service (DoS) condition in affected devices by exploiting integer overflow bugs. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends countermeasures ...
Title
SSA-517377 V1.1 (Last Update: 2022-08-09): Multiple Vulnerabilities in the SRCS VPN Feature in SIMATIC CP Devices
Published
Aug. 9, 2022, 2 a.m.
Summary
The below referenced devices contain multiple vulnerabilities that could be exploited when the SINEMA Remote Connect Server (SRCS) VPN feature is used. The feature is not activated by default. The most severe could allow an attacker to execute arbitrary code with elevated privileges under certain circumstances. Siemens has released an ...
Title
SSA-480230 V2.4 (Last Update: 2022-08-09): Denial of Service Vulnerability in Webserver of Industrial Products
Published
Aug. 9, 2022, 2 a.m.
Summary
A vulnerability in the affected devices could allow an unauthorized attacker with network access to the webserver of an affected device to perform a denial of service attack. Siemens has released updates for several affected products and recommends to update to the new versions. Siemens is preparing further updates and ...
Title
SSA-629512 V1.6 (Last Update: 2022-08-09): Local Privilege Escalation Vulnerability in TIA Portal
Published
Aug. 9, 2022, 2 a.m.
Summary
The latest updates for TIA Portal fix a vulnerability that could allow a local attacker to execute arbitrary code with SYSTEM privileges. Update: The previously provided fixes only correctly set the permissions on English Windows versions. Siemens has released updates for several affected products and recommends to update to the ...
Title
SSA-840800 V1.1 (Last Update: 2022-08-09): Code Injection Vulnerability in RUGGEDCOM ROS
Published
Aug. 9, 2022, 2 a.m.
Summary
RUGGEDCOM ROS-based devices are vulnerable to a web-based code injection attack. To execute this attack, it is necessary to access the system via the Command Line Interface (CLI). Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products ...
Title
SSA-772220 V2.1 (Last Update: 2022-08-09): OpenSSL Vulnerabilities in Industrial Products
Published
Aug. 9, 2022, 2 a.m.
Summary
OpenSSL has published a security advisory [0] about a vulnerability in OpenSSL versions 1.1.1 < 1.1.1k, that allows an unauthenticated attacker to cause a Denial-of-Service (DoS) if a maliciously crafted renegotiation message is sent . Siemens has released updates for several affected products and recommends to update to the latest ...
Title
SSA-431678 V1.3 (Last Update: 2022-08-09): Denial-of-Service Vulnerability in SIMATIC S7 CPU Families
Published
Aug. 9, 2022, 2 a.m.
Summary
SIMATIC S7 CPU families are affected by a vulnerability that could allow remote attackers to perform a Denial-of-Service attack by sending a specially crafted HTTP request to the web server of an affected device. Siemens has released updates for several affected products, is working on updates for the remaining affected ...
Title
SSA-429204 V1.1 (Last Update: 2022-08-09): Open Design Alliance Drawings SDK Vulnerabilities in JT2Go and Teamcenter Visualization
Published
Aug. 9, 2022, 2 a.m.
Summary
JT2Go and Teamcenter Visualization are affected by multiple file parsing vulnerabilities in Drawings SDK from Open Design Alliance. If a user is tricked to open a malicious DWG file with any of the affected products, this could lead the application to crash or potentially lead to arbitrary code execution. Siemens ...
Title
SSA-309571 V1.5 (Last Update: 2022-08-09): IPU 2021.1 Vulnerabilities in Siemens Industrial Products using Intel CPUs (June 2021)
Published
Aug. 9, 2022, 2 a.m.
Summary
Intel has published information on vulnerabilities in Intel products in June 2021. This advisory lists the related Siemens Industrial products affected by these vulnerabilities that can be patched by applying the corresponding BIOS update. In this advisory we summarize: “2021.1 IPU – Intel® CSME, SPS and LMS Advisory” Intel-SA-00459, “2021.1 ...
Title
SSA-307392 V1.9 (Last Update: 2022-08-09): Denial of Service in OPC UA in Industrial Products
Published
Aug. 9, 2022, 2 a.m.
Summary
A vulnerability has been identified in the OPC UA server of several industrial products. The vulnerability could cause a denial of service condition on the service or the device. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for ...
Title
SSA-244969 V1.7 (Last Update: 2022-08-09): OpenSSL Vulnerability in Industrial Products
Published
Aug. 9, 2022, 2 a.m.
Summary
OpenSSL has published a security advisory [0] about a vulnerability in OpenSSL versions 1.1.1 < 1.1.1l and 1.0.2 < 1.0.2za that allows an attacker to cause a denial of service (DoS) or to disclose private memory content. Siemens has released updates for several affected products and recommends to update to ...
Title
SSA-243317 V1.1 (Last Update: 2022-08-09): File Parsing Vulnerability in Simcenter Femap and Parasolid
Published
Aug. 9, 2022, 2 a.m.
Summary
Simcenter Femap and Parasolid are affected by an out of bounds read vulnerability that could be triggered when the application reads files in NEU format. If a user is tricked to open a malicious file with the affected applications, an attacker could leverage the vulnerability to perform remote code execution ...
Title
SSA-841348 V1.9 (Last Update: 2022-08-09): Multiple Vulnerabilities in the UMC Component
Published
Aug. 9, 2022, 2 a.m.
Summary
The products listed below contain two security vulnerabilities in the UMC component that could allow an attacker to cause a partial denial-of-service of the UMC component, or to locally escalate privileges from a user with administrative privileges to execute code with SYSTEM level privileges. Siemens has released updates for several ...
Title
SSA-914168 V1.3 (Last Update: 2022-08-09): Multiple Vulnerabilities in SIMATIC WinCC Affecting Other SIMATIC Software Products
Published
Aug. 9, 2022, 2 a.m.
Summary
Multiple vulnerabilities were found in SIMATIC WinCC that ultimately could allow attackers to retrieve and brute force password hashes and access other systems. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products ...
Title
AA22-216A: 2021 Top Malware Strains
Published
Aug. 4, 2022, 8:10 p.m.
Summary
Original release date: August 4, 2022SummaryImmediate Actions You Can Take Now to Protect Against Malware: • Patch all systems and prioritize patching known exploited vulnerabilities. • Enforce multifactor authentication (MFA). • Secure Remote Desktop Protocol (RDP) and other risky services. • Make offline backups of your data. • Provide end-user ...
Title
Digi ConnectPort X2D
Published
Aug. 4, 2022, 4:05 p.m.
Summary
This advisory contains mitigations for an Execution with Unnecessary Privileges vulnerability in Digi ConnectPort X2D, a connection gateway.
Title
Delta Electronics DIAEnergie (Update C)
Published
Aug. 2, 2022, 4:20 p.m.
Summary
This updated advisory is a follow-up to the advisory update titled ICSA-21-238-03 Delta Electronics DIAEnergie (Update B) that was published March 22, 2022, on the ICS webpage at www.cisa.gov/ics. This advisory contains mitigations for Use of Password Hash with Insufficient Computational Effort, Authentication Bypass Using an Alternate Path or Channel, ...
Title
Mitsubishi Electric FA Engineering Software Products (Update F)
Published
Aug. 2, 2022, 4:10 p.m.
Summary
his updated advisory is a follow-up to the advisory update titled ICSA-21-049-02 Mitsubishi Electric FA Engineering Software Products (Update E) that was published May 24, 2022, to the ICS webpage on cisa.gov/ics. This advisory contains mitigations for Heap-based Buffer Overflow and Improper Handling of Length Parameter Inconsistency vulnerabilities in various ...
Title
Mitsubishi Electric Factory Automation Engineering Products (Update H)
Published
Aug. 2, 2022, 4 p.m.
Summary
This updated advisory is a follow-up to the advisory update titled ICSA-20-212-04 Mitsubishi Electric Factory Automation Engineering Products (Update E) that was published May 24, 2022, to the ICS webpage on cisa.gov/ics. This advisory contains mitigations for an Unquoted Search Path or Element vulnerability in various Mitsubishi Electric Factory Automation ...
Title
Multiple Vulnerabilities in BF-OS
Published
Aug. 1, 2022, 2 a.m.
Summary

BOSCH-SA-013924-BT: Multiple vulnerabilities were identified in BF-OS version 3.x up to and including 3.83 used by Bigfish V3 and PR21 (Energy Platform) devices and Bigfish VM image, which are part of the data collection infrastructure of the Energy Platform solution.The most critical vulnerability may allow an unauthenticated remote attacker to ...

July 2022
Title
Rockwell Products Impacted by Chromium Type Confusion
Published
July 28, 2022, 4:10 p.m.
Summary
This advisory contains mitigations for a Type Confusion vulnerability in various Rockwell Automation products.
Title
Mitsubishi Electric FA Engineering Software (Update B)
Published
July 28, 2022, 4:05 p.m.
Summary
This updated advisory is a follow-up to the advisory update titled ICSA-21-350-05 Mitsubishi Electric FA Engineering Software (Update A) that was published December 16, 2021, on the ICS webpage on cisa.gov/ics. This advisory contains mitigations for Out-of-bounds Read and Integer Underflow vulnerabilities in Mitsubishi Electric FA Engineering Software, an engineering ...
Title
Mitsubishi Electric Factory Automation Engineering Software (Update C)
Published
July 28, 2022, 4 p.m.
Summary
This updated advisory is a follow-up to the advisory update titled ICSA-20-212-02 Mitsubishi Electric Factory Automation Engineering Software (Update B) that was published May 31, 2021, to the ICS webpage on ucisa.gov/ics.
Title
Sicherheitsupdate: CODESYS Security Advisory 2021-13
Published
July 27, 2022, 11:46 a.m.
Summary
Please check source url for more information.
Title
MOXA NPort 5110
Published
July 26, 2022, 4:20 p.m.
Summary
This advisory contains mitigations for an Out-of-bounds Write vulnerability in MOXA NPort 5110, a device server.

Last Updates

BOSCH PSIRT
11.08.2022
CODESYS
27.07.2022
SIEMENS CERT
09.08.2022
US CERT
16.08.2022
US CERT (ICS)
16.08.2022

By Source

Archive

2022
2021
2020
2019
2018
2017

Feeds