April 2022
Title
Delta Electronics DMARS
Published
April 14, 2022, 5:20 p.m.
Summary
This advisory contains mitigations for an Improper Restriction of XML External Entity Reference vulnerability in the Delta Electronics DMARS program development tool.
Title
Red Lion DA50N
Published
April 14, 2022, 5:16 p.m.
Summary
This advisory contains mitigation for Insufficient Verification of Data Authenticity, Weak Password Requirements, Use of Unmaintained Third-Party Components, and Insufficiently Protected Credentials vulnerabilities in the Red Lion DA50N networking gateway.
Title
Siemens SCALANCE FragAttacks
Published
April 14, 2022, 5:14 p.m.
Summary
This advisory contains mitigations for Improper Authentication, Injection, Improper Validation of Integrity Check, and Improper Input Validation vulnerabilities in the Siemens SCALANCE FragAttacks.
Title
Siemens OpenSSL Vulnerabilities in Industrial Products
Published
April 14, 2022, 5:12 p.m.
Summary
This advisory contains mitigations for a NULL Pointer Dereference vulnerability in the Siemens OpenSSL.
Title
Siemens PROFINET Stack Integrated on Interniche Stack
Published
April 14, 2022, 5:10 p.m.
Summary
This advisory contains mitigations for an Uncontrolled Resource Consumption vulnerability in the Siemens PROFINET Stack Integrated on Interniche Stack.
Title
Siemens Mendix
Published
April 14, 2022, 5:08 p.m.
Summary
This advisory contains mitigations for an Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Siemens Mendix, a software platform to build mobile and web applications.
Title
Siemens SCALANCE W1700
Published
April 14, 2022, 5:06 p.m.
Summary
This advisory contains mitigations for Race Condition, and Improper Input Validation vulnerabilities in the Siemens SCALANCE W1700 wireless communication device.
Title
Siemens SCALANCE X-300 Switches
Published
April 14, 2022, 5:04 p.m.
Summary
This advisory contains mitigations for Improper Input Validation, Use of Insufficiently Random Values, Stack-based Buffer Overflow, Cross-site Request Forgery, Improper Access Control, Basic XSS, Classic Buffer Overflow, Out-of-bounds Read vulnerabilities in Siemens SCALANCE X-300 Switches.
Title
Neues CODESYS Security Advisory 2022-08
Published
April 14, 2022, 4:36 p.m.
Summary
Please check source url for more information.
Title
AA22-103A: APT Cyber Tools Targeting ICS/SCADA Devices
Published
April 13, 2022, 7 p.m.
Summary
Original release date: April 13, 2022SummaryActions to Take Today to Protect ICS/SCADA Devices: • Enforce multifactor authentication for all remote access to ICS networks and devices whenever possible. • Change all passwords to ICS/SCADA devices and systems on a consistent schedule, especially all default passwords, to device-unique strong passwords to ...
Title
Valmet DNA
Published
April 12, 2022, 4:20 p.m.
Summary
This advisory contains mitigations for an Inadequate Encryption Strength vulnerability in Valmet DNA distributed control system products.
Title
Mitsubishi Electric MELSEC-Q Series C Controller Module
Published
April 12, 2022, 4:15 p.m.
Summary
This advisory contains mitigations for a Heap-based Buffer Overflow vulnerability in some MELSEC-Q Series C Controller Modules using Wind River VxWorks Version 6.4.
Title
Mitsubishi Electric GT25-WLAN
Published
April 12, 2022, 4:05 p.m.
Summary
This advisory contains mitigations for Improper Removal of Sensitive Information Before Storage or Transfer, Inadequate Encryption Strength, Missing Authentication for Critical Function, Injection, and Improper Input Validation vulnerabilities in Mitsubishi Electric GT25-WLAN wireless communication units.
Title
Aethon TUG Home Base Server
Published
April 12, 2022, 4 p.m.
Summary
This advisory contains mitigations for Missing Authorization, Channel Accessible by Non-endpoint, and Cross-site Scripting vulnerabilities in the Aethon TUG Home Base Server; a server used to control and communicate with autonomous mobile robots in hospitals.
Title
SSA-557541 V1.0: Denial-of-Service Vulnerability in SIMATIC S7-400 CPUs
Published
April 12, 2022, 2 a.m.
Summary
SIMATIC S7-400 CPU devices contain an input validation vulnerability that could allow an attacker to create a Denial-of-Service condition. A restart is needed to restore normal operations. Siemens has released an update for SIMATIC S7-410 V10 CPU family and SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants for both) ...
Title
SSA-655554 V1.0: Multiple Vulnerabilities in SIMATIC Energy Manager before V7.3 Update 1
Published
April 12, 2022, 2 a.m.
Summary
SIMATIC Energy Manager is affected by multiple vulnerabilities that could allow an attacker to gain local privilege escalation, local code execution or remote code execution. Siemens has released updates for the affected products and recommends to update to the latest versions.
Title
SSA-392912 V1.0: Multiple Denial Of Service Vulnerabilities in SCALANCE W1700 Devices
Published
April 12, 2022, 2 a.m.
Summary
Vulnerabilities have been identified in devices of the SCALANCE W-1700 (11ac) family that could allow an attacker to cause various denial of service conditions. Siemens has released updates for the affected products and recommends to update to the latest versions.
Title
SSA-998762 V1.0: File Parsing Vulnerabilities in Simcenter Femap before V2022.1.2
Published
April 12, 2022, 2 a.m.
Summary
Siemens Simcenter Femap versions before V2022.1.2 are affected by vulnerabilities that could be triggered when the application reads files in .NEU format. If a user is tricked to open a malicious file with the affected application, an attacker could leverage the vulnerability to leak information or potentially perform remote code ...
Title
SSA-446448 V1.0: Denial of Service Vulnerability in PROFINET Stack Integrated on Interniche Stack
Published
April 12, 2022, 2 a.m.
Summary
The PROFINET (PNIO) stack, when integrated with the Interniche IP stack, contains a vulnerability that could allow an attacker to cause a denial of service condition on affected industrial products. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further ...
Title
SSA-711829 V1.0: Denial of Service Vulnerability in TIA Administrator
Published
April 12, 2022, 2 a.m.
Summary
In conjunction with the installation of the affected products listed in the table below, a vulnerability in TIA Administrator occurs that could allow an unauthenticated attacker to perform a denial of service attack. Siemens has released a first update for one of the affected products and recommends to update to ...
Title
SSA-995338 V1.2 (Last Update: 2022-04-12): Multiple Vulnerabilities in COMOS Web
Published
April 12, 2022, 2 a.m.
Summary
Multiple vulnerabilities were identified in the web components of COMOS that could allow an attacker to conduct code injections, store data in undesired locations, execute arbitrary SQL statements, and run cross-site request forgery attacks. Siemens has released updates for several affected products and recommends to update to the latest versions. ...
Title
SSA-102233 V1.8 (Last Update: 2022-04-12): SegmentSmack in VxWorks-based Industrial Devices
Published
April 12, 2022, 2 a.m.
Summary
The products listed below contain a vulnerability that could allow remote attackers to affect the availability of the devices under certain conditions. The underlying TCP stack can be forced to make very computation expensive calls for every incoming packet which can lead to a Denial-of-Service. Siemens has released an update ...
Title
SSA-350757 V1.0: Improper Access Control Vulnerability in TIA Portal Affecting S7-1200 and S7-1500 CPUs Web Server (Incl. Related ET200 CPUs and SIPLUS variants)
Published
April 12, 2022, 2 a.m.
Summary
An attacker could achieve privilege escalation on the web server of certain devices configured by SIMATIC STEP 7 (TIA Portal) due to incorrect handling of the webserver’s user management configuration during downloading. This only affects the S7-1200 and S7-1500 CPUs’ (incl. related ET200 CPUs and SIPLUS variants) web server, when ...
Title
SSA-914168 V1.1 (Last Update: 2022-04-12): Multiple Vulnerabilities in SIMATIC WinCC Affecting Other SIMATIC Software Products
Published
April 12, 2022, 2 a.m.
Summary
Multiple vulnerabilities were found in SIMATIC WinCC that ultimately could allow attackers to retrieve and brute force password hashes and access other systems. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products ...
Title
SSA-978220 V1.6 (Last Update: 2022-04-12): Denial of Service Vulnerability over SNMP in Multiple Industrial Products
Published
April 12, 2022, 2 a.m.
Summary
Several industrial products are affected by a vulnerability that could allow remote attackers to conduct a denial of service attack by sending specially crafted packets to port 161/udp (SNMP). Siemens has released updates for several affected products and recommends to update to the new versions. Siemens is preparing further updates ...

Last Updates

BOSCH PSIRT
02.05.2022
CODESYS
14.04.2022
SIEMENS CERT
10.05.2022
US CERT
18.05.2022
US CERT (ICS)
26.05.2022

By Source

Archive

2022
2021
2020
2019
2018
2017

Feeds