Bulletins | CERT@VDE

This advisory contains mitigations for an Unquoted Search Path or Element vulnerability in Mitsubishi Electric Factory Automation Engineering products.

Tuesday, 28.07.2020

16:15

US CERT (ICS)

Secomea GateManager

Title

Secomea GateManager

Published

July 28, 2020, 4:15 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-20-210-01

Summary

This advisory contains mitigations for Improper Neutralization of Null Byte or NUL Character, Off-by-one Error, Use of Hard-coded Credentials, Use of Password Hash with Insufficient Computational Effort vulnerabilities in Secomea GateManager, a VPN server.

16:10

US CERT (ICS)

Softing Industrial Automation OPC

Title

Softing Industrial Automation OPC

Published

July 28, 2020, 4:10 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-20-210-02

Summary

This advisory contains mitigations for a Heap-based Buffer Overflow, and Uncontrolled Resource Consumption vulnerabilities in Softing Industrial Automation's OPC products.

16:05

US CERT (ICS)

HMS Industrial Networks eCatcher

Title

HMS Industrial Networks eCatcher

Published

July 28, 2020, 4:05 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-20-210-03

Summary

This advisory contains mitigations for a Stack-based Buffer Overflow vulnerability in HMS Industrial Networks eCatcher VPN client.

16:00

US CERT (ICS)

Delta Industrial Automation DOPSoft (Update A)

Title

Delta Industrial Automation DOPSoft (Update A)

Published

July 28, 2020, 4 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-20-182-01

Summary

This updated advisory is a follow-up to the original advisory titled ICSA-20-182-01 Delta Industrial Automation DOPSoft that was published June 30, 2020, on the ICS webpage on us-cert.gov. This advisory contains mitigations for out-of-bounds read and heap-based buffer overflow vulnerabilities in Delta Industrial Automation DOPSoft products.

Monday, 27.07.2020

14:20

US CERT

AA20-209A: Potential Legacy Risk from Malware Targeting QNAP NAS Devices

Title

AA20-209A: Potential Legacy Risk from Malware Targeting QNAP NAS Devices

Published

July 27, 2020, 2:20 p.m.

URL

https://us-cert.cisa.gov/ncas/alerts/aa20-209a

Summary

Original release date: July 27, 2020SummaryThis is a joint alert from the United States Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC). CISA and NCSC are investigating a strain of malware known as QSnatch, which attackers used in late 2019 to target Network ...

Friday, 24.07.2020

12:59

US CERT

AA20-206A: Threat Actor Exploitation of F5 BIG-IP CVE-2020-5902

Title

AA20-206A: Threat Actor Exploitation of F5 BIG-IP CVE-2020-5902

Published

July 24, 2020, 12:59 p.m.

URL

https://us-cert.cisa.gov/ncas/alerts/aa20-206a

Summary

Original release date: July 24, 2020SummaryThe Cybersecurity and Infrastructure Security Agency (CISA) is issuing this alert in response to recently disclosed exploits that target F5 BIG-IP devices that are vulnerable to CVE-2020-5902. F5 Networks, Inc. (F5) released a patch for CVE-2020-5902 on June 30, 2020.[1] Unpatched F5 BIG-IP devices are ...

Thursday, 23.07.2020

16:29

US CERT

AA20-205A: NSA and CISA Recommend Immediate Actions to Reduce Exposure Across Operational Technologies and Control Systems

Title

AA20-205A: NSA and CISA Recommend Immediate Actions to Reduce Exposure Across Operational Technologies and Control Systems

Published

July 23, 2020, 4:29 p.m.

URL

https://us-cert.cisa.gov/ncas/alerts/aa20-205a

Summary

Original release date: July 23, 2020SummaryNote: This Activity Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise and ATT&CK for Industrial Control Systems frameworks for all referenced threat actor techniques and mitigations. Over recent months, cyber actors have demonstrated their continued willingness ...

16:00

US CERT (ICS)

Schneider Electric Triconex TriStation and Tricon Communication Module

Title

Schneider Electric Triconex TriStation and Tricon Communication Module

Published

July 23, 2020, 4 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-20-205-01

Summary

This advisory contains mitigations for Cleartext Transmission of Sensitive Information, Uncontrolled Resource Consumption, Hidden Functionality, and Improper Access Control vulnerabilities in Schneider Electric's Triconex TriStation and Tricon Communication Module products.

Wednesday, 22.07.2020

09:15

CODESYS

Sicherheitsupdate: CODESYS Security Advisories 2020-02 und 2020-05

Title

Sicherheitsupdate: CODESYS Security Advisories 2020-02 und 2020-05

Published

July 22, 2020, 9:15 a.m.

URL

https://feedpress.me/link/15744/13747527/sicherheitsupdate-codesys-security-advisories-2020-02-und-2020-05.html

Summary

Please check source url for more information.

Tuesday, 21.07.2020

16:00

US CERT (ICS)

Treck TCP/IP Stack (Update E)

Title

Treck TCP/IP Stack (Update E)

Published

July 21, 2020, 4 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-20-168-01

Summary

This updated advisory is a follow-up to the original advisory titled ICSA-20-168-01 Treck TCP/IP Stack (Update D) that was published July 14, 2020, to the ICS webpage on us-cert.gov. This advisory contains mitigations for Improper Handling of Length Parameter Inconsistency, Improper Input Validation, Double Free, Out-of-bounds Read, Integer Overflow or ...

Thursday, 16.07.2020

14:09

US CERT

AA20-198A: Malicious Cyber Actor Use of Network Tunneling and Spoofing to Obfuscate Geolocation

Title

AA20-198A: Malicious Cyber Actor Use of Network Tunneling and Spoofing to Obfuscate Geolocation

Published

July 16, 2020, 2:09 p.m.

URL

https://us-cert.cisa.gov/ncas/alerts/aa20-198a

Summary

Original release date: July 16, 2020SummaryThis Activity Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK™) and Pre-ATT&CK frameworks. See the MITRE ATT&CK for Enterprise and Pre-ATT&CK frameworks for referenced threat actor techniques. Attributing malicious cyber activity that uses network tunneling and spoofing techniques to a specific threat ...

Tuesday, 14.07.2020

17:40

US CERT (ICS)

Capsule Technologies SmartLinx Neuron 2

Title

Capsule Technologies SmartLinx Neuron 2

Published

July 14, 2020, 5:40 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsma-20-196-01

Summary

This advisory contains mitigations for a Protection Mechanism Failure vulnerability in Capsule Technologies' SmartLinx Neuron 2, a bedside mobile clinical monitoring system.

17:35

US CERT (ICS)

Advantech iView

Title

Advantech iView

Published

July 14, 2020, 5:35 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-20-196-01

Summary

This advisory contains mitigations for SQL Injection, Path Traversal, Command Injection, Improper Input Validation, Missing Authentication for Critical Function, Improper Access Control vulnerabilities in Advantech's iView device management application.

17:30

US CERT (ICS)

Moxa EDR-G902 and EDR-G903 Series Routers

Title

Moxa EDR-G902 and EDR-G903 Series Routers

Published

July 14, 2020, 5:30 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-20-196-02

Summary

This advisory contains mitigations for a Stack-based Buffer Overflow vulnerability in Moxa's a EDR-G902 and EDR-G903 Series Routers.

17:25

US CERT (ICS)

Siemens SICAM MMU, SICAM T, and SICAM SGU

Title

Siemens SICAM MMU, SICAM T, and SICAM SGU

Published

July 14, 2020, 5:25 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-20-196-03

Summary

This advisory contains mitigations for Out-of-bounds Read, Missing Authentication for Critical Function, Missing Encryption of Sensitive Data, Use of Password Hash with Insufficient Computational Effort, Cross-site Scripting, Classic Buffer Overflow, Basic XSS, Authentication Bypass by Capture-replay vulnerabilities in Siemens' SICAM MMU, SICAM T, and SICAM SGU products.

17:20

US CERT (ICS)

Siemens SIMATIC HMI Panels

Title

Siemens SIMATIC HMI Panels

Published

July 14, 2020, 5:20 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-20-196-04

Summary

This advisory contains mitigations for a Cleartext Transmission of Sensitive Information vulnerability in Siemens SIMATIC HMI panels.

17:15

US CERT (ICS)

Siemens UMC Stack

Title

Siemens UMC Stack

Published

July 14, 2020, 5:15 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-20-196-05

Summary

This advisory contains mitigations for Unquoted Search Path or Element, Uncontrolled Resource Consumption, Improper Input Validation vulnerabilities in Siemens UMC components.

17:10

US CERT (ICS)

Siemens SIMATIC S7-200 SMART CPU Family

Title

Siemens SIMATIC S7-200 SMART CPU Family

Published

July 14, 2020, 5:10 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-20-196-06

Summary

This advisory contains mitigations for an Uncontrolled Resource Consumption vulnerability in Siemens SIMATIC S7-200 SMART CPU Family of products.

17:05

US CERT (ICS)

Siemens Opcenter Execution Core

Title

Siemens Opcenter Execution Core

Published

July 14, 2020, 5:05 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-20-196-07

Summary

This advisory contains mitigations for Cross-site Scripting, SQL Injection, and Improper Access Control vulnerabilities in Siemens Opcenter Execution Core software.

02:00

SIEMENS CERT

SSA-346262 (Last Update: 2020-07-14): Denial-of-Service in Industrial Products

Title

SSA-346262 (Last Update: 2020-07-14): Denial-of-Service in Industrial Products

Published

July 14, 2020, 2 a.m.

URL

https://cert-portal.siemens.com/productcert/pdf/ssa-346262.pdf

Summary

Several industrial products are affected by a vulnerability that could allow remote attackers to conduct a Denial-of-Service (DoS) attack by sending specially crafted packets to port 161/udp (SNMP). Siemens has released updates for several affected products, and recommends that customers update to the new version. Siemens is preparing further updates ...

1 (current)
2
3

Last Updates

By Source

Archive

2024

2023

2022

2021

2020

2019

2018

2017

Feeds