• 1 (current)
  • 2
Tuesday, 29.06.2021
16:25
US CERT (ICS)
Exacq Technologies exacqVision Web Service
Title
Exacq Technologies exacqVision Web Service
Published
June 29, 2021, 4:25 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-180-01
Summary
This advisory contains mitigations for a Cross-site Scripting vulnerability in Exacq Technologies exacqVision Web Service software.
16:20
US CERT (ICS)
Exacq Technologies exacqVision Enterprise Manager
Title
Exacq Technologies exacqVision Enterprise Manager
Published
June 29, 2021, 4:20 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-180-02
Summary
This advisory contains mitigations for a Cross-site Scripting vulnerability in Exacq Technologies exacqVision Enterprise Manager software.
16:15
US CERT (ICS)
Panasonic FPWIN Pro
Title
Panasonic FPWIN Pro
Published
June 29, 2021, 4:15 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-180-03
Summary
This advisory contains mitigations for an Improper Restriction of XML External Entity Reference vulnerability in Panasonic FPWIN Pro programming control software.
16:10
US CERT (ICS)
JTEKT TOYOPUC PLC
Title
JTEKT TOYOPUC PLC
Published
June 29, 2021, 4:10 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-180-04
Summary
This advisory contains mitigations for an Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in the JTEKT TOYOPUC programmable logic controller (PLC).
Tuesday, 22.06.2021
16:10
US CERT (ICS)
CODESYS V2 web server
Title
CODESYS V2 web server
Published
June 22, 2021, 4:10 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-173-02
Summary
This advisory contains mitigations for Stack-based Buffer Overflow, Improper Access Control, Buffer Copy without Checking Size of Input, Improperly Implemented Security Check, Out-of-bounds Write, and Out-of-bounds Read vulnerabilities in CODESYS V2 web servers.
16:05
US CERT (ICS)
CODESYS Control V2 communication
Title
CODESYS Control V2 communication
Published
June 22, 2021, 4:05 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-173-03
Summary
This advisory contains mitigations for Stack-based Buffer Overflow, Heap-based Buffer Overflow, and Improper Input Validation vulnerabilities in CODESYS V2 runtime systems software
16:00
US CERT (ICS)
CODESYS Control V2 Linux SysFile library
Title
CODESYS Control V2 Linux SysFile library
Published
June 22, 2021, 4 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-173-04
Summary
This advisory contains mitigations for an OS Command Injection vulnerability in CODESYS V2 Runtime Toolkit software.
Thursday, 17.06.2021
16:20
US CERT (ICS)
Schneider Electric Enerlin'X Com’X 510
Title
Schneider Electric Enerlin'X Com’X 510
Published
June 17, 2021, 4:20 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-168-01
Summary
This advisory contains mitigations for a Improper Privilege Management vulnerability in Schneider Electric Enerlin'X Com’X 510 energy servers.
16:15
US CERT (ICS)
Softing OPC-UA C++ SDK
Title
Softing OPC-UA C++ SDK
Published
June 17, 2021, 4:15 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-168-02
Summary
This advisory contains mitigations for an Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in the Softing OPC-UA C++ Software Development Kit (SDK).
16:05
US CERT (ICS)
WAGO M&M Software fdtCONTAINER (Update C)
Title
WAGO M&M Software fdtCONTAINER (Update C)
Published
June 17, 2021, 4:05 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-021-05
Summary
This updated advisory is a follow-up to the advisory update titled ICSA-21-021-05 WAGO M&M Software fdtCONTAINER (Update B) that was published February 16, 2021, to the ICS webpage on us-cert.cisa.gov. This advisory contains mitigations for a Deserialization of Untrusted Data vulnerability in the M&M (a WAGO subsidiary) fdtCONTAINER application.
16:00
US CERT (ICS)
Rockwell Automation ISaGRAF5 Runtime (Update A)
Title
Rockwell Automation ISaGRAF5 Runtime (Update A)
Published
June 17, 2021, 4 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-20-280-01
Summary
This updated advisory is a follow-up to the portal-to-web advisory titled ICSA-20-280-01P Rockwell Automation ISaGRAF5 Runtime. This advisory was originally posted to the HSIN ICS library on October 6, 2020, and was then published as ICSA-20-280-01 Rockwell Automation ISaGRAF5 Runtime to the ICS webpage on us-cert.cisa.gov on June 8, 2021. ...
Tuesday, 15.06.2021
16:10
US CERT (ICS)
ThroughTek P2P SDK
Title
ThroughTek P2P SDK
Published
June 15, 2021, 4:10 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-166-01
Summary
This advisory contains mitigations for a Cleartext Transmission of Sensitive Information vulnerability in ThroughTek P2P Software Development Kit (SDK).
Wednesday, 09.06.2021
02:00
BOSCH PSIRT
Multiple vulnerabilities in Bosch IP cameras
Title
Multiple vulnerabilities in Bosch IP cameras
Published
June 9, 2021, 2 a.m.
URL
https://psirt.bosch.com/security-advisories/bosch-sa-478243-bt.html
Summary

BOSCH-SA-478243-BT: Multiple vulnerabilities for Bosch IP cameras have been discovered in a Penetration Test from Kaspersky ICS CERT during a certification effort from Bosch. Bosch rates these vulnerabilities with CVSSv3.1 base scores from 9.8 (Critical) to 4.9 (Medium), where the actual rating depends on the individual vulnerability and the final ...

Tuesday, 08.06.2021
02:00
SIEMENS CERT
SSA-522654 V1.0: Privilege Escalation Vulnerability in Mendix SAML Module
Title
SSA-522654 V1.0: Privilege Escalation Vulnerability in Mendix SAML Module
Published
June 8, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-522654.pdf
Summary
The latest update of Mendix SAML module fixes a privilege escalation vulnerability. Mendix has released an update for the Mendix SAML module and recommends to update to the latest version.
02:00
SIEMENS CERT
SSA-645530 V1.0: TIFF File Parsing Vulnerability in JT2Go and Teamcenter Visualization before V13.1.0.3
Title
SSA-645530 V1.0: TIFF File Parsing Vulnerability in JT2Go and Teamcenter Visualization before V13.1.0.3
Published
June 8, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-645530.pdf
Summary
Siemens has released version V13.1.0.3 for JT2Go and Teamcenter Visualization to fix a vulnerability that could be triggered when the products read files in TIFF file format. If a user is tricked to opening of a malicious file with the affected products, this could lead to application crash, or potentially ...
02:00
SIEMENS CERT
SSA-787292 V1.0: Denial-of-Service Vulnerability in SIMATIC RFID Readers
Title
SSA-787292 V1.0: Denial-of-Service Vulnerability in SIMATIC RFID Readers
Published
June 8, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-787292.pdf
Summary
The latest updates for SIMATIC RF products fix a vulnerability that could allow an unauthorized attacker to crash the OPC UA service of the affected devices. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific ...
02:00
SIEMENS CERT
SSA-293562 V3.2 (Last Update: 2021-06-08): Vulnerabilities in Industrial Products
Title
SSA-293562 V3.2 (Last Update: 2021-06-08): Vulnerabilities in Industrial Products
Published
June 8, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-293562.pdf
Summary
Several industrial devices are affected by two vulnerabilities that could allow an attacker to cause a Denial-of-Service condition via PROFINET DCP network packets under certain circumstances. The precondition for this scenario is a direct layer 2 access to the affected products. PROFIBUS interfaces are not affected. Siemens has released updates ...
02:00
SIEMENS CERT
SSA-312271 V1.7 (Last Update: 2021-06-08): Unquoted Search Path Vulnerabilities in Windows-based Industrial Software Applications
Title
SSA-312271 V1.7 (Last Update: 2021-06-08): Unquoted Search Path Vulnerabilities in Windows-based Industrial Software Applications
Published
June 8, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-312271.pdf
Summary
The latest update for affected products fix local privilege escalation vulnerabilities that could allow authorized local users with administrative privileges to execute custom code with SYSTEM level privileges. Siemens has released updates for some of the affected products, and is working on further updates. For the remaining affected products, Siemens ...
02:00
SIEMENS CERT
SSA-324955 V1.1 (Last Update: 2021-06-08): SAD DNS Attack in Linux Based Products
Title
SSA-324955 V1.1 (Last Update: 2021-06-08): SAD DNS Attack in Linux Based Products
Published
June 8, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-324955.pdf
Summary
A vulnerability made public under the name SAD DNS affects Domain Name System resolvers due to a vulnerability in the Linux kernel when handling ICMP packets. The Siemens products which are affected are listed below. For more information please see https://www.saddns.net/. Siemens has released updates for several affected products and ...
02:00
SIEMENS CERT
SSA-346262 V3.0 (Last Update: 2021-06-08): Denial-of-Service in Industrial Products
Title
SSA-346262 V3.0 (Last Update: 2021-06-08): Denial-of-Service in Industrial Products
Published
June 8, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-346262.pdf
Summary
Several industrial products are affected by a vulnerability that could allow remote attackers to conduct a Denial-of-Service (DoS) attack by sending specially crafted packets to port 161/udp (SNMP). Siemens has released updates for several affected products, and recommends that customers update to the new version. Siemens is preparing further updates ...
02:00
SIEMENS CERT
SSA-473245 V2.0 (Last Update: 2021-06-08): Denial-of-Service Vulnerability in Profinet Devices
Title
SSA-473245 V2.0 (Last Update: 2021-06-08): Denial-of-Service Vulnerability in Profinet Devices
Published
June 8, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-473245.pdf
Summary
A vulnerability in affected devices could allow an attacker to perform a denial-of-service attack if a large amount of specially crafted UDP packets are sent to the device. Siemens has released updates for several affected products, and recommends that customers update to the new version. Siemens is preparing further updates ...
02:00
SIEMENS CERT
SSA-534763 V1.5 (Last Update: 2021-06-08): Special Register Buffer Data Sampling (SRBDS) aka Crosstalk in Industrial Products
Title
SSA-534763 V1.5 (Last Update: 2021-06-08): Special Register Buffer Data Sampling (SRBDS) aka Crosstalk in Industrial Products
Published
June 8, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-534763.pdf
Summary
Security researchers published information on a vulnerability known as Crosstalk (INTEL-SA-00320). This vulnerability affects modern Intel processors to a varying degree. Several Siemens Industrial Products contain processors that are affected by the vulnerability. Siemens is preparing updates and recommends specific countermeasures until fixes are available.
02:00
SIEMENS CERT
SSA-542525 V1.3 (Last Update: 2021-06-08): Authentication Vulnerabilities in SIMATIC HMI Products
Title
SSA-542525 V1.3 (Last Update: 2021-06-08): Authentication Vulnerabilities in SIMATIC HMI Products
Published
June 8, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-542525.pdf
Summary
SIMATIC HMI Products are affected by two vulnerabilities that could allow a remote attacker to discover user passwords and obtain access to the Sm@rt Server via a brute-force attack. Siemens has released updates for the affected products and recommends to update to the latest versions. Siemens also suggests following the ...
02:00
SIEMENS CERT
SSA-574442 V1.1 (Last Update: 2021-06-08): Multiple PAR and DFT File Parsing Vulnerabilities in Solid Edge
Title
SSA-574442 V1.1 (Last Update: 2021-06-08): Multiple PAR and DFT File Parsing Vulnerabilities in Solid Edge
Published
June 8, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-574442.pdf
Summary
Siemens has released a new version for Solid Edge to fix multiple vulnerabilities that could be triggered when the application reads files in different file formats (PAR, DFT extensions). If a user is tricked to open a malicious file with the affected application, this could lead to a crash, and ...
02:00
SIEMENS CERT
SSA-678983 V1.1 (Last Update: 2021-06-08): Vulnerabilities in Industrial PCs and CNC devices using Intel CPUs (November 2020)
Title
SSA-678983 V1.1 (Last Update: 2021-06-08): Vulnerabilities in Industrial PCs and CNC devices using Intel CPUs (November 2020)
Published
June 8, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-678983.pdf
Summary
Intel has published information on vulnerabilities in Intel products in November 2020. This advisory lists the Siemens IPC related products, that are affected by these vulnerabilities. In this advisory we take a representative CVE from each advisory: “Intel CSME, SPS, TXE, AMT and DAL Advisory” Intel-SA-00391 is represented by CVE-2020-8745 ...
  • 1 (current)
  • 2

Last Updates

BOSCH PSIRT
20.03.2024
CODESYS
28.06.2023
SIEMENS CERT
19.04.2024
US CERT
17.04.2024
US CERT (ICS)
25.04.2024

By Source

Archive

2024
2023
2022
2021
2020
2019
2018
2017

Feeds