Bulletins | CERT@VDE

AA22-057A: Destructive Malware Targeting Organizations in Ukraine

Title

AA22-057A: Destructive Malware Targeting Organizations in Ukraine

Published

Feb. 26, 2022, 4 p.m.

URL

https://us-cert.cisa.gov/ncas/alerts/aa22-057a

Summary

Original release date: February 26, 2022SummaryActions to Take Today: • Set antivirus and antimalware programs to conduct regular scans. • Enable strong spam filters to prevent phishing emails from reaching end users. • Filter network traffic. • Update software. • Require multifactor authentication. Leading up to Russia’s unprovoked attack against ...

AA22-057A: Update: Destructive Malware Targeting Organizations in Ukraine

Title

AA22-057A: Update: Destructive Malware Targeting Organizations in Ukraine

Published

Feb. 26, 2022, 4 p.m.

URL

https://us-cert.cisa.gov/ncas/alerts/aa22-057a

Summary

Original release date: February 26, 2022 | Last revised: April 28, 2022SummaryActions to Take Today: • Set antivirus and antimalware programs to conduct regular scans. • Enable strong spam filters to prevent phishing emails from reaching end users. • Filter network traffic. • Update software. • Require multifactor authentication. (Updated ...

Thursday, 24.02.2022

17:00

AA22-055A : Iranian Government-Sponsored Actors Conduct Cyber Operations Against Global Government and Commercial Networks

Title

AA22-055A : Iranian Government-Sponsored Actors Conduct Cyber Operations Against Global Government and Commercial Networks

Published

Feb. 24, 2022, 5 p.m.

URL

https://us-cert.cisa.gov/ncas/alerts/aa22-055a

Summary

Original release date: February 24, 2022SummaryActions to Take Today to Protect Against Malicious Activity * Search for indicators of compromise. * Use antivirus software. * Patch all systems. * Prioritize patching known exploited vulnerabilities. * Train users to recognize and report phishing attempts. * Use multi-factor authentication. Note: this advisory ...

16:15

FATEK Automation FvDesigner

Title

FATEK Automation FvDesigner

Published

Feb. 24, 2022, 4:15 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-055-01

Summary

This advisory contains mitigations for Stack-based Buffer Overflow, Out-of-bounds Write, and Out-of-bounds Read vulnerabilities in FATEK Automation FvDesigner HMI products.

16:10

Mitsubishi Electric EcoWebServerIII

Title

Mitsubishi Electric EcoWebServerIII

Published

Feb. 24, 2022, 4:10 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-055-02

Summary

This advisory contains mitigations for Improper Neutralization of Input During Web Page Generation, Uncontrolled Resource Consumption, and Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerabilities in the Mitsubishi Electric EcoWebServerIII energy saving data collecting server.

16:05

Schneider Electric Easergy P5 and P3

Title

Schneider Electric Easergy P5 and P3

Published

Feb. 24, 2022, 4:05 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-055-03

Summary

This advisory contains mitigations for Use of Hard-coded Credentials, and Classic Buffer Overflow vulnerabilities in Schneider Electric Easergy P5 and P3 medium voltage protection relays.

Baker Hughes Bently Nevada 3500

Title

Baker Hughes Bently Nevada 3500

Published

Feb. 24, 2022, 4 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-21-231-02

Summary

This advisory was originally posted to the HSIN ICS library on August 19, 2021, and is being released to the ICS webpage on www.cisa.gov/uscert. This advisory contains mitigations for a Use of Password Hash with Insufficient Computational Effort vulnerability in the Bently Nevada 3500 machinery protection and monitoring systems.

Wednesday, 23.02.2022

AA22-054A: New Sandworm Malware Cyclops Blink Replaces VPNFilter

Title

AA22-054A: New Sandworm Malware Cyclops Blink Replaces VPNFilter

Published

Feb. 23, 2022, 4 p.m.

URL

https://us-cert.cisa.gov/ncas/alerts/aa22-054a

Summary

Original release date: February 23, 2022SummaryThe Sandworm actor, which the United Kingdom and the United States have previously attributed to the Russian GRU, has replaced the exposed VPNFilter malware with a new more advanced framework. The United Kingdom's (UK) National Cyber Security Centre (NCSC), the Cybersecurity and Infrastructure Security Agency ...

Tuesday, 22.02.2022

16:10

GE Proficy CIMPLICITY-IPM

Title

GE Proficy CIMPLICITY-IPM

Published

Feb. 22, 2022, 4:10 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-053-01

Summary

This advisory contains mitigations for an Improper Privilege Management vulnerability in GE Proficy CIMPLICITY, a HMI and SCADA platform.

16:05

GE Proficy CIMPLICITY-Cleartext

Title

GE Proficy CIMPLICITY-Cleartext

Published

Feb. 22, 2022, 4:05 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-053-02

Summary

This advisory contains mitigations for a Cleartext Transmission of Sensitive Information vulnerability in GE Proficy CIMPLICITY, a HMI and SCADA platform.

https://us-cert.cisa.gov/ics/advisories/icsa-22-053-03

WIN-911 2021

Title

WIN-911 2021

Published

Feb. 22, 2022, 4 p.m.

URL

Summary

This advisory contains mitigations for Incorrect Default Permissions vulnerabilities in WIN-911 2021 alarm notification platforms.

SSA-306654 V1.0: Insyde BIOS Vulnerabilities in Siemens Industrial Products

Title

SSA-306654 V1.0: Insyde BIOS Vulnerabilities in Siemens Industrial Products

Published

Feb. 22, 2022, 1 a.m.

URL

https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf

Summary

Insyde has published information on vulnerabilities in Insyde BIOS in February 2022. This advisory lists the Siemens Industrial products affected by these vulnerabilities. Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available.

Thursday, 17.02.2022

SSA-949188 V1.0: File Parsing Vulnerabilities in Simcenter Femap before V2022.1.1

Title

SSA-949188 V1.0: File Parsing Vulnerabilities in Simcenter Femap before V2022.1.1

Published

Feb. 17, 2022, 1 a.m.

URL

https://cert-portal.siemens.com/productcert/pdf/ssa-949188.pdf

Summary

Siemens Simcenter Femap versions before V2022.1.1 are affected by vulnerabilities that could be triggered when the application reads files in .NEU or .BDF format. If a user is tricked to open a malicious file with the affected application, an attacker could leverage the vulnerability to leak information or potentially perform ...

SSA-455843 V1.7 (Last Update: 2022-02-17): WIBU Systems CodeMeter Runtime Vulnerabilities in Siemens Products

Title

SSA-455843 V1.7 (Last Update: 2022-02-17): WIBU Systems CodeMeter Runtime Vulnerabilities in Siemens Products

Published

Feb. 17, 2022, 1 a.m.

URL

https://cert-portal.siemens.com/productcert/pdf/ssa-455843.pdf

Summary

CISA and WIBU Systems disclosed six vulnerabilities in different versions of CodeMeter Runtime, a product provided by WIBU Systems and used in several Siemens products for license management. The vulnerabilities are described in the section “Vulnerability Classification” below and got assigned the CVE IDs CVE-2020-14509, CVE-2020-14513, CVE-2020-14515, CVE-2020-14517, CVE-2020-14519, and ...

SSA-244969 V1.1 (Last Update: 2022-02-17): OpenSSL Vulnerability in Industrial Products

Title

SSA-244969 V1.1 (Last Update: 2022-02-17): OpenSSL Vulnerability in Industrial Products

Published

Feb. 17, 2022, 1 a.m.

URL

https://cert-portal.siemens.com/productcert/pdf/ssa-244969.pdf

Summary

OpenSSL has published a security advisory [0] about a vulnerability in OpenSSL versions 1.1.1 < 1.1.1l and 1.0.2 < 1.0.2za that allows an attacker to cause a denial of service (DoS) or to disclose private memory content. Siemens has released updates for several affected products and recommends to update to ...

SSA-772220 V1.7 (Last Update: 2022-02-17): OpenSSL Vulnerabilities in Industrial Products

Title

SSA-772220 V1.7 (Last Update: 2022-02-17): OpenSSL Vulnerabilities in Industrial Products

Published

Feb. 17, 2022, 1 a.m.

URL

https://cert-portal.siemens.com/productcert/pdf/ssa-772220.pdf

Summary

OpenSSL has published a security advisory [0] about a vulnerability in OpenSSL versions 1.1.1 < 1.1.1k, that allows an unauthenticated attacker to cause a Denial-of-Service (DoS) if a maliciously crafted renegotiation message is sent. Siemens has released updates for several affected products and recommends to update to the latest versions. ...

Wednesday, 16.02.2022

AA22-047A: Russian State-Sponsored Cyber Actors Target Cleared Defense Contractor Networks to Obtain Sensitive U.S. Defense Inf...

Title

AA22-047A: Russian State-Sponsored Cyber Actors Target Cleared Defense Contractor Networks to Obtain Sensitive U.S. Defense Information and Technology

Published

Feb. 16, 2022, 4 p.m.

URL

https://us-cert.cisa.gov/ncas/alerts/aa22-047a

Summary

Original release date: February 16, 2022SummaryActions to Help Protect Against Russian State-Sponsored Malicious Cyber Activity: • Enforce multifactor authentication. • Enforce strong, unique passwords. • Enable M365 Unified Audit Logs. • Implement endpoint detection and response tools. From at least January 2020, through February 2022, the Federal Bureau of Investigation ...

Friday, 11.02.2022

04:55

Siemens Solid Edge, JT2Go, and Teamcenter Visualization

Title

Siemens Solid Edge, JT2Go, and Teamcenter Visualization

Published

Feb. 11, 2022, 4:55 a.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-041-07-1

Summary

This advisory contains mitigations for Improper Restriction of Operations within the Bounds of a Memory Buffer, Out-of-bounds Write, Heap-based Buffer Overflow, and Out-of-bounds Read vulnerabilities in Siemens Solid Edge, JT2Go, and Teamcenter Visualization software products.

Thursday, 10.02.2022

17:25

Siemens SIMATIC Industrial Products

Title

Siemens SIMATIC Industrial Products

Published

Feb. 10, 2022, 5:25 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-041-01

Summary

This advisory contains mitigations for Operation on a Resource after Expiration or Release, and Missing Release of Memory after Effective Lifetime vulnerabilities in Siemens Industrial Products using the SIMATIC firmware platform.

17:20

Siemens SIMATIC WinCC and PCS

Title

Siemens SIMATIC WinCC and PCS

Published

Feb. 10, 2022, 5:20 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-041-02

Summary

This advisory contains mitigations for a Exposure of Sensitive Information to an Unauthorized Actor, Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in Siemens SIMATIC WinCC and PCS industrial automation products.

17:10

SINEMA Remote Connect Server

Title

SINEMA Remote Connect Server

Published

Feb. 10, 2022, 5:10 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-041-04

Summary

This advisory contains mitigations for an Open Redirect vulnerability in the SINEMA Remote Connect Server, a management platform for remote networks.

17:05

https://us-cert.cisa.gov/ics/advisories/icsa-22-041-05

SICAM TOOLBOX II

Title

SICAM TOOLBOX II

Published

Feb. 10, 2022, 5:05 p.m.

URL

Summary

This advisory contains mitigations for a Use of Hard-coded Credentials vulnerability in the Siemens SICAM TOOLBOX II software platform.

17:00

Siemens Spectrum Power 4

Title

Siemens Spectrum Power 4

Published

Feb. 10, 2022, 5 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-041-06

Summary

This advisory contains mitigations for a Cross-site scripting vulnerability in Siemens Spectrum Power 4 communications and data modeling software.

16:50

Siemens COMOS Web (Update A)

Title

Siemens COMOS Web (Update A)

Published

Feb. 10, 2022, 4:50 p.m.

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-013-05

Summary

This updated advisory is a follow-up to the original advisory titled ICSA-22-013-05 Siemens COMOS Web that was published January 13, 2022, to the ICS webpage on www.cisa.gov/uscert. This advisory contains mitigations for Basic XSS, Relative Path Traversal, SQL Injection, and Cross-site Request Forgery vulnerabilities in the Siemens COMOS Web unified ...

16:45