• 1 (current)
  • 2
  • 3
Thursday, 31.03.2022
16:40
US CERT (ICS)
Schneider Electric SCADAPack Workbench
Title
Schneider Electric SCADAPack Workbench
Published
March 31, 2022, 4:40 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-090-01
Summary
This advisory contains mitigations for an Improper Restriction of XML External Entity Reference vulnerability in Schneider Electric SCADAPack Workbench software.
16:35
US CERT (ICS)
Hitachi Energy e-mesh EMS
Title
Hitachi Energy e-mesh EMS
Published
March 31, 2022, 4:35 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-090-02
Summary
This advisory contains mitigations for Improper Restriction of Operations Within the Bounds of a Memory Buffer, Use After Free, and Uncontrolled Resource Consumption vulnerabilities in Hitachi Energy e-mesh EMS, an optimizer software for energy resources.
16:30
US CERT (ICS)
Fuji Electric Alpha5
Title
Fuji Electric Alpha5
Published
March 31, 2022, 4:30 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-090-03
Summary
This advisory contains mitigations for Access of Uninitialized Pointer, Out-of-bound Read, Stack-based Buffer Overflow, and Heap-based Buffer Overflow vulnerabilities in the Fuji Electric Alpha5 servo drive system.
16:25
US CERT (ICS)
Mitsubishi Electric FA Products
Title
Mitsubishi Electric FA Products
Published
March 31, 2022, 4:25 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-090-04
Summary
This advisory contains mitigations for a Use of Password Hash Instead of Password for Authentication, Use of Weak Hash, Cleartext Storage of Sensitive Information, and Authentication Bypass by Capture-replay vulnerabilities in Mitsubishi Electric FA CPU module products.
16:15
US CERT (ICS)
General Electric Renewable Energy MDS Radios
Title
General Electric Renewable Energy MDS Radios
Published
March 31, 2022, 4:15 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-090-06
Summary
This advisory contains mitigations for Improper Input Validation, Hidden Functionality, Inadequate Encryption Strength, Uncontrolled Resource Consumption, Plaintext Storage of a Password, and Download of Code Without Integrity Check vulnerabilities in General Electric Renewable Energy MDS Radios.
16:10
US CERT (ICS)
Rockwell Automation Studio 5000 Logix Designer
Title
Rockwell Automation Studio 5000 Logix Designer
Published
March 31, 2022, 4:10 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-090-07
Summary
This advisory contains mitigations for a Code Injection vulnerability in Rockwell Automation Studio 5000 Logix Designer design configuration hardware.
16:05
US CERT (ICS)
PTC Axeda agent and Axeda Desktop Server (Update C)
Title
PTC Axeda agent and Axeda Desktop Server (Update C)
Published
March 31, 2022, 4:05 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-067-01
Summary
This updated advisory is a follow-up to the advisory update titled ICSA-22-067-01 PTC Axeda agent and Axeda Desktop Server (Update B) that was published March 15, 2022, on the ICS webpage on www.cisa.gov/uscert. This advisory contains mitigations for Use of Hard-coded Credentials, Missing Authentication for Critical Function, Exposure of Sensitive ...
16:00
US CERT (ICS)
Mitsubishi Electric MELSEC iQ-R, Q and L Series (Update C)
Title
Mitsubishi Electric MELSEC iQ-R, Q and L Series (Update C)
Published
March 31, 2022, 4 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-20-303-01
Summary
This updated advisory is a follow-up to the advisory update ICSA-20-303-01 Mitsubishi Electric MELSEC iQ-R, Q and L Series (Update B) that was published January 13, 2022, to the ICS webpage on www.cisa.gov/uscert. This advisory contains mitigations for an Uncontrolled Resource Consumption vulnerability in Mitsubishi Electric's MELSEC iQ-R, Q and ...
Wednesday, 30.03.2022
02:00
BOSCH PSIRT
Buffer Overflow Vulnerability in Recovery Image
Title
Buffer Overflow Vulnerability in Recovery Image
Published
March 30, 2022, 2 a.m.
URL
https://psirt.bosch.com/security-advisories/bosch-sa-446276-bt.html
Summary

BOSCH-SA-446276-BT: A recently discovered security vulnerability allows an attacker to cause an buffer overflow in the recovery image, crashing the application and open the possibility for code execution.The recovery image can only be booted using a command requiring administrative access or requiring physical access to the device.Bosch rates this vulnerability ...

Tuesday, 29.03.2022
16:25
US CERT (ICS)
Philips e-Alert
Title
Philips e-Alert
Published
March 29, 2022, 4:25 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsma-22-088-01
Summary
This advisory contains mitigations for Missing Authentication for Critical Function vulnerability in the Philips e-Alert MRI system monitoring platform.
16:20
US CERT (ICS)
Rockwell Automation ISaGRAF
Title
Rockwell Automation ISaGRAF
Published
March 29, 2022, 4:20 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-088-01
Summary
This advisory contains mitigations for an Improper Restriction of XML External Entity Reference vulnerability in Rockwell Automation ISaGRAF software products.
16:15
US CERT (ICS)
Omron CX-Position
Title
Omron CX-Position
Published
March 29, 2022, 4:15 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-088-02
Summary
This advisory contains mitigations for Stack-based Buffer Overflow, Improper Restriction of Operations Within the Bounds of a Memory Buffer, Use After Free, and Out-of-bounds Write vulnerabilities in the Omron CX-Position control software.
16:10
US CERT (ICS)
Hitachi Energy LinkOne WebView
Title
Hitachi Energy LinkOne WebView
Published
March 29, 2022, 4:10 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-088-03
Summary
This advisory contains mitigations for Cross-site Scripting, Use of a Password System for Primary Authentication, Configuration, and Exposure of Sensitive Information to an Unauthorized Actor vulnerabilities in the Hitachi Energy LinkOne WebView graphical parts catalog.
16:05
US CERT (ICS)
Modbus Tools Modbus Slave
Title
Modbus Tools Modbus Slave
Published
March 29, 2022, 4:05 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-088-04
Summary
This advisory contains mitigations for a Stack-based Buffer Overflow vulnerability in the Modbus Tools Modbus Slave PLC programming simulation tool.
16:00
US CERT (ICS)
Delta Electronics DIAEnergie (Update A)
Title
Delta Electronics DIAEnergie (Update A)
Published
March 29, 2022, 4 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-081-01
Summary
This updated advisory is a follow-up to the original advisory titled ICSA-22-081-01 Delta Electronics DIAEnergie that was published March 22, 2022, on the ICS webpage at www.cisa.gov/uscert. This advisory contains mitigations for Path Traversal, Incorrect Default Permissions, and SQL Injection vulnerabilities in the Delta Electronics DIAEnergie industrial energy management system.
Monday, 28.03.2022
02:00
SIEMENS CERT
SSA-593272 V1.5 (Last Update: 2022-03-28): SegmentSmack in Interniche IP-Stack based Industrial Devices
Title
SSA-593272 V1.5 (Last Update: 2022-03-28): SegmentSmack in Interniche IP-Stack based Industrial Devices
Published
March 28, 2022, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-593272.pdf
Summary
A vulnerability exists in affected products that could allow remote attackers to affect the availability of the devices under certain conditions. The underlying TCP stack can be forced to make very computation expensive calls for every incoming packet which can lead to a Denial-of-Service.
Thursday, 24.03.2022
15:00
US CERT
AA22-083A: Tactics, Techniques, and Procedures of Indicted State-Sponsored Russian Cyber Actors Targeting the Energy Sector
Title
AA22-083A: Tactics, Techniques, and Procedures of Indicted State-Sponsored Russian Cyber Actors Targeting the Energy Sector
Published
March 24, 2022, 3 p.m.
URL
https://us-cert.cisa.gov/ncas/alerts/aa22-083a
Summary
Original release date: March 24, 2022SummaryActions to Take Today to Protect Energy Sector Networks: • Implement and ensure robust network segmentation between IT and ICS networks. • Enforce MFA to authenticate to a system. • Manage the creation of, modification of, use of—and permissions associated with—privileged accounts. This joint Cybersecurity ...
Wednesday, 23.03.2022
01:00
BOSCH PSIRT
Bosch Fire Monitoring System (FSM) affected by log4net Vulnerability
Title
Bosch Fire Monitoring System (FSM) affected by log4net Vulnerability
Published
March 23, 2022, 1 a.m.
URL
https://psirt.bosch.com/security-advisories/bosch-sa-479793-bt.html
Summary

BOSCH-SA-479793-BT: A vulnerability has been discovered affecting the Bosch Fire Monitoring System (FSM-2500, FSM-5000, FSM-10k and obsolete FSM-10000). The issue applies to FSM server with version 5.6.630 and lower, and FSM client with version 5.6.2131 and lower. Bosch recommends customers to update vulnerable components with the provided patch. The vulnerability ...

Tuesday, 22.03.2022
15:00
US CERT (ICS)
Delta Electronics DIAEnergie (Update B)
Title
Delta Electronics DIAEnergie (Update B)
Published
March 22, 2022, 3 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-238-03
Summary
This updated advisory is a follow-up to the advisory update titled ICSA-21-238-03 Delta Electronics DIAEnergie (Update A) that was published December 16, 2021, on the ICS webpage at www.cisa.gov/uscert. This advisory contains mitigations for several vulnerabilities in the Delta Electronics DIAEnergie industrial energy management system.
Thursday, 17.03.2022
20:00
US CERT
AA22-076A: Strengthening Cybersecurity of SATCOM Network Providers and Customers
Title
AA22-076A: Strengthening Cybersecurity of SATCOM Network Providers and Customers
Published
March 17, 2022, 8 p.m.
URL
https://us-cert.cisa.gov/ncas/alerts/aa22-076a
Summary
Original release date: March 17, 2022SummaryActions to Take Today: • Use secure methods for authentication. • Enforce principle of least privilege. • Review trust relationships. • Implement encryption. • Ensure robust patching and system configuration audits. • Monitor logs for suspicious activity. • Ensure incident response, resilience, and continuity of ...
15:00
US CERT (ICS)
Treck TCP/IP Stack (Update H)
Title
Treck TCP/IP Stack (Update H)
Published
March 17, 2022, 3 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-20-168-01
Summary
This updated advisory is a follow-up to the advisory update titled ICSA-20-168-01 Treck TCP/IP Stack (Update G) that was published Aug 20, 2020, to the ICS webpage on www.cisa.gov/uscert. This advisory contains mitigations for Improper Handling of Length Parameter Inconsistency, Improper Input Validation, Double Free, Out-of-bounds Read, Integer Overflow or ...
Wednesday, 16.03.2022
01:00
BOSCH PSIRT
Improper Restriction of XML External Entity Reference in BVMS
Title
Improper Restriction of XML External Entity Reference in BVMS
Published
March 16, 2022, 1 a.m.
URL
https://psirt.bosch.com/security-advisories/bosch-sa-506619-bt.html
Summary

BOSCH-SA-506619-BT: When BVMS is installed in an installation folder where low-priviledged users have write access, BVMS is affected by a security vulnerability, which potentially allows for XXE-based attacks in applications that accept attacker-controlled log4net configuration files.Bosch rates the vulnerability with a CVSS v3.1 Base Score of 5.7 (Medium) when the ...

Tuesday, 15.03.2022
15:05
US CERT (ICS)
ABB OPC Server for AC 800M
Title
ABB OPC Server for AC 800M
Published
March 15, 2022, 3:05 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-074-01
Summary
This advisory contains mitigations for an Execution with Unnecessary Privileges vulnerability in the ABB OPC Server for AC 800M run-time data reader.
15:00
US CERT (ICS)
PTC Axeda agent and Axeda Desktop Server (Update B)
Title
PTC Axeda agent and Axeda Desktop Server (Update B)
Published
March 15, 2022, 3 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-067-01
Summary
This updated advisory is a follow-up to the original advisory titled ICSA-22-067-01 PTC Axeda agent and Axeda Desktop Server (Update A) that was published March 10, 2022, on the ICS webpage on www.cisa.gov/uscert. This advisory contains mitigations for Use of Hard-coded Credentials, Missing Authentication for Critical Function, Exposure of Sensitive ...
15:00
US CERT
AA22-074A: Russian State-Sponsored Cyber Actors Gain Network Access by Exploiting Default Multifactor Authentication Protocols ...
Title
AA22-074A: Russian State-Sponsored Cyber Actors Gain Network Access by Exploiting Default Multifactor Authentication Protocols and “PrintNightmare” Vulnerability
Published
March 15, 2022, 3 p.m.
URL
https://us-cert.cisa.gov/ncas/alerts/aa22-074a
Summary
Original release date: March 15, 2022SummaryMultifactor Authentication (MFA): A Cybersecurity Essential • MFA is one of the most important cybersecurity practices to reduce the risk of intrusions—according to industry research, users who enable MFA are up to 99 percent less likely to have an account compromised. • Every organization should ...
  • 1 (current)
  • 2
  • 3

Last Updates

BOSCH PSIRT
20.03.2024
CODESYS
28.06.2023
SIEMENS CERT
19.04.2024
US CERT
17.04.2024
US CERT (ICS)
25.04.2024

By Source

Archive

2024
2023
2022
2021
2020
2019
2018
2017

Feeds