Bulletins | CERT@VDE

1
2
3 (current)

Thursday, 07.12.2023

13:00

US CERT (ICS)

Johnson Controls Metasys and Facility Explorer

Title

Johnson Controls Metasys and Facility Explorer

Published

Dec. 7, 2023, 1 p.m.

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-23-341-03

Summary

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Johnson Controls Equipment: Metasys and Facility Explorer Vulnerability: Uncontrolled Resource Consumption 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service by sending invalid credentials. 3. TECHNICAL DETAILS 3.1 AFFECTED ...

13:00

US CERT (ICS)

Sierra Wireless AirLink with ALEOS firmware

Title

Sierra Wireless AirLink with ALEOS firmware

Published

Dec. 7, 2023, 1 p.m.

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-23-341-06

Summary

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Sierra Wireless Equipment: AirLink Vulnerabilities: Infinite Loop, NULL Pointer Dereference, Cross-site Scripting, Reachable Assertion, Use of Hard-coded Credentials, Use of Hard-coded Cryptographic Key 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to ...

13:00

US CERT (ICS)

Schweitzer Engineering Laboratories SEL-411L

Title

Schweitzer Engineering Laboratories SEL-411L

Published

Dec. 7, 2023, 1 p.m.

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-23-341-02

Summary

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 4.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schweitzer Engineering Laboratories Equipment: SEL-411L Vulnerability: Improper Restriction of Rendered UI Layers or Frames 2. RISK EVALUATION Successful exploitation of this vulnerability could expose authorized users to clickjacking attacks. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The ...

Wednesday, 06.12.2023

21:18

US CERT

Russian FSB Cyber Actor Star Blizzard Continues Worldwide Spear-phishing Campaigns

Title

Russian FSB Cyber Actor Star Blizzard Continues Worldwide Spear-phishing Campaigns

Published

Dec. 6, 2023, 9:18 p.m.

URL

https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-341a

Summary

The Russia-based actor is targeting organizations and individuals in the UK and other geographical areas of interest. OVERVIEW The Russia-based actor Star Blizzard (formerly known as SEABORGIUM, also known as Callisto Group/TA446/COLDRIVER/TAG-53/BlueCharlie) continues to successfully use spear-phishing attacks against targeted organizations and individuals in the UK, and other geographical areas ...

Tuesday, 05.12.2023

13:00

US CERT (ICS)

Zebra ZTC Industrial ZT400 and ZTC Desktop GK420d

Title

Zebra ZTC Industrial ZT400 and ZTC Desktop GK420d

Published

Dec. 5, 2023, 1 p.m.

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-23-339-01

Summary

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.4 ATTENTION: Exploitable with adjacent access/low attack complexity Vendor: Zebra Technologies Equipment: ZTC Industrial ZT410, ZTC Desktop GK420d Vulnerability: Authentication Bypass Using an Alternate Path or Channel 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to send specially crafted ...

Monday, 04.12.2023

19:05

US CERT

Threat Actors Exploit Adobe ColdFusion CVE-2023-26360 for Initial Access to Government Servers

Title

Threat Actors Exploit Adobe ColdFusion CVE-2023-26360 for Initial Access to Government Servers

Published

Dec. 4, 2023, 7:05 p.m.

URL

https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-339a

Summary

SUMMARY The Cybersecurity and Infrastructure Security Agency (CISA) is releasing a Cybersecurity Advisory (CSA) in response to confirmed exploitation of CVE-2023-26360 by unidentified threat actors at a Federal Civilian Executive Branch (FCEB) agency. This vulnerability presents as an improper access control issue impacting Adobe ColdFusion versions 2018 Update 15 (and ...

Friday, 01.12.2023

23:21

US CERT

IRGC-Affiliated Cyber Actors Exploit PLCs in Multiple Sectors, Including U.S. Water and Wastewater Systems Facilities

Title

IRGC-Affiliated Cyber Actors Exploit PLCs in Multiple Sectors, Including U.S. Water and Wastewater Systems Facilities

Published

Dec. 1, 2023, 11:21 p.m.

URL

https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-335a

Summary

SUMMARY The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Environmental Protection Agency (EPA), and the Israel National Cyber Directorate (INCD)—hereafter referred to as "the authoring agencies"—are disseminating this joint Cybersecurity Advisory (CSA) to highlight continued malicious cyber activity against operational technology devices ...

1
2
3 (current)

Last Updates

BOSCH PSIRT

20.03.2024

CODESYS

28.06.2023

SIEMENS CERT

19.04.2024

US CERT

17.04.2024

US CERT (ICS)

07.05.2024

By Source

BOSCH PSIRT (76)
CODESYS (36)
SIEMENS CERT (1616)
US CERT (157)
US CERT (ICS) (1516)

Feeds

RSS / Atom

Last Updates

By Source

Archive

2024

2023

2022

2021

2020

2019

2018

2017

Feeds