Bulletins | CERT@VDE

Mitsubishi Electric MELSEC-F Series

Title

Mitsubishi Electric MELSEC-F Series

Published

June 29, 2023, 2 p.m.

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-23-180-04

Summary

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: MELSEC-F Series Vulnerability: Authentication Bypass by Capture-replay 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to login to the product by sending specially crafted packets. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ...

Mitsubishi Electric MELSEC-F Series (Update A)

Title

Mitsubishi Electric MELSEC-F Series (Update A)

Published

June 29, 2023, 2 p.m.

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-23-180-04

Summary

https://www.cisa.gov/news-events/ics-advisories/icsa-23-180-03

Ovarro TBox RTUs

Title

Ovarro TBox RTUs

Published

June 29, 2023, 2 p.m.

URL

Summary

1. EXECUTIVE SUMMARY CVSS v3 7.2 ATTENTION: Exploitable remotely/low attack complexity Vendor: Ovarro Equipment: TBox RTUs Vulnerabilities: Missing Authorization, Use of Broken or Risky Cryptographic Algorithm, Inclusion of Functionality from Untrusted Control Sphere, Insufficient Entropy, Improper Authorization, Plaintext Storage of a Password 2. RISK EVALUATION Successful exploitation of these vulnerabilities ...

Update in Cybersecurity Guidebook of BIS on Permission Settings for Network Share

BOSCH PSIRT

Title

Update in Cybersecurity Guidebook of BIS on Permission Settings for Network Share

Published

June 29, 2023, 2 a.m.

URL

https://psirt.bosch.com/security-advisories/bosch-sa-988400-bt.html

Summary

BOSCH-SA-988400-BT: In a recent survey of BIS installations worldwide Bosch identified that for some installations the security settings may not meet our recommended security standards. For this reason, we have updated our \"Cybersecurity Guidebook\".Section 4.5 of the Cybersecurity Guidebook describes how to configure access permissions for a shared folder of ...

Wednesday, 28.06.2023

08:50

CODESYS

Abkündigung RSS-Feed

Title

Abkündigung RSS-Feed

Published

June 28, 2023, 8:50 a.m.

URL

https://feedpress.me/link/15744/16211532/abkuendigung-rss-feed.html

Summary

Please check source url for more information.

Information Disclosure Vulnerability in Bosch IP cameras

BOSCH PSIRT

Title

Information Disclosure Vulnerability in Bosch IP cameras

Published

June 28, 2023, 2 a.m.

URL

https://psirt.bosch.com/security-advisories/bosch-sa-839739-bt.html

Summary

BOSCH-SA-839739-BT: An information disclosure vulnerability was discovered in Bosch IP camera devices allowing an unauthenticated attacker to retrieve information about the device itself (like capabilities) and network settings of the device, disclosing possibly internal network settings if the device is connected to the internet.This vulnerability was discovered by Souvik Kandar ...

Tuesday, 27.06.2023

Hitachi Energy FOXMAN-UN and UNEM Products

Title

Hitachi Energy FOXMAN-UN and UNEM Products

Published

June 27, 2023, 2 p.m.

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-23-178-01

Summary

1. EXECUTIVE SUMMARY CVSS v3 4.0 ATTENTION: High attack complexity Vendor: Hitachi Energy Equipment: FOXMAN-UN, UNEM Products Vulnerability: Improper Output Neutralization for Logs 2. RISK EVALUATION Successful exploitation of this vulnerability could permit an attacker to access sensitive information. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of FOXMAN-UN ...

Thursday, 22.06.2023

SpiderControl SCADAWebServer

Title

SpiderControl SCADAWebServer

Published

June 22, 2023, 2 p.m.

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-23-173-03

Summary

1. EXECUTIVE SUMMARY CVSS v3 4.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: SpiderControl Equipment: SCADAWebServer Vulnerability: Path Traversal 2. RISK EVALUATION Successful exploitation of this vulnerability could result in a denial-of-service condition 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of SCADAWebServer are affected: SCADAWebServer: Versions 2.08 and prior ...

Tuesday, 20.06.2023

Enphase Installer Toolkit Android App (Update A)

Title

Enphase Installer Toolkit Android App (Update A)

Published

June 20, 2023, 2 p.m.

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-23-171-02

Summary

1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Enphase Equipment: Enphase Installer Toolkit Vulnerability: Use of Hard-coded Credentials 2. UPDATE OR REPOSTED INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-23-171-02 Enphase Installer Toolkit Android App that was published June 22, 2023, ...

Enphase Installer Toolkit Android App

Title

Enphase Installer Toolkit Android App

Published

June 20, 2023, 2 p.m.

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-23-171-02

Summary

1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Enphase Equipment: Enphase Installer Toolkit Vulnerability: Use of Hard-coded Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could allow sensitive information to be obtained by an attacker using hard-coded credentials. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The ...

https://www.cisa.gov/news-events/ics-advisories/icsa-23-171-01

Enphase Envoy

Title

Enphase Envoy

Published

June 20, 2023, 2 p.m.

URL

Summary

1. EXECUTIVE SUMMARY CVSS v3 6.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Enphase Equipment: Envoy Vulnerability: OS Command Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to gain root access to the affected product. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following version of Enphase ...

Thursday, 15.06.2023

Siemens SICAM A8000 Devices

Title

Siemens SICAM A8000 Devices

Published

June 15, 2023, 2 p.m.

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-23-166-13

Summary

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). 1. EXECUTIVE SUMMARY CVSS v3 ...

Siemens SIMATIC STEP 7 and Derived Products

Title

Siemens SIMATIC STEP 7 and Derived Products

Published

June 15, 2023, 2 p.m.

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-23-166-08

Summary

Siemens SIMATIC S7-1500 TM MFP BIOS

Title

Siemens SIMATIC S7-1500 TM MFP BIOS

Published

June 15, 2023, 2 p.m.

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-23-166-10

Summary

Siemens SINAMICS Medium Voltage Products

Title

Siemens SINAMICS Medium Voltage Products

Published

June 15, 2023, 2 p.m.

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-23-166-12

Summary

SUBNET PowerSYSTEM Center

Title

SUBNET PowerSYSTEM Center

Published

June 15, 2023, 2 p.m.

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-23-166-01

Summary

1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: SUBNET Solutions Inc. Equipment: PowerSYSTEM Center Vulnerabilities: Cross-site Scripting, Authentication Bypass by Capture-replay 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to upload malicious scripts or perform a denial-of-service type attack. 3. TECHNICAL DETAILS ...

https://www.cisa.gov/news-events/ics-advisories/icsa-23-166-04

Siemens SIMOTION

Title

Siemens SIMOTION

Published

June 15, 2023, 2 p.m.

URL

Summary

Siemens SIMATIC WinCC V7

Title

Siemens SIMATIC WinCC V7

Published

June 15, 2023, 2 p.m.

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-23-166-07

Summary

Wednesday, 14.06.2023

SSA-942865 V1.1 (Last Update: 2023-06-14): Multiple Vulnerabilities in the Integrated SCALANCE S615 of SINAMICS Medium Voltage ...

SIEMENS CERT

Title

SSA-942865 V1.1 (Last Update: 2023-06-14): Multiple Vulnerabilities in the Integrated SCALANCE S615 of SINAMICS Medium Voltage Products

Published

June 14, 2023, 2 a.m.

URL

https://cert-portal.siemens.com/productcert/html/ssa-942865.html

Summary

SINAMICS PERFECT HARMONY GH180 is affected by multiple vulnerabilities in the integrated SCALANCE S615 device, as documented in SSA-419740 (https://cert-portal.siemens.com/productcert/html/ssa-419740.html). Siemens recommends to update the firmware of the integrated SCALANCE S615 device to the latest version. Siemens recommends specific countermeasures for products where the firmware update is not, or not ...

Tuesday, 13.06.2023

Datalogics Library Third-Party

Title

Datalogics Library Third-Party

Published

June 13, 2023, 2 p.m.

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-23-164-01

Summary

1. EXECUTIVE SUMMARY CVSS v3 5.5 ATTENTION: Low attack complexity Vendor: Datalogics Equipment: Library APDFL v18.0.4PlusP1e Vulnerability: Stack-based buffer overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to crash the device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Datalogics library versions are affected: Library ...

Rockwell Automation FactoryTalk Edge Gateway

Title

Rockwell Automation FactoryTalk Edge Gateway

Published

June 13, 2023, 2 p.m.

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-23-164-03

Summary

1. EXECUTIVE SUMMARY CVSS v3 7.1 ATTENTION: Low attack complexity Vendor: Rockwell Automation Equipment: FactoryTalk Edge Gateway Vulnerability: Out-of-bounds Read 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a local user to cause the program to crash, causing a denial of service. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ...

Rockwell Automation FactoryTalk Services Platform

Title

Rockwell Automation FactoryTalk Services Platform

Published

June 13, 2023, 2 p.m.

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-23-164-02

Summary

1. EXECUTIVE SUMMARY CVSS v3 7.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: FactoryTalk Services Platform Vulnerabilities: Use of Hard-coded Cryptographic Key, Improper Authentication, Origin Validation Error 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to disclose information, load malicious configuration files, or elevate ...

Rockwell Automation FactoryTalk Transaction Manager

Title

Rockwell Automation FactoryTalk Transaction Manager

Published

June 13, 2023, 2 p.m.

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-23-164-04

Summary

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: FactoryTalk Transaction Manager Vulnerability: Uncontrolled Resource Consumption. 2. RISK EVALUATION Successful exploitation of this vulnerability could cause the application to crash or experience a high CPU or memory usage condition, causing intermittent application functionality issues. ...

SSA-120378 V1.2 (Last Update: 2023-06-13): Multiple File Parsing Vulnerabilities in Teamcenter Visualization and JT2Go

SIEMENS CERT

Title

SSA-120378 V1.2 (Last Update: 2023-06-13): Multiple File Parsing Vulnerabilities in Teamcenter Visualization and JT2Go

Published

June 13, 2023, 2 a.m.

URL

https://cert-portal.siemens.com/productcert/html/ssa-120378.html

Summary

Siemens Teamcenter Visualization and JT2Go are affected by multiple file parsing vulnerabilities that could be triggered when the application reads malicious TIF, CGM or PDF files. If a user is tricked to open a malicious TIF, CGM or PDF file with the affected products, this could lead the application to ...