CISA releases 27 Industrial Control Systems Advisories
Cybersecurity and Infrastructure Security Agency sent this bulletin at 05/12/2022 01:14 PM EDT
You are subscribed to no topic for Cybersecurity and Infrastructure Security Agency. This information has recently been updated, and is now available.
This advisory contains mitigations for Stack-based Buffer Overflow, and Out-of-bounds Read vulnerabilities in the Delta Electronics CNCSoft software management platform.
This advisory contains mitigations for Missing Authorization, Out-of-bounds Write, NULL Pointer Dereference, Classic Buffer Overflow, HTTP Request Smuggling, and Infinite Loop vulnerabilities in Mitsubishi Electric MELSOFT iQ AppPortal products.
This advisory contains mitigations for Out-of-bounds Read, Access of Uninitialized Pointer, and Out-of-bounds Write vulnerabilities in the Inkscape open-source graphics editor.
This advisory contains mitigations for OS Command Injection, SQL Injection, Path Traversal, and Use of Potentially Dangerous Function vulnerabilities in the Cambium Networks cnMaestro network management system.
This advisory contains mitigations for Improper Input Validation, Improper Authentication, Improper Isolation of Shared Resources on System-on-a-Chip, and Improper Privilege Management vulnerabilities in Siemens Industrial PCs and CNC devices.
This advisory contains mitigations for an Insecure Default Initialization of Resource vulnerability in SIMATIC PCS and WinCC industrial products.
This advisory contains mitigations for Improper Neutralization of Parameter/Argument Delimiters, Cleartext Transmission of Sensitive Information, Cross-site Scripting, Missing Authentication for Critical Function, Authentication Bypass by Capture-replay, and Improper Authentication vulnerabilities in Siemens SICAM P850 and SICAM P855 electrical variable measuring devices.
This advisory contains mitigations for a Null Pointer Dereference vulnerability in Siemens industrial products using the OPC UA AMSOC stack.
This advisory contains mitigations for Infinite Loop, Null Pointer Dereference, Integer Overflow to Buffer Overflow, Double Free, and Access of Uninitialized Pointer vulnerabilities in Siemens JT2GO, Teamcenter Visualization products.
This advisory contains mitigations for an Uncaught Exception vulnerability in the Siemens Desigo DXR and PXC controllers.
This advisory contains mitigations for an Uncontrolled Resource Consumption vulnerability in the Siemens SIMATIC CP 44x-1 RNA.
This advisory contains mitigations for an Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in the OPC Foundation Local Discovery Server in multiple Siemens industrial products.
This advisory contains mitigations for a Use After Free vulnerability in Siemens Industrial Devices using libcurl.
This advisory contains mitigations for an Out-of-bounds Write vulnerability in the Siemens Simcenter Femap advanced simulation application.
This advisory contains mitigations for a Classic Buffer Overflow vulnerability in the open-source implementation of the ISO/IEC vehicle-to-grid communication interface (V2G CI) standard.
This advisory contains mitigations for Stack-based Buffer Overflow, and Improper Restriction of XML External Entity Reference vulnerabilities in the Siemens Teamcenter product lifecycle management software.
This updated advisory is a follow-up to the original advisory titled ICSA-22-104-05 Siemens OpenSSL Vulnerabilities in Industrial Products that was published April 14, 2022, on the ICS webpage at cisa.gov/ics. This advisory contains mitigations for a NULL Pointer Dereference vulnerability in the Siemens OpenSSL.
This updated advisory is a follow-up to the original advisory titled ICSA-22-102-04 Mitsubishi Electric GT25-WLAN that was published April 12, 2022, on the ICS webpage on cisa.gov/ics. This advisory contains mitigations for Improper Removal of Sensitive Information Before Storage or Transfer, Inadequate Encryption Strength, Missing Authentication for Critical Function, Injection, and Improper Input Validation vulnerabilities in Mitsubishi Electric GT25-WLAN wireless communication units.
This updated advisory is a follow-up to the advisory update titled ICSA-22-041-02 Siemens SIMATIC WinCC and PCS (Update A) that was published April 14, 2022, to the ICS webpage on cisa.gov/ics. This advisory contains mitigations for Exposure of Sensitive Information to an Unauthorized Actor, and Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerabilities in Siemens SIMATIC WinCC and PCS industrial automation products.
This updated advisory is a follow-up to the advisory update titled ICSA-21-315-03 Siemens SIMATIC WinCC (Update C) that was published April 14, 2022, to the ICS webpage on cisa.gov/ics. This advisory contains mitigations for a Path Traversal, and Insertion of Sensitive Information into Log File vulnerabilities in Siemens SIMATIC WinCC, a SCADA HMI system.
This updated advisory is a follow-up to the advisory update titled ICSA-21-315-07 Siemens Nucleus RTOS-based APOGEE and TALON Products (Update B) that was published April 14, 2022, on the ICS webpage at cisa.gov/ics. This advisory contains mitigations for several vulnerabilities in Siemens Nucleus RTOS-based APOGEE and TALON direct digital control (DDC) devices.
This updated advisory is a follow-up to the advisory update titled ICSA-21-194-12 Siemens Wind River VxWorks-based Industrial Products (Update A) that was published April 14, 2022, on the ICS webpage on cisa.gov/ics. This advisory includes mitigations for a Heap-based Buffer Overflow in Siemens Industrial Products incorporating the Wind River VxWorks product.
This updated advisory is a follow-up to the advisory update titled ICSA-21-159-13 Siemens SIMATIC RFID Readers (Update A) that was published April 14, 2022, on the ICS webpage on cisa.gov/ics. This advisory contains mitigations for an Uncontrolled Resource Consumption vulnerability in Siemens Simatic RFID industrial hardware systems.
This updated advisory is a follow-up to the advisory update titled ICSA-20-105-06 Siemens SIMOTICS, Desigo, APOGEE, and TALON (Update C) that was published April 14, 2021, on the ICS webpage at cisa.gov/ics. This advisory contains mitigations for a Business Logic Errors vulnerability in Siemens SIMOTICS, Desigo, APOGEE, and TALON products.
This updated advisory is a follow-up to the advisory update titled ICSA-20-105-07 Siemens SCALANCE & SIMATIC (Update G) that was published April 14, 2022, to the ICS webpage on cisa.gov/ics. This advisory contains mitigations for a Resource Exhaustion vulnerability in Siemens SCALANCE and SIMATIC products.
This updated advisory is a follow-up to the advisory update titled ICSA-20-014-05 Siemens TIA Portal (Update C) that was published December 16, 2021, on the ICS webpage at cisa.gov/ics. This advisory contains mitigations for a Path Traversal vulnerability in the Siemens TIA Portal engineering framework.
This updated advisory is a follow-up to the advisory update titled ICSA-19-253-04 Siemens Industrial Products (Update Q) published on April 14, 2022, to the ICS webpage on cisa.gov/ics. This updated advisory includes mitigations for Integer Excessive Data Query Operations in a Large Data Table, Integer Overflow or Wraparound, and Resource Exhaustion vulnerabilities reported in Siemens’ industrial products.