CISA releases 30 Industrial Control Systems Advisories
Cybersecurity and Infrastructure Security Agency sent this bulletin at 07/14/2022 02:16 PM EDT
You are subscribed to Industrial Control Systems (ICS) Cybersecurity Advisories for Cybersecurity and Infrastructure Security Agency. This information has recently been updated, and is now available.
Siemens SCALANCE X Switch Devices
This advisory contains mitigations for Use of Insufficiently Random Values, and Classic Buffer Overflow vulnerabilities in the Siemens SCALANCE X Switch Devices industrial ethernet switches.
This advisory contains mitigations for an Exposure of Resource to Wrong Sphere vulnerability in the Siemens SICAM GridEdge.
This advisory contains mitigations for Insufficient Session Expiration, and Missing Authentication for Critical Function vulnerabilities in the Siemens SIMATIC MV500 Devices Optical Readers.
This advisory contains mitigations for an Out-of-bounds Write vulnerability in the Simcenter Femap complex model simulator.
This advisory contains mitigations for a Command Injection vulnerability in the Siemens RUGGEDCOM ROX products.
This advisory contains mitigations for an XML Entity Expansion vulnerability in the Mendix Excel Importer Module.
This advisory contains mitigations for a Heap-based buffer Overflow vulnerability in Siemens Teamcenter Visualization products.
This advisory contains mitigations for an Out-of-bounds Read, Out-of-bounds Write, and Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in the PADS Standard and Standard Plus, a PCB schematic design and layout environment.
This advisory contains mitigations for an Out-of-bounds Read vulnerability in Simcenter Femap, an advanced simulation application, and Parasolid, a 3D geometric modeling tool.
This advisory contains mitigations for an Injection Vulnerability in the Siemens Mendix Applications high productivity app platform.
This advisory contains mitigations for an Out-of-Bounds Read vulnerability in the Open Design Alliance Drawing SDK platform.
This advisory contains mitigations for Heap-based Buffer Overflow, Command Injection, and Code Injection vulnerabilities in the Siemens SIMATIC CP Devices communication processors.
This advisory contains mitigations for an Improper Access Control vulnerability in Siemens Mendix Applications, a high productivity app platform.
This advisory contains mitigations for a Missing Release of Resource after Effective Lifetime vulnerability in Siemens CPC firmware.
This advisory contains mitigations for Improper Input Validation, and Missing Authentication for Critical Function vulnerabilities in the Siemens SIMATIC eaSie digital manager.
This advisory contains mitigations for an Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in the Siemens EN100, an ethernet module.
This advisory contains mitigations for an Incorrect Implementation of Authentication Algorithm vulnerability in the Siemens Opcenter quality management system.
This advisory contains mitigations for an Improper Control of Generation of Code vulnerability in Siemens RUGGEDCOM ROS-based devices.
This updated advisory is a follow-up to the advisory update titled ICSA-21-222-05 Siemens Industrial Products Intel CPU (Update C) that was published March 10, 2022, to the ICS webpage on www.cisa.gov/uscert. This advisory contains mitigation for a Missing Encryption of Sensitive Data vulnerability in Siemens Industrial Products Intel CPUs.
This advisory update is a follow-up to the original advisory titled ICSA-22-041-01 Siemens Industrial Products (Update A) that was published February 10, 2022, to the ICS webpage on us-cert.cisa.gov. This advisory contains mitigations for Operation on a Resource after Expiration or Release, and Missing Release of Memory after Effective Lifetime vulnerabilities in Siemens SIMATIC Industrial Products.
This updated advisory is a follow-up to the advisory update titled ICSA-19-085-01 Siemens SCALANCE X (Update C) that was published October 14, 2021, to the ICS webpage on us-cert.gov. This advisory contains mitigations for an Expected Behavior Violation vulnerability in Siemens SCALANCE X products.
This updated advisory is a follow-up to the advisory update titled ICSA-21-104-16 Siemens TIA Administrator that was published April 14, 2022, to the ICS webpage on www.cisa.gov/uscert. This advisory contains mitigations for an Uncontrolled Resource Consumption vulnerability in the Siemens TIA Administrator.
This updated advisory is a follow-up to the advisory update titled ICSA-21-194-12 Siemens Wind River VxWorks-based Industrial Products (Update B) that was published May 12, 2022, on the ICS webpage on cisa.gov/ics. This advisory includes mitigations for a Heap-based Buffer Overflow in Siemens Industrial Products incorporating the Wind River VxWorks product.
This updated advisory is a follow-up to the original advisory titled ICSA-22-104-06 Siemens PROFINET Stack Integrated on Interniche Stack (Update A) that was published June 16, 2022, on the ICS webpage on cisa.gov/ics. This advisory contains mitigations for an Uncontrolled Resource Consumption vulnerability in the Siemens PROFINET Stack Integrated on Interniche Stack.
This updated advisory is a follow-up to the original advisory titled ICSA-22-132-08 Siemens Industrial Products with OPC UA that was published May 12, 2022, on the ICS webpage on cisa.gov/ICS. This advisory contains mitigations for an Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Siemens Industrial Products with OPC UA.
This updated advisory is a follow-up to the original advisory titled ICSA-22-104-07 Siemens Mendix (Update A) that was published June 16, 2022, on the ICS webpage on cisa.gov/ics. This advisory contains mitigations for an Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Siemens Mendix, a software platform to build mobile and web applications.
This updated advisory is a follow-up to the original advisory titled ICSA-22-167-14 Siemens OpenSSL Affected Industrial Products that was published June 16, 2022, on the ICS webpage on cisa.gov/ics. This advisory contains mitigations for an Infinite Loop vulnerability in the Siemens OpenSSL Affected Industrial Products.
This updated advisory is a follow-up to the advisory update titled ICSA-21-315-03 Siemens SIMATIC WinCC (Update D) that was published April 14, 2022, to the ICS webpage on cisa.gov/ics. This advisory contains mitigations for Path Traversal, and Insertion of Sensitive Information into Log File vulnerabilities in the Siemens SIMATIC WinCC.
This updated advisory is a follow-up to the original advisory titled ICSA-22-132-05 Siemens Industrial PCs and CNC devices that was published May 12, 2022, on the ICS webpage on cisa.gov/ICS. This advisory contains mitigations for Improper Input Validation, Improper Authentication, Improper Isolation of Shared Resources on System-on-a-Chip, and Improper Privilege Management vulnerabilities in Siemens Industrial PCs and CNC devices.
This updated advisory is a follow-up to the original advisory titled ICSA-22-132-12 Siemens Industrial Products that was published May 12, 2022, on the ICS webpage on cisa.gov/ICS. This advisory contains mitigations for an Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in the OPC Foundation Local Discovery Server in multiple Siemens industrial products.