us-cert

This advisory contains mitigations for a Improper Handling of Exceptional Conditions, and Improper Input Validation vulnerabilities in Mitsubishi Electric GOT and Tension Controller products.

This advisory contains mitigations for Missing Authentication for Critical Function, Improper Input Validation, Improper Limitation of a Pathname to a Restricted Directory, Write-what-where Condition, Improper Neutralization of Special Elements used in an OS Command, and Exposure of Sensitive Information to an Unauthorized Actor vulnerabilities in Emerson WirelessHART Gateway network communication devices.

This advisory contains mitigations for Path Traversal, Use of Hard-coded Password, Unprotected Transport of Credentials, Injection, and Improper Access Control vulnerabilities in Moxa MXview network management software.

This advisory contains mitigations for Unrestricted Upload of File with Dangerous Type, Relative Path Traversal, Improper Neutralization of Special Elements in Output Used by a Downstream Component vulnerabilities in Honeywell Experion Process Knowledge System (PKS) C200, C200E, C300 and ACE Controllers.

This updated advisory is a follow-up to the original advisory titled ICSMA-18-219-02 Medtronic MiniMed MMT-500 and MMT-503 Remote Controllers that was published August 7, 2018, to the ICS webpage on us-cert.cisa.gov. This medical device advisory includes mitigation recommendations for cleartext transmission of sensitive information and authentication bypass by capture-replay vulnerabilities in the Medtronic MiniMed 508 Insulin Pump.

This advisory contains mitigations for Use of Password Hash with Insufficient Computational Effort, Missing Protection Against Hardware Reverse Engineering Using Integrated Circuit (IC) Imaging Techniques, Improper Access Control, Missing Support for Integrity Check, and Reliance on Component That is Not Updateable vulnerabilities in the Boston Scientific Zoom Latitude programmer/recorder/monitor (PRM) 3120 model.

<p>This advisory contains mitigations for a Code Injection vulnerability in Trane Symbio 700 and Symbio 800 controllers.</p>

<p>This advisory contains mitigations for a Code Injection vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge building automation products.</p>

<p>This updated advisory is a follow-up to the advisory update titled ICSA-21-054-04 Ovarro TBox that was published March 23, 2021, to the ICS webpage on us-cert.cisa.gov. The original advisory was titled ICSA-21-054-04P Ovarro TBox and posted to the HSIN ICS library on February 23, 2021. This advisory contains mitigations for Code Injection, Incorrect Permission Assignment for Critical Resource, Uncontrolled Resource Consumption, Insufficiently Protected Credentials, Relative Path Traversal, and Use of Hard-coded Cryptographic Key vulnerabilities in Ovarro TBox remote terminal units (RTUs).</p>

<p>This advisory contains mitigations for Exposure of Sensitive Information to an Unauthorized Actor, Execution with Unnecessary Privileges, and Improper Handling of Insufficient Permissions or Privileges vulnerabilities in Siemens RUGGEDCOM ROX devices.</p>