Security
Headlines
HeadlinesLatestCVEs

Source

us-cert

Mitsubishi Electric MELSEC iQ-R Series

This advisory contains mitigations for an Authorization Bypass Through User-controlled Key vulnerability in the Mitsubishi Electric MELSEC iQ-R Series CPU Module.

us-cert
Siemens SINUMERIK

This advisory contains mitigations for a Heap-based Buffer Overflow vulnerability in Siemens SINUMERIK controllers.

Siemens SINEC NMS

This advisory contains mitigations for Improper Limitation of a Pathname to a Restricted Directory, Improper Authorization, Exposure of Sensitive Information to an Unauthorized Actor, Deserialization of Untrusted Data, and Improper Neutralization of Special Elements used in an SQL Command vulnerabilities in Siemens SINEC NMS network management software.

Siemens Solid Edge

This advisory contains mitigations for Use After Free, Out-of-bounds Read, and Access of Uninitialized Pointer vulnerabilities in Siemens Solid Edge 3D CAD and solid modeling software.

Siemens SCALANCE

This advisory contains mitigations for Cross-site Request Forgery, OS Command Injection, Classic Buffer Overflow, Command Injection, Path Traversal, and Missing Encryption of Sensitive Data vulnerabilities in the Siemens SCALANCE software management platform.

Siemens RUGGEDCOM ROX Devices

This advisory contains mitigations for an Uncontrolled Resource Consumption vulnerability in Siemens RUGGEDCOM ROX switches and serial-to-Ethernet devices.

Siemens SIMATIC Process Historian

This advisory contains mitigations for a Missing Authentication for Critical Function vulnerability in Siemens SIMATIC Process Historian, a long-term archive system.

Siemens RUGGEDCOM ROX (Update A)

This updated advisory is a follow-up to the original advisory titled ICSA-21-259-01 Siemens RUGGEDCOM ROX that was published September 16, 2021, to the ICS webpage on us-cert.cisa.gov. This advisory contains mitigations for Improper Privilege Management, Execution with Unnecessary Privileges, and Improper Handling of Insufficient Permissions or Privileges vulnerabilities in Siemens RUGGEDCOM ROX devices.

Advantech WebAccess SCADA

This advisory contains mitigations for a Missing Authorization vulnerability in the Advantech WebAccess SCADA HMI platform.

Advantech WebAccess

This advisory contains mitigations for Heap-based Buffer Overflow, and Stack-based Buffer Overflow vulnerabilities in the Advantech WebAccess HMI platform.