Source
us-cert
This advisory contains mitigations for an Uncontrolled Resource Consumption vulnerability in Siemens RUGGEDCOM ROS products.
This advisory contains mitigations for an Authentication Bypass by Capture-replay vulnerability in Siemens Mendix SAML Module products.
This advisory contains mitigations for Improper Input Validation, Integer Overflow or Wraparound, Uncontrolled Resource Consumption, Command Injection, Inadequate Encryption Strength, Missing Encryption of Sensitive Data, Improper Restriction of Operations Within the Bounds of a Memory Buffer, Exposure of Private Personal Information to an Unauthorized Actor, Open Redirect, Improper Resource Shutdown or Release, and Server-Side Request Forgery (SSRF) vulnerabilities in Siemens SINEC INS products.
This updated advisory is a follow-up to the original advisory titled ICSA-19-344-03 Siemens RUGGEDCOM ROS that was published December 10, 2019, on the ICS webpage on cisa.gov/ICS. This advisory contains mitigations for Improper Restriction of Operations within the Bounds of a Memory Buffer and Resource Management Errors vulnerabilities in multiple Siemens RUGGEDCOM ROS products.
This advisory contains mitigations for a Use of Hard-coded Credentials vulnerability in verisons of DIAEnergie, an industrial energy management system.
This advisory contains mitigations for an Improper Authentication vulnerability in Kingsapn TMS300 CS, a water tank management system.
This advisory contains mitigations for Uncontrolled Search Path Element and Incorrect Permission Assignment for Critical Resource vulnerabilities in the SoftMaster desktop application, a PLC software application.
This advisory contains mitigations for an Off-by-one Error vulnerability in versions of Hitachi Energy TXpert Hub CoreTec 4, a digital transformer monitoring and diagnostics device.
This advisory contains mitigations for Missing Encryption of Sensitive Data, Use of Externally Controlled Format String, Missing Authentication for Critical Function vulnerabilities in Sigma and Baxter Spectrum Infusion Pumps.
This advisory contains mitigations for Buffer Overflow, Access of Resource Using Incompatible Type, NULL Pointer Dereference vulnerabilities in libIEC61850 of IEC61850 implementation software.