Security
Headlines
HeadlinesLatestCVEs

Source

us-cert

Siemens SCALANCE

This advisory contains mitigations for Cross-site Request Forgery, OS Command Injection, Classic Buffer Overflow, Command Injection, Path Traversal, and Missing Encryption of Sensitive Data vulnerabilities in the Siemens SCALANCE software management platform.

us-cert
Open in Source
Siemens RUGGEDCOM ROX Devices

This advisory contains mitigations for an Uncontrolled Resource Consumption vulnerability in Siemens RUGGEDCOM ROX switches and serial-to-Ethernet devices.

Siemens SIMATIC Process Historian

This advisory contains mitigations for a Missing Authentication for Critical Function vulnerability in Siemens SIMATIC Process Historian, a long-term archive system.

Siemens RUGGEDCOM ROX (Update A)

This updated advisory is a follow-up to the original advisory titled ICSA-21-259-01 Siemens RUGGEDCOM ROX that was published September 16, 2021, to the ICS webpage on us-cert.cisa.gov. This advisory contains mitigations for Improper Privilege Management, Execution with Unnecessary Privileges, and Improper Handling of Insufficient Permissions or Privileges vulnerabilities in Siemens RUGGEDCOM ROX devices.

Advantech WebAccess SCADA

This advisory contains mitigations for a Missing Authorization vulnerability in the Advantech WebAccess SCADA HMI platform.

Advantech WebAccess

This advisory contains mitigations for Heap-based Buffer Overflow, and Stack-based Buffer Overflow vulnerabilities in the Advantech WebAccess HMI platform.

Schneider Electric IGSS

This advisory contains mitigations for Classic Buffer Overflow, Unrestricted Upload of File with Dangerous Type, Path Traversal, and Missing Authentication for Critical Function vulnerabilities in Schneider Electric IGSS (Interactive Graphical SCADA System) software.

Johnson Controls exacqVision Server Bundle

This advisory contains mitigations for an Improper Privilege Management vulnerability in Exacq Technologies exacqVision Server Bundle. Exacq Technologies is a subsidiary of Johnson Controls.

Mobile Industrial Robots Vehicles and MiR Fleet Software

This advisory contains mitigations for numerous vulnerabilities in Mobile Industrial Robots Vehicles and MiR Fleet software products.

Johnson Controls exacqVision

This advisory contains mitigations for an Integer Overflow or Wraparound vulnerability in Exacq Technologies exacqVision surveillance video software products. Exacq Technologies is a subsidiary of Johnson Controls.