Security
Headlines
HeadlinesLatestCVEs

Source

us-cert

Siemens SCALANCE

This advisory contains mitigations for Improper Neutralization of Special Elements in Output Used by a Downstream Component (‘Injection’), Allocation of Resources Without Limits or Throttling, and Basic Cross Site Scripting vulnerabilities in versions of SCALANCE products.

us-cert
Open in Source
#xss#vulnerability
Siemens SIMATIC S7-400 (Update A)

This updated advisory is a follow-up to the advisory update titled ICSA-21-104-12 Siemens SIMATIC S7-400 that was published April 14, 2022, to the ICS webpage on www.cisa.gov/ics. This advisory contains mitigations for an Uncontrolled Resource Consumption vulnerability in the Siemens SIMATIC S7-400.

Siemens Industrial Products LLDP (Update C)

This updated advisory is a follow-up to the original advisory titled ICSA-21-194-07 Siemens Industrial Products LLDP (Update B) that was published August 10, 2021, on the ICS webpage on cisa.gov/ics. This advisory contains mitigations for Classic Buffer Overflow and Uncontrolled Resource Consumption vulnerabilities in versions of Siemens Industrial Products (LLDP).

Mitsubishi Electric GT SoftGOT2000

This advisory contains mitigations for Infinite Loop and OS Command Injection vulnerabilities in versions of Mitsubishi Electric GT SoftGOT2000 software.

Emerson ControlWave

This advisory contains mitigations for an Insufficient Verification of Data Authenticity vulnerabilities in Emerson ControlWave products, a programmable controller.

Emerson OpenBSI

This advisory contains mitigations for Use of Broken or Risky Cryptographic Algorithm and Use of Hard-coded Cryptographic Key vulnerabilities in Emerson OpenBSI, a set of network communication services.

Digi ConnectPort X2D

This advisory contains mitigations for an Execution with Unnecessary Privileges vulnerability in Digi ConnectPort X2D, a connection gateway.

Delta Electronics DIAEnergie (Update C)

This updated advisory is a follow-up to the advisory update titled ICSA-21-238-03 Delta Electronics DIAEnergie (Update B) that was published March 22, 2022, on the ICS webpage at www.cisa.gov/ics. This advisory contains mitigations for Use of Password Hash with Insufficient Computational Effort, Authentication Bypass Using an Alternate Path or Channel, Unrestricted Upload of File with Dangerous Type, SQL Injection, Cross-site Request Forgery, Cross-site Scripting, and Cleartext Transmission of Sensitive Information vulnerabilities in Delta Electronics DIAEnergie, an industrial energy management system.

Rockwell Products Impacted by Chromium Type Confusion

This advisory contains mitigations for a Type Confusion vulnerability in various Rockwell Automation products.

MOXA NPort 5110

This advisory contains mitigations for an Out-of-bounds Write vulnerability in MOXA NPort 5110, a device server.