Security
Headlines
HeadlinesLatestCVEs

Source

us-cert

Trane Symbio

<p>This advisory contains mitigations for a Code Injection vulnerability in Trane Symbio 700 and Symbio 800 controllers.</p>

us-cert
Open in Source
Trane Tracer

<p>This advisory contains mitigations for a Code Injection vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge building automation products.</p>

Ovarro TBox (Update A)

<p>This updated advisory is a follow-up to the advisory update titled ICSA-21-054-04 Ovarro TBox that was published March 23, 2021, to the ICS webpage on us-cert.cisa.gov. The original advisory was titled ICSA-21-054-04P Ovarro TBox and posted to the HSIN ICS library on February 23, 2021. This advisory contains mitigations for Code Injection, Incorrect Permission Assignment for Critical Resource, Uncontrolled Resource Consumption, Insufficiently Protected Credentials, Relative Path Traversal, and Use of Hard-coded Cryptographic Key vulnerabilities in Ovarro TBox remote terminal units (RTUs).</p>

Siemens RUGGEDCOM ROX

<p>This advisory contains mitigations for Exposure of Sensitive Information to an Unauthorized Actor, Execution with Unnecessary Privileges, and Improper Handling of Insufficient Permissions or Privileges vulnerabilities in Siemens RUGGEDCOM ROX devices.</p>

Schneider Electric EcoStruxure and SCADAPack

<p>This advisory contains mitigations for a Path Traversal vulnerability in Schneider Electric EcoStruxure Control Expert, EcoStruxure Process Expert, SCADAPack RemoteConnect software designed for the x70 SCADAPack system.</p>

Digi PortServer TS 16

<p>This advisory contains mitigations for an Improper Authentication vulnerability in Digi PortServer TS 16 terminal servers.</p>

Johnson Controls Sensormatic Electronics KT-1

<p>This advisory contains mitigations for an Authentication Bypass by Capture-replay vulnerability in Sensormatic Electronics KT-1 door controllers. Sensormatic Electronics is a subsidiary of Johnson Controls.</p>

Schneider Electric Struxureware Data Center Expert

<p>This advisory contains mitigations for OS Command Injection, and Path Traversal vulnerabilities in Schneider Electric Struxureware Data Center Expert monitoring software.</p>

Siemens Simcenter Femap

<p>This advisory contains mitigations for an Out-of-bounds Read vulnerability in the Siemens Simenter Femap simulation application.</p>

Siemens Simcenter STAR-CCM+ Viewer

<p>This advisory contains mitigations for an Out-of-bounds Write vulnerability in the Siemens Simcenter Star-CCM+ Viewer simulation application.</p>