us-cert

This updated advisory is a follow-up to the advisory update titled ICSA-21-222-05 Siemens Industrial Products Intel CPU (Update C) that was published March 10, 2022, to the ICS webpage on www.cisa.gov/uscert. This advisory contains mitigations for Missing Encryption of Sensitive Data vulnerabilities in Siemens industrial products using some Intel CPUs.

This advisory update is a follow-up to the original advisory titled ICSA-22-041-01 Siemens Industrial Products (Update A) that was published February 10, 2022, to the ICS webpage on us-cert.cisa.gov. This advisory contains mitigations for  Operation on a Resource after Expiration or Release, and Missing Release of Memory after Effective Lifetime vulnerabilities in Siemens Industrial Products using the SIMATIC firmware platform.

This updated advisory is a follow-up to the advisory update titled ICSA-19-085-01 Siemens SCALANCE X (Update C) that was published October 14, 2021, to the ICS webpage on us-cert.gov. This updated advisory includes mitigations for an expected behavior violation vulnerability reported in the Siemens SCALANCE X products.

This updated advisory is a follow-up to the advisory update titled ICSA-21-104-16 Siemens TIA Administrator that was published April 14, 2022, to the ICS webpage on www.cisa.gov/uscert. This advisory contains mitigations for an Uncontrolled Resource Consumption vulnerability in the Siemens TIA Administrator.

This updated advisory is a follow-up to the advisory update titled ICSA-21-194-12 Siemens Wind River VxWorks-based Industrial Products (Update B) that was published May 12, 2022, on the ICS webpage on cisa.gov/ics. This advisory includes mitigations for a Heap-based Buffer Overflow in Siemens Industrial Products incorporating the Wind River VxWorks product.

This updated advisory is a follow-up to the original advisory titled ICSA-22-104-06 Siemens PROFINET Stack Integrated on Interniche Stack (Update A) that was published June 16, 2022, on the ICS webpage on cisa.gov/ics. This advisory contains mitigations for an Uncontrolled Resource Consumption vulnerability in the Siemens PROFINET Stack Integrated on Interniche Stack.

This updated advisory is a follow-up to the original advisory titled ICSA-22-104-07 Siemens Mendix (Update A) that was published June16, 2022, on the ICS webpage on cisa.gov/ics. This advisory contains mitigations for an Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Siemens Mendix, a software platform to build mobile and web applications.

This updated advisory is a follow-up to the advisory update titled ICSA-21-315-03 Siemens SIMATIC WinCC (Update D) that was published April 14, 2022, to the ICS webpage on cisa.gov/ics. This advisory contains mitigations for a Path Traversal, and Insertion of Sensitive Information into Log File vulnerabilities in Siemens SIMATIC WinCC, a SCADA HMI system.

This advisory contains mitigations for Improper Input Validation, Unrestricted Upload of File with Dangerous Type, Authentication Bypass by Capture-replay, Generation of Error Message Containing Sensitive Information vulnerabilities in the Dahua ASI7213X-T1 facial recognition access controller.

This updated advisory is a follow-up to the original advisory titled ICSA-22-055-03 Schneider Electric Easergy P5 and P3 that was published February 24, 2022, on the ICS webpage on cisa.gov/ics. This advisory contains mitigations for Use of Hard-coded Credentials, Classic Buffer Overflow, and Improper Input Validation vulnerabilities in Schneider Electric Easergy P5 and P3 medium voltage protection relays.