us-cert

This advisory contains mitigations for Improper Input Validation, Integer Overflow or Wraparound, Uncontrolled Resource Consumption, Command Injection, Inadequate Encryption Strength, Missing Encryption of Sensitive Data, Improper Restriction of Operations Within the Bounds of a Memory Buffer, Exposure of Private Personal Information to an Unauthorized Actor, Open Redirect, Improper Resource Shutdown or Release, and Server-Side Request Forgery (SSRF) vulnerabilities in Siemens SINEC INS products.

This updated advisory is a follow-up to the original advisory titled ICSA-19-344-03 Siemens RUGGEDCOM ROS that was published December 10, 2019, on the ICS webpage on cisa.gov/ICS. This advisory contains mitigations for Improper Restriction of Operations within the Bounds of a Memory Buffer and Resource Management Errors vulnerabilities in multiple Siemens RUGGEDCOM ROS products.

This advisory contains mitigations for a Use of Hard-coded Credentials vulnerability in verisons of DIAEnergie, an industrial energy management system.

This advisory contains mitigations for an Improper Authentication vulnerability in Kingsapn TMS300 CS, a water tank management system.

This advisory contains mitigations for Uncontrolled Search Path Element and Incorrect Permission Assignment for Critical Resource vulnerabilities in the SoftMaster desktop application, a PLC software application.

This advisory contains mitigations for an Off-by-one Error vulnerability in versions of Hitachi Energy TXpert Hub CoreTec 4, a digital transformer monitoring and diagnostics device.

This advisory contains mitigations for Missing Encryption of Sensitive Data, Use of Externally Controlled Format String, Missing Authentication for Critical Function vulnerabilities in Sigma and Baxter Spectrum Infusion Pumps.

This advisory contains mitigations for Buffer Overflow, Access of Resource Using Incompatible Type, NULL Pointer Dereference vulnerabilities in libIEC61850 of IEC61850 implementation software.

This updated advisory is a follow-up to the original advisory titled ICSMA-21-152-01 Hillrom Medical Device Management (Update A) that was published June 1, 2021, to the ICS webpage at cisa.gov/ics. This advisory contains mitigations for Out-of-bounds Write, Out-of-bounds Read vulnerabilities in Welch Allyn medical device management tools.

This advisory contains mitigations for Access of Uninitialized Pointer vulnerabilities in Triangle Microworks, TMW IEC 61850 Software Library and TMW IEC 60870-6 (ICCP/TASE.2) Software Library.