Security
Headlines
HeadlinesLatestCVEs

Source

us-cert

Emerson Proficy Machine Edition

This advisory contains mitigations for Missing Support for Integrity Check, Improper Access Control, Unrestricted Upload of File with Dangerous Type, Improper Verification of Cryptographic Signature, Insufficient Verification of Data Authenticity, and Path Traversal: ‘\..\filename’ vulnerabilities in Emerson Proficy Machine Edition, an engineering workstation.

us-cert
Open in Source
#vulnerability#mac#auth
Sequi PortBloque S

This advisory contains mitigations for Improper Authentication and Improper Authorization vulnerabilities in Sequi PortBloque S, a serial Modbus firewall.

Siemens Simcenter STAR-CCM+

This advisory contains mitigations for an Exposure of Sensitive Information to an Unauthorized Actor vulnerability in versions of Siemens Simcenter STAR-CCM+ products.

Siemens Teamcenter

This advisory contains mitigations for Command Injection and Infinite Loop vulnerabilities in versions of Siemens Teamcenter a product lifecycle management software.

Schneider Electric EcoStruxure, EcoStruxure Process Expert, SCADAPack RemoteConnect for x70

This advisory contains mitigations for Heap-based Buffer Overflow, Wrap or Wraparound, Classic Buffer Overflow, and Out-of-bounds Write vulnerabilities in products using AT&T Labs Compressor (XMill) and Decompressor (XDemill).

Emerson ROC800, ROC800L and DL8000

This advisory contains mitigations for an Insufficient Verification of Data Authenticity vulnerability in versions of ROC800, a remote automation controller.

Siemens SICAM A8000 Web Server Module

This advisory contains mitigations for an Improper Access Control vulnerability in versions of SICAM A8000 Web Server Module products.

Siemens SICAM TOOLBOX II

This advisory contains mitigations for a Use of Hard-coded Credentials vulnerability in versions of SICAM TOOLBOX II, a control and monitoring system.

Siemens SCALANCE

This advisory contains mitigations for Improper Neutralization of Special Elements in Output Used by a Downstream Component (‘Injection’), Allocation of Resources Without Limits or Throttling, and Basic Cross Site Scripting vulnerabilities in versions of SCALANCE products.

Siemens SIMATIC S7-400 (Update A)

This updated advisory is a follow-up to the advisory update titled ICSA-21-104-12 Siemens SIMATIC S7-400 that was published April 14, 2022, to the ICS webpage on www.cisa.gov/ics. This advisory contains mitigations for an Uncontrolled Resource Consumption vulnerability in the Siemens SIMATIC S7-400.