us-cert

This advisory contains mitigations for an Improper Restriction of XML External Entity Reference vulnerability in versions of Inductive Automation Ignition software.

This advisory contains mitigations for an Cleartext Transmission of Sensitive Information vulnerability in AutomationDirect products.

This advisory contains mitigations for an Path Traversal, Deserialization of Untrusted Data, Inclusion of Functionality from Untrusted Control Sphere, Out-of-Bounds Read vulnerabilities in the SCADA products.

This updated advisory is a follow-up to the original advisory titled Rockwell Automation ISaGRAF that was published March 29, 2022, on the ICS webpage on cisa.gov/ics. This advisory contains mitigations for an Improper Restriction of XML External Entity Reference vulnerability in Rockwell Automation ISaGRAF software products.

This advisory contains mitigations for a Missing Authentication for Critical Function vulnerability in the ISaGRAF Workbench.

This advisory contains mitigations for an Missing Authentication for Critical Function vulnerability in the Metasys ADS, ADX, OAS.

This advisory contains mitigations for an Improper Privilege Management vulnerabilities in the ABB products.

This advisory contains mitigations for Use of Hard-coded Credentials, Improper Authentication, Cross-site Scripting, and Authorization Bypass Through User-controlled Key vulnerabilities in the MiCODUS MV720 GPS tracker.

This advisory contains mitigations for Use of Insufficiently Random Values, and Classic Buffer Overflow vulnerabilities in the Siemens SCALANCE X Switch Devices industrial ethernet switches.

This advisory contains mitigations for an Exposure of Resource to Wrong Sphere vulnerability in Siemens SICAM GridEdge.