Source
us-cert
This updated advisory is a follow-up to the original advisory titled ICSA-21-280-04 Mitsubishi Electric MELSEC iQ-R Series C Controller Module (Update A) that was published October 28, 2021, to the ICS webpage on us-cert.cisa.gov. This advisory contains mitigations for an Uncontrolled Resource Consumption vulnerability in Mitsubishi Electric MELSEC iQ-R Series C controller module products.
This advisory contains mitigations for an Improper Authentication vulnerability in the Exemys RME1 analog acquisition module.
This advisory contains mitigations for a Use of Insufficiently Random Values vulnerability in the Yokogawa Wide Area Communication Router.
This advisory contains mitigations for a Missing Authentication for Critical Function, Use of Hard-coded Credentials, Insufficient Verification of Data Authenticity, and Use of a Broken or Risky Cryptographic Algorithm vulnerabilities in the Emerson DeltaV Distributed Control System software management platform.
This advisory contains mitigations for a Cross-site Scripting, and OS Command Injection vulnerabilities in the Distributed Data Systems WebHMI SCADA system.
This updated advisory is a follow-up to the original advisory titled ICSA-21-350-05 Mitsubishi Electric FA Engineering Software that was published December 16, 2021, on the ICS webpage on cisa.gov/ics. This advisory contains mitigations for Out-of-bounds Read, and Integer Underflow vulnerabilities in Mitsubishi Electric's FA Engineering Software products.
This updated advisory is a follow-up to the original advisory titled ICSA-15-258-02 3S CODESYS Gateway Server Buffer overflow Vulnerability that was published September 15, 2015, on the ICS webpage at cisa.gov/ics. This advisory provides mitigation details for a heap-based buffer overflow vulnerability in CODESYS Gateway Server products.
This advisory contains mitigations for an Incorrect Default Permissions vulnerability in ABB e-Design engineering software.
This advisory contains mitigations for Cleartext Transmission of Sensitive Information, Insufficient Verification of Data Authenticity, and Plaintext Storage of a Password vulnerabilities in Omron SYSMAC CS/CJ/CP Series and NJ/NX Series programmable logic controllers.
This advisory contains mitigations for a SQL Injection, Missing Authentication for Critical Function, Relative Path Traversal, and Command Injection vulnerabilities in Advantech iView management software.