us-cert

This updated advisory is a follow-up to the advisory update titled ICSA-21-119-04 Multiple RTOS (Update D) that was published November 30, 2021, to the ICS webpage on www.cisa.gov/uscert. CISA is aware of a public report, known as “BadAlloc” that details vulnerabilities found in multiple real-time operating systems (RTOS) and supporting libraries. This advisory contains mitigations for Integer Overflow or Wraparound vulnerabilities associated with this "BadAlloc" report.

This advisory contains mitigations for an Improper Restriction of XML External Entity Reference vulnerability in the Delta Electronics DMARS program development tool.

This advisory contains mitigation for Stack-based Buffer Overflow, and Out-of-bounds Write vulnerabilities in WECON PLC Editor ladder logic software.

This advisory contains mitigations for Stack-based Buffer Overflow, Out-of-bounds Write, Untrusted Pointer Dereference, Out-of-bounds Read, Access of Uninitialized Pointer, and Heap-based Buffer Overflow vulnerabilities in Fuji Electric Tellus Lite V-Simulator and V-Server Lite remote monitoring and operation software.

This advisory contains mitigation for Unrestricted Upload of File with Dangerous Type, Cleartext Transmission of Sensitive Information, Missing Authentication for Critical Function, Insufficient Verification of Data Authenticity, and Improper Input Validation vulnerabilities in the B. Braun Infusomat Space Large Volume Pump.

This advisory contains mitigations for Out-of-bounds Read, and Out-of-bounds Write vulnerabilities in ICONICS GENESIS64 and Mitsubishi Electric MC Works64 HMI SCADA systems.

This advisory contains mitigations for Cleartext Transmission of Sensitive Information, Cross-site Scripting, Improper Neutralization of Formula Elements in a CSV File, Cleartext Storage of Sensitive Information, Uncontrolled Search Path Element, and Incorrect Default Permissions vulnerabilities in the Delta Electronics DIALink industrial automation server.

This advisory contains mitigations for an Uncontrolled Recursion vulnerability in ICONICS GENESIS64, Mitsubishi Electric MC Works64 third-party OPC Foundation products.

This advisory contains mitigations for numerous vulnerabilities in AUVESY Versiondog data management software for automated production.

This advisory contains mitigations for a Cross-site Scripting vulnerability in Trane Tracer SC HVAC building automation products.