us-cert

This advisory contains mitigations for an proper Privilege Management vulnerability in Schneider Electric ConneXium Network Manager (CNM) software.

This advisory contains mitigations for mproper Access Control, Unrestricted Upload of File with Dangerous Type, Open Redirect, Cross-site Scripting, and Cross-site Request Forgery vulnerabilities in Uffizio GPS Tracker software.

This advisory contains mitigations for an Authorization Bypass Through User-controlled Key vulnerability in the Mitsubishi Electric MELSEC iQ-R Series CPU Module.

This advisory contains mitigations for a Heap-based Buffer Overflow vulnerability in Siemens SINUMERIK controllers.

This advisory contains mitigations for Improper Limitation of a Pathname to a Restricted Directory, Improper Authorization, Exposure of Sensitive Information to an Unauthorized Actor, Deserialization of Untrusted Data, and Improper Neutralization of Special Elements used in an SQL Command vulnerabilities in Siemens SINEC NMS network management software.

This advisory contains mitigations for Use After Free, Out-of-bounds Read, and Access of Uninitialized Pointer vulnerabilities in Siemens Solid Edge 3D CAD and solid modeling software.

This advisory contains mitigations for Cross-site Request Forgery, OS Command Injection, Classic Buffer Overflow, Command Injection, Path Traversal, and Missing Encryption of Sensitive Data vulnerabilities in the Siemens SCALANCE software management platform.

This advisory contains mitigations for an Uncontrolled Resource Consumption vulnerability in Siemens RUGGEDCOM ROX switches and serial-to-Ethernet devices.

This advisory contains mitigations for a Missing Authentication for Critical Function vulnerability in Siemens SIMATIC Process Historian, a long-term archive system.

This updated advisory is a follow-up to the original advisory titled ICSA-21-259-01 Siemens RUGGEDCOM ROX that was published September 16, 2021, to the ICS webpage on us-cert.cisa.gov. This advisory contains mitigations for Improper Privilege Management, Execution with Unnecessary Privileges, and Improper Handling of Insufficient Permissions or Privileges vulnerabilities in Siemens RUGGEDCOM ROX devices.