Today, CISA’s NCCIC-ICS published 15 control system security advisories for products from Mitsubishi Electric India, Datakit, and Siemens (13). They also published a medical device security advisory for products from Braun.
Advisories
Mitsubishi Advisory -
This advisory
describes a signal handler race condition vulnerability in the Mitsubishi
Electric India Ethernet communication Extension unit GC-ENET-COM.
Datakit Advisory -
This advisory
describes five vulnerabilities in the Datakit CrossCAD/Ware_x64 library.
SCALANCE Advisory #1 -
This advisory
discusses the BadAlloc vulnerabilities
in the Siemens SCALANCE X-200, X-200IRT, and X-300 Switch Families.
SCALANCE Advisory #2 -
This advisory
discusses ten vulnerabilities in the Siemens SCALANCE XCM332.
SCALANCE Advisory #3 -
This advisory
describes an inadequate encryption strength vulnerability in the Siemens SCALANCE
X-200IRT Devices.
Polarian Advisory -
This advisory
describes an improper restriction of XML external entity reference in the Siemens
Polarion ALM products.
Teamcenter Advisory -
This advisory
describes a stack-based buffer overflow vulnerability in the Siemens Teamcenter
Visualization and JT2Go products.
Industrial Products
Advisory - This advisory
describes three vulnerabilities in the Siemens Industrial Products.
Mendix Advisory -
This advisory
describes an observable response discrepancy vulnerability in the Siemens Mendix
Forgot Password Module.
SICAM Advisory - This
advisory
describes a command injection vulnerability in the Siemens CPCI85 Firmware of
SICAM A8000 Devices.
SIPROTEC Advisory -
This advisory
describes a NULL pointer dereference vulnerability in the Siemens SIPROTEC 5
Devices.
TIA Portal Advisory -
This advisory
describes an improper input validation vulnerability in the Siemens TIA Portal.
Siemens in OPC
Advisory - This advisory
describes an improper input validation vulnerability in multiple Siemens
products using the OPC Foundation Unified Architecture Local Discovery Server.
JT Open Advisory -
This advisory
describes an out-of-bounds read vulnerability in the Siemens JT Open and JT
Utilities products.
Adaptec Advisory -
This advisory
describes an exposure of sensitive information to unauthorized actor vulnerability
in the Siemens Adaptec maxView Application.
Braun Advisory - This
advisory
describes an eval injection vulnerability in the Braun Battery Pack SP with
Wi-Fi.
For more details on these advisories, including links to
third-party advisories an exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/16-advisories-published-4-13-23
- subscription required.
Posts
