Security
Headlines
HeadlinesLatestCVEs

Source

us-cert

Medtronic NGP 600 Series Insulin Pumps

This advisory contains mitigations for a Protection Mechanism Failure vulnerability in versions of Medtronic NGP 600 Series Insulin Pumps and accessory components.

us-cert
Open in Source
#vulnerability
Dataprobe iBoot-PDU

This advisory contains mitigations for OS Command Injection, Path Traversal, Exposure of Sensitive Information to an Unauthorized Actor, Improper Access Control, Improper Authorization, Incorrect Authorization, and SSRF vulnerabilities in versions of Dataprobe iBoot-PDU FW products.

Host Engineering Communications Module

This advisory contains mitigations for a Stack-based Buffer overflow vulnerability in versions of Host Engineering H0-ECOM100 Communications Module products.

Siemens Mobility CoreShield OWG Software

This advisory contains mitigations for an Improper Access Control vulnerability in versions of Siemens CoreShield One-Way Gateway (OWG) Software.

Siemens Simcenter Femap and Parasolid

This advisory contains mitigations for Multiple File Parsing vulnerabilities in Siemens Simcenter Femap and Parasolid products.

Siemens RUGGEDCOM ROS

This advisory contains mitigations for an Uncontrolled Resource Consumption vulnerability in Siemens RUGGEDCOM ROS products.

Siemens Mendix SAML Module

This advisory contains mitigations for an Authentication Bypass by Capture-replay vulnerability in Siemens Mendix SAML Module products.

Siemens SINEC INS

This advisory contains mitigations for Improper Input Validation, Integer Overflow or Wraparound, Uncontrolled Resource Consumption, Command Injection, Inadequate Encryption Strength, Missing Encryption of Sensitive Data, Improper Restriction of Operations Within the Bounds of a Memory Buffer, Exposure of Private Personal Information to an Unauthorized Actor, Open Redirect, Improper Resource Shutdown or Release, and Server-Side Request Forgery (SSRF) vulnerabilities in Siemens SINEC INS products.

Siemens RUGGEDCOM ROS (Update A)

This updated advisory is a follow-up to the original advisory titled ICSA-19-344-03 Siemens RUGGEDCOM ROS that was published December 10, 2019, on the ICS webpage on cisa.gov/ICS. This advisory contains mitigations for Improper Restriction of Operations within the Bounds of a Memory Buffer and Resource Management Errors vulnerabilities in multiple Siemens RUGGEDCOM ROS products.

Delta Industrial Automation DIAEnergie

This advisory contains mitigations for a Use of Hard-coded Credentials vulnerability in verisons of DIAEnergie, an industrial energy management system.