us-cert

This advisory contains mitigations for an Out-of-bounds Read, Out-of-bounds Write, Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in the PADS Standard and Standard Plus, a PCB schematic design and layout environment.

This advisory contains mitigations for an Out-of-bounds Read vulnerability Simcenter Femap, an advanced simulation application, and Parasolid, a 3D geometric modeling tool.

This advisory contains mitigations for an Out-of-bounds Read vulnerability in Siemens Mendix Applications, a high productivity app platform.

This updated advisory is a follow-up to the advisory update titled ICSA-21-222-05 Siemens Industrial Products Intel CPU (Update C) that was published March 10, 2022, to the ICS webpage on www.cisa.gov/uscert. This advisory contains mitigations for Missing Encryption of Sensitive Data vulnerabilities in Siemens industrial products using some Intel CPUs.

This advisory update is a follow-up to the original advisory titled ICSA-22-041-01 Siemens Industrial Products (Update A) that was published February 10, 2022, to the ICS webpage on us-cert.cisa.gov. This advisory contains mitigations for  Operation on a Resource after Expiration or Release, and Missing Release of Memory after Effective Lifetime vulnerabilities in Siemens Industrial Products using the SIMATIC firmware platform.

This updated advisory is a follow-up to the advisory update titled ICSA-19-085-01 Siemens SCALANCE X (Update C) that was published October 14, 2021, to the ICS webpage on us-cert.gov. This updated advisory includes mitigations for an expected behavior violation vulnerability reported in the Siemens SCALANCE X products.

This updated advisory is a follow-up to the advisory update titled ICSA-21-104-16 Siemens TIA Administrator that was published April 14, 2022, to the ICS webpage on www.cisa.gov/uscert. This advisory contains mitigations for an Uncontrolled Resource Consumption vulnerability in the Siemens TIA Administrator.

This updated advisory is a follow-up to the advisory update titled ICSA-21-194-12 Siemens Wind River VxWorks-based Industrial Products (Update B) that was published May 12, 2022, on the ICS webpage on cisa.gov/ics. This advisory includes mitigations for a Heap-based Buffer Overflow in Siemens Industrial Products incorporating the Wind River VxWorks product.

This updated advisory is a follow-up to the original advisory titled ICSA-22-104-06 Siemens PROFINET Stack Integrated on Interniche Stack (Update A) that was published June 16, 2022, on the ICS webpage on cisa.gov/ics. This advisory contains mitigations for an Uncontrolled Resource Consumption vulnerability in the Siemens PROFINET Stack Integrated on Interniche Stack.

This updated advisory is a follow-up to the original advisory titled ICSA-22-104-07 Siemens Mendix (Update A) that was published June16, 2022, on the ICS webpage on cisa.gov/ics. This advisory contains mitigations for an Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Siemens Mendix, a software platform to build mobile and web applications.