Source
us-cert
This advisory contains mitigations for Stack-based Buffer Overflow, and Improper Restriction of XML External Entity Reference vulnerabilities in the Siemens Teamcenter product lifecycle management software.
This updated advisory is a follow-up to the original advisory titled ICSA-22-104-05 Siemens OpenSSL Vulnerabilities in Industrial Products that was published April 14, 2022, on the ICS webpage at cisa.gov/ics. This advisory contains mitigations for a NULL Pointer Dereference vulnerability in the Siemens OpenSSL.
This updated advisory is a follow-up to the original advisory titled ICSA-22-102-04 Mitsubishi Electric GT25-WLAN that was published April 12, 2022, on the ICS webpage on cisa.gov/ics. This advisory contains mitigations for Improper Removal of Sensitive Information Before Storage or Transfer, Inadequate Encryption Strength, Missing Authentication for Critical Function, Injection, and Improper Input Validation vulnerabilities in Mitsubishi Electric GT25-WLAN wireless communication units.
This updated advisory is a follow-up to the advisory update titled ICSA-22-041-02 Siemens SIMATIC WinCC and PCS (Update A) that was published April 14, 2022, to the ICS webpage on cisa.gov/ics. This advisory contains mitigations for a Exposure of Sensitive Information to an Unauthorized Actor, Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in Siemens SIMATIC WinCC and PCS industrial automation products.
This advisory contains mitigations for a Files or Directories Accessible to External Parties vulnerability in the Adminer database tool.
This advisory contains mitigations for a Cross-site Scripting vulnerability in the Eaton Intelligent Power Protector (IPP) power protection platform.
This advisory contains mitigations for Cross-site Scripting, Reflected Cross-site Scripting, and Improper Neutralization of Formula in a CSV File vulnerabilities in Eaton Intelligent Power Manager Infrastructure power monitoring products.
This advisory contains mitigations for a Cross-site Scripting vulnerability in the Eaton Intelligent Power Manager power management platform.
This advisory contains mitigations for an Exposure of Resource to Wrong Sphere vulnerability in AVEVA InTouch Access Anywhere and Plant SCADA Access Anywhere HMI products.
This advisory contains mitigations for Out-of-bounds Read, and Integer Overflow or Wraparound vulnerabilities in Mitsubishi Electric MELSOFT GT OPC UA client connection products.