Security
Headlines
HeadlinesLatestCVEs

Source

us-cert

Johnson Controls Metasys

This advisory contains mitigations for an Unverified Password Change vulnerability in Johnson Controls Metasys ADS, ADX, and OAS servers.

us-cert
Open in Source
#vulnerability
Yokogawa CENTUM and ProSafe-RS

This advisory contains mitigations for a OS Command Injection, Improper Authentication, NULL Pointer Dereference, Improper Input Validation, Resource Management Errors vulnerabilities in Yokogawa CENTUM and ProSafe-RS Distributed Control System and Safety Instrumented System products.

Johnson Controls Metasys

This advisory contains mitigations for an Improper Privilege Management vulnerability in Johnson Controls Metasys ADS/ADX/OAS Servers.

Delta Electronics DIAEnergie (Update B)

This updated advisory is a follow-up to the advisory update titled ICSA-22-081-01 Delta Electronics DIAEnergie (Update A) that was published March 29, 2022, on the ICS webpage at cisa.gov/ics. This advisory contains mitigations for Path Traversal, Incorrect Default Permissions, and SQL Injection vulnerabilities in the Delta Electronics DIAEnergie industrial energy management system.

Hitachi Energy System Data Manager

This advisory contains mitigations for a Integer Overflow or Wraparound, Reachable Assertion, Type Confusion, Uncontrolled Recursion, and Observable Discrepancy vulnerabilities in Hitachi Energy System Data Manager products.

Mitsubishi Electric MELSEC and MELIPC Series (Update B)

This updated advisory is a follow up to the advisory update titled ICSA-21-334-02 Mitsubishi Electric MELSEC and MELIPC Series (Update A) that was published January 27, 2022, to the ICS webpage on www.cisa.gov/uscert. This advisory contains mitigations for Uncontrolled Resource Consumption, Improper Handling of Length Parameter Inconsistency, and Improper Input Validation vulnerabilities in Mitsubishi Electric MELSEC and MELIPC Series software management platforms.

Delta Electronics ASDA-Soft

This advisory contains mitigations for Out-of-bounds Write, and Out-of-bounds Read vulnerabilities in Delta Electronics ASDA-Soft servo software.

Johnson Controls Metasys SCT Pro

This advisory contains mitigations for a Server-side Request Forgery vulnerability in Johnson Controls Metasys SCT Pro building automation software.

Hitachi Energy MicroSCADA Pro/X SYS600

This advisory contains mitigations for Observable Discrepancy, HTTP Request Smuggling, Classic Buffer Overflow, Improper Certificate Validation, Improper Restriction of Operations within the Bounds of a Memory Buffer, and Exposure of Sensitive Information to an Unauthorized Actor vulnerabilities in the Hitachi Energy MicroSCADA Pro/X SYS600 SCADA product.

Interlogix Hills ComNav

This advisory contains mitigations for Improper Restriction of Excessive Authentication Attempts, and Inadequate Encryption Strength vulnerability in Interlogix Hills ComNav remote access integration modules.