us-cert

This advisory contains mitigations for a Use After Free vulnerability in Siemens Industrial Devices using libcurl.

This advisory contains mitigations for an Out-of-bounds Write vulnerability in the Siemens Simcenter Femap advanced simulation application.

This advisory contains mitigations for a Classic Buffer Overflow vulnerability in the open-source implementation of the ISO/IEC vehicle-to-grid communication interface (V2G CI) standard.

This advisory contains mitigations for Stack-based Buffer Overflow, and Improper Restriction of XML External Entity Reference vulnerabilities in the Siemens Teamcenter product lifecycle management software.

This updated advisory is a follow-up to the original advisory titled ICSA-22-104-05 Siemens OpenSSL Vulnerabilities in Industrial Products that was published April 14, 2022, on the ICS webpage at cisa.gov/ics. This advisory contains mitigations for a NULL Pointer Dereference vulnerability in the Siemens OpenSSL.

This updated advisory is a follow-up to the original advisory titled ICSA-22-102-04 Mitsubishi Electric GT25-WLAN that was published April 12, 2022, on the ICS webpage on cisa.gov/ics. This advisory contains mitigations for Improper Removal of Sensitive Information Before Storage or Transfer, Inadequate Encryption Strength, Missing Authentication for Critical Function, Injection, and Improper Input Validation vulnerabilities in Mitsubishi Electric GT25-WLAN wireless communication units.

This updated advisory is a follow-up to the advisory update titled ICSA-22-041-02 Siemens SIMATIC WinCC and PCS (Update A) that was published April 14, 2022, to the ICS webpage on cisa.gov/ics. This advisory contains mitigations for a Exposure of Sensitive Information to an Unauthorized Actor, Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in Siemens SIMATIC WinCC and PCS industrial automation products.

This advisory contains mitigations for a Files or Directories Accessible to External Parties vulnerability in the Adminer database tool.

This advisory contains mitigations for a Cross-site Scripting vulnerability in the Eaton Intelligent Power Protector (IPP) power protection platform.

This advisory contains mitigations for Cross-site Scripting, Reflected Cross-site Scripting, and Improper Neutralization of Formula in a CSV File vulnerabilities in Eaton Intelligent Power Manager Infrastructure power monitoring products.