You are here

Home » Cybersecurity

Cybersecurity

Schneider Electric APC Easy UPS On-Line (ICSA-20-224-02)

CISA has published an advisory on a path traversal vulnerability in Schneider Electric APC Easy UPS On-Line. SFAPV9601 v2.0 and earlier are affected. Successful exploitation of the vulnerability could lead to remote code execution. Schneider Electric recommends users of versions below v2.1 to update to the latest version as soon as possible. CISA also recommends a series of measures to mitigate the vulnerability. Read the advisory at CISA.

Siemens SIMATIC, SIMOTICS (ICSA-20-224-05) – Products Used in the Energy Sector

CISA has published an advisory on a TOCTOU race condition vulnerability in Siemens SIMATIC and SIMOTICS. All versions of SIMATIC RF350M and RF650M and SIMOTICS CONNECT 400 are affected. Successful exploitation of this vulnerability could allow an attacker to read a discrete set of traffic over the air after a Wi-Fi device state change. Siemens has identified specific workarounds and mitigations users can apply to reduce the risk. CISA also recommends a series of measures to mitigate the vulnerability.

Siemens Desigo CC (ICSA-20-224-06)

CISA has published an advisory on a code injection vulnerability in Siemens Desigo CC. For Desigo CC and Desigo CC Compact, versions 3.x and 4.x are affected. Successful exploitation of this vulnerability could allow an attacker to gain remote code execution on the server with SYSTEM privileges. Siemens has released patches for the affected products and recommends specific countermeasures for unpatched systems. CISA also recommends a series of measures to mitigate the vulnerability.

Siemens SICAM A8000 RTUs (ICSA-20-224-08) – Product Used in the Energy Sector

CISA has published an advisory on a cross-site scripting vulnerability in Siemens SICAM A8000. All versions prior to C05.30 are affected. Successful exploitation of this vulnerability could compromise the confidentiality, integrity, and availability of the web application. Siemens recommends users update to the latest version, v05.30, as well as apply general security measures. CISA also recommends a series of measures to mitigate the vulnerability.

Siemens Industrial Products SNMP Vulnerabilities (Update B) (ICSA-20-042-02) – Products Used in the Water and Wastewater and Energy Sectors

August 11, 2020

CISA has updated this advisory with additional details on mitigation measures. Read the advisory at CISA.

July 14, 2020

CISA has updated this advisory with additional details on mitigation measures. Read the advisory at CISA.

February 13, 2020

Siemens Industrial Real-Time (IRT) Devices (Update D) (ICSA-19-283-01) - Product Used in the Energy Sector

August 11, 2020

CISA has updated this advisory with additional information on the affected products. Read the advisory at CISA.

February 11, 2020

CISA has updated this advisory with additional information on the affected products and mitigating measures. Read the advisory at CISA.

January 14, 2020

Siemens CP, SIMATIC, SIMOCODE, SINAMICS, SITOP, and TIM (Update I) (ICSA-19-099-06) – Products Used in the Water and Wastewater and Energy Sector

August 11, 2020

CISA has updated this advisory with additional details on the affected products and mitigation measures. Read the advisory at CISA.

June 9, 2020

CISA has updated this advisory with additional details on the affected products and mitigation measures. Read the advisory at CISA.

Pages

Subscribe to Cybersecurity