Monday, January 24, 2022
DHS

ICONICS and Mitsubishi Electric HMI SCADA

This advisory contains mitigations for Cross-site Scripting, Incomplete List of Disallowed Inputs, Plaintext Storage of a Password, and Buffer Over-read vulnerabilities in ICONICS Product Suite and Mitsubishi Electric MC Works64 HMI SCADA products.
DHS

Philips Vue PACS (Update A)

This updated advisory is a follow-up to the original advisory titled ICSMA-21-87-01 Philips Vue PACS that was published July 6, 2021, to the ICS webpage on www.cisa.gov/uscert/ics. This advisory contains mitigations for numerous vulnerabilities in Philips Vue PACS products. 
DHS

Mitsubishi Electric GOT and Tension Controller (Update A)

This updated advisory is a follow-up to the original advisory titled ICSA-21-131-02 Mitsubishi Electric GOT and Tension Controller that was published May 11, 2021, to the ICS webpage on www.cisa.gov/uscert/ics. This advisory contains mitigations for a Buffer Access with...
DHS

Mitsubishi Electric GOT and Tension Controller (Update B)

This updated advisory is a follow-up to the advisory update titled ICSA-20-343-02 Mitsubishi Electric GOT and Tension Controller (Update A) that was published May 11, 2021, to the ICS webpage on www.cisa.gov/uscert/ics. This advisory contains mitigations for an Out-of-bounds Read...
DHS

Mitsubishi Electric MELSEC-F Series

This advisory contains mitigations for a Lack of Administrator Control Over Security vulnerability in the Mitsubishi Electric MELSEC-F Series FX3U-ENET Ethernet-Internet block.
DHS

Siemens SICAM A8000

This advisory contains mitigations for Use of Hard-coded Credentials, and Improper Access Control vulnerabilities in Siemens SICAM A8000 remote terminal units.
DHS

Siemens Energy PLUSCONTROL

This advisory contains mitigations for Type Confusion, Improper Validation of Specified Quantity in Input, Buffer Access with Incorrect Length Value, Integer Underflow, and Improper Handling of Inconsistent Structural Elements vulnerabilities in Siemens Energy PLUSCONTROL high-power energy transmission control devices.
DHS

Siemens SIPROTEC 5 Devices

This advisory contains mitigations for an Improper Input Validation vulnerability in Siemens SIPROTEC 5 digital field devices.
DHS

Siemens COMOS Web

This advisory contains mitigations for Basic XSS, Relative Path Traversal, SQL Injection, abd Cross-site Request Forgery vulnerabilities in the Siemens COMOS Web unified data platform.
DHS

Siemens SICAM PQ Analyzer

This advisory contains mitigations for an Unquoted Search Path or Element vulnerability in the Siemens SICAM PQ Analyzer power quality system software.
DHS

Mitsubishi Electric MELSEC-F Series

This advisory contains mitigations for an Improper Initialization vulnerability in the Mitsubishi Electric MELSEC-F Series FX3U-ENET Ethernet-Internet block,
DHS

Trane Symbio (Update B)

The updated advisory is a follow-up to the advisory update titled ICSA-21-266-01 Trane Symbio (Update A) that was published on November 18, 2021, to the ICS webpage on www.cisa.gov/uscert. This advisory contains mitigations for a Code Injection vulnerability in...
DHS

Siemens Nucleus DNS (Update A)

This updated advisory is a follow-up to the original advisory titled ICSA-21-103-14 Siemens Nucleus DNS that was published April 13, 2021, to the ICS webpage on www.cisa.gov/uscert. This advisory contains mitigations for a Use of Insufficiently Random Values vulnerability...
DHS

Mitsubishi Electric MELSEC iQ-R, Q and L Series (Update B)

This updated advisory is a follow-up to the advisory update ICSA-20-303-01 Mitsubishi Electric MELSEC iQ-R, Q and L Series (Update A) that was published May 18, 2021, to the ICS webpage on www.cisa.gov/uscert. This advisory contains mitigations for an...
DHS

Johnson Controls VideoEdge

This advisory contains mitigations for an Improper Handling of Syntactically Invalid Structure vulnerability in the Sensormatic Electronics VideoEdge network video recorder. Sensormatic Electronics is a subsidiary of Johnson Controls.
DHS

Philips Engage Software

This advisory contains mitigations for an Improper Access Control vulnerability in Philips Engage customer support software platform.
DHS

Omron CX-One

This advisory contains mitigations for a Stack-based Buffer Overflow vulnerability Omron CX-One automation software.
DHS

Fernhill SCADA

This advisory contains mitigations for an Uncontrolled Resource Consumption vulnerability the Fernhill SCADA Server background service (daemon).
DHS

IDEC PLCs

This advisory contains mitigations for Unprotected Transport of Credentials, and Plaintext Storage of a Password vulnerabilities in the IDEC PLC program.
DHS

Moxa MGate Protocol Gateways

This advisory contains mitigations for a Cross-site Scripting vulnerability in the Moxa MGate Protocol Gateways, a serial-to-Ethernet Modbus gateway.

Linux Servers at Risk of RCE Due to Critical CWP Bugs

The two flaws in Control Web Panel – a popular web hosting management software used by 200K+ servers – allow code execution as root on Linux servers.

Trickbot Injections Get Harder to Detect & Analyze

The authors of the infamous malware family have added measures for better protecting malicious code injections against inspection and research.

AT&T announces multi-gigabit fiber: $110 a month for 2Gbps, $180 for 5Gbps

Enlarge (credit: Getty Images | zf L) AT&T has started offering 2Gbps and 5Gbps symmetrical Internet speeds over its fiber-to-the-home network, the telecom company announced today. The multi-gigabit speeds are...

Registration for the (ISC)² Entry-Level Cybersecurity Certification Exam Pilot Program Is Now Open

New certification validates students' and career changers' foundational skills and helps kickstart their cybersecurity careers.
SecurityWeek

DC, 3 States Sue Google Saying it Invades Users' Privacy

The District of Columbia and three states are suing Google for allegedly deceiving consumers and invading their privacy by making it nearly impossible for them to stop their location from being tracked. read more