OT Advisories

Fuji Electric Fixes Tellus Lite V-Simulator

Fuji Electric has an update available to handle out-of-bounds write and stack-based buffer overflow vulnerabilities in its Tellus Lite V-Simulator, according to a report with CISA.

Rockwell Clears FactoryTalk View SE Issue

Rockwell Automation has a fix available to handle an improper authentication vulnerability in its FactoryTalk View SE, according to a report with CISA.

Rockwell Fixes Permission Issue in FactoryTalk View SE

Rockwell Automation has a fix available to handle an incorrect permission assignment for critical resource vulnerability in its FactoryTalk View SE, according to a report with CISA.

FactoryTalk View SE Authentication Issue Fixed

Rockwell Automation has a fix available to handle an improper authentication vulnerability in its FactoryTalk View SE, according to a report with CISA.

Siemens Fixes TIA Administrator

Siemens has an update available to handle a creation of temporary file in directory with insecure permissions vulnerability in its TIA Administrator, according to a report with CISA.

Siemens Workaround for SIMATIC Smart Devices

Siemens has a workaround available to handle an use of insufficiently random values vulnerability in its SIMATIC S7-200 SMART devices, according to a report with CISA.

Intrado Patches 911 Emergency Gateway

Intrado has a patch available to handle a SQL injection vulnerability in its 911 Emergency Gateway (EGW), according to a report with CISA.

AVEVA Fixes for PI Asset Framework Client

AVEVA has a series of mitigations to handle a deserialization of untrusted data vulnerability in its PI Asset Framework Client, according to a report with CISA.

AVEVA Mitigations for PI Web API

AVEVA has a series of mitigations available to handle a deserialization of untrusted data vulnerability in its PI Web API, according a report with CISA.

Rockwell Fixes Controller Issue

Rockwell Automation updated its ControlLogix, GuardLogix and CompactLogix to handle an always-incorrect control flow implementation vulnerability, according to a report with CISA.

Mitsubishi Electric Updates CC-Link Managed Switch

Mitsubishi Electric has an update available to handle an allocation of resources without limits or throttling vulnerability in its CC-Link IE TSN Industrial Managed Switch, according to a report with CISA.

Johnson Controls Not Fixing Door Controller

Johnson Controls Inc. will not fix a missing authentication for critical function vulnerability in its Software House iStar Pro Door Controller, ICU, because it is at end of life, according to a report with CISA.

Emerson Fixes PACSystem, Fanuc

Emerson has updates and mitigations to handle cleartext transmission of sensitive information, insufficient verification of data authenticity insufficiently protected credentials, and download of code without integrity check vulnerabilities in its PACSystem and Fanuc lines, according to a report with CISA.

Emerson Updates Ovation Issues

Emerson has updates available to handle missing authentication for critical function and insufficient verification of data authenticity vulnerabilities in its Ovation, according to a report with CISA.

Uniview Fixes Video Recorder

Uniview has a fix available to handle a cross-site scripting vulnerability in its NVR301-04S2-P4 where public exploits are available, according to a report with CISA.

LenelS2 Fixes NetBox

LenelS2 has an update available to handle use of hard-coded password, OS command injection and argument injection vulnerabilities in its NetBox, according to a report with CISA.

Inosoft Fixes VisiWin Hole

Inosoft has an update available to handle an incorrect default permissions vulnerability in its VisiWin, according to a report with CISA.

Westermo Mitigations for EDW-100

Westermo has a series of mitigations available to handle use of hard-coded password and insufficiently protected credentials vulnerabilities in its EDW-100, according to a report with CISA.

Fuji Electric Updates Monitouch V-SFT

Fuji Electric has an update available to handle out-of-bounds write and stack-based buffer overflow vulnerabilities in its Monitouch V-SFT, according to a report with CISA.

Campbell Scientific Fixes CSI Web Server

Campbell Scientific has an updated version available to handle path traversal and weak encoding for password vulnerabilities in its CSI Web Server, according to a report with CISA.

ISSSource

Pin It on Pinterest