CISA Releases 18 Industrial Control Systems Advisories

CISA released 18 Industrial Control Systems ICS Advisories. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-317-01 Mitsubishi Electric MELSEC iQ-F Series ICSA-25-317-02 AVEVA Application Server IDE ICSA-25-317-03...

Siemens SICAM P850 family and SICAM P855 family

RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to perform arbitrary actions on the device on behalf of a legitimate user, or impersonate that user. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of...

EUVD-2022-46542

Malicious code in bioql PyPI...

EUVD-2022-34195

Malicious code in bioql PyPI...

EUVD-2022-34185

Malicious code in bioql PyPI...

EUVD-2022-34191

Malicious code in bioql PyPI...

EUVD-2022-34189

Malicious code in bioql PyPI...

EUVD-2022-46442

Malicious code in bioql PyPI...

EUVD-2022-44852

Malicious code in bioql PyPI...

EUVD-2022-34190

Malicious code in bioql PyPI...

EUVD-2022-34192

Malicious code in bioql PyPI...

EUVD-2022-43524

Malicious code in bioql PyPI...

EUVD-2022-34193

Malicious code in bioql PyPI...

EUVD-2022-34184

Malicious code in bioql PyPI...

EUVD-2022-34194

Malicious code in bioql PyPI...

EUVD-2022-34186

Malicious code in bioql PyPI...

CVE-2022-29877

A vulnerability has been identified in SICAM P850 All versions V3.00, SICAM P850 All versions V3.00, SICAM P850 All versions V3.00, SICAM P850 All versions V3.00, SICAM P850 All versions V3.00, SICAM P850 All versions V3.00, SICAM P850 All versions V3.00, SICAM P850 All versions V3.00, SICAM P850...

CVE-2022-29882

A vulnerability has been identified in SICAM T All versions V3.0. Affected devices do not handle uploaded files correctly. An unauthenticated attacker could take advantage of this situation to store an XSS attack, which could - when a legitimate user accesses the error logs - perform arbitrary...

CVE-2022-29873

A vulnerability has been identified in SICAM T All versions V3.0. Affected devices do not properly validate parameters of certain GET and POST requests. This could allow an unauthenticated attacker to set the device to a denial of service state or to control the program counter and, thus, execute...

CVE-2022-29880

A vulnerability has been identified in SICAM T All versions V3.0. Affected devices do not properly validate input in the configuration interface. This could allow an authenticated attacker to place persistent XSS attacks to perform arbitrary actions in the name of a logged user which accesses the...