製品の設計、開発、パッケージング時に施行される厳しい方法および予防措置にもかかわらず、セキュリティ上の脆弱性が生じる可能性があります。
このページには、ARC Informatiqueによって設計された製品に関する既知のセキュリティ警告がすべて記載されています。最新の情報を入手するためには、こまめなアクセスが必要です。
セキュリティの脆弱性は、私たちが非常に深刻に受け止めている問題です。迅速に対応し、お客様のシステムを保護することをお勧めします。
脆弱性を説明し、軽減の取り組みを指導するセキュリティ情報をお客様にご提供しています。
| Alert Id | Status | Last update | Description |
Product | Security bulletin |
| 2022-7 | Completed | Jan 23rd 2023 | A vulnerability affects the configuration of SMS & Email Accounts. CVE Id: CVE-2022-4312 Fixed in PcVue 12.0.28 and PcVue 15.2.4 |
All versions since PcVue 8.10 | SB2022-7 |
| 2022-6 | Completed | Dec 20th 2022 | An Insertion of Sensitive Information in Log File vulnerability affects the DbConnect configuration. CVE Id: CVE-2022-4311 Fixed in PcVue 15.2.3. |
PcVue 15 | SB2022-6 |
| 2022-5 | Completed | Jan 23rd 2023 | A Denial of Service vulnerability affects the IEC 61850 client driver and the ICCP/TASE.2 interface. CVE-2022-38138 Fixed in PcVue 12.0.28 and PcVue 15.2.3 |
IEC 61850 : PcVue 10.0 onward ICCP/TASE.2 : PcVue 15.1 |
SB2022-5 |
| 2022-4 | Completed | Sep 19th 2022 |
A vulnerability affects the configuration of the OAuth web service. CVE-2022-2569 |
PcVue 12 PcVue 15 |
SB2022-4 |
| 2022-3 | Completed | Jan 7th 2022 |
During the Miami Pwn2Own contest the Zero Days Initiative (ZDI) reported multiple vulnerabilities. |
UaGateway versions prior to 1.5.10 | Refer to Unified Automation Security Bulletins for more details. |
| 2022-2 | Completed | Jul 5th 2022 | CVE-2021-45117 – OPC Foundation, autogenerated ANSI C Stack Stubs CVE-2022-0778 – OpenSSL library Fixed in UaGateway version 1.5.9 |
UaGateway versions prior to 1.5.9 | Refer to Unified Automation Security Bulletins for more details. |
| 2022-1 | Completed | Feb 28th 2022 | Ocean Data Systems Dream Report privilege escalation vulnerabilities. Dream Report 5 : CVE-2020-13532, CVE-2020-13533, CVE-2020-13534 Dream Report 2020 : CVE-2021-21957 Fixed in Dream Report 2020 R2 SP1 |
Dream Report | |
| 2021-1 | Completed | Dec 16th 2021 | Timeline and concerns related to the Apache Log4j vulnerability CVE-2021-44228, CVE-2021-45046 |
SB2021-1 | |
| 2020-1 | Completed | Aug 2nd 2021 |
3 vulnerabilities affect the interface between the Web & Mobile back end and the web services hosted in Microsoft IIS |
PcVue 8.10 and later | SB2020-1 |
| 2018-1 | Completed | Jan 22nd 2018 | ICS-ALERT-18-011-01B: Timeline and concerns related to the Microsoft Windows updates designed to mitigate the Meltdown & Spectre vulnerabilities | PcVue, FrontVue, PlantVue, Partner products |
SB2018-1 |
| 2012-2 | Completed | Aug 30th 2012 |
ICSA-12-024-01: Ocean Data Systems Dream Reports XSS and write access violation vunlerabilities. |
Dream Report versions prior to 4.0 | - |
| 2012-1 | Completed | Nov 21st 2014 | ActiveBar, a 3rd party component used in our products is subject to an alert. More information is available at Microsoft KB2562937 Microsoft released a Windows security update addressing this issue in August 2011. |
PcVue 6.0 and later, FrontVue - All versions, PlantVue - All versions |
SB2012-1 |
| 2011-1 | Completed | Nov 21st 2014 |
ICS-ALERT-11-271-01: PcVue HMI/SCADA multiple ActiveX Vulnerabilities |
PcVue 6.0 and later, FrontVue - All versions, PlantVue - All versions |
SB2011-1 |
脆弱性のレポートやフィードバックのご提供 – secure@arcinfo.com まで電子メールでお問い合わせください