Alert Id | Status | Last update | Description | Product | Security bulletin |
---|---|---|---|---|---|
2024‑1 | In progress | July 4th 2024 | A Buffer overflow vulnerability affects the IEC 61850 client driver. CVE Id : Assignment in progress Fixed in: PcVue 15.2.9, PcVue 16.1.2, PcVue 16.2.0 Patch planned in: PcVue 12.0.30 |
All versions since PcVue 10.0 | SB2024-1 |
2023‑4 | Completed | July 4th 2024 | Use of a vulnerable version of the Mosquitto library. CVE Id: CVE-2023-0809, CVE-2023-3592 Fixed in : PcVue 16.1.2, PcVue 16.2.0 |
All versions since PcVue 15.0 |
SB2023-4 |
2023‑3 | Completed | July 4th 2024 | Use of a vulnerable version of the OpenSSL library. CVE Id: CVE-2022-4304 Fixed in: PcVue 16.1.0 (OpenSSL 3.1.2), PcVue 16.2.0 (OpenSSL 3.2.1) CVE Id: CVE-2023-4807, CVE-2023-5678 Fixed in: PcVue 16.1.2 (OpenSSL 3.2.0), PcVue 16.2.0 (OpenSSL 3.2.1) |
PcVue 12 PcVue 15 PcVue 16 |
SB2023-3 |
2023‑2 | In progress | July 4th 2024 | Remote Code Execution vulnerability in the Microsoft Visual Basic for Applications runtime CVE Id: CVE-2010-0815 (MS10-031), CVE-2012-1854 (MS12-046) Patch provided with: PcVue 16.1.1, PcVue 16.0.4, PcVue 15.2.8, FrontVue 16.1.1, FrontVue 15.2.8, PcVue 16.2.0, FrontVue 16.2.0 Patch planned for: PcVue 12.0.30, FrontVue 12.0.30 |
PcVue version 9.0 to 16.1 FrontVue version 4.2 to 16.1 |
SB2023-2 |
2023‑1 | Completed | Oct 2nd 2023 |
Multiple vulnerabilities have been fixed in the UaGateway :
- ZDI-CAN-20497 - Use-After-Free Denial-of-Service |
UaGateway versions prior to 1.5.14 | Refer to Unified Automation Security Bulletins and UaGateway Changelog for more details. |
2022‑7 | Completed | Jan 23rd 2023 |
A vulnerability affects the configuration of SMS & Email Accounts. CVE Id: CVE-2022-4312 Fixed in PcVue 12.0.28 and PcVue 15.2.4 |
All versions since PcVue 8.10 | SB2022-7 |
2022‑6 | Completed | Dec 20th 2022 |
An Insertion of Sensitive Information in Log File vulnerability affects the DbConnect configuration. CVE Id: CVE-2022-4311 Fixed in PcVue 15.2.3. |
PcVue 15 | SB2022-6 |
2022‑5 | Completed | Jan 23rd 2023 |
A Denial of Service vulnerability affects the IEC 61850 client driver and the ICCP/TASE.2 interface. CVE-2022-38138 Fixed in PcVue 12.0.28 and PcVue 15.2.3 |
IEC 61850 : PcVue 10.0 onward ICCP/TASE.2 : PcVue 15.1 |
SB2022-5 |
2022‑4 | Completed | Sep 19th 2022 |
A vulnerability affects the configuration of the OAuth web service. CVE-2022-2569 Fixed in PcVue 12.0.27 and PcVue 15.2.3 |
PcVue 12 PcVue 15 |
SB2022-4 |
2022‑3 | Completed | Jan 7th 2022 |
During the Miami Pwn2Own contest the Zero Days Initiative (ZDI) reported multiple vulnerabilities. - CVE-2022-29862 - Chained Certificate Loop PoD - CVE-2022-29864 - Reference Counter Decrement DoS Fixed in UaGateway version 1.5.10 |
UaGateway versions prior to 1.5.10 | Refer to Unified Automation Security Bulletins for more details. |
2022‑2 | Completed | Jul 5th 2022 |
CVE-2021-45117 - OPC Foundation, autogenerated ANSI C Stack Stubs CVE-2022-0778 - OpenSSL library Fixed in UaGateway version 1.5.9 |
UaGateway versions prior to 1.5.9 | Refer to Unified Automation Security Bulletins for more details. |
2022‑1 | Completed | Feb 28th 2022 |
Ocean Data Systems Dream Report privilege escalation vulnerabilities. - Dream Report 5: CVE-2020-13532, CVE-2020-13533, CVE-2020-13534 - Dream Report 2020: CVE-2021-21957 Fixed in Dream Report 2020 R2 SP1 |
Dream Report | |
2021‑1 | Completed | Dec 16th 2021 |
Timeline and concerns related to the Apache Log4j vulnerability CVE-2021-44228, CVE-2021-45046 |
SB2021-1 | |
2020‑1 | Completed | Aug 2nd 2021 |
3 vulnerabilities affect the interface between the Web & Mobile back end and the web services hosted in Microsoft IIS CVE-2020-26867, CVE-2020-26868, CVE-2020-26869 |
PcVue 8.10 and later | SB2020-1 |
2018‑1 | Completed | Jan 22nd 2018 | ICS-ALERT-18-011-01B: Timeline and concerns related to the Microsoft Windows updates designed to mitigate the Meltdown & Spectre vulnerabilities |
PcVue, FrontVue, PlantVue, Partner products |
SB2018-1 |
2012‑2 | Completed | Aug 30th 2012 |
ICSA-12-024-01: Ocean Data Systems Dream Reports XSS and write access violation vunlerabilities. CVE-2011-4038, CVE-2011-4039 |
Dream Report versions prior to 4.0 | - |
2012‑1 | Completed | Nov 21st 2014 |
ActiveBar, a 3rd party component used in our products is subject to an alert. More information is available at Microsoft KB2562937 Microsoft released a Windows security update addressing this issue in August 2011. |
PcVue 6.0 and later, FrontVue - All versions, PlantVue - All versions |
SB2012-1 |
2011‑1 | Completed | Nov 21st 2014 |
ICS-ALERT-11-271-01: PcVue HMI/SCADA multiple ActiveX Vulnerabilities CVE-2011-4042, CVE-2011-4043, CVE-2011-4044, CVE-2011-4045 |
PcVue 6.0 and later, FrontVue - All versions, PlantVue - All versions |
SB2011-1 |