Advisory ICSA-18-345-01

McAfee SINAMICS PERFECT HARMONY GH18012/11/2018 10:05 AM EST This advisory contains mitigation for an improper access control vulnerability in McAfee’s SINAMICS PERFECT HARMONY GH180 human-machine interface drives. CRITICAL INFRASTRUCTURE SECTORS: Chemical, Energy, Food and Agriculture, Healthcare and Public Health, Transportation, Water and Wastewater Systems COUNTRIES/AREAS DEPLOYED: Worldwide ATTENTION: Low skill level to exploit Vendor: McAfee Equipment: SINAMICS PERFECT HARMONY GH180

Advisory ICSA-18-245-02

Siemens SINUMERIK Controllers12/11/2018 10:00 AM EST12/11/2018 10:00 AM EST This advisory includes mitigation for heap-based buffer overflow, integer overflow or wraparound, protection mechanism failure, permissions, privileges, and access controls, stack-based buffer overflow, uncaught exception vulnerabilities in the Siemens SINUMERIK Controllers software. •    CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing•    COUNTRIES/AREAS DEPLOYED: Worldwide ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SINUMERIK Controllers