Bulletins

SIEMENS CERT
11/14/2023

SSA-264814 V1.2 (Last Update: 2023-11-14): Timing Based Side Channel Vulnerability in the OpenSSL RSA Decryption in SIMATIC Products

Several SIMATIC products are affected by a timing based side channel vulnerability in the OpenSSL RSA Decryption (CVE-2023-4304), as disclosed on 2023-02-07 at https://www.openssl.org/news/secadv/20230207.txt. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for …
SIEMENS CERT
11/14/2023

SSA-268517 V1.0: Code Execution Vulnerability (libwebp CVE-2023-4863) in Mendix Studio Pro

Mendix Studio Pro is vulnerable to an out of bounds write vulnerability in the integrated libwebp library (CVE-2023-4863), that could allow an attacker to execute code in the context of a victim user’s system. Siemens has released updates for the affected products and recommends to update to the latest versions.
SIEMENS CERT
11/14/2023

SSA-292063 V1.0: Multiple Vulnerabilities in Nozomi Guardian/CMC before 22.6.3 and 23.1.0 on RUGGEDCOM APE1808 devices

Nozomi Networks has published information on vulnerabilities in Nozomi Guardian/CMC before V22.6.3 and 23.1.0. This advisory lists the related Siemens Industrial products affected by these vulnerabilities. Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available. Customers are advised to consult and …
SIEMENS CERT
11/14/2023

SSA-306654 V1.8 (Last Update: 2023-11-14): Insyde BIOS Vulnerabilities in Siemens Industrial Products

Insyde has published information on vulnerabilities in Insyde BIOS in February 2022. This advisory lists the Siemens Industrial products affected by these vulnerabilities. Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available.
SIEMENS CERT
11/14/2023

SSA-309571 V1.9 (Last Update: 2023-11-14): IPU 2021.1 Vulnerabilities in Siemens Industrial Products using Intel CPUs (June 2021)

Intel has published information on vulnerabilities in Intel products in June 2021. This advisory lists the related Siemens Industrial products affected by these vulnerabilities that can be patched by applying the corresponding BIOS update. In this advisory we summarize: “2021.1 IPU – Intel® CSME, SPS and LMS Advisory” Intel-SA-00459, “2021.1 …
SIEMENS CERT
11/14/2023

SSA-363107 V1.4 (Last Update: 2023-11-14): An Improper Initialization Vulnerability Affects SIMATIC WinCC Kiosk Mode

A vulnerability was found in SIMATIC WinCC that could allow authenticated attackers to escape the Kiosk Mode. Siemens has released updates for the affected products and recommends to update to the latest versions.
SIEMENS CERT
11/14/2023

SSA-407785 V1.1 (Last Update: 2023-11-14): Multiple X_T File Parsing Vulnerabilities in Parasolid and Teamcenter Visualization

Parasolid and Teamcenter Visualization are affected by memory corruption vulnerabilities that could be triggered when the application reads files in X_T format. If a user is tricked to open a malicious file with the affected applications, an attacker could leverage the vulnerability to perform remote code execution or denial of …
SIEMENS CERT
11/14/2023

SSB-439005 V5.7 (Last Update: 2023-11-14): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP