August 2021
10.08.2021
SIEMENS CERT
SSB-439005 V3.6 (Last Update: 2021-08-10): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 151...
Titel
SSB-439005 V3.6 (Last Update: 2021-08-10): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP
Veröffentlicht
10. August 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssb-439005.pdf
Text
10.08.2021
SIEMENS CERT
SSA-324955 V1.3 (Last Update: 2021-08-10): SAD DNS Attack in Linux Based Products
Titel
SSA-324955 V1.3 (Last Update: 2021-08-10): SAD DNS Attack in Linux Based Products
Veröffentlicht
10. August 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-324955.pdf
Text
A vulnerability made public under the name SAD DNS affects Domain Name System resolvers due to a vulnerability in the Linux kernel when handling ICMP packets. The Siemens products which are affected are listed below. For more information please see https://www.saddns.net/. Siemens has released updates for several affected products and ...
10.08.2021
SIEMENS CERT
SSA-286838 V1.1 (Last Update: 2021-08-10): Multiple Vulnerabilities in SINAMICS Medium Voltage Products
Titel
SSA-286838 V1.1 (Last Update: 2021-08-10): Multiple Vulnerabilities in SINAMICS Medium Voltage Products
Veröffentlicht
10. August 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf
Text
SINAMICS medium voltage products, with Sm@rtServer enabled on SIMATIC comfort HMI Panels, are affected by multiple vulnerabilities that could allow an attacker, under certain conditions, to gain full remote access to the HMI. Note that by default Sm@rtServer is disabled, but it can be enabled by the system integrator on ...
10.08.2021
SIEMENS CERT
SSA-938030 V1.0: DGN and PAR File Parsing Vulnerabilities in JT2Go and Teamcenter Visualization before V13.2.0.2
Titel
SSA-938030 V1.0: DGN and PAR File Parsing Vulnerabilities in JT2Go and Teamcenter Visualization before V13.2.0.2
Veröffentlicht
10. August 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-938030.pdf
Text
Siemens has released version V13.2.0.2 for JT2Go and Teamcenter Visualization to fix three vulnerabilities that could be triggered while parsing DGN or PAR files. If a user is tricked to open a malicious file with the affected products, this could lead the application to crash or potential arbitrary code execution. ...
10.08.2021
SIEMENS CERT
SSA-865327 V1.0: Incorrect Authorization Vulnerability in Industrial Products
Titel
SSA-865327 V1.0: Incorrect Authorization Vulnerability in Industrial Products
Veröffentlicht
10. August 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-865327.pdf
Text
The latest updates for the below mentioned products fix a vulnerability that allows an unauthenticated attacker to read PLC variables from affected devices without proper authentication under certain circumstances. Siemens has released updates for some of the affected products, is working on updates for the remaining affected products and recommends ...
10.08.2021
SIEMENS CERT
SSA-818688 V1.0: Multiple Vulnerabilities in Solid Edge before SE2021MP7
Titel
SSA-818688 V1.0: Multiple Vulnerabilities in Solid Edge before SE2021MP7
Veröffentlicht
10. August 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-818688.pdf
Text
Siemens has released a new version for Solid Edge that fixes three vulnerabilities - an XML external entity (XXE) injection, and two file parsing issues which could be triggered when the application reads OBJ files. If a user is tricked to opening a malicious file using the affected application this ...
10.08.2021
SIEMENS CERT
SSA-752103 V1.1 (Last Update: 2021-08-10): Telnet Authentication Vulnerability in SINAMICS Medium Voltage Products
Titel
SSA-752103 V1.1 (Last Update: 2021-08-10): Telnet Authentication Vulnerability in SINAMICS Medium Voltage Products
Veröffentlicht
10. August 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-752103.pdf
Text
SINAMICS medium voltage products, with telnet enabled on SIMATIC comfort HMI Panels, are affected by a remote access vulnerability that could allow an attacker, under certain conditions, to gain full remote access to the HMI. Note that by default telnet is disabled, but it can be enabled by the system ...
10.08.2021
SIEMENS CERT
SSA-844761 V1.2 (Last Update: 2021-08-10): Multiple Vulnerabilities in SiNVR/SiVMS Video Server
Titel
SSA-844761 V1.2 (Last Update: 2021-08-10): Multiple Vulnerabilities in SiNVR/SiVMS Video Server
Veröffentlicht
10. August 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf
Text
The Video Server application in SiNVR/SiVMS solutions contains five vulnerabilities involving information disclosure (CVE-2019-19291, CVE-2019-19299), path traversal (CVE-2019-19296, CVE-2019-19297), and denial-of-service (CVE-2019-19298). PKE has released updates of the application that fixes the reported vulnerabilities, except for CVE-2019-19299. This update is not available under the former Siemens OEM brand name SiNVR. ...
10.08.2021
SIEMENS CERT
SSA-723417 V1.1 (Last Update: 2021-08-10): Multiple Vulnerabilities in SCALANCE W1750D
Titel
SSA-723417 V1.1 (Last Update: 2021-08-10): Multiple Vulnerabilities in SCALANCE W1750D
Veröffentlicht
10. August 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf
Text
Siemens SCALANCE W1750D is a brand-labeled device. Aruba has released a related security advisory ARUBA-PSA-2021-007 disclosing vulnerabilities in its Aruba Instant product line. Siemens is preparing updates and recommends countermeasures for products where updates are not, or not yet available.
10.08.2021
SIEMENS CERT
SSA-678983 V1.2 (Last Update: 2021-08-10): Vulnerabilities in Industrial PCs and CNC devices using Intel CPUs (November 2020)
Titel
SSA-678983 V1.2 (Last Update: 2021-08-10): Vulnerabilities in Industrial PCs and CNC devices using Intel CPUs (November 2020)
Veröffentlicht
10. August 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-678983.pdf
Text
Intel has published information on vulnerabilities in Intel products in November 2020. This advisory lists the Siemens IPC related products, that are affected by these vulnerabilities. In this advisory we take a representative CVE from each advisory: “Intel CSME, SPS, TXE, AMT and DAL Advisory” Intel-SA-00391 is represented by CVE-2020-8745 ...
10.08.2021
SIEMENS CERT
SSA-599968 V1.1 (Last Update: 2021-08-10): Denial-of-Service Vulnerability in Profinet Devices
Titel
SSA-599968 V1.1 (Last Update: 2021-08-10): Denial-of-Service Vulnerability in Profinet Devices
Veröffentlicht
10. August 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-599968.pdf
Text
A vulnerability in affected devices could allow an attacker to perform a denial-of-service attack if a large amount of Profinet Discovery and Configuration Protocol (DCP) reset packets is sent to the affected devices. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens ...
10.08.2021
SIEMENS CERT
SSA-541018 V1.2 (Last Update: 2021-08-10): Embedded TCP/IP Stack Vulnerabilities (AMNESIA:33) in SENTRON PAC / 3VA Devices (Par...
Titel
SSA-541018 V1.2 (Last Update: 2021-08-10): Embedded TCP/IP Stack Vulnerabilities (AMNESIA:33) in SENTRON PAC / 3VA Devices (Part 2)
Veröffentlicht
10. August 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-541018.pdf
Text
Security researchers discovered and disclosed 33 vulnerabilities in several open-source TCP/IP stacks for embedded devices, also known as “AMNESIA:33” vulnerabilities. This advisory describes the impact of two of these vulnerabilities (CVE-2020-13987, CVE-2020-17437) to Siemens products. Siemens has released updates for several affected products and recommends to update to the latest ...
04.08.2021
SIEMENS CERT
SSA-789208 V1.0: Multiple Vulnerabilities (INFRA:HALT) in Interniche IP-Stack based Low Voltage Devices
Titel
SSA-789208 V1.0: Multiple Vulnerabilities (INFRA:HALT) in Interniche IP-Stack based Low Voltage Devices
Veröffentlicht
4. August 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-789208.pdf
Text
Security researchers discovered and disclosed 14 vulnerabilities in the Interniche IP stack, also known as “INFRA:HALT” vulnerabilities [0]. This advisory describes the impact to Siemens low voltage products, which are only affected by four out of the 14 vulnerabilities. Siemens has released updates for the affected products and recommends to ...
04.08.2021
BOSCH PSIRT
Cross Site Request Forgery (CSRF) vulnerability in Bosch IP cameras
Titel
Cross Site Request Forgery (CSRF) vulnerability in Bosch IP cameras
Veröffentlicht
4. August 2021 02:00
URL
https://psirt.bosch.com/security-advisories/bosch-sa-033305-bt.html
Text

BOSCH-SA-033305-BT: The possibility to conduct a CSRF (Cross Site Request Forgery) attack was discovered in a Penetration Test from Kaspersky ICS CERT during a certification effort from Bosch. Bosch rates this vulnerability with CVSSv3.1 base scores of 7.5 (High), where the actual rating depends on the final rating specific to ...

Juli 2021
28.07.2021
US CERT
AA21-209A: Top Routinely Exploited Vulnerabilities
Titel
AA21-209A: Top Routinely Exploited Vulnerabilities
Veröffentlicht
28. Juli 2021 14:00
URL
https://us-cert.cisa.gov/ncas/alerts/aa21-209a
Text
Original release date: July 28, 2021 | Last revised: August 20, 2021SummaryThis Joint Cybersecurity Advisory was coauthored by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Australian Cyber Security Centre (ACSC), the United Kingdom’s National Cyber Security Centre (NCSC), and the U.S. Federal Bureau of Investigation (FBI). This advisory ...
20.07.2021
US CERT
AA21-201A: Chinese Gas Pipeline Intrusion Campaign, 2011 to 2013
Titel
AA21-201A: Chinese Gas Pipeline Intrusion Campaign, 2011 to 2013
Veröffentlicht
20. Juli 2021 15:00
URL
https://us-cert.cisa.gov/ncas/alerts/aa21-201a
Text
Original release date: July 20, 2021 | Last revised: July 21, 2021SummaryThis Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework, Version 9. See the ATT&CK for Enterprise for all referenced threat actor tactics and techniques. Note: CISA released technical information, including indicators of compromise (IOCs), provided ...
20.07.2021
BOSCH PSIRT
Vulnerabilities in CODESYS V2 runtime systems
Titel
Vulnerabilities in CODESYS V2 runtime systems
Veröffentlicht
20. Juli 2021 02:00
URL
https://psirt.bosch.com/security-advisories/bosch-sa-670099.html
Text

BOSCH-SA-670099: The compact systems CS351E and CS351S and the communication module KE350G with integrated PLC contain technology from CODESYS GmbH. The manufacturer CODESYS GmbH published security bulletins \[1\]\[2\] about a weakness in the protocol for the communication between the PLC runtime and clients. By exploiting these vulnerabilities, attackers can send ...

19.07.2021
US CERT
AA21-200B: Chinese State-Sponsored Cyber Operations: Observed TTPs
Titel
AA21-200B: Chinese State-Sponsored Cyber Operations: Observed TTPs
Veröffentlicht
19. Juli 2021 13:00
URL
https://us-cert.cisa.gov/ncas/alerts/aa21-200b
Text
Original release date: July 19, 2021 | Last revised: August 20, 2021SummaryThis advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework, Version 9, and MITRE D3FEND™ framework, version 0.9.2-BETA-3. See the ATT&CK for Enterprise for all referenced threat actor tactics and techniques and the D3FEND framework for ...
19.07.2021
US CERT
AA21-200A: Tactics, Techniques, and Procedures of Indicted APT40 Actors Associated with China’s MSS Hainan State Security Depar...
Titel
AA21-200A: Tactics, Techniques, and Procedures of Indicted APT40 Actors Associated with China’s MSS Hainan State Security Department
Veröffentlicht
19. Juli 2021 13:00
URL
https://us-cert.cisa.gov/ncas/alerts/aa21-200a
Text
Original release date: July 19, 2021 | Last revised: July 20, 2021SummaryThis Joint Cybersecurity Advisory was written by the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) to provide information on a Chinese Advanced Persistent Threat (APT) group known in open-source reporting as APT40. This ...
13.07.2021
SIEMENS CERT
SSA-841348 V1.8 (Last Update: 2021-07-13): Multiple Vulnerabilities in the UMC Stack
Titel
SSA-841348 V1.8 (Last Update: 2021-07-13): Multiple Vulnerabilities in the UMC Stack
Veröffentlicht
13. Juli 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf
Text
The latest update for the below listed products fixes two security vulnerabilities that could allow an attacker to cause a partial Denial-of-Service on the UMC component of the affected devices under certain circumstances, and one vulnerability that could allow an attacker to locally escalate privileges from a user with administrative ...
13.07.2021
SIEMENS CERT
SSA-203306 V1.5 (Last Update: 2021-07-13): Password Vulnerabilities in SIPROTEC 4 and SIPROTEC Compact Relay Families
Titel
SSA-203306 V1.5 (Last Update: 2021-07-13): Password Vulnerabilities in SIPROTEC 4 and SIPROTEC Compact Relay Families
Veröffentlicht
13. Juli 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-203306.pdf
Text
SIPROTEC 4 and SIPROTEC Compact devices could allow access authorization passwords to be reconstructed or overwritten via engineering mechanisms that involve DIGSI 4 and EN100 Ethernet communication modules. Siemens has released updates for several affected products, and recommends specific countermeasures for the remaining products.
13.07.2021
SIEMENS CERT
SSA-729965 V1.0: TLS Certificate Validation Vulnerability in SINUMERIK Integrate Operate Client
Titel
SSA-729965 V1.0: TLS Certificate Validation Vulnerability in SINUMERIK Integrate Operate Client
Veröffentlicht
13. Juli 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-729965.pdf
Text
The latest update for SINUMERIK Integrate Operate Client fixes a vulnerability that could allow an attacker to spoof any SSL server certificate and conduct man-in-the-middle attacks. Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available
13.07.2021
SIEMENS CERT
SSA-324955 V1.2 (Last Update: 2021-07-13): SAD DNS Attack in Linux Based Products
Titel
SSA-324955 V1.2 (Last Update: 2021-07-13): SAD DNS Attack in Linux Based Products
Veröffentlicht
13. Juli 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-324955.pdf
Text
A vulnerability made public under the name SAD DNS affects Domain Name System resolvers due to a vulnerability in the Linux kernel when handling ICMP packets. The Siemens products which are affected are listed below. For more information please see https://www.saddns.net/. Siemens has released updates for several affected products and ...
13.07.2021
SIEMENS CERT
SSA-675303 V1.0: WIBU Systems CodeMeter Runtime Vulnerabilities in Siemens Products
Titel
SSA-675303 V1.0: WIBU Systems CodeMeter Runtime Vulnerabilities in Siemens Products
Veröffentlicht
13. Juli 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-675303.pdf
Text
WIBU Systems disclosed two vulnerabilities and a new release version of CodeMeter Runtime, a product provided by WIBU Systems and used in several Siemens products for license management. The vulnerabilities are described in the section “Vulnerability Classification” below and got assigned the CVE IDs CVE-2021-20093 and CVE-2021-20094. Successful exploitation of ...
13.07.2021
SIEMENS CERT
SSA-661034 V1.0: Incorrect Permission Assignment in Multiple SIMATIC Software Products
Titel
SSA-661034 V1.0: Incorrect Permission Assignment in Multiple SIMATIC Software Products
Veröffentlicht
13. Juli 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-661034.pdf
Text
Multiple SIMATIC software products are affected by a vulnerability that could allow an attacker to change the content of certain metafiles and subsequently manipulate parameters or behaviour of devices configured by the affected software products. Siemens has released an update for the SIMATIC STEP 7 V5.X and recommends to update ...

Letzte Updates

BOSCH PSIRT
10.06.2025
SIEMENS CERT
17.06.2025
US CERT
12.06.2025
US CERT (ICS)
17.06.2025

Nach Quelle

Archiv

2025
2024
2023
2022
2021
2020
2019
2018
2017

Feeds