September 2021
16.09.2021
US CERT
AA21-259A: APT Actors Exploiting Newly Identified Vulnerability in ManageEngine ADSelfService Plus
Titel
AA21-259A: APT Actors Exploiting Newly Identified Vulnerability in ManageEngine ADSelfService Plus
Veröffentlicht
16. September 2021 19:00
URL
https://us-cert.cisa.gov/ncas/alerts/aa21-259a
Text
Original release date: September 16, 2021SummaryThis Joint Cybersecurity Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework, Version 8. See the ATT&CK for Enterprise for referenced threat actor tactics and for techniques. This joint advisory is the result of analytic efforts between the Federal Bureau of Investigation ...
16.09.2021
US CERT (ICS)
Siemens RUGGEDCOM ROX
Titel
Siemens RUGGEDCOM ROX
Veröffentlicht
16. September 2021 16:05
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-259-01
Text
This advisory contains mitigations for Exposure of Sensitive Information to an Unauthorized Actor, Execution with Unnecessary Privileges, and Improper Handling of Insufficient Permissions or Privileges vulnerabilities in Siemens RUGGEDCOM ROX devices.
16.09.2021
US CERT (ICS)
Schneider Electric EcoStruxure and SCADAPack
Titel
Schneider Electric EcoStruxure and SCADAPack
Veröffentlicht
16. September 2021 16:00
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-259-02
Text
This advisory contains mitigations for a Path Traversal vulnerability in Schneider Electric EcoStruxure Control Expert, EcoStruxure Process Expert, SCADAPack RemoteConnect software designed for the x70 SCADAPack system.
14.09.2021
US CERT (ICS)
Digi PortServer TS 16
Titel
Digi PortServer TS 16
Veröffentlicht
14. September 2021 17:26
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-257-01
Text
This advisory contains mitigations for an Improper Authentication vulnerability in Digi PortServer TS 16 terminal servers.
14.09.2021
US CERT (ICS)
Johnson Controls Sensormatic Electronics KT-1
Titel
Johnson Controls Sensormatic Electronics KT-1
Veröffentlicht
14. September 2021 17:24
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-257-02-0
Text
This advisory contains mitigations for an Authentication Bypass by Capture-replay vulnerability in Sensormatic Electronics KT-1 door controllers. Sensormatic Electronics is a subsidiary of Johnson Controls.
14.09.2021
US CERT (ICS)
Schneider Electric Struxureware Data Center Expert
Titel
Schneider Electric Struxureware Data Center Expert
Veröffentlicht
14. September 2021 17:22
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-257-03
Text
This advisory contains mitigations for OS Command Injection, and Path Traversal vulnerabilities in Schneider Electric Struxureware Data Center Expert monitoring software.
14.09.2021
US CERT (ICS)
Siemens Simcenter Femap
Titel
Siemens Simcenter Femap
Veröffentlicht
14. September 2021 17:20
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-257-04
Text
This advisory contains mitigations for an Out-of-bounds Read vulnerability in the Siemens Simenter Femap simulation application.
14.09.2021
US CERT (ICS)
Siemens Simcenter STAR-CCM+ Viewer
Titel
Siemens Simcenter STAR-CCM+ Viewer
Veröffentlicht
14. September 2021 17:18
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-257-05
Text
This advisory contains mitigations for an Out-of-bounds Write vulnerability in the Siemens Simcenter Star-CCM+ Viewer simulation application.
14.09.2021
US CERT (ICS)
Siemens SIMATIC CP
Titel
Siemens SIMATIC CP
Veröffentlicht
14. September 2021 17:16
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-257-06
Text
This advisory contains mitigations for a Cleartext Storage of Sensitive Information vulnerability in Siemens SIMATIC CP communication processors.
14.09.2021
US CERT (ICS)
Siemens APOGEE and TALON
Titel
Siemens APOGEE and TALON
Veröffentlicht
14. September 2021 17:14
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-257-07
Text
This advisory contains mitigations for a Classic Buffer Overflow vulnerability in Siemens APOGEE and TALON building automation systems.
14.09.2021
US CERT (ICS)
Siemens Teamcenter Active Workspace
Titel
Siemens Teamcenter Active Workspace
Veröffentlicht
14. September 2021 17:12
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-257-08
Text
This advisory contains mitigations for a Path Traversal vulnerability in the Siemens Teamcenter Active Workspace product lifecycle management system.
14.09.2021
US CERT (ICS)
Siemens Teamcenter
Titel
Siemens Teamcenter
Veröffentlicht
14. September 2021 17:12
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-257-08
Text
This advisory contains mitigations for Privilege Defined with Unsafe Actions, Authorization Bypass Through User-Controlled Key, and Improper Restriction of XML External Entity Reference vulnerabilities in the Siemens Teamcenter virtualization platform.
14.09.2021
US CERT (ICS)
Siemens NX
Titel
Siemens NX
Veröffentlicht
14. September 2021 17:10
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-257-09
Text
This advisory contains mitigations for Use After Free, and Out-of-bounds Read vulnerabilities in Siemens NX industrial software.
14.09.2021
US CERT (ICS)
Siemens SIPROTEC 5 relays
Titel
Siemens SIPROTEC 5 relays
Veröffentlicht
14. September 2021 17:08
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-257-10
Text
This advisory contains mitigations for Classic Buffer Overflow vulnerabilities in Siemens SIPROTEC 5 relays.
14.09.2021
SIEMENS CERT
SSA-938030 V1.1 (Last Update: 2021-09-14): DGN and PAR File Parsing Vulnerabilities in JT2Go and Teamcenter Visualization befor...
Titel
SSA-938030 V1.1 (Last Update: 2021-09-14): DGN and PAR File Parsing Vulnerabilities in JT2Go and Teamcenter Visualization before V13.2.0.2
Veröffentlicht
14. September 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-938030.pdf
Text
Siemens has released version V13.2.0.2 for JT2Go and Teamcenter Visualization to fix three vulnerabilities that could be triggered while parsing DGN or PAR files. If a user is tricked to open a malicious file with the affected products, this could lead the application to crash or potential arbitrary code execution. ...
14.09.2021
SIEMENS CERT
SSA-434535 V1.1 (Last Update: 2021-09-14): Memory Protection Bypass Vulnerability in SINAMICS PERFECT HARMONY GH180 Drives
Titel
SSA-434535 V1.1 (Last Update: 2021-09-14): Memory Protection Bypass Vulnerability in SINAMICS PERFECT HARMONY GH180 Drives
Veröffentlicht
14. September 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-434535.pdf
Text
Several models of SINAMICS PERFECT HARMONY GH180 Drives are affected by a memory protection bypass vulnerability in the integrated S7-1500 or S7-1200 CPU that could allow an attacker to write arbitrary data and code to protected memory areas or read sensitive data to launch further attacks on the CPU. Siemens ...
14.09.2021
SIEMENS CERT
SSA-434534 V1.1 (Last Update: 2021-09-14): Memory Protection Bypass Vulnerability in SIMATIC S7-1200 and S7-1500 CPU Families
Titel
SSA-434534 V1.1 (Last Update: 2021-09-14): Memory Protection Bypass Vulnerability in SIMATIC S7-1200 and S7-1500 CPU Families
Veröffentlicht
14. September 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-434534.pdf
Text
SIMATIC S7-1200 and S7-1500 CPU products contain a memory protection bypass vulnerability that could allow an attacker to write arbitrary data and code to protected memory areas or read sensitive data to launch further attacks. Siemens has released updates for several affected products and strongly recommends to update to the ...
14.09.2021
SIEMENS CERT
SSA-428051 V1.1 (Last Update: 2021-09-14): Privilege Escalation Vulnerability in TIA Administrator
Titel
SSA-428051 V1.1 (Last Update: 2021-09-14): Privilege Escalation Vulnerability in TIA Administrator
Veröffentlicht
14. September 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-428051.pdf
Text
The latest update for TIA Administrator, installed together with TIA Portal and PCS neo, fixes a privilege escalation vulnerability that could allow local users to escalate privileges and execute code as local SYSTEM user. Siemens has released updates for the affected products and recommends to update to the latest versions.
14.09.2021
SIEMENS CERT
SSA-324955 V1.4 (Last Update: 2021-09-14): SAD DNS Attack in Linux Based Products
Titel
SSA-324955 V1.4 (Last Update: 2021-09-14): SAD DNS Attack in Linux Based Products
Veröffentlicht
14. September 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-324955.pdf
Text
A vulnerability made public under the name SAD DNS affects Domain Name System resolvers due to a vulnerability in the Linux kernel when handling ICMP packets. The Siemens products which are affected are listed below. For more information please see https://www.saddns.net/. Siemens has released updates for several affected products and ...
14.09.2021
SIEMENS CERT
SSA-312271 V1.8 (Last Update: 2021-09-14): Unquoted Search Path Vulnerabilities in Windows-based Industrial Software Applications
Titel
SSA-312271 V1.8 (Last Update: 2021-09-14): Unquoted Search Path Vulnerabilities in Windows-based Industrial Software Applications
Veröffentlicht
14. September 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-312271.pdf
Text
Several industrial products as listed below contain a local privilege escalation vulnerabilities that could allow authorized local users with administrative privileges to execute custom code with SYSTEM level privileges. Siemens has released updates for the affected products and recommends to update to the latest versions.
14.09.2021
SIEMENS CERT
SSA-274900 V1.2 (Last Update: 2021-09-14): Use of hardcoded key in Scalance X devices under certain conditions
Titel
SSA-274900 V1.2 (Last Update: 2021-09-14): Use of hardcoded key in Scalance X devices under certain conditions
Veröffentlicht
14. September 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-274900.pdf
Text
Scalance X devices might not generate a unique random key after factory reset, and use a private key shipped with the firmware Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where ...
14.09.2021
SIEMENS CERT
SSA-187092 V1.1 (Last Update: 2021-09-14): Several Buffer-Overflow Vulnerabilities in Web Server of SCALANCE X-200
Titel
SSA-187092 V1.1 (Last Update: 2021-09-14): Several Buffer-Overflow Vulnerabilities in Web Server of SCALANCE X-200
Veröffentlicht
14. September 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-187092.pdf
Text
Several SCALANCE X-200 switches contain buffer overflow vulnerabilities in the web server. In the most severe case an attacker could potentially remotely execute code. Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available.
14.09.2021
SIEMENS CERT
SSA-139628 V1.2 (Last Update: 2021-09-14): Vulnerabilities in Web Server for Scalance X Products
Titel
SSA-139628 V1.2 (Last Update: 2021-09-14): Vulnerabilities in Web Server for Scalance X Products
Veröffentlicht
14. September 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-139628.pdf
Text
Several SCALANCE X switches contain vulnerabilities in the web server of the affected devices. An unauthenticated attacker could reboot, cause denial-of-service conditions and potentially impact the system by other means through heap and buffer overflow vulnerabilities. Siemens has released updates for several affected products and recommends to update to the ...
14.09.2021
SIEMENS CERT
SSA-102233 V1.6 (Last Update: 2021-09-14): SegmentSmack in VxWorks-based Industrial Devices
Titel
SSA-102233 V1.6 (Last Update: 2021-09-14): SegmentSmack in VxWorks-based Industrial Devices
Veröffentlicht
14. September 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-102233.pdf
Text
The products listed below contain a vulnerability that could allow remote attackers to affect the availability of the devices under certain conditions. The underlying TCP stack can be forced to make very computation expensive calls for every incoming packet which can lead to a Denial-of-Service. Siemens has released an update ...
14.09.2021
SIEMENS CERT
SSA-100232 V1.3 (Last Update: 2021-09-14): Denial-of-Service vulnerability in SCALANCE X Switches
Titel
SSA-100232 V1.3 (Last Update: 2021-09-14): Denial-of-Service vulnerability in SCALANCE X Switches
Veröffentlicht
14. September 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-100232.pdf
Text
A vulnerability in several SCALANCE X devices could allow an unauthenticated attacker with network access to an affected device to perform a denial-of-service. Siemens has released an update for SCALANCE X-200IRT and recommends to update to the latest version. Siemens recommends specific countermeasures for products where updates are not, or ...

Letzte Updates

BOSCH PSIRT
14.08.2025
SIEMENS CERT
26.08.2025
US CERT
25.08.2025
US CERT (ICS)
04.09.2025

Nach Quelle

Archiv

2025
2024
2023
2022
2021
2020
2019
2018
2017

Feeds