Mai 2021
11.05.2021
SIEMENS CERT
SSA-541018 V1.1 (Last Update: 2021-05-11): Embedded TCP/IP Stack Vulnerabilities (AMNESIA:33) in SENTRON PAC / 3VA Devices (Par...
Titel
SSA-541018 V1.1 (Last Update: 2021-05-11): Embedded TCP/IP Stack Vulnerabilities (AMNESIA:33) in SENTRON PAC / 3VA Devices (Part 2)
Veröffentlicht
11. Mai 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-541018.pdf
Text
Security researchers discovered and disclosed 33 vulnerabilities in several open-source TCP/IP stacks for embedded devices, also known as “AMNESIA:33” vulnerabilities. This advisory describes the impact of two of these vulnerabilities (CVE-2020-13987, CVE-2020-17437) to Siemens products. Siemens has released updates for several affected products and recommends to update to the latest ...
11.05.2021
SIEMENS CERT
SSA-478893 V1.1 (Last Update: 2021-05-11): TightVNC Vulnerabilities in Industrial Products (Revoked)
Titel
SSA-478893 V1.1 (Last Update: 2021-05-11): TightVNC Vulnerabilities in Industrial Products (Revoked)
Veröffentlicht
11. Mai 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-478893.pdf
Text
Multiple TightVNC (V1.x) vulnerabilities could allow remote code execution and Denial-of-Service attacks under certain conditions. Siemens has previously released this advisory containing a set of products that were considered to be affected. Through Siemens’ continuous investigation processes it was identified that all products previously advised are not affected by any ...
11.05.2021
SIEMENS CERT
SSA-462066 V2.3 (Last Update: 2021-05-11): Vulnerability known as TCP SACK PANIC in Industrial Products
Titel
SSA-462066 V2.3 (Last Update: 2021-05-11): Vulnerability known as TCP SACK PANIC in Industrial Products
Veröffentlicht
11. Mai 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf
Text
Multiple industrial products are affected by a vulnerability in the kernel known as TCP SACK PANIC. The vulnerability could allow a remote attacker to cause a denial of service condition. Siemens has released updates for several affected products and recommends to update to the new versions. Siemens is preparing further ...
11.05.2021
SIEMENS CERT
SSB-439005 V3.4 (Last Update: 2021-05-11): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 151...
Titel
SSB-439005 V3.4 (Last Update: 2021-05-11): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP
Veröffentlicht
11. Mai 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssb-439005.pdf
Text
11.05.2021
SIEMENS CERT
SSA-983548 V1.0: Multiple SPP File Parsing Vulnerabilities in Tecnomatix Plant Simulation
Titel
SSA-983548 V1.0: Multiple SPP File Parsing Vulnerabilities in Tecnomatix Plant Simulation
Veröffentlicht
11. Mai 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-983548.pdf
Text
Siemens Tecnomatix Plant Simulation has released an update for version V16.0 that fixes multiple vulnerabilities that could be triggered when the application reads SPP files. If a user is tricked to open a malicious file using the affected application, this could lead to a crash, and potentially also to arbitrary ...
11.05.2021
SIEMENS CERT
SSA-940818 V1.0: UltraVNC Vulnerabilities in SIMATIC HMIs/WinCC Products
Titel
SSA-940818 V1.0: UltraVNC Vulnerabilities in SIMATIC HMIs/WinCC Products
Veröffentlicht
11. Mai 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-940818.pdf
Text
UltraVNC vulnerabilities in the affected products listed below could allow remote code execution, information disclosure and Denial-of-Service attacks under certain conditions. Siemens has released updates for the affected products and recommends to update to the latest versions.
11.05.2021
SIEMENS CERT
SSA-919955 V1.0: Information Disclosure Vulnerability in Mendix Database Replication Module
Titel
SSA-919955 V1.0: Information Disclosure Vulnerability in Mendix Database Replication Module
Veröffentlicht
11. Mai 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-919955.pdf
Text
The latest update of Mendix Database Replication module fixes a infomation disclosure vulnerability. Mendix has released an update for the Mendix Database Replication module and recommends to update to the latest version.
11.05.2021
SIEMENS CERT
SSA-752103 V1.0: Telnet Authentication Vulnerability in SINAMICS Medium Voltage Products
Titel
SSA-752103 V1.0: Telnet Authentication Vulnerability in SINAMICS Medium Voltage Products
Veröffentlicht
11. Mai 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-752103.pdf
Text
SINAMICS medium voltage products, with telnet enabled on SIMATIC comfort HMI Panels, are affected by a remote access vulnerability that could allow an attacker, under certain conditions, to gain full remote access to the HMI. Note that by default telnet is disabled, but it can be enabled on request by ...
11.05.2021
SIEMENS CERT
SSA-676775 V1.0: Denial-of-Service Vulnerability in SIMATIC NET CP 343-1 Devices
Titel
SSA-676775 V1.0: Denial-of-Service Vulnerability in SIMATIC NET CP 343-1 Devices
Veröffentlicht
11. Mai 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-676775.pdf
Text
A vulnerability in SIMATIC CP343-1 devices could allow an attacker to cause a Denial-of-Service condition on TCP port 102 of the affected devices by sending specially crafted packets. Siemens recommends specific countermeasures for products where updates are not, or not yet available.
11.05.2021
SIEMENS CERT
SSA-594364 V1.0: Denial-of-Service Vulnerability in SNMP Implementation of WinCC Runtime
Titel
SSA-594364 V1.0: Denial-of-Service Vulnerability in SNMP Implementation of WinCC Runtime
Veröffentlicht
11. Mai 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-594364.pdf
Text
A denial-of-service vulnerability in WinCC Runtime could allow an unauthenticated attacker with network access to cause a denial-of-service condition in the SNMP service by sending crafted SNMP packets to port 161/udp. Siemens has released updates for the affected products and recommends to update to the latest versions.
11.05.2021
SIEMENS CERT
SSA-538778 V1.0: SmartVNC Vulnerabilities in SIMATIC HMI/WinCC Products
Titel
SSA-538778 V1.0: SmartVNC Vulnerabilities in SIMATIC HMI/WinCC Products
Veröffentlicht
11. Mai 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-538778.pdf
Text
Multiple SmartVNC vulnerabilities in the affected products listed below could allow remote code execution and Denial-of-Service attacks under certain conditions. Siemens has released updates for the affected products and recommends to update to the latest version.
11.05.2021
SIEMENS CERT
SSA-501073 V1.0: Vulnerabilities in Controllers CPU 1518 MFP using Intel CPUs (November 2020)
Titel
SSA-501073 V1.0: Vulnerabilities in Controllers CPU 1518 MFP using Intel CPUs (November 2020)
Veröffentlicht
11. Mai 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-501073.pdf
Text
Intel has published information on vulnerabilities in Intel products in November 2020. This advisory lists the Siemens Controllers that are affected by these vulnerabilities. In this advisory we take a representative CVE from each advisory: “Intel CSME, SPS, TXE, AMT and DAL Advisory” Intel-SA-00391 is represented by CVE-2020-8744 “BIOS Advisory” ...
11.05.2021
SIEMENS CERT
SSA-324955 V1.0: SAD DNS Attack in Linux Based Products
Titel
SSA-324955 V1.0: SAD DNS Attack in Linux Based Products
Veröffentlicht
11. Mai 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-324955.pdf
Text
A vulnerability made public under the name SAD DNS affects Domain Name System resolvers due to a vulnerability in the Linux kernel when handling ICMP packets. The Siemens products which are affected are listed below. For more information please see https://www.saddns.net/. Siemens has released updates for several affected products and ...
11.05.2021
SIEMENS CERT
SSA-286838 V1.0: Multiple Vulnerabilities in SINAMICS Medium Voltage Products
Titel
SSA-286838 V1.0: Multiple Vulnerabilities in SINAMICS Medium Voltage Products
Veröffentlicht
11. Mai 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf
Text
SINAMICS medium voltage products, with Sm@rtServer enabled on SIMATIC comfort HMI Panels, are affected by multiple vulnerabilities that could allow an attacker, under certain conditions, to gain full remote access to the HMI. Note that by default Sm@rtServer is disabled, but it can be enabled on request by the system ...
11.05.2021
SIEMENS CERT
SSA-116379 V1.0: Denial-of-Service Vulnerability in OSPF Packet Handling of SCALANCE XM-400 and XR-500 Devices
Titel
SSA-116379 V1.0: Denial-of-Service Vulnerability in OSPF Packet Handling of SCALANCE XM-400 and XR-500 Devices
Veröffentlicht
11. Mai 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-116379.pdf
Text
SCALANCE XM-400 and XR-500 devices contain a vulnerability in the OSPF protocol implementation that could allow an unauthenticated remote attacker to create a permanent denial-of-service condition. Siemens has released updates for the affected products and recommends to update to the latest versions.
11.05.2021
SIEMENS CERT
SSA-678983 V1.0: Vulnerabilities in Industrial PCs and CNC devices using Intel CPUs (November 2020)
Titel
SSA-678983 V1.0: Vulnerabilities in Industrial PCs and CNC devices using Intel CPUs (November 2020)
Veröffentlicht
11. Mai 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-678983.pdf
Text
Intel has published information on vulnerabilities in Intel products in November 2020. This advisory lists the Siemens IPC related products, that are affected by these vulnerabilities. In this advisory we take a representative CVE from each advisory: “Intel CSME, SPS, TXE, AMT and DAL Advisory” Intel-SA-00391 is represented by CVE-2020-8745 ...
11.05.2021
SIEMENS CERT
SSA-794542 V1.1 (Last Update: 2021-05-11): Insecure Folder Permissions in SIMARIS Configuration
Titel
SSA-794542 V1.1 (Last Update: 2021-05-11): Insecure Folder Permissions in SIMARIS Configuration
Veröffentlicht
11. Mai 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-794542.pdf
Text
The installation of SIMARIS configuration causes insecure folder permissions that could allow vertical privilege escalation. Siemens has released an update for SIMARIS and recommends to update to the latest version.
11.05.2021
SIEMENS CERT
SSA-723417 V1.0: Multiple Vulnerabilities in SCALANCE W1750D
Titel
SSA-723417 V1.0: Multiple Vulnerabilities in SCALANCE W1750D
Veröffentlicht
11. Mai 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf
Text
Siemens SCALANCE W1750D is a brand-labeled device. Aruba has released a related security advisory ARUBA-PSA-2021-007 disclosing vulnerabilities in its Aruba Instant product line. Siemens is preparing updates and recommends countermeasures for products where updates are not, or not yet available.
April 2021
30.04.2021
BOSCH PSIRT
ctrlX CORE - IDE App affected by OpenSSL and Python Vulnerabilities
Titel
ctrlX CORE - IDE App affected by OpenSSL and Python Vulnerabilities
Veröffentlicht
30. April 2021 02:00
URL
https://psirt.bosch.com/security-advisories/bosch-sa-017743.html
Text

BOSCH-SA-017743: Multiple vulnerabilities affecting OpenSSL Versions previous to 1.1.1k and Python 0 through 3.9.1, have been reported. Affected versions are included in the ctrlX CORE - IDE App. In order to successfully exploit these vulnerabilities, an attacker requires access to the network or system. Two vulnerabilities (CVE-2021-3177 and CVE-2021-27619) are ...

30.04.2021
BOSCH PSIRT
FTP Backdoor for Rexroth Fieldbus Couplers S20 and Inline
Titel
FTP Backdoor for Rexroth Fieldbus Couplers S20 and Inline
Veröffentlicht
30. April 2021 02:00
URL
https://psirt.bosch.com/security-advisories/bosch-sa-428397.html
Text

BOSCH-SA-428397: On some Fieldbus Couplers, there is a hidden, password-protected FTP area for the root directory.

26.04.2021
US CERT
AA21-116A: Russian Foreign Intelligence Service (SVR) Cyber Operations: Trends and Best Practices for Network Defenders
Titel
AA21-116A: Russian Foreign Intelligence Service (SVR) Cyber Operations: Trends and Best Practices for Network Defenders
Veröffentlicht
26. April 2021 17:00
URL
https://us-cert.cisa.gov/ncas/alerts/aa21-116a
Text
Original release date: April 26, 2021SummaryThe Federal Bureau of Investigation (FBI), Department of Homeland Security (DHS), and Cybersecurity and Infrastructure Security Agency (CISA) assess Russian Foreign Intelligence Service (SVR) cyber actors—also known as Advanced Persistent Threat 29 (APT 29), the Dukes, CozyBear, and Yttrium—will continue to seek intelligence from U.S. ...
23.04.2021
BOSCH PSIRT
ctrlX Multiple Vulnerabilities
Titel
ctrlX Multiple Vulnerabilities
Veröffentlicht
23. April 2021 02:00
URL
https://psirt.bosch.com/security-advisories/bosch-sa-918106.html
Text

Multiple vulnerabilities in operating system libraries and the Linux kernel have been reported which in a worst case scenario could allow an attacker to compromise the system by provoking a crash or the execution of malicious code. The affected functions are not used directly by any Rexroth software component and ...

20.04.2021
US CERT
AA21-110A: Exploitation of Pulse Connect Secure Vulnerabilities
Titel
AA21-110A: Exploitation of Pulse Connect Secure Vulnerabilities
Veröffentlicht
20. April 2021 17:03
URL
https://us-cert.cisa.gov/ncas/alerts/aa21-110a
Text
Original release date: April 20, 2021 | Last revised: May 28, 2021SummaryThe Cybersecurity and Infrastructure Security Agency (CISA) is aware of compromises affecting a number of U.S. government agencies, critical infrastructure entities, and other private sector organizations by a cyber threat actor—or actors—beginning in June 2020 or earlier related to ...
14.04.2021
SIEMENS CERT
SSA-875726 V1.0: Privilege Escalation Vulnerability in Mendix
Titel
SSA-875726 V1.0: Privilege Escalation Vulnerability in Mendix
Veröffentlicht
14. April 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-875726.pdf
Text
The latest updates for Mendix fix a vulnerability in Mendix Applications that could allow malicious authorized users to escalate their privileges. Mendix has released an update for Mendix and recommends to update to the latest version.
13.04.2021
SIEMENS CERT
SSA-534763 V1.4 (Last Update: 2021-04-13): Special Register Buffer Data Sampling (SRBDS) aka Crosstalk in Industrial Products
Titel
SSA-534763 V1.4 (Last Update: 2021-04-13): Special Register Buffer Data Sampling (SRBDS) aka Crosstalk in Industrial Products
Veröffentlicht
13. April 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-534763.pdf
Text
Security researchers published information on a vulnerability known as Crosstalk (INTEL-SA-00320). This vulnerability affects modern Intel processors to a varying degree. Several Siemens Industrial Products contain processors that are affected by the vulnerability. Siemens is preparing updates and recommends specific countermeasures until fixes are available.

Letzte Updates

BOSCH PSIRT
14.08.2025
SIEMENS CERT
26.08.2025
US CERT
25.08.2025
US CERT (ICS)
04.09.2025

Nach Quelle

Archiv

2025
2024
2023
2022
2021
2020
2019
2018
2017

Feeds