Bulletins

SIEMENS CERT
04/12/2022

SSB-439005 V4.2 (Last Update: 2022-04-12): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP

SIEMENS CERT
04/12/2022

SSA-462066 V2.8 (Last Update: 2022-04-12): Vulnerability known as TCP SACK PANIC in Industrial Products

Multiple industrial products are affected by a vulnerability in the kernel known as TCP SACK PANIC. The vulnerability could allow a remote attacker to cause a denial of service condition. Siemens has released updates for several affected products and recommends to update to the new versions. Siemens is preparing further …
SIEMENS CERT
04/12/2022

SSA-535640 V1.5 (Last Update: 2022-04-12): Vulnerability in Industrial Products

Various industrial products use the Discovery Service of the OPC UA protocol stack by the OPC foundation https://github.com/OPCFoundation/UA-.NETStandard and could therefore be affected by the remote resource consumption attacks (CVE-2017-12069).
SIEMENS CERT
04/12/2022

SSA-772220 V1.8 (Last Update: 2022-04-12): OpenSSL Vulnerabilities in Industrial Products

OpenSSL has published a security advisory [0] about a vulnerability in OpenSSL versions 1.1.1 < 1.1.1k, that allows an unauthenticated attacker to cause a Denial-of-Service (DoS) if a maliciously crafted renegotiation message is sent . Siemens has released updates for several affected products and recommends to update to the latest …
SIEMENS CERT
04/12/2022

SSA-995338 V1.2 (Last Update: 2022-04-12): Multiple Vulnerabilities in COMOS Web

Multiple vulnerabilities were identified in the web components of COMOS that could allow an attacker to conduct code injections, store data in undesired locations, execute arbitrary SQL statements, and run cross-site request forgery attacks. Siemens has released updates for several affected products and recommends to update to the latest versions. …
SIEMENS CERT
04/12/2022

SSA-978220 V1.6 (Last Update: 2022-04-12): Denial of Service Vulnerability over SNMP in Multiple Industrial Products

Several industrial products are affected by a vulnerability that could allow remote attackers to conduct a denial of service attack by sending specially crafted packets to port 161/udp (SNMP). Siemens has released updates for several affected products and recommends to update to the new versions. Siemens is preparing further updates …
SIEMENS CERT
04/12/2022

SSA-914168 V1.1 (Last Update: 2022-04-12): Multiple Vulnerabilities in SIMATIC WinCC Affecting Other SIMATIC Software Products

Multiple vulnerabilities were found in SIMATIC WinCC that ultimately could allow attackers to retrieve and brute force password hashes and access other systems. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products …
SIEMENS CERT
04/12/2022

SSA-913875 V1.3 (Last Update: 2022-04-12): Frame Aggregation and Fragmentation Vulnerabilities in 802.11

Twelve vulnerabilities in the implementation of frame aggregation and fragmentation of the 802.11 standard, under the name of FragAttacks, have been published. Successful exploitation of these vulnerabilities could allow an attacker within Wi-Fi range to forge encrypted frames, which could result in sensitive data disclosure and possibly traffic manipulation. The …