August 2024
13.08.2024
SIEMENS CERT
SSA-686975 V1.5 (Last Update: 2024-08-13): IPU 2022.3 Vulnerabilities in Siemens Industrial Products using Intel CPUs
Titel
SSA-686975 V1.5 (Last Update: 2024-08-13): IPU 2022.3 Vulnerabilities in Siemens Industrial Products using Intel CPUs
Veröffentlicht
13. August 2024 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-686975.html
Text
Intel has published information on vulnerabilities in Intel products in November 2022. This advisory lists the related Siemens Industrial products affected by these vulnerabilities that can be patched by applying the corresponding BIOS update (“2022.3 IPU – BIOS Advisory” Intel-SA-00688). Siemens is preparing updates and recommends specific countermeasures for products ...
13.08.2024
SIEMENS CERT
SSA-659443 V1.0: Local Code Execution Vulnerabilities in COMOS Before V10.5
Titel
SSA-659443 V1.0: Local Code Execution Vulnerabilities in COMOS Before V10.5
Veröffentlicht
13. August 2024 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-659443.html
Text
COMOS before V10.5 is affected by two local code execution vulnerabilities in the integrated Open Design Alliance Drawings SDK. Siemens has released a new version for COMOS and recommends to update to the latest version.
13.08.2024
SIEMENS CERT
SSA-698820 V1.1 (Last Update: 2024-08-13): Multiple Vulnerabilities in Fortigate NGFW on RUGGEDCOM APE1808 Devices
Titel
SSA-698820 V1.1 (Last Update: 2024-08-13): Multiple Vulnerabilities in Fortigate NGFW on RUGGEDCOM APE1808 Devices
Veröffentlicht
13. August 2024 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-698820.html
Text
Fortinet has published information on vulnerabilities in FORTIOS. This advisory lists the related Siemens Industrial products. Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available. Siemens recommends to consult and implement the workarounds provided in Fortinet’s upstream security notifications.
13.08.2024
SIEMENS CERT
SSA-180704 V1.1 (Last Update: 2024-08-13): Multiple Vulnerabilities in SCALANCE M-800 Family Before V8.0
Titel
SSA-180704 V1.1 (Last Update: 2024-08-13): Multiple Vulnerabilities in SCALANCE M-800 Family Before V8.0
Veröffentlicht
13. August 2024 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-180704.html
Text
SCALANCE M-800 family before V8.0 is affected by multiple vulnerabilities. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens recommends countermeasures for products where fixes are not, or not yet available.
13.08.2024
SIEMENS CERT
SSA-999588 V1.4 (Last Update: 2024-08-13): Multiple Vulnerabilities in User Management Component (UMC) Before V2.11.2
Titel
SSA-999588 V1.4 (Last Update: 2024-08-13): Multiple Vulnerabilities in User Management Component (UMC) Before V2.11.2
Veröffentlicht
13. August 2024 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-999588.html
Text
Siemens User Management Component (UMC) before V2.11.2 is affected by multiple vulnerabilities where the most severe could lead to a restart of the UMC server. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where fixes ...
13.08.2024
SIEMENS CERT
SSA-722010 V1.1 (Last Update: 2024-08-13): Datalogics File Parsing Vulnerability in Teamcenter Visualization and JT2Go
Titel
SSA-722010 V1.1 (Last Update: 2024-08-13): Datalogics File Parsing Vulnerability in Teamcenter Visualization and JT2Go
Veröffentlicht
13. August 2024 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-722010.html
Text
Siemens Teamcenter Visualization and JT2Go are affected by an out of bounds read vulnerability in the APDFL library from Datalogics. If a user is tricked to open a malicious PDF file with the affected products, this could lead the application to crash or potentially lead to arbitrary code execution. Siemens ...
13.08.2024
SIEMENS CERT
SSA-087301 V1.0: Multiple Vulnerabilities in SCALANCE M-800 Family Before V8.1
Titel
SSA-087301 V1.0: Multiple Vulnerabilities in SCALANCE M-800 Family Before V8.1
Veröffentlicht
13. August 2024 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-087301.html
Text
SCALANCE M-800 family before V8.1 is affected by multiple vulnerabilities. Siemens has released new versions for the affected products and recommends to update to the latest versions.
13.08.2024
SIEMENS CERT
SSA-116924 V1.2 (Last Update: 2024-08-13): Path Traversal Vulnerability in TIA Portal
Titel
SSA-116924 V1.2 (Last Update: 2024-08-13): Path Traversal Vulnerability in TIA Portal
Veröffentlicht
13. August 2024 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-116924.html
Text
TIA Portal contains a path traversal vulnerability that could allow the creation or overwrite of arbitrary files in the engineering system. If the user is tricked to open a malicious PC system configuration file, an attacker could exploit this vulnerability to achieve arbitrary code execution. Siemens has released new versions ...
13.08.2024
SIEMENS CERT
SSA-813746 V1.1 (Last Update: 2024-08-13): BadAlloc Vulnerabilities in SCALANCE X-200, X-200IRT, and X-300 Switch Families
Titel
SSA-813746 V1.1 (Last Update: 2024-08-13): BadAlloc Vulnerabilities in SCALANCE X-200, X-200IRT, and X-300 Switch Families
Veröffentlicht
13. August 2024 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-813746.html
Text
Siemens has released a new firmware version for SCALANCE X-200 and X-200 IRT switches that address Bad Alloc vulnerabilities in the underlying operating system and recommends to update to the latest versions. Siemens recommends countermeasures for products where updates are not, or not yet available.
13.08.2024
SIEMENS CERT
SSA-771940 V1.1 (Last Update: 2024-08-13): X_T File Parsing Vulnerabilities in Teamcenter Visualization and JT2Go
Titel
SSA-771940 V1.1 (Last Update: 2024-08-13): X_T File Parsing Vulnerabilities in Teamcenter Visualization and JT2Go
Veröffentlicht
13. August 2024 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-771940.html
Text
Teamcenter Visualization and JT2Go are affected by out of bounds read, stack exhaustion and null pointer dereference vulnerabilities that could be triggered when the application reads files in X_T format. If a user is tricked to open a malicious file with the affected applications, an attacker could leverage the vulnerability ...
13.08.2024
SIEMENS CERT
SSA-784301 V1.0: Multiple Vulnerabilities in SINEC NMS Before V3.0
Titel
SSA-784301 V1.0: Multiple Vulnerabilities in SINEC NMS Before V3.0
Veröffentlicht
13. August 2024 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-784301.html
Text
SINEC NMS before V3.0 is affected by multiple vulnerabilities. Siemens has released a new version for SINEC NMS and recommends to update to the latest version.
13.08.2024
SIEMENS CERT
SSA-856475 V1.0: X_T File Parsing Vulnerabilities in Teamcenter Visualization and JT2Go
Titel
SSA-856475 V1.0: X_T File Parsing Vulnerabilities in Teamcenter Visualization and JT2Go
Veröffentlicht
13. August 2024 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-856475.html
Text
Teamcenter Visualization and JT2Go are affected by out of bounds read and null pointer dereference vulnerabilities that could be triggered when the application reads files in X_T format. If a user is tricked to open a malicious file with the affected applications, an attacker could leverage the vulnerability to perform ...
13.08.2024
SIEMENS CERT
SSA-921449 V1.0: Plaintext Storage of a Password Vulnerability in LOGO! V8.3 BM Devices
Titel
SSA-921449 V1.0: Plaintext Storage of a Password Vulnerability in LOGO! V8.3 BM Devices
Veröffentlicht
13. August 2024 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-921449.html
Text
LOGO! V8.3 BM (incl. SIPLUS variants) devices contain a plaintext storage of a password vulnerability. This could allow an attacker with phyiscal access to an affected device to extract user-set passwords from an embedded storage IC. Siemens has released new hardware versions with the LOGO! V8.4 BM product family for ...
13.08.2024
SIEMENS CERT
SSA-822518 V1.1 (Last Update: 2024-08-13): Multiple Vulnerabilities in Palo Alto Networks Virtual NGFW Before V11.0.1 on RUGGED...
Titel
SSA-822518 V1.1 (Last Update: 2024-08-13): Multiple Vulnerabilities in Palo Alto Networks Virtual NGFW Before V11.0.1 on RUGGEDCOM APE1808 Devices
Veröffentlicht
13. August 2024 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-822518.html
Text
Palo Alto Networks has published [1] information on vulnerabilities in PAN-OS. This advisory lists the related Siemens Industrial products affected by these vulnerabilities. Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available. Customers are advised to consult and implement the workarounds ...
13.08.2024
SIEMENS CERT
SSA-716317 V1.0: Multiple Vulnerability in SINEC Traffic Analyzer Before V2.0
Titel
SSA-716317 V1.0: Multiple Vulnerability in SINEC Traffic Analyzer Before V2.0
Veröffentlicht
13. August 2024 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-716317.html
Text
SINEC Traffic Analyzer before V2.0 is affected by multiple vulnerabilities. Siemens has released a new version for SINEC Traffic Analyzer and recommends to update to the latest version.
13.08.2024
SIEMENS CERT
SSA-068047 V1.1 (Last Update: 2024-08-13): Multiple Vulnerabilities in SCALANCE M-800 Family Before V7.2.2
Titel
SSA-068047 V1.1 (Last Update: 2024-08-13): Multiple Vulnerabilities in SCALANCE M-800 Family Before V7.2.2
Veröffentlicht
13. August 2024 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-068047.html
Text
SCALANCE M-800 family before V7.2.2 is affected by multiple vulnerabilities. Siemens has released new versions for the affected products and recommends to update to the latest versions.
13.08.2024
SIEMENS CERT
SSA-981975 V1.3 (Last Update: 2024-08-13): Information Disclosure Vulnerability in Intel-CPUs (CVE-2022-40982) Impacting SIMATI...
Titel
SSA-981975 V1.3 (Last Update: 2024-08-13): Information Disclosure Vulnerability in Intel-CPUs (CVE-2022-40982) Impacting SIMATIC IPCs
Veröffentlicht
13. August 2024 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-981975.html
Text
Several Intel-CPU based SIMATIC IPCs are affected by an information exposure vulnerability (CVE-2022-40982) in the CPU that could allow an authenticated local user to potentially read other users’ data [1]. The issue is also known as “Gather Data Sampling” (GDS) or Downfall Attacks. For details refer to the chapter “Additional ...
13.08.2024
SIEMENS CERT
SSA-750499 V1.1 (Last Update: 2024-08-13): Weak Encryption Vulnerability in SIPROTEC 5 Devices
Titel
SSA-750499 V1.1 (Last Update: 2024-08-13): Weak Encryption Vulnerability in SIPROTEC 5 Devices
Veröffentlicht
13. August 2024 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-750499.html
Text
The SIPROTEC 5 devices are supporting weak encryption. This could allow an unauthorized attacker in a man-in-the-middle position to read any data passed over the connection between legitimate clients and the affected device. Siemens has released new versions for several affected products and recommends to update to the latest versions. ...
12.08.2024
US CERT
CISA Adds Six Known Exploited Vulnerabilities to Catalog
Titel
CISA Adds Six Known Exploited Vulnerabilities to Catalog
Veröffentlicht
12. August 2024 19:38
URL
https://www.cisa.gov/news-events/alerts/2024/08/13/cisa-adds-six-known-exploited-vulnerabilities-catalog
Text
CISA has added six new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-38189 Microsoft Project Remote Code Execution Vulnerability CVE-2024-38178 Microsoft Windows Scripting Engine Memory Corruption Vulnerability CVE-2024-38213 Microsoft Windows SmartScreen Security Feature Bypass Vulnerability CVE-2024-38193 Microsoft Windows Ancillary Function Driver for WinSock Privilege ...
08.08.2024
US CERT (ICS)
Dorsett Controls InfoScan
Titel
Dorsett Controls InfoScan
Veröffentlicht
8. August 2024 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-24-221-01
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Dorsett Controls Equipment: InfoScan Vulnerabilities: Exposure of Sensitive Information To An Unauthorized Actor, Path Traversal 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to expose sensitive information, resulting in data theft and ...
07.08.2024
BOSCH PSIRT
Multiple Curl vulnerabilities in the Git for Windows component of Bosch DIVAR IP all-in-one Devices
Titel
Multiple Curl vulnerabilities in the Git for Windows component of Bosch DIVAR IP all-in-one Devices
Veröffentlicht
7. August 2024 02:00
URL
https://psirt.bosch.com/security-advisories/bosch-sa-587194-bt.html
Text

BOSCH-SA-587194-BT: DIVAR IP System Manager is a central user interface that provides an easy system setup, configuration and application software upgrades through an easily accessible web-based application. Multiple Curl vulnerabilities in the Git for Windows component have been discovered in DIVAR IP System Manager versions prior to 2.3.2, affecting several ...

02.08.2024
US CERT
Enhancing Cyber Resilience: Insights from CISA Red Team Assessment of a US Critical Infrastructure Sector Organization
Titel
Enhancing Cyber Resilience: Insights from CISA Red Team Assessment of a US Critical Infrastructure Sector Organization
Veröffentlicht
2. August 2024 19:17
URL
https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-326a
Text
EXECUTIVE SUMMARY The Cybersecurity and Infrastructure Security Agency (CISA) conducted a red team assessment (RTA) at the request of a critical infrastructure organization. During RTAs, CISA’s red team simulates real-world malicious cyber operations to assess an organization’s cybersecurity detection and response capabilities. In coordination with the assessed organization, CISA is ...
02.08.2024
SIEMENS CERT
SSA-857368 V1.0: Multiple Vulnerabilities in Omnivise T3000
Titel
SSA-857368 V1.0: Multiple Vulnerabilities in Omnivise T3000
Veröffentlicht
2. August 2024 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-857368.html
Text
Omnivise T3000 contains multiple vulnerabilities that could allow an attacker to escalate privileges. Siemens Energy has released patches for several affected products and recommends to apply the patches. Siemens Energy is preparing further fixes for versions still under maintenance and recommends countermeasures for products where fixes are not, or not ...
01.08.2024
US CERT (ICS)
Johnson Controls exacqVision Server Web Service
Titel
Johnson Controls exacqVision Server Web Service
Veröffentlicht
1. August 2024 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-02
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.6 ATTENTION: Exploitable remotely Vendor: Johnson Controls Inc. Equipment: exacqVision Web Service Vulnerability: Permissive Cross-domain Policy with Untrusted Domains 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to send an unauthorized request or access data from an untrusted domain. ...
01.08.2024
US CERT (ICS)
Vonets WiFi Bridges
Titel
Vonets WiFi Bridges
Veröffentlicht
1. August 2024 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-08
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Vonets Equipment: VAR1200-H, VAR1200-L, VAR600-H, VAP11AC, VAP11G-500S, VBG1200, VAP11S-5G, VAP11S, VAR11N-300, VAP11G-300, VAP11N-300, VAP11G, VAP11G-500, VBG1200, VAP11AC, VGA-1000 Vulnerabilities: Use of Hard-coded Credentials, Improper Access Control, Path Traversal, Command Injection, Improper Check or Handling of Exceptional ...

Letzte Updates

BOSCH PSIRT
15.01.2025
SIEMENS CERT
17.04.2025
US CERT
01.04.2025
US CERT (ICS)
17.04.2025

Nach Quelle

Archiv

2025
2024
2023
2022
2021
2020
2019
2018
2017

Feeds