Dezember 2024
Titel
SSA-340240 V1.1 (Last Update: 2024-12-10): Denial of Service Vulnerability in SENTRON Powercenter 1000/1100 With 3RV2921-5M Accessory
Veröffentlicht
10. Dezember 2024 01:00
Text
A vulnerability in SENTRON Powercenter 1000/1100 with 3RV2921-5M accessory could allow an attacker to cause a denial of service condition. Siemens is preparing fix versions and recommends specific countermeasures for products where fixes are not, or not yet available.
Titel
SSA-645131 V1.0: Multiple WRL File Parsing Vulnerabilities in Teamcenter Visualization
Veröffentlicht
10. Dezember 2024 01:00
Text
Siemens Teamcenter Visualization contains multiple file parsing vulnerabilities that could be triggered when the application reads files in WRL format. If a user is tricked to open a malicious file with any of the affected products, this could lead the application to crash or potentially lead to arbitrary code execution. ...
Titel
SSA-979056 V1.0: Out of Bounds Write Vulnerability in Parasolid
Veröffentlicht
10. Dezember 2024 01:00
Text
Parasolid is affected by out of bounds write vulnerability that could be triggered when the application reads files in PAR format. If a user is tricked to open a malicious file with the affected applications, an attacker could perform remote code execution in the context of the current process. Siemens ...
Titel
SSA-800126 V1.0: Deserialization Vulnerability in Siemens Engineering Platforms before V20
Veröffentlicht
10. Dezember 2024 01:00
Text
Affected products do not properly sanitize user-controllable input when parsing files. This could allow an attacker to cause a type confusion and execute arbitrary code within the affected application. Siemens is preparing fix versions and recommends countermeasures for products where fixes are not, or not yet available. Siemens has released ...
Titel
SSA-398330 V2.1 (Last Update: 2024-12-10): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
Veröffentlicht
10. Dezember 2024 01:00
Text
Multiple vulnerabilities have been identified in the additional GNU/Linux subsystem of the firmware version V3.1 for the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP (incl. SIPLUS variant). These GNU/Linux vulnerabilities have been externally identified. Siemens is preparing fix versions and recommends specific countermeasures for products where fixes are not, or not ...
Titel
SSA-962515 V1.5 (Last Update: 2024-12-10): Out of Bounds Read Vulnerability in Industrial Products
Veröffentlicht
10. Dezember 2024 01:00
Text
Several industrial products contain an out of bounds read vulnerability that could allow an attacker to cause a Blue Screen of Death (BSOD) crash of the underlying Windows kernel, leading to denial of service condition. Siemens has released new versions for several affected products and recommends to update to the ...
Titel
SSA-264815 V1.3 (Last Update: 2024-12-10): Type Confusion Vulnerability in OpenSSL X.400 Address Processing in SIMATIC Products
Veröffentlicht
10. Dezember 2024 01:00
Text
Several SIMATIC products are affected by a type confusion vulnerability relating to OpenSSL X.400 address processing (CVE-2023-0286), as disclosed disclosed on 2023-02-07 at https://www.openssl.org/news/secadv/20230207.txt. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where fixes are ...
Titel
SSA-711309 V2.2 (Last Update: 2024-12-10): Denial of Service Vulnerability in the OPC UA Implementations of SIMATIC Products
Veröffentlicht
10. Dezember 2024 01:00
Text
The OPC UA implementations (ANSI C and C++) as used in several SIMATIC products contain a denial of service vulnerability that could allow an unauthenticated remote attacker to create a denial of service condition by sending a specially crafted certificate. Siemens has released new versions for several affected products and ...
Titel
SSA-701627 V1.0: XXE Injection Vulnerabilities in COMOS
Veröffentlicht
10. Dezember 2024 01:00
Text
COMOS is affected by XXE injection vulnerabilities that could allow an attacker to extract arbitrary application files. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where fixes are not, or not yet available.
Titel
SSA-773256 V1.2 (Last Update: 2024-12-10): Impact of Socket.IO CVE-2024-38355 on Siemens Industrial Products
Veröffentlicht
10. Dezember 2024 01:00
Text
A Socket.IO vulnerability affects multiple Siemens industrial products. This vulnerability consists of a specially crafted Socket.IO packet that triggers an uncaught exception on the Socket.IO server killing the Node.js process allowing a remote attacker to cause Denial-of-Service condition in the affected products. Siemens has released new versions for several affected ...
Titel
SSA-881356 V1.0: Multiple Memory Corruption Vulnerabilities in Simcenter Femap
Veröffentlicht
10. Dezember 2024 01:00
Text
Simcenter Femap contains multiple memory corruption vulnerabilities that could be triggered when the application reads files in BDF file formats. If a user is tricked to open a malicious file with any of the affected products, this could lead the application to crash or potentially lead to arbitrary code execution. ...
Titel
SSA-698820 V1.4 (Last Update: 2024-12-10): Multiple Vulnerabilities in Fortigate NGFW Before V7.4.4 on RUGGEDCOM APE1808 Devices
Veröffentlicht
10. Dezember 2024 01:00
Text
Fortinet has published information on vulnerabilities in FORTIOS. This advisory lists the related Siemens Industrial products. Siemens has released a new version of Fortigate NGFW for RUGGEDCOM APE1808 and recommends to update to the latest version. Siemens recommends to consult and implement the workarounds provided in Fortinet’s upstream security notifications.
Titel
SSA-673996 V1.1 (Last Update: 2024-12-10): Buffer Overflow Vulnerability in Third-Party Component in SICAM and SITIPE Products
Veröffentlicht
10. Dezember 2024 01:00
Text
Multiple SICAM products are affected by buffer overflow vulnerability in the IEC 61850 Client libraries from Triangle MicroWorks that could allow an unauthenticated remote attacker to create a denial of service condition by sending specially crafted MMS messages. Affected SICAM and SITIPE products: SICAM A8000 Device firmware ET85 for CP-8000/CP-8021/CP-8022 ...
Titel
SSA-264814 V1.4 (Last Update: 2024-12-10): Timing Based Side Channel Vulnerability in the OpenSSL RSA Decryption in SIMATIC Products
Veröffentlicht
10. Dezember 2024 01:00
Text
Several SIMATIC products are affected by a timing based side channel vulnerability in the OpenSSL RSA Decryption (CVE-2023-4304), as disclosed on 2023-02-07 at https://www.openssl.org/news/secadv/20230207.txt. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where fixes are ...
Titel
SSA-876787 V1.2 (Last Update: 2024-12-10): Open Redirect Vulnerability in SIMATIC S7-1500 and S7-1200 CPUs
Veröffentlicht
10. Dezember 2024 01:00
Text
Several SIMATIC S7-1500 and S7-1200 CPU versions are affected by an open redirect vulnerability that could allow an attacker to make the web server of affected devices redirect a legitimate user to an attacker-chosen URL. For a successful attack, the legitimate user must actively click on an attacker-crafted link. Siemens ...
Titel
SSA-392859 V1.0: Local Arbitrary Code Execution Vulnerability in Siemens Engineering Platforms before V20
Veröffentlicht
10. Dezember 2024 01:00
Text
Affected products contain a local arbitrary code execution vulnerability that could allow an attacker to perform actions against the operation system of that environment. Siemens is preparing fix versions and recommends countermeasures for products where fixes are not, or not yet available. Siemens has released products based on the Totally ...
Titel
SSA-822518 V1.2 (Last Update: 2024-12-10): Multiple Vulnerabilities in Palo Alto Networks Virtual NGFW Before V11.0.1 on RUGGEDCOM APE1808 Devices
Veröffentlicht
10. Dezember 2024 01:00
Text
Palo Alto Networks has published [1] information on vulnerabilities in PAN-OS. This advisory lists the related Siemens Industrial products affected by these vulnerabilities. Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available. Customers are advised to consult and implement the workarounds ...
Titel
Bugcrowd
Veröffentlicht
6. Dezember 2024 01:00
Text

Bugcrowd Form

Titel
AutomationDirect C-More EA9 Programming Software
Veröffentlicht
5. Dezember 2024 13:00
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION: Low attack complexity Vendor: AutomationDirect Equipment: C-More EA9 Programming Software Vulnerabilities: Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of these vulnerabilities could result in memory corruption; a buffer overflow condition may allow remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED ...
Titel
Planet Technology Planet WGS-804HPT
Veröffentlicht
5. Dezember 2024 13:00
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Planet Technology Equipment: Planet WGS-804HPT Vulnerabilities: Stack-based Buffer Overflow, Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'), Integer Underflow (Wrap or Wraparound) 2. RISK EVALUATION Successful exploitation of these vulnerabilities could ...
Titel
Open Automation Software
Veröffentlicht
3. Dezember 2024 13:00
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Low attack complexity Vendor: Open Automation Software Equipment: Open Automation Software Vulnerability: Incorrect Execution-Assigned Permissions 2. RISK EVALUATION Successful exploitation of this vulnerability could result in an attacker executing code with escalated privileges. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following ...
Titel
Ruijie Reyee OS
Veröffentlicht
3. Dezember 2024 13:00
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Ruijie Equipment: Reyee OS Vulnerabilities: Weak Password Recovery Mechanism for Forgotten Password, Exposure of Private Personal Information to an Unauthorized Actor, Premature Release of Resource During Expected Lifetime, Insecure Storage of Sensitive Information, Use of Weak ...
Titel
ICONICS and Mitsubishi Electric GENESIS64 Products
Veröffentlicht
3. Dezember 2024 13:00
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Low attack complexity Vendor: ICONICS, Mitsubishi Electric Equipment: ICONICS GENESIS64 Product Suite and Mitsubishi Electric MC Works64 Vulnerabilities: Uncontrolled Search Path Element, Dead Code 2. RISK EVALUATION Successful exploitation of these vulnerabilities could result in remote code execution. 3. TECHNICAL DETAILS ...
Titel
Ruijie Reyee OS (Update A)
Veröffentlicht
3. Dezember 2024 13:00
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Ruijie Equipment: Reyee OS Vulnerabilities: Weak Password Recovery Mechanism for Forgotten Password, Exposure of Private Personal Information to an Unauthorized Actor, Premature Release of Resource During Expected Lifetime, Insecure Storage of Sensitive Information, Use of Weak ...
November 2024
Titel
Schneider Electric PowerLogic PM55xx and PowerLogic PM8ECC
Veröffentlicht
26. November 2024 13:00
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: PowerLogic PM5500 and PowerLogic PM8ECC Vulnerabilities: Weak Password Recovery Mechanism for Forgotten Password, Improper Authentication 2. RISK EVALUATION Successful exploitation of these vulnerabilities could result in an attacker gaining escalated privileges and obtaining ...

Letzte Updates

BOSCH PSIRT
14.08.2025
SIEMENS CERT
09.09.2025
US CERT
25.08.2025
US CERT (ICS)
09.09.2025

Nach Quelle

Archiv

2025
2024
2023
2022
2021
2020
2019
2018
2017

Feeds