SIEMENS CERT
03/08/2022
Multiple vulnerabilities (also known as “NUCLEUS:13”) have been identified in the Nucleus RTOS (real-time operating system), originally reported in the Siemens Security Advisory SSA-044112: https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf. SIMOTICS CONNECT 400 devices are affected by some of the vulnerabilities as documented below. Siemens has released an update for the SIMOTICS CONNECT 400 and …
SIEMENS CERT
03/08/2022
Security researchers discovered and disclosed 33 vulnerabilities in several open-source TCP/IP stacks for embedded devices, also known as “AMNESIA:33” vulnerabilities. This advisory describes the impact of two of these vulnerabilities (CVE-2020-13987, CVE-2020-17437) to Siemens products. Siemens has released updates for several affected products and recommends to update to the latest …
SIEMENS CERT
03/08/2022
Intel has published information on vulnerabilities in Intel products in November 2020. This advisory lists the Siemens IPC related products, that are affected by these vulnerabilities. In this advisory we take a representative CVE from each advisory: “Intel CSME, SPS, TXE, AMT and DAL Advisory” Intel-SA-00391 is represented by CVE-2020-8745 …
SIEMENS CERT
03/08/2022
Multiple vulnerabilities were found in SIMATIC WinCC that ultimately could allow local or remote attackers to escalate privileges and read, write or delete critical files. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures …
SIEMENS CERT
03/08/2022
SSA-669737 V1.1 (Last Update: 2022-03-08): Improper Access Control Vulnerability in SICAM TOOLBOX II
SICAM TOOLBOX II contains a vulnerability that could allow an attacker access through a circumventable access control. Siemens is preparing updates and recommends countermeasures for products where updates are not, or not yet available.
SIEMENS CERT
03/08/2022
Multiple vulnerabilities have been identified in the Climatix POL909 (AWM and AWB) that could allow an unauthenticated attacker to hijack and redirect users to a malicious webpage, or allow an authenticated attacker to access sensitive files. Siemens has released an update for the Climatix POL909 (AWM and AWB) and recommends …
SIEMENS CERT
03/08/2022
SINEC NMS contains multiple vulnerabilities that could allow an attacker to execute arbitrary code on the system, arbitrary commands on the local database or achieve privilege escalation. Siemens recommends specific countermeasures for products where updates are not, or not yet available.
SIEMENS CERT
03/08/2022
SIMOTICS CONNECT 400 is affected by DNS Client vulnerabilities as initially reported in Siemens Security Advisory SSA-705111 (https://cert-portal.siemens.com/productcert/pdf/ssa-705111.pdf) for the DNS Module in Nucleus RTOS. Siemens has released updates for the SIMOTICS CONNECT 400 and recommends to update to the latest version.