Juli 2024
22.07.2024
SIEMENS CERT
SSA-071402 V1.0: Multiple Vulnerabilities in SICAM Products
Titel
SSA-071402 V1.0: Multiple Vulnerabilities in SICAM Products
Veröffentlicht
22. Juli 2024 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-071402.html
Text
Multiple SICAM products are affected by unauthorized password reset and firmware downgrade vulnerabilities that could lead to privilege escalation and potential leak of information, namely: SICAM A8000 Device firmware CPCI85 for CP-8031/CP-8050 SICAM EGS Device firmware CPCI85 SICAM 8 Software Solution SICORE Siemens has released new firmware versions for the ...
19.07.2024
BOSCH PSIRT
"regreSSHion" OpenSSH vulnerability in PRC7000
Titel
"regreSSHion" OpenSSH vulnerability in PRC7000
Veröffentlicht
19. Juli 2024 02:00
URL
https://psirt.bosch.com/security-advisories/bosch-sa-258444.html
Text

BOSCH-SA-248444: The Qualys Threat Research Unit (TRU) has discovered a Remote Unauthenticated Code Execution (RCE) vulnerability in OpenSSH’s server (sshd) in glibc-based Linux systems. The vulnerability, which is a signal handler race condition in OpenSSH’s server (sshd), allows unauthenticated remote code execution (RCE) as root on glibc-based Linux systems; that ...

18.07.2024
US CERT (ICS)
Mitsubishi Electric MELSOFT MaiLab
Titel
Mitsubishi Electric MELSOFT MaiLab
Veröffentlicht
18. Juli 2024 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-24-200-01
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.2 ATTENTION: Exploitable remotely Vendor: Mitsubishi Electric Corporation Equipment: MELSOFT MaiLab Vulnerability: Improper Verification of Cryptographic Signature 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote attacker to cause a denial-of-service condition in the target product. 3. TECHNICAL DETAILS 3.1 ...
18.07.2024
US CERT (ICS)
Subnet Solutions PowerSYSTEM Center
Titel
Subnet Solutions PowerSYSTEM Center
Veröffentlicht
18. Juli 2024 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-24-200-02
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Subnet Solutions Inc. Equipment: Subnet PowerSYSTEM Center Vulnerability: Prototype Pollution 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an authenticated attacker to elevate permissions. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of ...
16.07.2024
US CERT (ICS)
Rockwell Automation Pavilion 8
Titel
Rockwell Automation Pavilion 8
Veröffentlicht
16. Juli 2024 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-24-198-01
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: Pavilion 8 Vulnerability: Incorrect Permission Assignment for Critical Resource 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to create new users and view sensitive data. 3. TECHNICAL DETAILS 3.1 ...
11.07.2024
US CERT (ICS)
Siemens JT Open and PLM XML SDK
Titel
Siemens JT Open and PLM XML SDK
Veröffentlicht
11. Juli 2024 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-24-193-10
Text
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).View CSAF 1. EXECUTIVE SUMMARY CVSS ...
11.07.2024
US CERT (ICS)
Siemens TIA Portal and SIMATIC STEP 7
Titel
Siemens TIA Portal and SIMATIC STEP 7
Veröffentlicht
11. Juli 2024 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-24-193-12
Text
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).View CSAF 1. EXECUTIVE SUMMARY CVSS ...
11.07.2024
US CERT (ICS)
Siemens SCALANCE, RUGGEDCOM, SIPLUS, and SINEC
Titel
Siemens SCALANCE, RUGGEDCOM, SIPLUS, and SINEC
Veröffentlicht
11. Juli 2024 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-24-193-05
Text
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).View CSAF 1. EXECUTIVE SUMMARY CVSS ...
11.07.2024
US CERT (ICS)
Siemens SIMATIC and SIMIT
Titel
Siemens SIMATIC and SIMIT
Veröffentlicht
11. Juli 2024 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-24-193-07
Text
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).View CSAF 1. EXECUTIVE SUMMARY CVSS ...
11.07.2024
US CERT (ICS)
Siemens Remote Connect Server
Titel
Siemens Remote Connect Server
Veröffentlicht
11. Juli 2024 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-24-193-01
Text
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).View CSAF 1. EXECUTIVE SUMMARY CVSS ...
11.07.2024
US CERT (ICS)
Siemens RUGGEDCOM
Titel
Siemens RUGGEDCOM
Veröffentlicht
11. Juli 2024 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-24-193-06
Text
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).View CSAF 1. EXECUTIVE SUMMARY CVSS ...
11.07.2024
US CERT (ICS)
Siemens RUGGEDCOM APE 1808
Titel
Siemens RUGGEDCOM APE 1808
Veröffentlicht
11. Juli 2024 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-24-193-02
Text
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).View CSAF 1. EXECUTIVE SUMMARY CVSS ...
09.07.2024
US CERT
CISA Red Team’s Operations Against a Federal Civilian Executive Branch Organization Highlights the Necessity of Defense-in-Depth
Titel
CISA Red Team’s Operations Against a Federal Civilian Executive Branch Organization Highlights the Necessity of Defense-in-Depth
Veröffentlicht
9. Juli 2024 16:09
URL
https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-193a
Text
EXECUTIVE SUMMARY In early 2023, the Cybersecurity and Infrastructure Security Agency (CISA) conducted a SILENTSHIELD red team assessment against a Federal Civilian Executive Branch (FCEB) organization. During SILENTSHIELD assessments, the red team first performs a no-notice, long-term simulation of nation-state cyber operations. The team mimics the techniques, tradecraft, and behaviors ...
09.07.2024
US CERT (ICS)
Johnson Controls Software House C●CURE 9000
Titel
Johnson Controls Software House C●CURE 9000
Veröffentlicht
9. Juli 2024 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-24-191-05
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.7 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Johnson Controls Inc. Equipment: Software House C●CURE 9000 Vulnerability: Incorrect Default Permissions 2. RISK EVALUATION Successful exploitation of this vulnerability may allow an attacker to access credentials used for access to the application. 3. TECHNICAL DETAILS ...
09.07.2024
US CERT (ICS)
Johnson Controls Illustra Pro Gen 4
Titel
Johnson Controls Illustra Pro Gen 4
Veröffentlicht
9. Juli 2024 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-24-191-03
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.0 ATTENTION: Exploitable remotely Vendor: Johnson Controls, Inc. Equipment: Illustra Pro Gen 4 Vulnerability: Dependency on Vulnerable Third-Party Component 2. RISK EVALUATION Successful exploitation of this vulnerability could impact confidentiality and integrity of the device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Johnson Controls ...
09.07.2024
US CERT (ICS)
Delta Electronics CNCSoft-G2
Titel
Delta Electronics CNCSoft-G2
Veröffentlicht
9. Juli 2024 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-24-191-01
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION: Low attack complexity Vendor: Delta Electronics Equipment: CNCSoft-G2 Vulnerabilities: Stack-based Buffer Overflow, Out-of-bounds Write, Out-of-bounds Read, Heap-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of these vulnerabilities could cause a buffer overflow condition and allow remote code execution. 3. TECHNICAL DETAILS ...
09.07.2024
US CERT (ICS)
Mitsubishi Electric MELIPC Series MI5122-VW
Titel
Mitsubishi Electric MELIPC Series MI5122-VW
Veröffentlicht
9. Juli 2024 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-24-191-02
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Low attack complexity Vendor: Mitsubishi Electric Equipment: MI5122-VW Vulnerability: Incorrect Default Permissions 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to tamper with, destroy, disclose, or delete information in the product, or cause a denial-of-service (DoS) condition ...
09.07.2024
SIEMENS CERT
SSA-381581 V1.0: Multiple Vulnerabilities in SINEMA Remote Connect Server before V3.2 SP1
Titel
SSA-381581 V1.0: Multiple Vulnerabilities in SINEMA Remote Connect Server before V3.2 SP1
Veröffentlicht
9. Juli 2024 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-381581.html
Text
SINEMA Remote Connect Server before V3.2 SP1 is affected by multiple vulnerabilities. Siemens has released a new version for SINEMA Remote Connect Server and recommends to update to the latest version.
09.07.2024
SIEMENS CERT
SSA-446448 V2.2 (Last Update: 2024-07-09): Denial of Service Vulnerability in PROFINET Stack Integrated on Interniche Stack
Titel
SSA-446448 V2.2 (Last Update: 2024-07-09): Denial of Service Vulnerability in PROFINET Stack Integrated on Interniche Stack
Veröffentlicht
9. Juli 2024 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-446448.html
Text
The PROFINET (PNIO) stack, when integrated with the Interniche IP stack, contains a vulnerability that could allow an attacker to cause a denial of service condition on affected industrial products. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens recommends specific ...
09.07.2024
SIEMENS CERT
SSA-398330 V1.7 (Last Update: 2024-07-09): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 151...
Titel
SSA-398330 V1.7 (Last Update: 2024-07-09): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
Veröffentlicht
9. Juli 2024 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-398330.html
Text
Multiple vulnerabilities have been identified in the additional GNU/Linux subsystem of the firmware version V3.1 for the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP (incl. SIPLUS variant). These GNU/Linux vulnerabilities have been externally identified. Siemens is preparing fix versions and recommends specific countermeasures for products where fixes are not, or not ...
09.07.2024
SIEMENS CERT
SSA-779936 V1.0: Catalog-Profile Deserialization Vulnerability in Siemens Engineering Platforms before V19
Titel
SSA-779936 V1.0: Catalog-Profile Deserialization Vulnerability in Siemens Engineering Platforms before V19
Veröffentlicht
9. Juli 2024 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-779936.html
Text
Affected applications do not properly restrict the .NET BinaryFormatter when deserializing user-controllable input. This could allow an attacker to cause a type confusion and execute arbitrary code within the affected application. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens recommends ...
09.07.2024
SIEMENS CERT
SSA-780073 V2.4 (Last Update: 2024-07-09): Denial of Service Vulnerability in PROFINET Devices via DCE-RPC Packets
Titel
SSA-780073 V2.4 (Last Update: 2024-07-09): Denial of Service Vulnerability in PROFINET Devices via DCE-RPC Packets
Veröffentlicht
9. Juli 2024 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-780073.html
Text
Products that include the Siemens PROFINET-IO (PNIO) stack in versions prior V06.00 are potentially affected by a denial of service vulnerability when multiple legitimate diagnostic package requests are sent to the DCE-RPC interface. Siemens has released new versions for several affected products and recommends to update to the latest versions. ...
09.07.2024
SIEMENS CERT
SSA-473245 V2.7 (Last Update: 2024-07-09): Denial of Service Vulnerability in Profinet Devices
Titel
SSA-473245 V2.7 (Last Update: 2024-07-09): Denial of Service Vulnerability in Profinet Devices
Veröffentlicht
9. Juli 2024 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-473245.html
Text
A vulnerability in affected devices could allow an attacker to perform a denial of service attack if a large amount of specially crafted UDP packets are sent to the device. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens recommends specific ...
09.07.2024
SIEMENS CERT
SSA-455250 V1.2 (Last Update: 2024-07-09): Multiple Vulnerabilities in Palo Alto Networks Virtual NGFW on RUGGEDCOM APE1808 dev...
Titel
SSA-455250 V1.2 (Last Update: 2024-07-09): Multiple Vulnerabilities in Palo Alto Networks Virtual NGFW on RUGGEDCOM APE1808 devices before V11.1.2-h3
Veröffentlicht
9. Juli 2024 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-455250.html
Text
Palo Alto Networks has published [1] information on vulnerabilities in PAN-OS. This advisory lists the related Siemens Industrial products affected by these vulnerabilities. Siemens has released a new version of Palo Alto Networks Virtual NGFW for RUGGEDCOM APE1808 and recommends to update to the latest version. Customers are advised to ...
09.07.2024
SIEMENS CERT
SSA-364175 V1.0: Multiple Vulnerabilities in Palo Alto Networks Virtual NGFW on RUGGEDCOM APE1808 devices
Titel
SSA-364175 V1.0: Multiple Vulnerabilities in Palo Alto Networks Virtual NGFW on RUGGEDCOM APE1808 devices
Veröffentlicht
9. Juli 2024 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-364175.html
Text
Palo Alto Networks has published [1] information on vulnerabilities in PAN-OS. This advisory lists the related Siemens Industrial products affected by these vulnerabilities. Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available. Customers are advised to consult and implement the workarounds ...

Letzte Updates

BOSCH PSIRT
25.04.2025
SIEMENS CERT
23.05.2025
US CERT
20.05.2025
US CERT (ICS)
05.06.2025

Nach Quelle

Archiv

2025
2024
2023
2022
2021
2020
2019
2018
2017

Feeds