Juni 2024
11.06.2024
SIEMENS CERT
SSA-319319 V1.0: Denial of Service Vulnerability in TIA Administrator
Titel
SSA-319319 V1.0: Denial of Service Vulnerability in TIA Administrator
Veröffentlicht
11. Juni 2024 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-319319.html
Text
TIA Administrator creates temporary download files in a directory with insecure permissions. This could allow any authenticated attacker on Windows to disrupt the update process. Siemens has released a new version for TIA Administrator and recommends to update to the latest version.
11.06.2024
SIEMENS CERT
SSA-871704 V1.1 (Last Update: 2024-06-11): Multiple Vulnerabilities in SICAM Products
Titel
SSA-871704 V1.1 (Last Update: 2024-06-11): Multiple Vulnerabilities in SICAM Products
Veröffentlicht
11. Juni 2024 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-871704.html
Text
Multiple SICAM products are affected by vulnerabilities that could lead to privilege escalation, remote code execution or information loss namely: SICAM A8000 device firmwares CPC80 for CP-8000/CP-8021/CP-8022 CPCI85 and OPUPI0 for CP-8031/CP-8050 SICAM EGS firmware CPCI85 and OPUPI0 SICAM 8 Software Solution SICORE Siemens has released new versions for the ...
11.06.2024
SIEMENS CERT
SSA-879734 V1.0: Multiple Vulnerabilities in SCALANCE XM-400/XR-500 before V6.6.1
Titel
SSA-879734 V1.0: Multiple Vulnerabilities in SCALANCE XM-400/XR-500 before V6.6.1
Veröffentlicht
11. Juni 2024 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-879734.html
Text
Siemens has released new versions for the affected products and recommends to update to the latest versions.
11.06.2024
SIEMENS CERT
SSA-771940 V1.0: X_T File Parsing Vulnerabilities in Teamcenter Visualization and JT2Go
Titel
SSA-771940 V1.0: X_T File Parsing Vulnerabilities in Teamcenter Visualization and JT2Go
Veröffentlicht
11. Juni 2024 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-771940.html
Text
Teamcenter Visualization and JT2Go is affected by out of bounds read, stack exhaustion and null pointer dereference vulnerabilities that could be triggered when the application reads files in X_T format. If a user is tricked to open a malicious file with the affected applications, an attacker could leverage the vulnerability ...
11.06.2024
SIEMENS CERT
SSA-599968 V1.6 (Last Update: 2024-06-11): Denial-of-Service Vulnerability in Profinet Devices
Titel
SSA-599968 V1.6 (Last Update: 2024-06-11): Denial-of-Service Vulnerability in Profinet Devices
Veröffentlicht
11. Juni 2024 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-599968.html
Text
A vulnerability in affected devices could allow an attacker to perform a denial-of-service attack if a large amount of Profinet Discovery and Configuration Protocol (DCP) reset packets is sent to the affected devices. Siemens has released new versions for several affected products and recommends to update to the latest versions. ...
11.06.2024
SIEMENS CERT
SSA-900277 V1.0: MODEL File Parsing Vulnerability in Tecnomatix Plant Simulation before V2302.0012 and V2024.0001
Titel
SSA-900277 V1.0: MODEL File Parsing Vulnerability in Tecnomatix Plant Simulation before V2302.0012 and V2024.0001
Veröffentlicht
11. Juni 2024 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-900277.html
Text
Tecnomatix Plant Simulation contains a type confusion vulnerability that could be triggered when the application reads MODEL files. If a user is tricked to open a malicious file using the affected application, this could lead to a crash, and potentially also to arbitrary code execution on the target host system. ...
11.06.2024
SIEMENS CERT
SSA-398330 V1.6 (Last Update: 2024-06-11): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 151...
Titel
SSA-398330 V1.6 (Last Update: 2024-06-11): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
Veröffentlicht
11. Juni 2024 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-398330.html
Text
Multiple vulnerabilities have been identified in the additional GNU/Linux subsystem of the firmware version V3.1 for the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP (incl. SIPLUS variant). These GNU/Linux vulnerabilities have been externally identified. Siemens is preparing fix versions and recommends specific countermeasures for products where fixes are not, or not ...
11.06.2024
SIEMENS CERT
SSA-024584 V1.0: Authentication Bypass Vulnerability in PowerSys before V3.11
Titel
SSA-024584 V1.0: Authentication Bypass Vulnerability in PowerSys before V3.11
Veröffentlicht
11. Juni 2024 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-024584.html
Text
PowerSys before V3.11 is affected by a vulnerability that could allow a local attacker to bypass authentication, thereby gaining administrative privileges for the managed remote devices. Siemens has released a new version for PowerSys and recommends to update to the latest version.
11.06.2024
SIEMENS CERT
SSA-620338 V1.0: Buffer Overflow Vulnerability in SICAM AK3 / BC / TM
Titel
SSA-620338 V1.0: Buffer Overflow Vulnerability in SICAM AK3 / BC / TM
Veröffentlicht
11. Juni 2024 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-620338.html
Text
SICAM AK3/TM/BC devices are affected by a buffer overflow vulnerability that could allow an attacker to execute code in the context of the current process or lead to a denial of service condition. SICAM AK3 device firmware CPCX26 for CP-2016 PCCX26 for CP-2019 SICAM AK3, SICAM BC and SICAM TM ...
11.06.2024
SIEMENS CERT
SSA-341067 V1.0: Multiple vulnerabilities in third-party components in ST7 ScadaConnect before V1.1
Titel
SSA-341067 V1.0: Multiple vulnerabilities in third-party components in ST7 ScadaConnect before V1.1
Veröffentlicht
11. Juni 2024 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-341067.html
Text
Siemens has released a new version for ST7 ScadaConnect and recommends to update to the latest version.
11.06.2024
SIEMENS CERT
SSA-093430 V1.1 (Last Update: 2024-06-11): Multiple Vulnerabilities in SIMATIC RTLS Locating Manager before V3.0
Titel
SSA-093430 V1.1 (Last Update: 2024-06-11): Multiple Vulnerabilities in SIMATIC RTLS Locating Manager before V3.0
Veröffentlicht
11. Juni 2024 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-093430.html
Text
Siemens has released a new version for SIMATIC RTLS Locating Manager and recommends to update to the latest version.
11.06.2024
SIEMENS CERT
SSA-353002 V1.1 (Last Update: 2024-06-11): Multiple Vulnerabilities in SCALANCE XB-200 / XC-200 / XP-200 / XF-200BA / XR-300WG ...
Titel
SSA-353002 V1.1 (Last Update: 2024-06-11): Multiple Vulnerabilities in SCALANCE XB-200 / XC-200 / XP-200 / XF-200BA / XR-300WG Family
Veröffentlicht
11. Juni 2024 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-353002.html
Text
SCALANCE XB-200/XC-200/XP-200/XF-200BA/XR-300WG Family is affected by multiple vulnerabilities. CVE-2023-44318 and CVE-2023-44321 were previously published as part of SSA-699386. Siemens recommends countermeasures for products where fixes are not, or not yet available.
11.06.2024
SIEMENS CERT
SSA-337522 V1.0: Multiple Vulnerabilities in TIM 1531 IRC before V2.4.8
Titel
SSA-337522 V1.0: Multiple Vulnerabilities in TIM 1531 IRC before V2.4.8
Veröffentlicht
11. Juni 2024 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-337522.html
Text
Siemens has released new versions for the affected products and recommends to update to the latest versions.
11.06.2024
SIEMENS CERT
SSA-196737 V1.0: Multiple Vulnerabilities in SINEC Traffic Analyzer before V1.2
Titel
SSA-196737 V1.0: Multiple Vulnerabilities in SINEC Traffic Analyzer before V1.2
Veröffentlicht
11. Juni 2024 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-196737.html
Text
SINEC Traffic Analyzer before V1.2 is affected by multiple vulnerabilities. Siemens has released a new version for SINEC Traffic Analyzer and recommends to update to the latest version.
11.06.2024
SIEMENS CERT
SSA-035466 V1.1 (Last Update: 2024-06-11): Incorrect Permission Assignment in SICAM PAS/PQS
Titel
SSA-035466 V1.1 (Last Update: 2024-06-11): Incorrect Permission Assignment in SICAM PAS/PQS
Veröffentlicht
11. Juni 2024 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-035466.html
Text
SICAM PAS/PQS is affected by insecure permission assignments in application folders that could allow an authenticated local attacker to read and modify configuration data or to escalate privileges. Siemens has released a new version for SICAM PAS/PQS and recommends to update to the latest version. Siemens has also released a ...
06.06.2024
US CERT (ICS)
Emerson Ovation
Titel
Emerson Ovation
Veröffentlicht
6. Juni 2024 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-24-158-02
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Emerson Equipment: Ovation Vulnerabilities: Missing Authentication for Critical Function, Insufficient Verification of Data Authenticity CISA is aware of a public report, known as "OT:ICEFALL", detailing vulnerabilities found in multiple operational technology (OT) vendors. CISA is issuing ...
06.06.2024
US CERT (ICS)
Johnson Controls Software House iStar Pro Door Controller
Titel
Johnson Controls Software House iStar Pro Door Controller
Veröffentlicht
6. Juni 2024 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-24-158-04
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Johnson Controls Inc. Equipment: Software House iStar Pro Door Controller, ICU Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability may allow an attacker to perform a machine-in-the-middle attack to inject ...
06.06.2024
US CERT (ICS)
Emerson PACSystem and Fanuc
Titel
Emerson PACSystem and Fanuc
Veröffentlicht
6. Juni 2024 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-24-158-01
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.6 ATTENTION: Low attack complexity Vendor: Emerson Equipment: PACSystem, Fanuc Vulnerabilities: Cleartext Transmission of Sensitive Information, Insufficient Verification of Data Authenticity Insufficiently Protected Credentials, Download of Code Without Integrity Check CISA is aware of a public report, known as "OT:ICEFALL", detailing vulnerabilities found ...
04.06.2024
US CERT (ICS)
Uniview NVR301-04S2-P4
Titel
Uniview NVR301-04S2-P4
Veröffentlicht
4. Juni 2024 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-24-156-01
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 4.8 ATTENTION: Exploitable remotely/low attack complexity/public exploits available Vendor: Uniview Equipment: NVR301-04S2-P4 Vulnerability: Cross-site Scripting 2. RISK EVALUATION An attacker could send a user a URL that if clicked on could execute malicious JavaScript in their browser. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ...
Mai 2024
30.05.2024
US CERT (ICS)
Fuji Electric Monitouch V-SFT
Titel
Fuji Electric Monitouch V-SFT
Veröffentlicht
30. Mai 2024 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-24-151-02
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Low attack complexity Vendor: Fuji Electric Equipment: Monitouch V-SFT Vulnerabilities: Out-of-Bounds Write, Stack-Based Buffer Overflow 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of ...
30.05.2024
US CERT (ICS)
Fuji Electric Monitouch V-SFT (Update A)
Titel
Fuji Electric Monitouch V-SFT (Update A)
Veröffentlicht
30. Mai 2024 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-24-151-02
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Low attack complexity Vendor: Fuji Electric Equipment: Monitouch V-SFT Vulnerabilities: Out-of-Bounds Write, Stack-Based Buffer Overflow, Type Confusion 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following ...
30.05.2024
US CERT (ICS)
LenelS2 NetBox
Titel
LenelS2 NetBox
Veröffentlicht
30. Mai 2024 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-24-151-01
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: LenelS2 Equipment: NetBox Vulnerabilities: Use of Hard-coded Password, OS Command Injection, Argument Injection 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to bypass authentication and execute malicious commands with elevated permissions 3. ...
30.05.2024
US CERT (ICS)
Westermo EDW-100
Titel
Westermo EDW-100
Veröffentlicht
30. Mai 2024 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-24-151-04
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Westermo Equipment: EDW-100 Vulnerabilities: Use of Hard-coded Password, Insufficiently Protected Credentials 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to access the device using hardcoded credentials and download cleartext username and passwords. ...
30.05.2024
US CERT (ICS)
Inosoft VisiWin
Titel
Inosoft VisiWin
Veröffentlicht
30. Mai 2024 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-24-151-03
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Low attack complexity/public exploits are available Vendor: Inosoft Equipment: VisiWin Vulnerability: Incorrect Default Permissions 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to gain SYSTEM privileges. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Inosoft products are ...
28.05.2024
US CERT (ICS)
Campbell Scientific CSI Web Server
Titel
Campbell Scientific CSI Web Server
Veröffentlicht
28. Mai 2024 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-24-149-01
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Campbell Scientific Equipment: CSI Web Server Vulnerabilities: Path Traversal, Weak Encoding for Password 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to download files and decode stored passwords. 3. TECHNICAL DETAILS 3.1 ...

Letzte Updates

BOSCH PSIRT
15.01.2025
SIEMENS CERT
17.04.2025
US CERT
01.04.2025
US CERT (ICS)
17.04.2025

Nach Quelle

Archiv

2025
2024
2023
2022
2021
2020
2019
2018
2017

Feeds