Bulletins | CERT@VDE

SSA-552702 V1.5 (Last Update: 2023-04-11): Privilege Escalation Vulnerability in the Web Interface of SCALANCE and RUGGEDCOM Pr...

Titel

SSA-552702 V1.5 (Last Update: 2023-04-11): Privilege Escalation Vulnerability in the Web Interface of SCALANCE and RUGGEDCOM Products

Veröffentlicht

11. April 2023 02:00

URL

https://cert-portal.siemens.com/productcert/html/ssa-552702.html

Text

The products listed below do not properly authorize the change password function of the web interface. This could allow low privileged users to escalate their privileges. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates ...

SSA-549234 V1.3 (Last Update: 2023-04-11): Denial-of-Service Vulnerability in SIMATIC NET CP Modules

Titel

SSA-549234 V1.3 (Last Update: 2023-04-11): Denial-of-Service Vulnerability in SIMATIC NET CP Modules

Veröffentlicht

11. April 2023 02:00

URL

https://cert-portal.siemens.com/productcert/html/ssa-549234.html

Text

A denial of service vulnerability was identified in different types of Communication Processors. An attacker could exploit this vulnerability causing the device to become un-operational until the device is restarted. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures ...

SSA-472454 V1.0: Command Injection Vulnerability in CPCI85 Firmware of SICAM A8000 Devices

Titel

SSA-472454 V1.0: Command Injection Vulnerability in CPCI85 Firmware of SICAM A8000 Devices

Veröffentlicht

11. April 2023 02:00

URL

https://cert-portal.siemens.com/productcert/html/ssa-472454.html

Text

The CPCI85 firmware of SICAM A8000 CP-8031 and CP-8050 is affected by unauthenticated command injection vulnerability. This could allow an attacker to perfom remote code execution. Siemens has released updates for the affected products and recommends to update to the latest versions.

SSA-462066 V3.1 (Last Update: 2023-04-11): Vulnerability known as TCP SACK PANIC in Industrial Products

Titel

SSA-462066 V3.1 (Last Update: 2023-04-11): Vulnerability known as TCP SACK PANIC in Industrial Products

Veröffentlicht

11. April 2023 02:00

URL

https://cert-portal.siemens.com/productcert/html/ssa-462066.html

Text

Multiple industrial products are affected by a vulnerability in the kernel known as TCP SACK PANIC. The vulnerability could allow a remote attacker to cause a denial of service condition. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures ...

SSA-459643 V1.2 (Last Update: 2023-04-11): Denial of Service Vulnerability in RUGGEDCOM ROS before V5.6.0

Titel

SSA-459643 V1.2 (Last Update: 2023-04-11): Denial of Service Vulnerability in RUGGEDCOM ROS before V5.6.0

Veröffentlicht

11. April 2023 02:00

URL

https://cert-portal.siemens.com/productcert/html/ssa-459643.html

Text

RUGGEDCOM ROS-based devices are vulnerable to a denial of service attack (Slowloris). By sending partial HTTP requests nonstop, with none completed, the affected web servers will be waiting for the completion of each request, occupying all available HTTP connections. The web server recovers by itself once the attack ends. Siemens ...

SSA-446448 V1.8 (Last Update: 2023-04-11): Denial of Service Vulnerability in PROFINET Stack Integrated on Interniche Stack

Titel

SSA-446448 V1.8 (Last Update: 2023-04-11): Denial of Service Vulnerability in PROFINET Stack Integrated on Interniche Stack

Veröffentlicht

11. April 2023 02:00

URL

https://cert-portal.siemens.com/productcert/html/ssa-446448.html

Text

The PROFINET (PNIO) stack, when integrated with the Interniche IP stack, contains a vulnerability that could allow an attacker to cause a denial of service condition on affected industrial products. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further ...

SSA-478960 V1.3 (Last Update: 2023-04-11): Missing CSRF Protection in the Web Server Login Page of Industrial Controllers

Titel

SSA-478960 V1.3 (Last Update: 2023-04-11): Missing CSRF Protection in the Web Server Login Page of Industrial Controllers

Veröffentlicht

11. April 2023 02:00

URL

https://cert-portal.siemens.com/productcert/html/ssa-478960.html

Text

The web server login page of affected products does not apply proper origin checking. This could allow authenticated remote attackers to track the activities of other users via a login cross-site request forgery attack.. Siemens has released updates for several affected products and recommends to update to the latest versions. ...

SSA-270778 V1.8 (Last Update: 2023-04-11): Denial-of-Service Vulnerability in SIMATIC PCS 7, SIMATIC WinCC and SIMATIC NET PC S...

Titel

SSA-270778 V1.8 (Last Update: 2023-04-11): Denial-of-Service Vulnerability in SIMATIC PCS 7, SIMATIC WinCC and SIMATIC NET PC Software

Veröffentlicht

11. April 2023 02:00

URL

https://cert-portal.siemens.com/productcert/html/ssa-270778.html

Text

A Denial-of-Service vulnerability was found in SIMATIC PCS 7, SIMATIC WinCC and SIMATIC NET PC software when encrypted communication is enabled. The vulnerability could allow an attacker with network access to cause a Denial-of-Service condition under certain circumstances (versions prior to SIMATIC WinCC V7.3 or SIMATIC PCS 7 V8.1 are ...

SSA-511182 V1.0: Use of Static TLS Certificate Known Hard Coded Private Keys in Adaptec Maxview Application

Titel

SSA-511182 V1.0: Use of Static TLS Certificate Known Hard Coded Private Keys in Adaptec Maxview Application

Veröffentlicht

11. April 2023 02:00

URL

https://cert-portal.siemens.com/productcert/html/ssa-511182.html

Text

The Adaptec Maxview application shipped with affected SIMATIC IPCs contains a hard coded, non-unique certificate to secure HTTPS connections between the browser and the local Maxview configuration application. A local attacker may use this key to decrypt intercepted local traffic between the browser and the application and could perform a ...

SSA-632164 V1.0: External Entity Injection Vulnerability in Polarion ALM

Titel

SSA-632164 V1.0: External Entity Injection Vulnerability in Polarion ALM

Veröffentlicht

11. April 2023 02:00

URL

https://cert-portal.siemens.com/productcert/html/ssa-632164.html

Text

Polarion ALM is vulnerable to XML External Entity (XXE) injection attack that could allow an attacker to potentially disclose confidential data. Siemens has released an update for Polarion ALM and recommends to update to the latest version, and update specific configurations to mitigate against the vulnerability. The configuration changes to ...

SSA-413565 V1.2 (Last Update: 2023-04-11): Multiple Vulnerabilities in SCALANCE Products

Titel

SSA-413565 V1.2 (Last Update: 2023-04-11): Multiple Vulnerabilities in SCALANCE Products

Veröffentlicht

11. April 2023 02:00

URL

https://cert-portal.siemens.com/productcert/html/ssa-413565.html

Text

Multiple SCALANCE devices are affected by several vulnerabilities that could allow an attacker to inject code, retrieve data as debug information as well as user CLI passwords or set the CLI to an irresponsive state. Siemens has released updates for several affected products and recommends to update to the latest ...

SSA-408105 V1.1 (Last Update: 2023-04-11): Buffer Overflow Vulnerabilities in OpenSSL 3.0 Affecting Siemens Products

Titel

SSA-408105 V1.1 (Last Update: 2023-04-11): Buffer Overflow Vulnerabilities in OpenSSL 3.0 Affecting Siemens Products

Veröffentlicht

11. April 2023 02:00

URL

https://cert-portal.siemens.com/productcert/html/ssa-408105.html

Text

The openSSL component, versions 3.0.0 through 3.0.6, contains two buffer overflow vulnerabilities (CVE-2022-3602, CVE-2022-3786) in the X.509 certificate verification [0]. They could allow an attacker to create a denial of service condition or execute arbitrary code on a vulnerable TLS server (if the server requests client certificate authentication), or on ...

SSA-382653 V1.2 (Last Update: 2023-04-11): Multiple Denial of Service Vulnerabilities in Industrial Products

Titel

SSA-382653 V1.2 (Last Update: 2023-04-11): Multiple Denial of Service Vulnerabilities in Industrial Products

Veröffentlicht

11. April 2023 02:00

URL

https://cert-portal.siemens.com/productcert/html/ssa-382653.html

Text

Affected SIMATIC firmware contains multiple vulnerabilities that could allow an unauthenticated attacker to perform a denial-of-service attack under certain conditions. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends countermeasures for products where updates are not, ...

SSA-102233 V2.1 (Last Update: 2023-04-11): SegmentSmack in VxWorks-based Industrial Devices

Titel

SSA-102233 V2.1 (Last Update: 2023-04-11): SegmentSmack in VxWorks-based Industrial Devices

Veröffentlicht

11. April 2023 02:00

URL

https://cert-portal.siemens.com/productcert/html/ssa-102233.html

Text

The products listed below contain a vulnerability that could allow remote attackers to affect the availability of the devices under certain conditions. The underlying TCP stack can be forced to make very computation expensive calls for every incoming packet which can lead to a Denial-of-Service. Siemens has released updates for ...

SSA-840188 V1.6 (Last Update: 2023-04-11): Multiple Vulnerabilities in SIMATIC WinCC Affecting Other SIMATIC Software Products

Titel

SSA-840188 V1.6 (Last Update: 2023-04-11): Multiple Vulnerabilities in SIMATIC WinCC Affecting Other SIMATIC Software Products

Veröffentlicht

11. April 2023 02:00

URL

https://cert-portal.siemens.com/productcert/html/ssa-840188.html

Text

Multiple vulnerabilities were found in SIMATIC WinCC that ultimately could allow local or remote attackers to escalate privileges and read, write or delete critical files. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are ...

Industrial Control Links ScadaFlex II SCADA Controllers

Titel

Industrial Control Links ScadaFlex II SCADA Controllers

Veröffentlicht

6. April 2023 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-23-096-01

Text

1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: Industrial Control Links Equipment: ScadaFlex II SCADA Controllers Vulnerability: External Control of File Name or Path 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an authenticated attacker to overwrite, delete, or create files. ...

Hitachi Energy MicroSCADA System Data Manager SDM600

Titel

Hitachi Energy MicroSCADA System Data Manager SDM600

Veröffentlicht

6. April 2023 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-23-096-05

Text

1. EXECUTIVE SUMMARY CVSS v3 9.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: MicroSCADA System Data Manager SDM600 Vulnerabilities: Unrestricted Upload of File with Dangerous Type, Improper Authorization, Improper Resource Shutdown or Release, Improper Privilege Management 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker ...

JTEKT ELECTRONICS Screen Creator Advance 2

Titel

JTEKT ELECTRONICS Screen Creator Advance 2

Veröffentlicht

6. April 2023 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-23-096-02

Text

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: JTEKT ELECTRONICS CORPORATION Equipment: Screen Creator Advance 2 Vulnerabilities: Out-of-bounds Read, Out-of-bounds Write, Use After Free 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to disclose information or execute arbitrary code. 3. TECHNICAL DETAILS 3.1 ...

https://www.cisa.gov/news-events/ics-advisories/icsa-23-096-04

Korenix Jetwave

Titel

Korenix Jetwave

Veröffentlicht

6. April 2023 14:00

URL

Text

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Korenix Equipment: Jetwave Vulnerabilities: Command Injection, Uncontrolled Resource Consumption 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to gain full access to the underlying operating system of the device or cause a denial-of-service condition. ...

JTEKT ELECTRONICS Kostac PLC Programming Software

Titel

JTEKT ELECTRONICS Kostac PLC Programming Software

Veröffentlicht

6. April 2023 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-23-096-03

Text

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: JTEKT ELECTRONICS CORPORATION Equipment: Kostac PLC Programming Software Vulnerabilities: Out-of-bounds Read, Use After Free 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to disclose information or execute arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ...

04.04.2023

Nexx Smart Home Device

Titel

Nexx Smart Home Device

Veröffentlicht

4. April 2023 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-23-094-01

Text

1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Nexx Equipment: Garage Door Controller, Smart Plug, Smart Alarm Vulnerabilities: Use of Hard-coded Credentials, Authorization Bypass through User-controlled Key, Improper Input Validation, Improper Authentication 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to receive ...

März 2023

30.03.2023

Hitachi Energy IEC 61850 MMS-Server

Titel

Hitachi Energy IEC 61850 MMS-Server

Veröffentlicht

30. März 2023 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-23-089-01

Text

1. EXECUTIVE SUMMARY CVSS v3 5.9 ATTENTION: Exploitable remotely Vendor: Hitachi Energy Equipment: IEC 61850 MMS-Server Vulnerability: Improper Resource Shutdown or Release 2. RISK EVALUATION Successful exploitation of this vulnerability could cause products using the IEC 61850 MMS-server communication stack to stop accepting new MMS-client connections. 3. TECHNICAL DETAILS 3.1 ...

23.03.2023

ABB Pulsar Plus Controller

Titel

ABB Pulsar Plus Controller

Veröffentlicht

23. März 2023 13:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-23-082-05

Text

1. EXECUTIVE SUMMARY CVSS v3 6.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: ABB Equipment: Pulsar Plus Controller Vulnerabilities: Use of Insufficiently Random Values, Cross-Site Request Forgery (CSRF) 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to take control of the product or execute arbitrary code. 3. ...

23.03.2023

https://www.cisa.gov/news-events/ics-advisories/icsa-23-082-02

CP Plus KVMS Pro

Titel

CP Plus KVMS Pro

Veröffentlicht

23. März 2023 13:00

URL

Text

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: CP Plus Equipment: KVMS Pro Vulnerability: Insufficiently Protected Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to retrieve sensitive credentials and control the entire CCTV system. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following ...

23.03.2023