Bulletins | CERT@VDE

SSA-482757 V1.2 (Last Update: 2023-03-14): Missing Immutable Root of Trust in S7-1500 CPU devices

Titel

SSA-482757 V1.2 (Last Update: 2023-03-14): Missing Immutable Root of Trust in S7-1500 CPU devices

Veröffentlicht

14. März 2023 01:00

URL

https://cert-portal.siemens.com/productcert/html/ssa-482757.html

Text

Affected models of the S7-1500 CPU product family do not contain an Immutable Root of Trust in Hardware. With this the integrity of the code executed on the device can not be validated during load-time. An attacker with physical access to the device could use this to replace the boot ...

SSA-476715 V1.1 (Last Update: 2023-03-14): Two Vulnerabilities in Automation License Manager

Titel

SSA-476715 V1.1 (Last Update: 2023-03-14): Two Vulnerabilities in Automation License Manager

Veröffentlicht

14. März 2023 01:00

URL

https://cert-portal.siemens.com/productcert/html/ssa-476715.html

Text

Siemens Automation License Manager contains two vulnerabilities which, when combined, could allow an attacker to modify and rename license files, extract licenses and overwrite arbitrary files on the target system potentially leading to privilege escalation and remote code execution. The affected functionality is not available for remote attackers in the ...

SSA-941426 V1.4 (Last Update: 2023-03-14): Multiple LLDP Vulnerabilities in Industrial Products

Titel

SSA-941426 V1.4 (Last Update: 2023-03-14): Multiple LLDP Vulnerabilities in Industrial Products

Veröffentlicht

14. März 2023 01:00

URL

https://cert-portal.siemens.com/productcert/html/ssa-941426.html

Text

There are multiple vulnerabilities in an underlying Link Layer Discovery Protocol (LLDP) third party library. Siemens has released updates for the affected products and recommends to update to the latest versions.

SSA-697140 V1.2 (Last Update: 2023-03-14): Denial of Service Vulnerability in the TCP Event Service of SCALANCE and RUGGEDCOM P...

Titel

SSA-697140 V1.2 (Last Update: 2023-03-14): Denial of Service Vulnerability in the TCP Event Service of SCALANCE and RUGGEDCOM Products

Veröffentlicht

14. März 2023 01:00

URL

https://cert-portal.siemens.com/productcert/html/ssa-697140.html

Text

The products listed below contain a denial of service vulnerability in the TCP event interface that could allow an unauthenticated remote attacker to render the device unusable. Siemens has released updates for the affected products and recommends to update to the latest versions.

SSA-565386 V1.0: Third-Party Component Vulnerabilities in SCALANCE W-700 IEEE 802.11ax devices before V2.0

Titel

SSA-565386 V1.0: Third-Party Component Vulnerabilities in SCALANCE W-700 IEEE 802.11ax devices before V2.0

Veröffentlicht

14. März 2023 01:00

URL

https://cert-portal.siemens.com/productcert/html/ssa-565386.html

Text

Multiple vulnerabilities affecting various third-party components of SCALANCE W-700 IEEE 802.11ax devices before V2.0 could allow an attacker to cause a denial of service condition, disclose sensitive data or violate the system integrity. Siemens has released an update for SCALANCE W-700 IEEE 802.11ax and recommends to update to the latest ...

SSA-552702 V1.4 (Last Update: 2023-03-14): Privilege Escalation Vulnerability in the Web Interface of SCALANCE and RUGGEDCOM Pr...

Titel

SSA-552702 V1.4 (Last Update: 2023-03-14): Privilege Escalation Vulnerability in the Web Interface of SCALANCE and RUGGEDCOM Products

Veröffentlicht

14. März 2023 01:00

URL

https://cert-portal.siemens.com/productcert/html/ssa-552702.html

Text

The products listed below do not properly authorize the change password function of the web interface. This could allow low privileged users to escalate their privileges. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific ...

SSA-787941 V1.1 (Last Update: 2023-03-14): Denial of Service Vulnerability in RUGGEDCOM ROS V4

Titel

SSA-787941 V1.1 (Last Update: 2023-03-14): Denial of Service Vulnerability in RUGGEDCOM ROS V4

Veröffentlicht

14. März 2023 01:00

URL

https://cert-portal.siemens.com/productcert/html/ssa-787941.html

Text

RUGGEDCOM ROS-based V4 devices are vulnerable to a denial of service attack (Slowloris). By sending partial HTTP requests nonstop, with none completed, the affected web servers will be waiting for the completion of each request, occupying all available HTTP connections. The web server recovers by itself once the attack ends. ...

SSA-851884 V1.0: Authentication Bypass Vulnerability in Mendix SAML Module

Titel

SSA-851884 V1.0: Authentication Bypass Vulnerability in Mendix SAML Module

Veröffentlicht

14. März 2023 01:00

URL

https://cert-portal.siemens.com/productcert/html/ssa-851884.html

Text

The Mendix SAML module insufficiently verifies the SAML assertions. This could allow unauthenticated remote attackers to bypass authentication and get access to the application. Mendix has provided fix releases for the Mendix SAML module and recommends to update to the latest version.

SSA-840800 V1.2 (Last Update: 2023-03-14): Code Injection Vulnerability in RUGGEDCOM ROS

Titel

SSA-840800 V1.2 (Last Update: 2023-03-14): Code Injection Vulnerability in RUGGEDCOM ROS

Veröffentlicht

14. März 2023 01:00

URL

https://cert-portal.siemens.com/productcert/html/ssa-840800.html

Text

RUGGEDCOM ROS-based devices are vulnerable to a web-based code injection attack. To execute this attack, it is necessary to access the system via the Command Line Interface (CLI). Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products ...

SSA-764417 V1.7 (Last Update: 2023-03-14): Weak Encryption Vulnerability in RUGGEDCOM ROS Devices

Titel

SSA-764417 V1.7 (Last Update: 2023-03-14): Weak Encryption Vulnerability in RUGGEDCOM ROS Devices

Veröffentlicht

14. März 2023 01:00

URL

https://cert-portal.siemens.com/productcert/html/ssa-764417.html

Text

The SSH server on RUGGEDCOM ROS devices is configured to offer weak ciphers by default. This could allow an unauthorized attacker in a man-in-the-middle position to read and modify any data passed over the connection between legitimate clients and the affected device. Siemens has released updates for the affected products ...

SSA-772220 V2.2 (Last Update: 2023-03-14): OpenSSL Vulnerabilities in Industrial Products

Titel

SSA-772220 V2.2 (Last Update: 2023-03-14): OpenSSL Vulnerabilities in Industrial Products

Veröffentlicht

14. März 2023 01:00

URL

https://cert-portal.siemens.com/productcert/html/ssa-772220.html

Text

OpenSSL has published a security advisory [0] about a vulnerability in OpenSSL versions 1.1.1 < 1.1.1k, that allows an unauthenticated attacker to cause a Denial-of-Service (DoS) if a maliciously crafted renegotiation message is sent. Siemens has released updates for several affected products and recommends to update to the latest versions. ...

SSA-847261 V1.1 (Last Update: 2023-03-14): Multiple SPP File Parsing Vulnerabilities in Tecnomatix Plant Simulation

Titel

SSA-847261 V1.1 (Last Update: 2023-03-14): Multiple SPP File Parsing Vulnerabilities in Tecnomatix Plant Simulation

Veröffentlicht

14. März 2023 01:00

URL

https://cert-portal.siemens.com/productcert/html/ssa-847261.html

Text

Siemens Tecnomatix Plant Simulation has released an update, 2201 Update 6, that fixes multiple vulnerabilities that could be triggered when the application reads SPP files. If a user is tricked to open a malicious file using the affected application, this could lead to a crash, and potentially also to arbitrary ...

SSA-726834 V1.0: Denial of Service Vulnerability in the RADIUS Client of SIPROTEC 5 Devices

Titel

SSA-726834 V1.0: Denial of Service Vulnerability in the RADIUS Client of SIPROTEC 5 Devices

Veröffentlicht

14. März 2023 01:00

URL

https://cert-portal.siemens.com/productcert/html/ssa-726834.html

Text

The RADIUS client implementation of the VxWorks platform in SIPROTEC 5 devices contains a denial of service vulnerability that could be triggered when a specially crafted packet is sent by a RADIUS server. Siemens has released updates for the affected products and recommends to update to the latest versions.

SSA-712929 V1.8 (Last Update: 2023-03-14): Denial of Service Vulnerability in OpenSSL (CVE-2022-0778) Affecting Industrial Prod...

Titel

SSA-712929 V1.8 (Last Update: 2023-03-14): Denial of Service Vulnerability in OpenSSL (CVE-2022-0778) Affecting Industrial Products

Veröffentlicht

14. März 2023 01:00

URL

https://cert-portal.siemens.com/productcert/html/ssa-712929.html

Text

A vulnerability in the openSSL component (CVE-2022-0778, [0]) could allow an attacker to create a denial of service condition by providing specially crafted elliptic curve certificates to products that use a vulnerable version of openSSL. Siemens has released updates for several affected products and recommends to update to the latest ...

SSA-517377 V1.2 (Last Update: 2023-03-14): Multiple Vulnerabilities in the SRCS VPN Feature in SIMATIC CP Devices

Titel

SSA-517377 V1.2 (Last Update: 2023-03-14): Multiple Vulnerabilities in the SRCS VPN Feature in SIMATIC CP Devices

Veröffentlicht

14. März 2023 01:00

URL

https://cert-portal.siemens.com/productcert/html/ssa-517377.html

Text

The below referenced devices contain multiple vulnerabilities that could be exploited when the SINEMA Remote Connect Server (SRCS) VPN feature is used. The feature is not activated by default. The most severe could allow an attacker to execute arbitrary code with elevated privileges under certain circumstances. Siemens has released updates ...

SSA-700053 V1.1 (Last Update: 2023-03-14): Multiple File Parsing Vulnerabilities in Teamcenter Visualization and JT2Go

Titel

SSA-700053 V1.1 (Last Update: 2023-03-14): Multiple File Parsing Vulnerabilities in Teamcenter Visualization and JT2Go

Veröffentlicht

14. März 2023 01:00

URL

https://cert-portal.siemens.com/productcert/html/ssa-700053.html

Text

Siemens Teamcenter Visualization and JT2Go are affected by multiple file parsing vulnerabilities that could be triggered when the application reads a malicious file in CGM or RAS format. If a user is tricked to open a malicious file with the affected products, this could lead the application to crash or ...

SSA-260625 V1.0: Security Vulnerabilities Fixed in RUGGEDCOM CROSSBOW V5.2

Titel

SSA-260625 V1.0: Security Vulnerabilities Fixed in RUGGEDCOM CROSSBOW V5.2

Veröffentlicht

14. März 2023 01:00

URL

https://cert-portal.siemens.com/productcert/html/ssa-260625.html

Text

RUGGEDCOM CROSSBOW V5.2 fixes two vulnerabilities that could allow authenticated remote attackers to perform unauthorized actions (CVE-2023-27309) or escalate privileges (CVE-2023-27310). Siemens has released an update for RUGGEDCOM CROSSBOW and recommends to update to the latest version.

SSA-320629 V1.0: Security Vulnerabilities Fixed in RUGGEDCOM CROSSBOW V5.3

Titel

SSA-320629 V1.0: Security Vulnerabilities Fixed in RUGGEDCOM CROSSBOW V5.3

Veröffentlicht

14. März 2023 01:00

URL

https://cert-portal.siemens.com/productcert/html/ssa-320629.html

Text

RUGGEDCOM CROSSBOW before V5.3 contains two vulnerabilities that could allow authenticated remote attackers to access data they are not authorized for, or execute arbitrary database queries via an SQL injection attack. Siemens has released an update for RUGGEDCOM CROSSBOW and recommends to update to the latest version.

13.03.2023

US CERT

Threat Actors Exploit Progress Telerik Vulnerabilities in Multiple U.S. Government IIS Servers

Titel

Threat Actors Exploit Progress Telerik Vulnerabilities in Multiple U.S. Government IIS Servers

Veröffentlicht

13. März 2023 18:57

URL

https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-074a

Text

SUMMARY From November 2022 through early January 2023, the Cybersecurity and Infrastructure Security Agency (CISA) and authoring organizations identified the presence of indicators of compromise (IOCs) at a federal civilian executive branch (FCEB) agency. Analysts determined that multiple cyber threat actors, including an advanced persistent threat (APT) actor, were able ...

13.03.2023

US CERT

Threat Actors Exploit Progress Telerik Vulnerability in...

Titel

<a href="/news-events/cybersecurity-advisories/aa23-074a" hreflang="en">Threat Actors Exploit Progress Telerik Vulnerability in U.S. Government IIS Server</a>

Veröffentlicht

13. März 2023 18:57

URL

https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-074a

Text

13.03.2023

US CERT

Threat Actors Exploit Progress Telerik Vulnerability in U.S. Government IIS Server

Titel

Threat Actors Exploit Progress Telerik Vulnerability in U.S. Government IIS Server

Veröffentlicht

13. März 2023 18:57

URL

https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-074a

Text

https://www.cisa.gov/news-events/ics-advisories/icsa-23-068-05

Hitachi Energy Relion 670, 650 and SAM600-IO Series

Titel

<a href="/news-events/ics-advisories/icsa-23-068-05" hreflang="en">Hitachi Energy Relion 670, 650 and SAM600-IO Series</a>

Veröffentlicht

9. März 2023 13:00

URL

Text

1. EXECUTIVE SUMMARY CVSS v3 4.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: Relion 670, 650, and SAM600-IO Series Vulnerability: Insufficient Verification of Data Authenticity 2. RISK EVALUATION Successful exploitation of this vulnerability could cause the Intelligent Electronic Device (IED) to restart, causing a temporary denial-of-service condition. 3. ...

https://www.cisa.gov/news-events/ics-advisories/icsa-23-068-03

ABB Ability Symphony Plus

Titel

<a href="/news-events/ics-advisories/icsa-23-068-03" hreflang="en">ABB Ability Symphony Plus</a>

Veröffentlicht

9. März 2023 13:00

URL

Text

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Low attack complexity Vendor: ABB Equipment: Ability Symphony Plus Vulnerability: Improper Authentication 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthorized client to connect to the S+ Operations servers (human machine interface (HMI) network), to act as a legitimate S+ ...

https://www.cisa.gov/news-events/ics-advisories/icsa-23-068-02

B&R Systems Diagnostics Manager

Titel

<a href="/news-events/ics-advisories/icsa-23-068-02" hreflang="en">B&R Systems Diagnostics Manager</a>

Veröffentlicht

9. März 2023 13:00

URL

Text

1. EXECUTIVE SUMMARY CVSS v3 6.1 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: B&R Industrial Automation Equipment: Systems Diagnostics Manager (SDM) Vulnerability: Cross-site Scripting 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code to exfiltrate data and perform any action within ...