Bulletins | CERT@VDE

…
84
85
86 (current)
87
88
…

August 2022

Siemens Industrial Products Intel CPUs (Update E)

Titel

Siemens Industrial Products Intel CPUs (Update E)

Veröffentlicht

11. August 2022 16:38

URL

https://us-cert.cisa.gov/ics/advisories/icsa-21-222-05

Text

This updated advisory is a follow-up to the advisory update titled ICSA-21-222-05 Siemens Industrial Products Intel CPU (Update D) that was published July 14, 2022, to the ICS webpage on www.cisa.gov/ics. This advisory contains mitigations for a Missing Encryption of Sensitive Data vulnerability in versions of Siemens Industrial Products Intel ...

Siemens Industrial Products LLDP (Update C)

Titel

Siemens Industrial Products LLDP (Update C)

Veröffentlicht

11. August 2022 16:36

URL

https://us-cert.cisa.gov/ics/advisories/icsa-21-194-07

Text

This updated advisory is a follow-up to the original advisory titled ICSA-21-194-07 Siemens Industrial Products LLDP (Update B) that was published August 10, 2021, on the ICS webpage on cisa.gov/ics. This advisory contains mitigations for Classic Buffer Overflow and Uncontrolled Resource Consumption vulnerabilities in versions of Siemens Industrial Products (LLDP).

SafeLogic Designer vulnerabilities

Titel

SafeLogic Designer vulnerabilities

Veröffentlicht

11. August 2022 02:00

URL

https://psirt.bosch.com/security-advisories/bosch-sa-463993.html

Text

BOSCH-SA-463993: The SafeLogic Designer from Bosch Rexroth contains technology from SICK AG. The manufacturer has published a security bulletin regarding a vulnerability in the .NET framework. \[1\]A vulnerability in a .NET framework class used by SafeLogic Designer allows an attacker to craft malicious project files. Opening/importing such a malicious project ...

Mitsubishi Electric GT SoftGOT2000

Titel

Mitsubishi Electric GT SoftGOT2000

Veröffentlicht

9. August 2022 16:15

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-221-01

Text

This advisory contains mitigations for Infinite Loop and OS Command Injection vulnerabilities in versions of Mitsubishi Electric GT SoftGOT2000 software.

Emerson ControlWave

Titel

Emerson ControlWave

Veröffentlicht

9. August 2022 16:10

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-221-02

Text

This advisory contains mitigations for an Insufficient Verification of Data Authenticity vulnerabilities in Emerson ControlWave products, a programmable controller.

Emerson OpenBSI

Titel

Emerson OpenBSI

Veröffentlicht

9. August 2022 16:05

URL

https://us-cert.cisa.gov/ics/advisories/icsa-22-221-03

Text

This advisory contains mitigations for Use of Broken or Risky Cryptographic Algorithm and Use of Hard-coded Cryptographic Key vulnerabilities in Emerson OpenBSI, a set of network communication services.

SSA-307392 V1.9 (Last Update: 2022-08-09): Denial of Service in OPC UA in Industrial Products

Titel

SSA-307392 V1.9 (Last Update: 2022-08-09): Denial of Service in OPC UA in Industrial Products

Veröffentlicht

9. August 2022 02:00

URL

https://cert-portal.siemens.com/productcert/pdf/ssa-307392.pdf

Text

A vulnerability has been identified in the OPC UA server of several industrial products. The vulnerability could cause a denial of service condition on the service or the device. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for ...

SSA-669737 V1.2 (Last Update: 2022-08-09): Improper Access Control Vulnerability in SICAM TOOLBOX II

Titel

SSA-669737 V1.2 (Last Update: 2022-08-09): Improper Access Control Vulnerability in SICAM TOOLBOX II

Veröffentlicht

9. August 2022 02:00

URL

https://cert-portal.siemens.com/productcert/pdf/ssa-669737.pdf

Text

SICAM TOOLBOX II contains a vulnerability that could allow an attacker access through a circumventable access control. Siemens recommends countermeasures for products where updates are not, or not yet available.

SSA-113131 V1.3 (Last Update: 2022-08-09): Denial of Service Vulnerabilities in SIMATIC S7-400 CPUs

Titel

SSA-113131 V1.3 (Last Update: 2022-08-09): Denial of Service Vulnerabilities in SIMATIC S7-400 CPUs

Veröffentlicht

9. August 2022 02:00

URL

https://cert-portal.siemens.com/productcert/pdf/ssa-113131.pdf

Text

Two vulnerabilities have been identified in the SIMATIC S7-400 CPU family that could allow an attacker to cause a denial of service condition. In order to exploit the vulnerabilities, an attacker must have access to the affected devices on port 102/tcp via Ethernet, PROFIBUS or Multi Point Interfaces (MPI). Siemens ...

SSA-712929 V1.2 (Last Update: 2022-08-09): Denial of Service Vulnerability in OpenSSL (CVE-2022-0778) Affecting Industrial Prod...

Titel

SSA-712929 V1.2 (Last Update: 2022-08-09): Denial of Service Vulnerability in OpenSSL (CVE-2022-0778) Affecting Industrial Products

Veröffentlicht

9. August 2022 02:00

URL

https://cert-portal.siemens.com/productcert/pdf/ssa-712929.pdf

Text

A vulnerability in the openSSL component (CVE-2022-0778, [0]) could allow an attacker to create a denial of service condition by providing specially crafted elliptic curve certificates to products that use a vulnerable version of openSSL. Siemens has released updates for several affected products and recommends to update to the latest ...

SSA-580125 V1.1 (Last Update: 2022-08-09): Multiple Vulnerabilities in SIMATIC eaSie

Titel

SSA-580125 V1.1 (Last Update: 2022-08-09): Multiple Vulnerabilities in SIMATIC eaSie

Veröffentlicht

9. August 2022 02:00

URL

https://cert-portal.siemens.com/productcert/pdf/ssa-580125.pdf

Text

SIMATIC eaSie contains multiple vulnerabilities that could allow an attacker to send arbitrary messages to the underlying message passing framework of the affected system or crash the attached application. Siemens has released an update for the SIMATIC eaSie Core Package and recommends to update to the latest version.

SSA-710008 V1.0: Multiple Web Vulnerabilities in SCALANCE Products

Titel

SSA-710008 V1.0: Multiple Web Vulnerabilities in SCALANCE Products

Veröffentlicht

9. August 2022 02:00

URL

https://cert-portal.siemens.com/productcert/pdf/ssa-710008.pdf

Text

SCALANCE devices contain multiple vulnerabilities in MSPS based product lines that could allow authenticated remote attackers to execute custom code or create a XSS situation, as well as unauthenticated remote attackers to create a denial of service condition. Siemens has released updates for several affected products and recommends to update ...

SSA-285795 V1.2 (Last Update: 2022-08-09): Denial of Service in OPC-UA in Industrial Products

Titel

SSA-285795 V1.2 (Last Update: 2022-08-09): Denial of Service in OPC-UA in Industrial Products

Veröffentlicht

9. August 2022 02:00

URL

https://cert-portal.siemens.com/productcert/pdf/ssa-285795.pdf

Text

A vulnerability in the underlying third party component OPC UA ANSIC Stack (also called Legacy C-Stack) affects several industrial products. The vulnerability could cause a crash of the component that includes the vulnerable part of the stack. Siemens has released updates for several affected products and recommends to update to ...

SSA-429204 V1.1 (Last Update: 2022-08-09): Open Design Alliance Drawings SDK Vulnerabilities in JT2Go and Teamcenter Visualization

Titel

SSA-429204 V1.1 (Last Update: 2022-08-09): Open Design Alliance Drawings SDK Vulnerabilities in JT2Go and Teamcenter Visualization

Veröffentlicht

9. August 2022 02:00

URL

https://cert-portal.siemens.com/productcert/pdf/ssa-429204.pdf

Text

JT2Go and Teamcenter Visualization are affected by multiple file parsing vulnerabilities in Drawings SDK from Open Design Alliance. If a user is tricked to open a malicious DWG file with any of the affected products, this could lead the application to crash or potentially lead to arbitrary code execution. Siemens ...

SSA-629512 V1.6 (Last Update: 2022-08-09): Local Privilege Escalation Vulnerability in TIA Portal

Titel

SSA-629512 V1.6 (Last Update: 2022-08-09): Local Privilege Escalation Vulnerability in TIA Portal

Veröffentlicht

9. August 2022 02:00

URL

https://cert-portal.siemens.com/productcert/pdf/ssa-629512.pdf

Text

The latest updates for TIA Portal fix a vulnerability that could allow a local attacker to execute arbitrary code with SYSTEM privileges. Update: The previously provided fixes only correctly set the permissions on English Windows versions. Siemens has released updates for several affected products and recommends to update to the ...

SSA-840800 V1.1 (Last Update: 2022-08-09): Code Injection Vulnerability in RUGGEDCOM ROS

Titel

SSA-840800 V1.1 (Last Update: 2022-08-09): Code Injection Vulnerability in RUGGEDCOM ROS

Veröffentlicht

9. August 2022 02:00

URL

https://cert-portal.siemens.com/productcert/pdf/ssa-840800.pdf

Text

RUGGEDCOM ROS-based devices are vulnerable to a web-based code injection attack. To execute this attack, it is necessary to access the system via the Command Line Interface (CLI). Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products ...

SSA-309571 V1.5 (Last Update: 2022-08-09): IPU 2021.1 Vulnerabilities in Siemens Industrial Products using Intel CPUs (June 2021)

Titel

SSA-309571 V1.5 (Last Update: 2022-08-09): IPU 2021.1 Vulnerabilities in Siemens Industrial Products using Intel CPUs (June 2021)

Veröffentlicht

9. August 2022 02:00

URL

https://cert-portal.siemens.com/productcert/pdf/ssa-309571.pdf

Text

Intel has published information on vulnerabilities in Intel products in June 2021. This advisory lists the related Siemens Industrial products affected by these vulnerabilities that can be patched by applying the corresponding BIOS update. In this advisory we summarize: “2021.1 IPU – Intel® CSME, SPS and LMS Advisory” Intel-SA-00459, “2021.1 ...

SSA-661247 V3.0 (Last Update: 2022-08-09): Apache Log4j Vulnerabilities (Log4Shell, CVE-2021-44228, CVE-2021-45046) - Impact to...

Titel

SSA-661247 V3.0 (Last Update: 2022-08-09): Apache Log4j Vulnerabilities (Log4Shell, CVE-2021-44228, CVE-2021-45046) - Impact to Siemens Products

Veröffentlicht

9. August 2022 02:00

URL

https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf

Text

On 2021-12-09, a vulnerability in Apache Log4j (a logging tool used in many Java-based applications) was disclosed, that could allow remote unauthenticated attackers to execute code on vulnerable systems. The vulnerability is tracked as CVE-2021-44228 and is also known as “Log4Shell”. On 2021-12-14 an additional denial of service vulnerability (CVE-2021-45046) ...

SSA-220589 V1.2 (Last Update: 2022-08-09): Hard Coded Default Credential Vulnerability in Teamcenter

Titel

SSA-220589 V1.2 (Last Update: 2022-08-09): Hard Coded Default Credential Vulnerability in Teamcenter

Veröffentlicht

9. August 2022 02:00

URL

https://cert-portal.siemens.com/productcert/pdf/ssa-220589.pdf

Text

Siemens has released updates for Teamcenter that fixes a security vulnerability related to unsecure storage of user credentials. This vulnerability affects Java EE Server Manager HTML Adaptor. This service is not installed by default and currently also obsoleted. Siemens has released updates for the affected products and recommends to update ...

SSA-473245 V2.3 (Last Update: 2022-08-09): Denial-of-Service Vulnerability in Profinet Devices

Titel

SSA-473245 V2.3 (Last Update: 2022-08-09): Denial-of-Service Vulnerability in Profinet Devices

Veröffentlicht

9. August 2022 02:00

URL

https://cert-portal.siemens.com/productcert/pdf/ssa-473245.pdf

Text

A vulnerability in affected devices could allow an attacker to perform a denial-of-service attack if a large amount of specially crafted UDP packets are sent to the device. Siemens has released updates for several affected products, and recommends that customers update to the new version. Siemens is preparing further updates ...

SSB-439005 V4.6 (Last Update: 2022-08-09): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 151...

Titel

SSB-439005 V4.6 (Last Update: 2022-08-09): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP

Veröffentlicht

9. August 2022 02:00

URL

https://cert-portal.siemens.com/productcert/pdf/ssb-439005.pdf

Text

SSA-841348 V1.9 (Last Update: 2022-08-09): Multiple Vulnerabilities in the UMC Component

Titel

SSA-841348 V1.9 (Last Update: 2022-08-09): Multiple Vulnerabilities in the UMC Component

Veröffentlicht

9. August 2022 02:00

URL

https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf

Text

The products listed below contain two security vulnerabilities in the UMC component that could allow an attacker to cause a partial denial-of-service of the UMC component, or to locally escalate privileges from a user with administrative privileges to execute code with SYSTEM level privileges. Siemens has released updates for several ...

SSA-789162 V1.2 (Last Update: 2022-08-09): Vulnerabilities in Teamcenter

Titel

SSA-789162 V1.2 (Last Update: 2022-08-09): Vulnerabilities in Teamcenter

Veröffentlicht

9. August 2022 02:00

URL

https://cert-portal.siemens.com/productcert/pdf/ssa-789162.pdf

Text

Teamcenter is affected by XML External Entity Injection (XXE, CVE-2022-29801) and a stack based buffer overflow vulnerability (CVE-2022-24290). XXE impacts only Teamcenter versions before V13.1. Siemens has released updates for the affected products and recommends to update to the latest versions.

SSA-185638 V1.0: Authentication Bypass Vulnerability in SICAM A8000 Web Server Module

Titel

SSA-185638 V1.0: Authentication Bypass Vulnerability in SICAM A8000 Web Server Module

Veröffentlicht

9. August 2022 02:00

URL

https://cert-portal.siemens.com/productcert/pdf/ssa-185638.pdf

Text

A vulnerability was identified in the web server module used in the SICAM A8000 CP-8000, CP-8021 and CP-8022 devices’ protocol firmwares. AGPMT0 (AGP Master) DNPiT1 (DNP3 TCP/IP Server) DNPiT2 (DNP3 TCP/IP Client) DNPMT0 (DNP3 Master seriell) DNPST0 (DNP3 Slave seriell) ET83 (61850 Ed.1) ET85 (61850 Ed.2) MBCiT0 (MODBUS TCP/IP Client) ...

SSA-431678 V1.3 (Last Update: 2022-08-09): Denial-of-Service Vulnerability in SIMATIC S7 CPU Families

Titel

SSA-431678 V1.3 (Last Update: 2022-08-09): Denial-of-Service Vulnerability in SIMATIC S7 CPU Families

Veröffentlicht

9. August 2022 02:00

URL

https://cert-portal.siemens.com/productcert/pdf/ssa-431678.pdf

Text

SIMATIC S7 CPU families are affected by a vulnerability that could allow remote attackers to perform a Denial-of-Service attack by sending a specially crafted HTTP request to the web server of an affected device. Siemens has released updates for several affected products, is working on updates for the remaining affected ...

…
84
85
86 (current)
87
88
…

Letzte Updates

BOSCH PSIRT

14.08.2025

SIEMENS CERT

26.08.2025

US CERT

25.08.2025

US CERT (ICS)

04.09.2025

Nach Quelle

BOSCH PSIRT (91)
SIEMENS CERT (2140)
US CERT (181)
US CERT (ICS) (1952)

Archiv

2025

September (4)
August (92)
Juli (58)
Juni (52)
Mai (77)
April (68)
März (57)
Februar (59)
Januar (52)

2024

Dezember (57)
November (53)
Oktober (66)
September (69)
August (59)
Juli (63)
Juni (53)
Mai (64)
April (41)
März (45)
Februar (45)
Januar (41)

2023

Dezember (57)
November (58)
Oktober (46)
September (51)
August (62)
Juli (49)
Juni (49)
Mai (52)
April (67)
März (67)
Februar (71)
Januar (60)

2022

Dezember (65)
November (46)
Oktober (61)
September (55)
August (88)
Juli (61)
Juni (91)
Mai (58)
April (83)
März (72)
Februar (70)
Januar (37)

2021

Dezember (73)
November (46)
Oktober (49)
September (73)
August (33)
Juli (33)
Juni (30)
Mai (30)
April (37)
März (46)
Februar (42)
Januar (27)

2020

Dezember (32)
November (19)
Oktober (30)
September (33)
August (26)
Juli (51)
Juni (51)
Mai (26)
April (39)
März (45)
Februar (106)
Januar (35)

2019

Dezember (33)
November (14)
Oktober (37)
September (34)
August (26)
Juli (28)
Juni (22)
Mai (37)
April (28)
März (19)
Februar (36)
Januar (37)

2018

Dezember (36)
November (36)
Oktober (34)
September (22)
August (26)
Juli (18)
Juni (26)
Mai (42)
April (31)
März (37)
Februar (24)
Januar (10)

2017

Dezember (1)
August (1)
Juli (2)
Juni (1)
Mai (1)
April (1)
März (1)

Feeds

RSS / Atom