August 2024
13.08.2024
US CERT (ICS)
Ocean Data Systems Dream Report
Titel
Ocean Data Systems Dream Report
Veröffentlicht
13. August 2024 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-24-226-08
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Ocean Data Systems Equipment: Dream Report 2023 Vulnerabilities: Path Traversal, Incorrect Permission Assignment for Critical Resource 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to perform remote code execution or escalate their ...
13.08.2024
US CERT (ICS)
Rockwell Automation DataMosaix Private Cloud
Titel
Rockwell Automation DataMosaix Private Cloud
Veröffentlicht
13. August 2024 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-24-226-05
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: DataMosaix Private Cloud Vulnerability: Improper Authentication 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to generate cookies for a user ID without the use of a username or password, ...
13.08.2024
US CERT (ICS)
Rockwell Automation GuardLogix/ControlLogix 5580 Controller
Titel
Rockwell Automation GuardLogix/ControlLogix 5580 Controller
Veröffentlicht
13. August 2024 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-24-226-03
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: ControlLogix 5580, GuardLogix 5580 Vulnerability: Improper Check for Unusual or Exceptional Conditions 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to perform a denial-of-service on the device. 3. TECHNICAL ...
13.08.2024
US CERT (ICS)
Rockwell Automation AADvance Standalone OPC-DA Server
Titel
Rockwell Automation AADvance Standalone OPC-DA Server
Veröffentlicht
13. August 2024 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-24-226-02
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: AADvance Standalone OPC-DA Server Vulnerabilities: Improper Input Validation, Use of Externally Controlled Format String 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code in the affected ...
13.08.2024
US CERT (ICS)
Rockwell Automation ControlLogix, GuardLogix 5580, CompactLogix, Compact GuardLogix 5380
Titel
Rockwell Automation ControlLogix, GuardLogix 5580, CompactLogix, Compact GuardLogix 5380
Veröffentlicht
13. August 2024 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-24-226-09
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: ControlLogix, GuardLogix 5580, CompactLogix, Compact GuardLogix 5380 Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow and attacker to cause a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED ...
13.08.2024
US CERT (ICS)
Rockwell Automation ControlLogix, GuardLogix 5580, CompactLogix, and Compact GuardLogix 5380
Titel
Rockwell Automation ControlLogix, GuardLogix 5580, CompactLogix, and Compact GuardLogix 5380
Veröffentlicht
13. August 2024 14:00
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-24-226-10
Text
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: CompactLogix 5380, ControlLogix 5580, GuardLogix 5580, Compact GuardLogix 5380, CompactLogix 5480 Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could crash the device being accessed. 3. TECHNICAL DETAILS 3.1 ...
13.08.2024
SIEMENS CERT
SSA-722010 V1.1 (Last Update: 2024-08-13): Datalogics File Parsing Vulnerability in Teamcenter Visualization and JT2Go
Titel
SSA-722010 V1.1 (Last Update: 2024-08-13): Datalogics File Parsing Vulnerability in Teamcenter Visualization and JT2Go
Veröffentlicht
13. August 2024 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-722010.html
Text
Siemens Teamcenter Visualization and JT2Go are affected by an out of bounds read vulnerability in the APDFL library from Datalogics. If a user is tricked to open a malicious PDF file with the affected products, this could lead the application to crash or potentially lead to arbitrary code execution. Siemens ...
13.08.2024
SIEMENS CERT
SSA-398330 V1.8 (Last Update: 2024-08-13): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 151...
Titel
SSA-398330 V1.8 (Last Update: 2024-08-13): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
Veröffentlicht
13. August 2024 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-398330.html
Text
Multiple vulnerabilities have been identified in the additional GNU/Linux subsystem of the firmware version V3.1 for the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP (incl. SIPLUS variant). These GNU/Linux vulnerabilities have been externally identified. Siemens is preparing fix versions and recommends specific countermeasures for products where fixes are not, or not ...
13.08.2024
SIEMENS CERT
SSA-659443 V1.0: Local Code Execution Vulnerabilities in COMOS Before V10.5
Titel
SSA-659443 V1.0: Local Code Execution Vulnerabilities in COMOS Before V10.5
Veröffentlicht
13. August 2024 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-659443.html
Text
COMOS before V10.5 is affected by two local code execution vulnerabilities in the integrated Open Design Alliance Drawings SDK. Siemens has released a new version for COMOS and recommends to update to the latest version.
13.08.2024
SIEMENS CERT
SSA-698820 V1.1 (Last Update: 2024-08-13): Multiple Vulnerabilities in Fortigate NGFW on RUGGEDCOM APE1808 Devices
Titel
SSA-698820 V1.1 (Last Update: 2024-08-13): Multiple Vulnerabilities in Fortigate NGFW on RUGGEDCOM APE1808 Devices
Veröffentlicht
13. August 2024 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-698820.html
Text
Fortinet has published information on vulnerabilities in FORTIOS. This advisory lists the related Siemens Industrial products. Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available. Siemens recommends to consult and implement the workarounds provided in Fortinet’s upstream security notifications.
13.08.2024
SIEMENS CERT
SSA-180704 V1.1 (Last Update: 2024-08-13): Multiple Vulnerabilities in SCALANCE M-800 Family Before V8.0
Titel
SSA-180704 V1.1 (Last Update: 2024-08-13): Multiple Vulnerabilities in SCALANCE M-800 Family Before V8.0
Veröffentlicht
13. August 2024 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-180704.html
Text
SCALANCE M-800 family before V8.0 is affected by multiple vulnerabilities. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens recommends countermeasures for products where fixes are not, or not yet available.
13.08.2024
SIEMENS CERT
SSA-686975 V1.5 (Last Update: 2024-08-13): IPU 2022.3 Vulnerabilities in Siemens Industrial Products using Intel CPUs
Titel
SSA-686975 V1.5 (Last Update: 2024-08-13): IPU 2022.3 Vulnerabilities in Siemens Industrial Products using Intel CPUs
Veröffentlicht
13. August 2024 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-686975.html
Text
Intel has published information on vulnerabilities in Intel products in November 2022. This advisory lists the related Siemens Industrial products affected by these vulnerabilities that can be patched by applying the corresponding BIOS update (“2022.3 IPU – BIOS Advisory” Intel-SA-00688). Siemens is preparing updates and recommends specific countermeasures for products ...
13.08.2024
SIEMENS CERT
SSA-364175 V1.1 (Last Update: 2024-08-13): Multiple Vulnerabilities in Palo Alto Networks Virtual NGFW on RUGGEDCOM APE1808 Dev...
Titel
SSA-364175 V1.1 (Last Update: 2024-08-13): Multiple Vulnerabilities in Palo Alto Networks Virtual NGFW on RUGGEDCOM APE1808 Devices
Veröffentlicht
13. August 2024 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-364175.html
Text
Palo Alto Networks has published [1] information on vulnerabilities in PAN-OS. This advisory lists the related Siemens Industrial products affected by these vulnerabilities. Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available. Customers are advised to consult and implement the workarounds ...
13.08.2024
SIEMENS CERT
SSA-784301 V1.0: Multiple Vulnerabilities in SINEC NMS Before V3.0
Titel
SSA-784301 V1.0: Multiple Vulnerabilities in SINEC NMS Before V3.0
Veröffentlicht
13. August 2024 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-784301.html
Text
SINEC NMS before V3.0 is affected by multiple vulnerabilities. Siemens has released a new version for SINEC NMS and recommends to update to the latest version.
13.08.2024
SIEMENS CERT
SSA-771940 V1.1 (Last Update: 2024-08-13): X_T File Parsing Vulnerabilities in Teamcenter Visualization and JT2Go
Titel
SSA-771940 V1.1 (Last Update: 2024-08-13): X_T File Parsing Vulnerabilities in Teamcenter Visualization and JT2Go
Veröffentlicht
13. August 2024 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-771940.html
Text
Teamcenter Visualization and JT2Go are affected by out of bounds read, stack exhaustion and null pointer dereference vulnerabilities that could be triggered when the application reads files in X_T format. If a user is tricked to open a malicious file with the affected applications, an attacker could leverage the vulnerability ...
13.08.2024
SIEMENS CERT
SSA-813746 V1.1 (Last Update: 2024-08-13): BadAlloc Vulnerabilities in SCALANCE X-200, X-200IRT, and X-300 Switch Families
Titel
SSA-813746 V1.1 (Last Update: 2024-08-13): BadAlloc Vulnerabilities in SCALANCE X-200, X-200IRT, and X-300 Switch Families
Veröffentlicht
13. August 2024 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-813746.html
Text
Siemens has released a new firmware version for SCALANCE X-200 and X-200 IRT switches that address Bad Alloc vulnerabilities in the underlying operating system and recommends to update to the latest versions. Siemens recommends countermeasures for products where updates are not, or not yet available.
13.08.2024
SIEMENS CERT
SSA-921449 V1.0: Plaintext Storage of a Password Vulnerability in LOGO! V8.3 BM Devices
Titel
SSA-921449 V1.0: Plaintext Storage of a Password Vulnerability in LOGO! V8.3 BM Devices
Veröffentlicht
13. August 2024 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-921449.html
Text
LOGO! V8.3 BM (incl. SIPLUS variants) devices contain a plaintext storage of a password vulnerability. This could allow an attacker with phyiscal access to an affected device to extract user-set passwords from an embedded storage IC. Siemens has released new hardware versions with the LOGO! V8.4 BM product family for ...
13.08.2024
SIEMENS CERT
SSA-981975 V1.3 (Last Update: 2024-08-13): Information Disclosure Vulnerability in Intel-CPUs (CVE-2022-40982) Impacting SIMATI...
Titel
SSA-981975 V1.3 (Last Update: 2024-08-13): Information Disclosure Vulnerability in Intel-CPUs (CVE-2022-40982) Impacting SIMATIC IPCs
Veröffentlicht
13. August 2024 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-981975.html
Text
Several Intel-CPU based SIMATIC IPCs are affected by an information exposure vulnerability (CVE-2022-40982) in the CPU that could allow an authenticated local user to potentially read other users’ data [1]. The issue is also known as “Gather Data Sampling” (GDS) or Downfall Attacks. For details refer to the chapter “Additional ...
13.08.2024
SIEMENS CERT
SSA-116924 V1.2 (Last Update: 2024-08-13): Path Traversal Vulnerability in TIA Portal
Titel
SSA-116924 V1.2 (Last Update: 2024-08-13): Path Traversal Vulnerability in TIA Portal
Veröffentlicht
13. August 2024 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-116924.html
Text
TIA Portal contains a path traversal vulnerability that could allow the creation or overwrite of arbitrary files in the engineering system. If the user is tricked to open a malicious PC system configuration file, an attacker could exploit this vulnerability to achieve arbitrary code execution. Siemens has released new versions ...
13.08.2024
SIEMENS CERT
SSA-856475 V1.0: X_T File Parsing Vulnerabilities in Teamcenter Visualization and JT2Go
Titel
SSA-856475 V1.0: X_T File Parsing Vulnerabilities in Teamcenter Visualization and JT2Go
Veröffentlicht
13. August 2024 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-856475.html
Text
Teamcenter Visualization and JT2Go are affected by out of bounds read and null pointer dereference vulnerabilities that could be triggered when the application reads files in X_T format. If a user is tricked to open a malicious file with the affected applications, an attacker could leverage the vulnerability to perform ...
13.08.2024
SIEMENS CERT
SSA-750499 V1.1 (Last Update: 2024-08-13): Weak Encryption Vulnerability in SIPROTEC 5 Devices
Titel
SSA-750499 V1.1 (Last Update: 2024-08-13): Weak Encryption Vulnerability in SIPROTEC 5 Devices
Veröffentlicht
13. August 2024 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-750499.html
Text
The SIPROTEC 5 devices are supporting weak encryption. This could allow an unauthorized attacker in a man-in-the-middle position to read any data passed over the connection between legitimate clients and the affected device. Siemens has released new versions for several affected products and recommends to update to the latest versions. ...
13.08.2024
SIEMENS CERT
SSA-716317 V1.0: Multiple Vulnerability in SINEC Traffic Analyzer Before V2.0
Titel
SSA-716317 V1.0: Multiple Vulnerability in SINEC Traffic Analyzer Before V2.0
Veröffentlicht
13. August 2024 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-716317.html
Text
SINEC Traffic Analyzer before V2.0 is affected by multiple vulnerabilities. Siemens has released a new version for SINEC Traffic Analyzer and recommends to update to the latest version.
13.08.2024
SIEMENS CERT
SSA-822518 V1.1 (Last Update: 2024-08-13): Multiple Vulnerabilities in Palo Alto Networks Virtual NGFW Before V11.0.1 on RUGGED...
Titel
SSA-822518 V1.1 (Last Update: 2024-08-13): Multiple Vulnerabilities in Palo Alto Networks Virtual NGFW Before V11.0.1 on RUGGEDCOM APE1808 Devices
Veröffentlicht
13. August 2024 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-822518.html
Text
Palo Alto Networks has published [1] information on vulnerabilities in PAN-OS. This advisory lists the related Siemens Industrial products affected by these vulnerabilities. Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available. Customers are advised to consult and implement the workarounds ...
13.08.2024
SIEMENS CERT
SSA-087301 V1.0: Multiple Vulnerabilities in SCALANCE M-800 Family Before V8.1
Titel
SSA-087301 V1.0: Multiple Vulnerabilities in SCALANCE M-800 Family Before V8.1
Veröffentlicht
13. August 2024 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-087301.html
Text
SCALANCE M-800 family before V8.1 is affected by multiple vulnerabilities. Siemens has released new versions for the affected products and recommends to update to the latest versions.
13.08.2024
SIEMENS CERT
SSA-720392 V1.0: Multiple Vulnerabilities in Third-Party Components in Location Intelligence Before V4.4
Titel
SSA-720392 V1.0: Multiple Vulnerabilities in Third-Party Components in Location Intelligence Before V4.4
Veröffentlicht
13. August 2024 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-720392.html
Text
Location Intelligence before V4.4 is affected by multiple vulnerabilities that could allow an attacker in an on-path position to read and modify data passed over the connection between legitimate clients and the affected product or brute force user passwords. Siemens has released a new version for Location Intelligence family and ...

Letzte Updates

BOSCH PSIRT
31.10.2024
SIEMENS CERT
22.11.2024
US CERT
08.11.2024
US CERT (ICS)
21.11.2024

Nach Quelle

Archiv

2024
2023
2022
2021
2020
2019
2018
2017

Feeds