Dezember 2021
21.12.2021
BOSCH PSIRT
Apache Log4j Vulnerabilities - Impact on Bosch Rexroth Products
Titel
Apache Log4j Vulnerabilities - Impact on Bosch Rexroth Products
Veröffentlicht
21. Dezember 2021 01:00
URL
https://psirt.bosch.com/security-advisories/bosch-sa-572602.html
Text

BOSCH-SA-572602: The Apache Software Foundation has published information about a vulnerability in the Java logging framework *log4j*, which allows an attacker to execute arbitrary code loaded from LDAP or JNDI related endpoints which are under control of the attacker. \[1\]Additionally, a further vulnerability might allow an attacker to cause a ...

21.12.2021
SIEMENS CERT
SSA-661247 V1.7 (Last Update: 2021-12-21): Apache Log4j Vulnerabilities (Log4Shell, CVE-2021-44228, CVE-2021-45046) - Impact to...
Titel
SSA-661247 V1.7 (Last Update: 2021-12-21): Apache Log4j Vulnerabilities (Log4Shell, CVE-2021-44228, CVE-2021-45046) - Impact to Siemens Products
Veröffentlicht
21. Dezember 2021 01:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf
Text
On 2021-12-09, a vulnerability in Apache Log4j (a logging tool used in many Java-based applications) was disclosed, that could allow remote unauthenticated attackers to execute code on vulnerable systems. The vulnerability is tracked as CVE-2021-44228 and is also known as “Log4Shell”. On 2021-12-14 an additional denial of service vulnerability (CVE-2021-45046) ...
20.12.2021
SIEMENS CERT
SSA-397453 V1.0: Apache Log4j Vulnerabilities (Log4Shell, CVE-2021-44228, CVE-2021-45046) - Impact to Siemens Energy TraceAlert...
Titel
SSA-397453 V1.0: Apache Log4j Vulnerabilities (Log4Shell, CVE-2021-44228, CVE-2021-45046) - Impact to Siemens Energy TraceAlertServerPLUS
Veröffentlicht
20. Dezember 2021 01:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf
Text
On 2021-12-09, a vulnerability in Apache Log4j (a logging library used in many Java-based applications) was disclosed, that could allow remote unauthenticated attackers to execute code on vulnerable systems. The vulnerability is tracked as CVE-2021-44228 and is also known as “Log4Shell”. On 2021-12-14 an additional denial of service vulnerability (CVE-2021-45046) ...
20.12.2021
SIEMENS CERT
SSA-661247 V1.6 (Last Update: 2021-12-20): Apache Log4j Vulnerabilities (Log4Shell, CVE-2021-44228, CVE-2021-45046) - Impact to...
Titel
SSA-661247 V1.6 (Last Update: 2021-12-20): Apache Log4j Vulnerabilities (Log4Shell, CVE-2021-44228, CVE-2021-45046) - Impact to Siemens Products
Veröffentlicht
20. Dezember 2021 01:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf
Text
On 2021-12-09, a vulnerability in Apache Log4j (a logging tool used in many Java-based applications) was disclosed, that could allow remote unauthenticated attackers to execute code on vulnerable systems. The vulnerability is tracked as CVE-2021-44228 and is also known as “Log4Shell”. On 2021-12-14 an additional denial of service vulnerability (CVE-2021-45046) ...
19.12.2021
SIEMENS CERT
SSA-661247 V1.5 (Last Update: 2021-12-19): Apache Log4j Vulnerabilities (Log4Shell, CVE-2021-44228, CVE-2021-45046) - Impact to...
Titel
SSA-661247 V1.5 (Last Update: 2021-12-19): Apache Log4j Vulnerabilities (Log4Shell, CVE-2021-44228, CVE-2021-45046) - Impact to Siemens Products
Veröffentlicht
19. Dezember 2021 01:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf
Text
On 2021-12-09, a vulnerability in Apache Log4j (a logging tool used in many Java-based applications) was disclosed, that could allow remote unauthenticated attackers to execute code on vulnerable systems. The vulnerability is tracked as CVE-2021-44228 and is also known as “Log4Shell”. On 2021-12-14 an additional denial of service vulnerability (CVE-2021-45046) ...
19.12.2021
SIEMENS CERT
SSA-501673 V1.0: Apache Log4j Denial of Service Vulnerability (CVE-2021-45105) - Impact to Siemens Products
Titel
SSA-501673 V1.0: Apache Log4j Denial of Service Vulnerability (CVE-2021-45105) - Impact to Siemens Products
Veröffentlicht
19. Dezember 2021 01:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf
Text
Apache Log4j2 versions 2.0-alpha1 through 2.16.0 contain a vulnerability (CVE-2021-45105) that could allow attackers to cause a denial of service condition in affected applications [1]. This advisory informs about the impact of CVE-2021-45105 to Siemens products and the corresponding remediation and mitigation measures. The vulnerability is different from the JNDI ...
18.12.2021
SIEMENS CERT
SSA-661247 V1.4 (Last Update: 2021-12-18): Apache Log4j Vulnerabilities (Log4Shell, CVE-2021-44228, CVE-2021-45046) - Impact to...
Titel
SSA-661247 V1.4 (Last Update: 2021-12-18): Apache Log4j Vulnerabilities (Log4Shell, CVE-2021-44228, CVE-2021-45046) - Impact to Siemens Products
Veröffentlicht
18. Dezember 2021 01:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf
Text
On 2021-12-09, a vulnerability in Apache Log4j (a logging tool used in many Java-based applications) was disclosed, that could allow remote unauthenticated attackers to execute code on vulnerable systems. The vulnerability is tracked as CVE-2021-44228 and is also known as “Log4Shell”. On 2021-12-14 an additional denial of service vulnerability (CVE-2021-45046) ...
17.12.2021
US CERT (ICS)
Siemens SINUMERIK Edge
Titel
Siemens SINUMERIK Edge
Veröffentlicht
17. Dezember 2021 04:36
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-350-09
Text
This advisory contains mitigations for an Improper Certificate Validation vulnerability in the Siemens SINUMERIK Edge hardware and software digital production support and optimization platform.
17.12.2021
SIEMENS CERT
SSA-661247 V1.3 (Last Update: 2021-12-17): Apache Log4j Vulnerabilities (Log4Shell, CVE-2021-44228, CVE-2021-45046) - Impact to...
Titel
SSA-661247 V1.3 (Last Update: 2021-12-17): Apache Log4j Vulnerabilities (Log4Shell, CVE-2021-44228, CVE-2021-45046) - Impact to Siemens Products
Veröffentlicht
17. Dezember 2021 01:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf
Text
On 2021-12-09, a vulnerability in Apache Log4j (a logging tool used in many Java-based applications) was disclosed, that could allow remote unauthenticated attackers to execute code on vulnerable systems. The vulnerability is tracked as CVE-2021-44228 and is also known as “Log4Shell”. On 2021-12-14 an additional denial of service vulnerability (CVE-2021-45046) ...
16.12.2021
US CERT (ICS)
Xylem AquaView
Titel
Xylem AquaView
Veröffentlicht
16. Dezember 2021 16:52
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-350-01
Text
This advisory contains mitigations for a Use of Hard-coded Credentials vulnerability in the Xylem AquaView SCADA system.
16.12.2021
US CERT (ICS)
Wibu-Systems CodeMeter Runtime
Titel
Wibu-Systems CodeMeter Runtime
Veröffentlicht
16. Dezember 2021 16:48
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-350-03
Text
This advisory contains mitigations for an Improper Privilege Management vulnerability in the Wibu-Systems CodeMeter Runtime server.
16.12.2021
US CERT (ICS)
Mitsubishi Electric GX Works2
Titel
Mitsubishi Electric GX Works2
Veröffentlicht
16. Dezember 2021 16:46
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-350-04
Text
This advisory contains mitigations for an Improper Handling of Length Parameter Inconsistency vulnerability in #Mitsubishi Electric's GX Works2 engineering software.
16.12.2021
US CERT (ICS)
Mitsubishi Electric FA Engineering Software
Titel
Mitsubishi Electric FA Engineering Software
Veröffentlicht
16. Dezember 2021 16:44
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-350-05
Text
This advisory contains mitigations for Out-of-bounds Read, and Integer Underflow vulnerabilities in Mitsubishi Electric's FA Engineering Software engineering software.
16.12.2021
US CERT (ICS)
Siemens Capital VSTAR
Titel
Siemens Capital VSTAR
Veröffentlicht
16. Dezember 2021 16:42
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-350-06
Text
This advisory contains mitigations for a several vulnerabilities in Siemens Capital VSTAR software platform products using Nucleus NET, the networking stack of Nucleus RTOS (real-time operating system).
16.12.2021
US CERT (ICS)
Siemens POWER METER SICAM Q100
Titel
Siemens POWER METER SICAM Q100
Veröffentlicht
16. Dezember 2021 16:40
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-350-07
Text
This advisory contains mitigations for a Stack-based Buffer Overflow vulnerability in the Siemens POWER METER SICAM Q100 power monitoring device.
16.12.2021
US CERT (ICS)
Siemens JTTK and JT Utilities
Titel
Siemens JTTK and JT Utilities
Veröffentlicht
16. Dezember 2021 16:38
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-350-08
Text
This advisory contains mitigations for Out-of-bounds Write, Use after Free, Out-of-bounds Read vulnerability in in the Siemens JTTK programming interface, and JT Utilities series of command line utilities.
16.12.2021
SIEMENS CERT
SSA-661247 V1.2 (Last Update: 2021-12-16): Apache Log4j Vulnerabilities (Log4Shell, CVE-2021-44228, CVE-2021-45046) - Impact to...
Titel
SSA-661247 V1.2 (Last Update: 2021-12-16): Apache Log4j Vulnerabilities (Log4Shell, CVE-2021-44228, CVE-2021-45046) - Impact to Siemens Products
Veröffentlicht
16. Dezember 2021 01:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf
Text
On 2021-12-09, a vulnerability in Apache Log4j (a logging tool used in many Java-based applications) was disclosed, that could allow remote unauthenticated attackers to execute code on vulnerable systems. The vulnerability is tracked as CVE-2021-44228 and is also known as “Log4Shell”. On 2021-12-14 an additional denial of service vulnerability (CVE-2021-45046) ...
16.12.2021
SIEMENS CERT
SSA-714170 V1.0: Apache Log4j Vulnerabilities (Log4Shell, CVE-2021-44228, CVE-2021-45046) - Impact to SPPA-T3000
Titel
SSA-714170 V1.0: Apache Log4j Vulnerabilities (Log4Shell, CVE-2021-44228, CVE-2021-45046) - Impact to SPPA-T3000
Veröffentlicht
16. Dezember 2021 01:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf
Text
On 2021-12-09, a vulnerability in Apache Log4j (a logging tool used in many Java-based applications) was disclosed, that could allow remote unauthenticated attackers to execute code on vulnerable systems. The vulnerability is tracked as CVE-2021-44228 and is also known as “Log4Shell”. On 2021-12-14 an additional denial of service vulnerability (CVE-2021-45046) ...
15.12.2021
SIEMENS CERT
SSA-661247 V1.1 (Last Update: 2021-12-15): Apache Log4j Vulnerabilities (Log4Shell, CVE-2021-44228, CVE-2021-45046) - Impact to...
Titel
SSA-661247 V1.1 (Last Update: 2021-12-15): Apache Log4j Vulnerabilities (Log4Shell, CVE-2021-44228, CVE-2021-45046) - Impact to Siemens Products
Veröffentlicht
15. Dezember 2021 01:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf
Text
On 2021-12-09, a vulnerability in Apache Log4j (a logging tool used in many Java-based applications) was disclosed, that could allow remote unauthenticated attackers to execute code on vulnerable systems. The vulnerability is tracked as CVE-2021-44228 and is also known as “Log4Shell”. On 2021-12-14 an additional denial of service vulnerability (CVE-2021-45046) ...
14.12.2021
US CERT (ICS)
Schneider Electric Rack PDU
Titel
Schneider Electric Rack PDU
Veröffentlicht
14. Dezember 2021 16:05
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-348-02
Text
This advisory contains mitigations for a Cross-site Scripting vulnerability in Schneider Electric Rack Power Distribution Unit (PDU).
14.12.2021
US CERT (ICS)
Hillrom Medical Device Management (Update A)
Titel
Hillrom Medical Device Management (Update A)
Veröffentlicht
14. Dezember 2021 16:00
URL
https://us-cert.cisa.gov/ics/advisories/icsma-21-152-01
Text
This updated advisory is a follow-up to the original advisory titled ICSA-21-152-01 Hillrom Medical Device Management that was published June 1, 2021, to the ICS webpage at www.cisa.gov/uscert. This advisory contains mitigations for a Out-of-Bounds Write, an d Out-of-Bounds Read vulnerabilities in Hillrom Welch Allyn medical device management tools.
14.12.2021
SIEMENS CERT
SSA-396621 V1.0: Multiple File Parsing Vulnerabilities in JTTK before V10.8.1.1 and JT Utilities before V12.8.1.1
Titel
SSA-396621 V1.0: Multiple File Parsing Vulnerabilities in JTTK before V10.8.1.1 and JT Utilities before V12.8.1.1
Veröffentlicht
14. Dezember 2021 01:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-396621.pdf
Text
JT Open Toolkit (JTTK) before V10.8.1.1 contains multiple vulnerabilities that could be triggered when it reads a maliciously crafted JT file. These vulnerabilities also affects JT Utilities before V12.8.1.1. If a user is tricked to open a malicious file with any of the affected products, this could lead the application ...
14.12.2021
SIEMENS CERT
SSA-772220 V1.4 (Last Update: 2021-12-14): OpenSSL Vulnerabilities in Industrial Products
Titel
SSA-772220 V1.4 (Last Update: 2021-12-14): OpenSSL Vulnerabilities in Industrial Products
Veröffentlicht
14. Dezember 2021 01:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-772220.pdf
Text
OpenSSL has published a security advisory [0] about a vulnerability in OpenSSL versions 1.1.1 < 1.1.1k, that allows an unauthenticated attacker to cause a Denial-of-Service (DoS) if a maliciously crafted renegotiation message is sent. Siemens has released updates for several affected products and recommends to update to the latest versions. ...
14.12.2021
SIEMENS CERT
SSA-629512 V1.3 (Last Update: 2021-12-14): Local Privilege Escalation Vulnerability in TIA Portal
Titel
SSA-629512 V1.3 (Last Update: 2021-12-14): Local Privilege Escalation Vulnerability in TIA Portal
Veröffentlicht
14. Dezember 2021 01:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-629512.pdf
Text
The latest updates for TIA Portal fix a vulnerability that could allow a local attacker to execute arbitrary code with SYSTEM privileges. Update: The previously provided fixes only correctly set the permissions on English Windows versions. Siemens is preparing updates and recommends specific countermeasures for products where updates are not, ...
14.12.2021
SIEMENS CERT
SSA-580693 V1.1 (Last Update: 2021-12-14): WIBU Systems CodeMeter Runtime Denial-of-Service Vulnerability in Siemens Products
Titel
SSA-580693 V1.1 (Last Update: 2021-12-14): WIBU Systems CodeMeter Runtime Denial-of-Service Vulnerability in Siemens Products
Veröffentlicht
14. Dezember 2021 01:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-580693.pdf
Text
WIBU Systems published information about a denial-of-service vulnerability and an associated fix release version of CodeMeter Runtime, a product provided by WIBU Systems and used in several Siemens products for license management. The vulnerability is described in the section “Vulnerability Classification” below and got assigned the CVE ID CVE-2021-41057. Successful ...

Letzte Updates

BOSCH PSIRT
15.01.2025
SIEMENS CERT
17.04.2025
US CERT
01.04.2025
US CERT (ICS)
22.04.2025

Nach Quelle

Archiv

2025
2024
2023
2022
2021
2020
2019
2018
2017

Feeds