Juni 2021
Titel
SSA-787292 V1.0: Denial-of-Service Vulnerability in SIMATIC RFID Readers
Veröffentlicht
8. Juni 2021 02:00
Text
The latest updates for SIMATIC RF products fix a vulnerability that could allow an unauthorized attacker to crash the OPC UA service of the affected devices. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific ...
Titel
SSA-645530 V1.0: TIFF File Parsing Vulnerability in JT2Go and Teamcenter Visualization before V13.1.0.3
Veröffentlicht
8. Juni 2021 02:00
Text
Siemens has released version V13.1.0.3 for JT2Go and Teamcenter Visualization to fix a vulnerability that could be triggered when the products read files in TIFF file format. If a user is tricked to opening of a malicious file with the affected products, this could lead to application crash, or potentially ...
Titel
SSA-522654 V1.0: Privilege Escalation Vulnerability in Mendix SAML Module
Veröffentlicht
8. Juni 2021 02:00
Text
The latest update of Mendix SAML module fixes a privilege escalation vulnerability. Mendix has released an update for the Mendix SAML module and recommends to update to the latest version.
Titel
SSA-419820 V1.0: Denial-of-Service Vulnerability in TIM 1531 IRC
Veröffentlicht
8. Juni 2021 02:00
Text
The latest update for TIM 1531 IRC fixes a vulnerability that could allow a remote attacker to cause a denial-of-service under certain circumstances. Siemens has released an update for the TIM 1531 IRC and recommends to update to the latest version.
Titel
SSA-208356 V1.0: DFT File Parsing Vulnerabilities in Solid Edge
Veröffentlicht
8. Juni 2021 02:00
Text
Siemens has released a new version for Solid Edge to fix two vulnerabilities that could be triggered when the application read files in DFT file format. If a user is tricked to opening of a malicious file with the affected products, this could lead to application crash, or potentially arbitrary ...
Titel
SSA-200951 V1.0: Multiple Vulnerabilities in Third-Party Component libcurl of TIM Devices
Veröffentlicht
8. Juni 2021 02:00
Text
SIMATIC TIM 1531 IRC devices are vulnerable to multiple vulnerabilities in the third party component libcurl that could allow an attacker to extract sensitive information and pass a revoked certificate as valid. Siemens has released an update for SIMATIC TIM 1531 IRC and recommends to update to the latest versions.
Titel
SSA-133038 V1.0: Multiple Modfem File Parsing Vulnerabilities in Simcenter Femap
Veröffentlicht
8. Juni 2021 02:00
Text
Siemens Simcenter Femap is affected by two vulnerabilities that could be triggered when the application reads modfem files. If a user is tricked to open a malicious file with the affected application, this could lead to a crash, and potentially also to arbitrary code execution or data extraction on the ...
Mai 2021
Titel
AA21-148A: Sophisticated Spearphishing Campaign Targets Government Organizations, IGOs, and NGOs
Veröffentlicht
29. Mai 2021 00:29
Text
Original release date: May 28, 2021 | Last revised: May 29, 2021SummaryThis Joint Cybersecurity Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework, Version 9. See the ATT&CK for Enterprise for all referenced threat actor tactics and techniques. The Cybersecurity and Infrastructure Security Agency (CISA) and the ...
Titel
Several Vulnerabilities in Bosch B426, B426-CN/B429-CN, and B426-M
Veröffentlicht
28. Mai 2021 02:00
Text

BOSCH-SA-196933-BT: A security vulnerability affects the Bosch B426, B426-CN/B429-CN, and B426-M. The vulnerability is exploitable via the network interface. Bosch rates this vulnerability at 8.0 (High) and recommends customers to update vulnerable components with fixed software versions. A second vulnerable condition was found when using http protocol, in which the ...

Titel
SSA-434534 V1.0: Memory Protection Bypass Vulnerability in SIMATIC S7-1200 and S7-1500 CPU Families
Veröffentlicht
28. Mai 2021 02:00
Text
SIMATIC S7-1200 and S7-1500 CPU products contain a memory protection bypass vulnerability that could allow an attacker to write arbitrary data and code to protected memory areas or read sensitive data to launch further attacks. Siemens has released updates for several affected products and strongly recommends to update to the ...
Titel
SSA-119468 V1.0: Luxion KeyShot Vulnerabilities in Solid Edge
Veröffentlicht
25. Mai 2021 02:00
Text
The Solid Edge installation package includes a specific version of the third-party product KeyShot from Luxion, which may not contain the latest security fixes provided by Luxion. Siemens recommends to update KeyShot according to the information in the Luxion Security Advisory LSA-394129.
Titel
Vulnerability in the routing protocol of the PLC runtime
Veröffentlicht
19. Mai 2021 02:00
Text

BOSCH-SA-350374: The control systems IndraMotion MTX, MLC and MLD and the ctrlX CORE PLC application contain PLC technology from Codesys GmbH. The manufacturer Codesys GmbH published a security bulletin \[1\] about a weakness in the routing protocol for the communication between the PLC runtime and clients. By exploiting the vulnerability, ...

Titel
SSA-622830 V1.2 (Last Update: 2021-05-17): Multiple File Parsing Vulnerabilities in JT2Go and Teamcenter Visualization before V13.1.0
Veröffentlicht
17. Mai 2021 02:00
Text
Siemens has released version V13.1.0 for JT2Go and Teamcenter Visualization to fix multiple vulnerabilities that could be triggered when the products read files in different file formats (JT, XML, CG4, CGM, PDF, RGB, SGI, TGA, PAR, PCX). If a user is tricked to opening of a malicious file with the ...
Titel
SSA-695540 V1.0: ASM and PAR File Parsing Vulnerabilities in JT2Go and Teamcenter Visualization before V13.1.0.2
Veröffentlicht
17. Mai 2021 02:00
Text
Siemens has released version V13.1.0.2 for JT2Go and Teamcenter Visualization to fix multiple vulnerabilities that could be triggered when the products read files in ASM and PAR file formats. If a user is tricked to opening of a malicious file with the affected products, this could lead to application crash, ...
Titel
SSA-663999 V1.1 (Last Update: 2021-05-17): Multiple File Parsing Vulnerabilities in JT2Go and Teamcenter Visualization before V13.1.0.1
Veröffentlicht
17. Mai 2021 02:00
Text
Siemens has released version V13.1.0.1 for JT2Go and Teamcenter Visualization to fix multiple vulnerabilities that could be triggered when the products read files in different file formats (BMP, TIFF, CGM, TGA, PCT, HPG, PLT, RAS, PAR, ASM, DXF, DWG). If a user is tricked to opening of a malicious file ...
Titel
AA21-131A: DarkSide Ransomware: Best Practices for Preventing Business Disruption from Ransomware Attacks
Veröffentlicht
11. Mai 2021 21:00
Text
Original release date: May 11, 2021 | Last revised: May 20, 2021SummaryThis Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework, Version 9. See the ATT&CK for Enterprise for all referenced threat actor tactics and techniques. The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau ...
Titel
SSA-723417 V1.0: Multiple Vulnerabilities in SCALANCE W1750D
Veröffentlicht
11. Mai 2021 02:00
Text
Siemens SCALANCE W1750D is a brand-labeled device. Aruba has released a related security advisory ARUBA-PSA-2021-007 disclosing vulnerabilities in its Aruba Instant product line. Siemens is preparing updates and recommends countermeasures for products where updates are not, or not yet available.
Titel
SSA-678983 V1.0: Vulnerabilities in Industrial PCs and CNC devices using Intel CPUs (November 2020)
Veröffentlicht
11. Mai 2021 02:00
Text
Intel has published information on vulnerabilities in Intel products in November 2020. This advisory lists the Siemens IPC related products, that are affected by these vulnerabilities. In this advisory we take a representative CVE from each advisory: “Intel CSME, SPS, TXE, AMT and DAL Advisory” Intel-SA-00391 is represented by CVE-2020-8745 ...
Titel
SSA-286838 V1.0: Multiple Vulnerabilities in SINAMICS Medium Voltage Products
Veröffentlicht
11. Mai 2021 02:00
Text
SINAMICS medium voltage products, with Sm@rtServer enabled on SIMATIC comfort HMI Panels, are affected by multiple vulnerabilities that could allow an attacker, under certain conditions, to gain full remote access to the HMI. Note that by default Sm@rtServer is disabled, but it can be enabled on request by the system ...
Titel
SSA-116379 V1.0: Denial-of-Service Vulnerability in OSPF Packet Handling of SCALANCE XM-400 and XR-500 Devices
Veröffentlicht
11. Mai 2021 02:00
Text
SCALANCE XM-400 and XR-500 devices contain a vulnerability in the OSPF protocol implementation that could allow an unauthenticated remote attacker to create a permanent denial-of-service condition. Siemens has released updates for the affected products and recommends to update to the latest versions.
Titel
SSA-936080 V1.1 (Last Update: 2021-05-11): Multiple Vulnerabilities in Third-Party Component libcurl
Veröffentlicht
11. Mai 2021 02:00
Text
SIMATIC NET CM 1542-1, SCALANCE SC600 family and SIMATIC NET CP 343-1 Advanced devices are vulnerable to a vulnerability in the third party component libcurl that could allow an attacker to cause a Denial-of-Service condition on the affected devices. Siemens has released an update for SCALANCE SC600. For the remaining ...
Titel
SSA-794542 V1.1 (Last Update: 2021-05-11): Insecure Folder Permissions in SIMARIS Configuration
Veröffentlicht
11. Mai 2021 02:00
Text
The installation of SIMARIS configuration causes insecure folder permissions that could allow vertical privilege escalation. Siemens has released an update for SIMARIS and recommends to update to the latest version.
Titel
SSA-646763 V1.3 (Last Update: 2021-05-11): DNSpooq - Dnsmasq Vulnerabilities in SCALANCE and RUGGEDCOM Devices
Veröffentlicht
11. Mai 2021 02:00
Text
Security researchers discovered and disclosed seven vulnerabilities in the open-source DNS component “dnsmasq”, also known as “DNSpooq” vulnerabilities (CVE-2020-25681 through CVE-2020-25687). Three vulnerabilities (CVE-2020-25684 through CVE-2020-25686) affect the validation of DNS responses and impact several SCALANCE and RUGGEDCOM devices as listed below. Siemens has released updates for several affected products ...
Titel
SSA-541018 V1.1 (Last Update: 2021-05-11): Embedded TCP/IP Stack Vulnerabilities (AMNESIA:33) in SENTRON PAC / 3VA Devices (Part 2)
Veröffentlicht
11. Mai 2021 02:00
Text
Security researchers discovered and disclosed 33 vulnerabilities in several open-source TCP/IP stacks for embedded devices, also known as “AMNESIA:33” vulnerabilities. This advisory describes the impact of two of these vulnerabilities (CVE-2020-13987, CVE-2020-17437) to Siemens products. Siemens has released updates for several affected products and recommends to update to the latest ...
Titel
SSA-478893 V1.1 (Last Update: 2021-05-11): TightVNC Vulnerabilities in Industrial Products (Revoked)
Veröffentlicht
11. Mai 2021 02:00
Text
Multiple TightVNC (V1.x) vulnerabilities could allow remote code execution and Denial-of-Service attacks under certain conditions. Siemens has previously released this advisory containing a set of products that were considered to be affected. Through Siemens’ continuous investigation processes it was identified that all products previously advised are not affected by any ...

Letzte Updates

BOSCH PSIRT
31.10.2024
SIEMENS CERT
22.11.2024
US CERT
08.11.2024
US CERT (ICS)
21.11.2024

Nach Quelle

Archiv

2024
2023
2022
2021
2020
2019
2018
2017

Feeds