• 1
  • 2 (current)
Dienstag, 13.04.2021
02:00
SIEMENS CERT
SSA-591405 V1.2 (Last Update: 2021-04-13): Web Vulnerabilities in SCALANCE S-600 Family
Titel
SSA-591405 V1.2 (Last Update: 2021-04-13): Web Vulnerabilities in SCALANCE S-600 Family
Veröffentlicht
13. April 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-591405.pdf
Text
The firmware for SCALANCE S-600 family devices contains multiple web vulnerabilities. The vulnerabilities could allow an remote attacker to conduct Denial-of-Service attacks or perform Cross-Site Scripting attacks. Siemens has released updates for the affected products and recommends to update to the latest versions, or to upgrade to a successor product.
02:00
SIEMENS CERT
SSA-646763 V1.2 (Last Update: 2021-04-13): DNSpooq - Dnsmasq Vulnerabilities in SCALANCE and RUGGEDCOM Devices
Titel
SSA-646763 V1.2 (Last Update: 2021-04-13): DNSpooq - Dnsmasq Vulnerabilities in SCALANCE and RUGGEDCOM Devices
Veröffentlicht
13. April 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-646763.pdf
Text
Security researchers discovered and disclosed seven vulnerabilities in the open-source DNS component “dnsmasq”, also known as “DNSpooq” vulnerabilities (CVE-2020-25681 through CVE-2020-25687). Three vulnerabilities (CVE-2020-25684 through CVE-2020-25686) affect the validation of DNS responses and impact several SCALANCE and RUGGEDCOM devices as listed below. Siemens has released updates for several affected products ...
02:00
SIEMENS CERT
SSA-689942 V1.3 (Last Update: 2021-04-13): Denial-of-Service and DLL Hijacking Vulnerabilities in Multiple SIMATIC Software Pro...
Titel
SSA-689942 V1.3 (Last Update: 2021-04-13): Denial-of-Service and DLL Hijacking Vulnerabilities in Multiple SIMATIC Software Products
Veröffentlicht
13. April 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-689942.pdf
Text
Multiple SIMATIC Software products are affected by two vulnerabilities that could allow an attacker to manipulate project files that may lead to Remote Code Execution or Denial-of-Service attacks. Siemens has released updates to some of the affected products and recommends that customers update to the latest version. Siemens is preparing ...
02:00
SIEMENS CERT
SSA-715184 V1.1 (Last Update: 2021-04-13): Multiple File Parsing Vulnerabilities in Solid Edge
Titel
SSA-715184 V1.1 (Last Update: 2021-04-13): Multiple File Parsing Vulnerabilities in Solid Edge
Veröffentlicht
13. April 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-715184.pdf
Text
Siemens has released new versions for Solid Edge to fix multiple vulnerabilities that could be triggered when the application reads files in different file formats (PAR, DFT, XML extensions). If a user is tricked to open a malicious file with the affected application, this could lead to a crash, and ...
02:00
SIEMENS CERT
SSA-841348 V1.7 (Last Update: 2021-04-13): Multiple Vulnerabilities in the UMC Stack
Titel
SSA-841348 V1.7 (Last Update: 2021-04-13): Multiple Vulnerabilities in the UMC Stack
Veröffentlicht
13. April 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf
Text
The latest update for the below listed products fixes two security vulnerabilities that could allow an attacker to cause a partial Denial-of-Service on the UMC component of the affected devices under certain circumstances, and one vulnerability that could allow an attacker to locally escalate privileges from a user with administrative ...
02:00
SIEMENS CERT
SSA-844761 V1.1 (Last Update: 2021-04-13): Multiple Vulnerabilities in SiNVR/SiVMS Video Server
Titel
SSA-844761 V1.1 (Last Update: 2021-04-13): Multiple Vulnerabilities in SiNVR/SiVMS Video Server
Veröffentlicht
13. April 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf
Text
The Video Server application in SiNVR/SiVMS solutions contains five vulnerabilities involving information disclosure (CVE-2019-19291, CVE-2019-19299), path traversal (CVE-2019-19296, CVE-2019-19297), and denial-of-service (CVE-2019-19298). PKE has released an update of the application that fixes the reported vulnerabilities, except for CVE-2019-19298 and CVE-2019-19299. This update is not available under the former Siemens OEM ...
02:00
SIEMENS CERT
SSA-951513 V1.2 (Last Update: 2021-04-13): Clickjacking Vulnerability in SCALANCE S, SCALANCE X-300, X-200IRT, and X-200 Switch...
Titel
SSA-951513 V1.2 (Last Update: 2021-04-13): Clickjacking Vulnerability in SCALANCE S, SCALANCE X-300, X-200IRT, and X-200 Switch Families
Veröffentlicht
13. April 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-951513.pdf
Text
Several SCALANCE X switches contain a vulnerability that could allow an attacker to perform administrative actions if the victim is tricked into clicking on a website controlled by the attacker. The attack only works if the victim has an authenticated session on the administrative interface of the switch. Siemens has ...
02:00
SIEMENS CERT
SSA-978220 V1.4 (Last Update: 2021-04-13): Denial-of-Service Vulnerability over SNMP in Multiple Industrial Products
Titel
SSA-978220 V1.4 (Last Update: 2021-04-13): Denial-of-Service Vulnerability over SNMP in Multiple Industrial Products
Veröffentlicht
13. April 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-978220.pdf
Text
Several industrial products are affected by a vulnerability that could allow remote attackers to conduct a Denial-of-Service (DoS) attack by sending specially crafted packets to port 161/udp (SNMP). Siemens has released updates for several affected products and recommends to update to the new versions. Siemens is preparing further updates and ...
02:00
SIEMENS CERT
SSA-979775 V1.1 (Last Update: 2021-04-13): Stack Overflow Vulnerability in SCALANCE and RUGGEDCOM Devices
Titel
SSA-979775 V1.1 (Last Update: 2021-04-13): Stack Overflow Vulnerability in SCALANCE and RUGGEDCOM Devices
Veröffentlicht
13. April 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-979775.pdf
Text
Several firmware versions of the SCALANCE and RUGGEDCOM devices listed below are affected by a vulnerability in the passive listening feature that could allow an attacker to cause a reboot or, under specific circumstances, attain remote code execution of the affected devices. Siemens has released updates for the affected products ...
02:00
SIEMENS CERT
SSA-163226 V1.0: CELL File Parsing Vulnerability in Tecnomatix RobotExpert
Titel
SSA-163226 V1.0: CELL File Parsing Vulnerability in Tecnomatix RobotExpert
Veröffentlicht
13. April 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-163226.pdf
Text
Siemens Tecnomatix RobotExpert version V16.1 fixes a vulnerability that could be triggered when the application reads CELL files. If a user is tricked to open a malicious file with the affected application, this could lead to a crash, and potentially also to arbitrary code execution or data extraction on the ...
02:00
SIEMENS CERT
SSA-763427 V1.5 (Last Update: 2021-04-13): Authentication Bypass Vulnerability in SIMATIC NET CP Modules and TIM Devices
Titel
SSA-763427 V1.5 (Last Update: 2021-04-13): Authentication Bypass Vulnerability in SIMATIC NET CP Modules and TIM Devices
Veröffentlicht
13. April 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-763427.pdf
Text
Siemens has released updates for Communication Processor (CP) module families CP 343-1/TIM 3V-IE/TIM 4R-IE/CP 443-1 to resolve an authentication bypass vulnerability that could allow unauthenticated users to perform administrative operations under certain conditions. 2021-04-13: Siemens has also added Profibus devices (CP 342-5 / CP 443-5) to this advisory. For these ...
02:00
SIEMENS CERT
SSA-187092 V1.0: Several Buffer-Overflow Vulnerabilities in Web Server of SCALANCE X-200
Titel
SSA-187092 V1.0: Several Buffer-Overflow Vulnerabilities in Web Server of SCALANCE X-200
Veröffentlicht
13. April 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-187092.pdf
Text
Several SCALANCE X-200 switches contain buffer overflow vulnerabilities in the web server. In the most severe case an attacker could potentially remotely execute code. Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available.
  • 1
  • 2 (current)

Letzte Updates

BOSCH PSIRT
21.08.2024
SIEMENS CERT
12.09.2024
US CERT
04.09.2024
US CERT (ICS)
19.09.2024

Nach Quelle

Archiv

2024
2023
2022
2021
2020
2019
2018
2017

Feeds