• 1 (current)
  • 2
Mittwoch, 28.07.2021
Titel
AA21-209A: Top Routinely Exploited Vulnerabilities
Veröffentlicht
28. Juli 2021 14:00
Text
Original release date: July 28, 2021 | Last revised: August 20, 2021SummaryThis Joint Cybersecurity Advisory was coauthored by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Australian Cyber Security Centre (ACSC), the United Kingdom’s National Cyber Security Centre (NCSC), and the U.S. Federal Bureau of Investigation (FBI). This advisory ...
Dienstag, 20.07.2021
Titel
AA21-201A: Chinese Gas Pipeline Intrusion Campaign, 2011 to 2013
Veröffentlicht
20. Juli 2021 15:00
Text
Original release date: July 20, 2021 | Last revised: July 21, 2021SummaryThis Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework, Version 9. See the ATT&CK for Enterprise for all referenced threat actor tactics and techniques. Note: CISA released technical information, including indicators of compromise (IOCs), provided ...
Titel
Vulnerabilities in CODESYS V2 runtime systems
Veröffentlicht
20. Juli 2021 02:00
Text

BOSCH-SA-670099: The compact systems CS351E and CS351S and the communication module KE350G with integrated PLC contain technology from CODESYS GmbH. The manufacturer CODESYS GmbH published security bulletins \[1\]\[2\] about a weakness in the protocol for the communication between the PLC runtime and clients. By exploiting these vulnerabilities, attackers can send ...

Montag, 19.07.2021
Titel
AA21-200A: Tactics, Techniques, and Procedures of Indicted APT40 Actors Associated with China’s MSS Hainan State Security Department
Veröffentlicht
19. Juli 2021 13:00
Text
Original release date: July 19, 2021 | Last revised: July 20, 2021SummaryThis Joint Cybersecurity Advisory was written by the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) to provide information on a Chinese Advanced Persistent Threat (APT) group known in open-source reporting as APT40. This ...
Titel
AA21-200B: Chinese State-Sponsored Cyber Operations: Observed TTPs
Veröffentlicht
19. Juli 2021 13:00
Text
Original release date: July 19, 2021 | Last revised: August 20, 2021SummaryThis advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework, Version 9, and MITRE D3FEND™ framework, version 0.9.2-BETA-3. See the ATT&CK for Enterprise for all referenced threat actor tactics and techniques and the D3FEND framework for ...
Dienstag, 13.07.2021
Titel
SSA-841348 V1.8 (Last Update: 2021-07-13): Multiple Vulnerabilities in the UMC Stack
Veröffentlicht
13. Juli 2021 02:00
Text
The latest update for the below listed products fixes two security vulnerabilities that could allow an attacker to cause a partial Denial-of-Service on the UMC component of the affected devices under certain circumstances, and one vulnerability that could allow an attacker to locally escalate privileges from a user with administrative ...
Titel
SSA-941426 V1.0: Multiple LLDP Vulnerabilities in Industrial Products
Veröffentlicht
13. Juli 2021 02:00
Text
There are multiple vulnerabilities in an underlying Link Layer Discovery Protocol (LLDP) third party library. Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available.
Titel
SSA-203306 V1.5 (Last Update: 2021-07-13): Password Vulnerabilities in SIPROTEC 4 and SIPROTEC Compact Relay Families
Veröffentlicht
13. Juli 2021 02:00
Text
SIPROTEC 4 and SIPROTEC Compact devices could allow access authorization passwords to be reconstructed or overwritten via engineering mechanisms that involve DIGSI 4 and EN100 Ethernet communication modules. Siemens has released updates for several affected products, and recommends specific countermeasures for the remaining products.
Titel
SSA-324955 V1.2 (Last Update: 2021-07-13): SAD DNS Attack in Linux Based Products
Veröffentlicht
13. Juli 2021 02:00
Text
A vulnerability made public under the name SAD DNS affects Domain Name System resolvers due to a vulnerability in the Linux kernel when handling ICMP packets. The Siemens products which are affected are listed below. For more information please see https://www.saddns.net/. Siemens has released updates for several affected products and ...
Titel
SSB-439005 V3.5 (Last Update: 2021-07-13): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP
Veröffentlicht
13. Juli 2021 02:00
Text
Titel
SSA-462066 V2.4 (Last Update: 2021-07-13): Vulnerability known as TCP SACK PANIC in Industrial Products
Veröffentlicht
13. Juli 2021 02:00
Text
Multiple industrial products are affected by a vulnerability in the kernel known as TCP SACK PANIC. The vulnerability could allow a remote attacker to cause a denial of service condition. Siemens has released updates for several affected products and recommends to update to the new versions. Siemens is preparing further ...
Titel
SSA-434536 V1.0: Memory Protection Bypass Vulnerability in SINUMERIK ONE and SINUMERIK MC
Veröffentlicht
13. Juli 2021 02:00
Text
SINUMERIK ONE and SINUMERIK MC products are affected by a memory protection bypass vulnerability in the integrated S7-1500 CPU that could allow an attacker to write arbitrary data and code to protected memory areas or read sensitive data to launch further attacks on the CPU. Siemens is preparing updates and ...
Titel
SSA-448291 V1.0: Denial-of-Service Vulnerability in ARP Protocol of RWG Universal Controllers
Veröffentlicht
13. Juli 2021 02:00
Text
A Denial-of-Service vulnerability was found affecting the ARP protocol on RWG Universal Controller devices. Siemens has released updates for the affected products and recommends to update to the latest versions.
Titel
SSA-173615 V1.0: Multiple PAR and ASM File Parsing Vulnerabilities in Solid Edge
Veröffentlicht
13. Juli 2021 02:00
Text
Siemens has released version SE2021MP5 for Solid Edge to fix multiple heap based buffer overflow vulnerabilities that could be triggered when the application read files in PAR or ASM file formats. If a user is tricked to open a malicious file with the affected application, this could lead to a ...
Titel
SSA-209268 V1.0: Multiple JT File Parsing Vulnerabilities in JT Utilities before V13.0.2.0
Veröffentlicht
13. Juli 2021 02:00
Text
Siemens has released version V13.0.2.0 for JT Utilities to fix multiple vulnerabilities that could be triggered when reading JT files. Siemens recommends to update to the latest version, which contains solutions to all the vulnerabilities listed in this advisory. Standing recommendation is to avoid opening of untrusted files from unknown ...
Titel
SSA-352521 V1.0: Access Check Bypass Vulnerability in Mendix
Veröffentlicht
13. Juli 2021 02:00
Text
An incorrect authorization check in Mendix applications could allow an attacker to bypass write permissions to attributes of objects under certain circumstances. Mendix has released an update for Mendix and recommends to update to the latest version.
Titel
SSA-373591 V1.0: Buffer Overflow Vulnerability in RUGGEDCOM ROS Devices
Veröffentlicht
13. Juli 2021 02:00
Text
The latest update for RUGGEDCOM ROS devices fixes a buffer overflow vulnerability in the third party component that could allow an attacker with network access to an affected device to cause a remote code execution condition. Siemens has released updates for the affected products and recommends to update to the ...
Titel
SSA-434535 V1.0: Memory Protection Bypass Vulnerability in SINAMICS PERFECT HARMONY GH180 Drives
Veröffentlicht
13. Juli 2021 02:00
Text
Several models of SINAMICS PERFECT HARMONY GH180 Drives are affected by a memory protection bypass vulnerability in the integrated S7-1500 or S7-1200 CPU that could allow an attacker to write arbitrary data and code to protected memory areas or read sensitive data to launch further attacks on the CPU. Siemens ...
Titel
SSA-483182 V1.0: Multiple File Parsing Vulnerabilities in JT2Go and Teamcenter Visualization before V13.2
Veröffentlicht
13. Juli 2021 02:00
Text
Siemens has released version V13.2 for JT2Go and Teamcenter Visualization to fix multiple vulnerabilities that could be triggered when the products read files in different file formats (GIF, TIFF, BMP, J2K, JT, SGI, PDF, PCT, PCX, PAR and ASM ). If a user is tricked to opening of a malicious ...
Titel
SSA-560465 V1.0: DHCP Client Vulnerability in VxWorks-based Industrial Products
Veröffentlicht
13. Juli 2021 02:00
Text
Various industry products are affected by a DHCP client vulnerability in Wind River VxWorks, that could allow an attacker to cause a heap-based buffer overflow. Siemens recommends specific countermeasures for products where updates are not, or not yet available.
Titel
SSA-599968 V1.0: Denial-of-Service Vulnerability in Profinet Devices
Veröffentlicht
13. Juli 2021 02:00
Text
A vulnerability in affected devices could allow an attacker to perform a denial-of-service attack if a large amount of Profinet Discovery and Configuration Protocol (DCP) reset packets is sent to the affected devices. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens ...
Titel
SSA-622535 V1.0: Multiple Vulnerabilities in Teamcenter Active Workspace
Veröffentlicht
13. Juli 2021 02:00
Text
Multiple vulnerabilities affecting Teamcenter Active Workspace could lead to sensitive information disclosure and reflected cross site scripting. Siemens has released updates for the affected products and recommends to update to the latest versions.
Titel
SSA-641963 V1.0: Remote Code Execution Vulnerability in Multiple SIMATIC Software Products
Veröffentlicht
13. Juli 2021 02:00
Text
Multiple SIMATIC Software products are affected by a vulnerability that could allow an attacker to manipulate project files and remotely execute code. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not, or not ...
Titel
SSA-661034 V1.0: Incorrect Permission Assignment in Multiple SIMATIC Software Products
Veröffentlicht
13. Juli 2021 02:00
Text
Multiple SIMATIC software products are affected by a vulnerability that could allow an attacker to change the content of certain metafiles and subsequently manipulate parameters or behaviour of devices configured by the affected software products. Siemens has released an update for the SIMATIC STEP 7 V5.X and recommends to update ...
Titel
SSA-675303 V1.0: WIBU Systems CodeMeter Runtime Vulnerabilities in Siemens Products
Veröffentlicht
13. Juli 2021 02:00
Text
WIBU Systems disclosed two vulnerabilities and a new release version of CodeMeter Runtime, a product provided by WIBU Systems and used in several Siemens products for license management. The vulnerabilities are described in the section “Vulnerability Classification” below and got assigned the CVE IDs CVE-2021-20093 and CVE-2021-20094. Successful exploitation of ...
  • 1 (current)
  • 2

Letzte Updates

BOSCH PSIRT
31.10.2024
SIEMENS CERT
22.11.2024
US CERT
08.11.2024
US CERT (ICS)
21.11.2024

Nach Quelle

Archiv

2024
2023
2022
2021
2020
2019
2018
2017

Feeds