• 1 (current)
  • 2
Dienstag, 31.08.2021
Titel
AA21-243A: Ransomware Awareness for Holidays and Weekends
Veröffentlicht
31. August 2021 19:00
Text
Original release date: August 31, 2021 | Last revised: September 2, 2021SummaryImmediate Actions You Can Take Now to Protect Against Ransomware • Make an offline backup of your data. • Do not click on suspicious links. • If you use RDP, secure and monitor it. • Update your OS and ...
Titel
Sensormatic Electronics KT-1
Veröffentlicht
31. August 2021 16:05
Text
This advisory contains mitigations for a Use of Unmaintained Third-party Components vulnerability in Sensormatic Electronics KT-1 Ethernet-ready single-door controller.
Titel
Philips Patient Monitoring Devices (Update A)
Veröffentlicht
31. August 2021 16:00
Text
This updated advisory is a follow-up to the original advisory titled ICSMA-20-254-01 Philips Patient Monitoring Devices that was published September 10, 2020, to the ICS webpage on us-cert.cisa.gov. This advisory contains mitigations for Improper Neutralization of Formula Elements in a CSV File, Cross-site Scripting, Improper Authentication, Improper Check for Certificate ...
Donnerstag, 26.08.2021
Titel
Johnson Controls Controlled Electronic Management Systems CEM Systems AC2000
Veröffentlicht
26. August 2021 16:15
Text
This advisory contains mitigation for an Improper Authorization vulnerability in Johnson Controls Controlled Electronic Management Systems CEM Systems AC2000, an enterprise access control and integrated security management system.​​​​
Titel
Annke Network Video Recorder
Veröffentlicht
26. August 2021 16:10
Text
This advisory contains mitigation for a Stack-based Buffer Overflow vulnerability in the Annke N48PBB Network Video Recorder.
Titel
Delta Electronics DIAEnergie
Veröffentlicht
26. August 2021 16:05
Text
This advisory contains mitigations for Use of Password Hash with Insufficient Computational Effort, Incorrect Authorization, Unrestricted Upload of File with Dangerous Type, SQL Injection, and Cross-site Request Forgery vulnerabilities in the Delta Electronics DIAEnergie industrial energy management system.
Dienstag, 24.08.2021
Titel
Hitachi ABB Power Grids TropOS
Veröffentlicht
24. August 2021 16:15
Text
This advisory contains mitigations for Injection, Inadequate Encryption Strength, Missing Authentication for Critical Function, Improper Authentication, Improper Validation of Integrity Check Value, and Improper Input Validation vulnerabilities in Hitachi ABB Power Grids TropOS firmware.
Donnerstag, 19.08.2021
Titel
SSA-816035 V1.0: Code Execution Vulnerability in SINEMA Remote Connect Client
Veröffentlicht
19. August 2021 02:00
Text
The latest update for SINEMA Remote Connect Client fixes a vulnerability that could allow a local attacker to escalate privileges or even allow remote code execution under certain circumstances. Siemens has released a firmware update for SINEMA Remote Connect Client and proposes mitigations if an update is not possible.
Dienstag, 17.08.2021
Titel
AA21-229A: BadAlloc Vulnerability Affecting BlackBerry QNX RTOS
Veröffentlicht
17. August 2021 19:00
Text
Original release date: August 17, 2021 | Last revised: August 23, 2021SummaryOn August 17, 2021, BlackBerry publicly disclosed that its QNX Real Time Operating System (RTOS) is affected by a BadAlloc vulnerability—CVE-2021-22156. BadAlloc is a collection of vulnerabilities affecting multiple RTOSs and supporting libraries.[1] A remote attacker could exploit CVE-2021-22156 ...
Dienstag, 10.08.2021
Titel
SSA-938030 V1.0: DGN and PAR File Parsing Vulnerabilities in JT2Go and Teamcenter Visualization before V13.2.0.2
Veröffentlicht
10. August 2021 02:00
Text
Siemens has released version V13.2.0.2 for JT2Go and Teamcenter Visualization to fix three vulnerabilities that could be triggered while parsing DGN or PAR files. If a user is tricked to open a malicious file with the affected products, this could lead the application to crash or potential arbitrary code execution. ...
Titel
SSA-286838 V1.1 (Last Update: 2021-08-10): Multiple Vulnerabilities in SINAMICS Medium Voltage Products
Veröffentlicht
10. August 2021 02:00
Text
SINAMICS medium voltage products, with Sm@rtServer enabled on SIMATIC comfort HMI Panels, are affected by multiple vulnerabilities that could allow an attacker, under certain conditions, to gain full remote access to the HMI. Note that by default Sm@rtServer is disabled, but it can be enabled by the system integrator on ...
Titel
SSA-324955 V1.3 (Last Update: 2021-08-10): SAD DNS Attack in Linux Based Products
Veröffentlicht
10. August 2021 02:00
Text
A vulnerability made public under the name SAD DNS affects Domain Name System resolvers due to a vulnerability in the Linux kernel when handling ICMP packets. The Siemens products which are affected are listed below. For more information please see https://www.saddns.net/. Siemens has released updates for several affected products and ...
Titel
SSB-439005 V3.6 (Last Update: 2021-08-10): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP
Veröffentlicht
10. August 2021 02:00
Text
Titel
SSA-492828 V1.1 (Last Update: 2021-08-10): Denial-of-Service Vulnerability in SIMATIC S7-300 CPUs and SINUMERIK Controller
Veröffentlicht
10. August 2021 02:00
Text
A vulnerability in S7-300 might allow an attacker to cause a Denial-of-Service condition on port 102 of the affected devices by sending specially crafted packets. Siemens is preparing updates and recommends specific countermeasures until fixes are available.
Titel
SSA-541018 V1.2 (Last Update: 2021-08-10): Embedded TCP/IP Stack Vulnerabilities (AMNESIA:33) in SENTRON PAC / 3VA Devices (Part 2)
Veröffentlicht
10. August 2021 02:00
Text
Security researchers discovered and disclosed 33 vulnerabilities in several open-source TCP/IP stacks for embedded devices, also known as “AMNESIA:33” vulnerabilities. This advisory describes the impact of two of these vulnerabilities (CVE-2020-13987, CVE-2020-17437) to Siemens products. Siemens has released updates for several affected products and recommends to update to the latest ...
Titel
SSA-599968 V1.1 (Last Update: 2021-08-10): Denial-of-Service Vulnerability in Profinet Devices
Veröffentlicht
10. August 2021 02:00
Text
A vulnerability in affected devices could allow an attacker to perform a denial-of-service attack if a large amount of Profinet Discovery and Configuration Protocol (DCP) reset packets is sent to the affected devices. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens ...
Titel
SSA-678983 V1.2 (Last Update: 2021-08-10): Vulnerabilities in Industrial PCs and CNC devices using Intel CPUs (November 2020)
Veröffentlicht
10. August 2021 02:00
Text
Intel has published information on vulnerabilities in Intel products in November 2020. This advisory lists the Siemens IPC related products, that are affected by these vulnerabilities. In this advisory we take a representative CVE from each advisory: “Intel CSME, SPS, TXE, AMT and DAL Advisory” Intel-SA-00391 is represented by CVE-2020-8745 ...
Titel
SSA-723417 V1.1 (Last Update: 2021-08-10): Multiple Vulnerabilities in SCALANCE W1750D
Veröffentlicht
10. August 2021 02:00
Text
Siemens SCALANCE W1750D is a brand-labeled device. Aruba has released a related security advisory ARUBA-PSA-2021-007 disclosing vulnerabilities in its Aruba Instant product line. Siemens is preparing updates and recommends countermeasures for products where updates are not, or not yet available.
Titel
SSA-752103 V1.1 (Last Update: 2021-08-10): Telnet Authentication Vulnerability in SINAMICS Medium Voltage Products
Veröffentlicht
10. August 2021 02:00
Text
SINAMICS medium voltage products, with telnet enabled on SIMATIC comfort HMI Panels, are affected by a remote access vulnerability that could allow an attacker, under certain conditions, to gain full remote access to the HMI. Note that by default telnet is disabled, but it can be enabled by the system ...
Titel
SSA-772220 V1.1 (Last Update: 2021-08-10): OpenSSL Vulnerabilities in Industrial Products
Veröffentlicht
10. August 2021 02:00
Text
OpenSSL has published a security advisory [0] about a vulnerability in OpenSSL versions 1.1.1 < 1.1.1k, that allows an unauthenticated attacker to cause a Denial-of-Service (DoS) if a maliciously crafted renegotiation message is sent. Siemens is preparing updates and recommends countermeasures for products where updates are not, or not yet ...
Titel
SSA-844761 V1.2 (Last Update: 2021-08-10): Multiple Vulnerabilities in SiNVR/SiVMS Video Server
Veröffentlicht
10. August 2021 02:00
Text
The Video Server application in SiNVR/SiVMS solutions contains five vulnerabilities involving information disclosure (CVE-2019-19291, CVE-2019-19299), path traversal (CVE-2019-19296, CVE-2019-19297), and denial-of-service (CVE-2019-19298). PKE has released updates of the application that fixes the reported vulnerabilities, except for CVE-2019-19299. This update is not available under the former Siemens OEM brand name SiNVR. ...
Titel
SSA-941426 V1.1 (Last Update: 2021-08-10): Multiple LLDP Vulnerabilities in Industrial Products
Veröffentlicht
10. August 2021 02:00
Text
There are multiple vulnerabilities in an underlying Link Layer Discovery Protocol (LLDP) third party library. Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available.
Titel
SSA-830194 V1.0: Missing Authentication Vulnerability in S7-1200 Devices
Veröffentlicht
10. August 2021 02:00
Text
SIMATIC S7-1200 PLC, version V4.5.0 fails to authenticate against configured passwords when the affected device was provisioned using TIA Portal V13. This could allow an attacker using TIA Portal V17 or later versions to bypass authentication and download arbitrary programs to the PLC. Siemens has released an update for SIMATIC ...
Titel
SSA-158827 V1.0: Denial-of-Service Vulnerability in Automation License Manager
Veröffentlicht
10. August 2021 02:00
Text
A vulnerability was identified in the Automation License Manager software that could be triggered by sending specially crafted packets to port 4410/tcp of an affected system. This could cause a denial-of-service preventing legitimate users from using the system. Siemens has released an update for the Automation License Manager 6 and ...
Titel
SSA-309571 V1.0: IPU 2021.1 Vulnerabilities in Siemens Industrial Products using Intel CPUs (June 2021)
Veröffentlicht
10. August 2021 02:00
Text
Intel has published information on vulnerabilities in Intel products in June 2021. This advisory lists the related Siemens Industrial products affected by these vulnerabilities that can be patched by applying the corresponding BIOS update. In this advisory we summarize: “2021.1 IPU – Intel® CSME, SPS and LMS Advisory” Intel-SA-00459, “2021.1 ...
  • 1 (current)
  • 2

Letzte Updates

BOSCH PSIRT
31.10.2024
SIEMENS CERT
26.11.2024
US CERT
08.11.2024
US CERT (ICS)
03.12.2024

Nach Quelle

Archiv

2024
2023
2022
2021
2020
2019
2018
2017

Feeds