Bulletins | CERT@VDE

SSA-280834 V1.0: Improper OpenVPN Credential Validation Vulnerability in SCALANCE M-800 and SC-600 Families

Titel

SSA-280834 V1.0: Improper OpenVPN Credential Validation Vulnerability in SCALANCE M-800 and SC-600 Families

Veröffentlicht

11. März 2025 01:00

URL

https://cert-portal.siemens.com/productcert/html/ssa-280834.html

Text

SCALANCE M-800 and SC-600 families are affected by improper input validation in the OpenVPN authentication. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends specific countermeasures for products where fixes are not, or not ...

SSA-265688 V1.4 (Last Update: 2025-03-11): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 TM MFP ...

Titel

SSA-265688 V1.4 (Last Update: 2025-03-11): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 TM MFP V1.1

Veröffentlicht

11. März 2025 01:00

URL

https://cert-portal.siemens.com/productcert/html/ssa-265688.html

Text

Multiple vulnerabilities have been identified in the additional GNU/Linux subsystem of the SIMATIC S7-1500 TM MFP V1.1. Siemens is preparing fix versions and recommends specific countermeasures for products where fixes are not, or not yet available.

SSA-248289 V1.3 (Last Update: 2025-03-11): Denial of Service Vulnerabilities in the IPv6 Stack of Nucleus RTOS

Titel

SSA-248289 V1.3 (Last Update: 2025-03-11): Denial of Service Vulnerabilities in the IPv6 Stack of Nucleus RTOS

Veröffentlicht

11. März 2025 01:00

URL

https://cert-portal.siemens.com/productcert/html/ssa-248289.html

Text

The IPv6 stack of the networking component (Nucleus NET) in Nucleus Real-Time Operating System (RTOS) contains two vulnerabilities when processing IPv6 headers which could allow an attacker to cause a denial of service condition. Siemens has released new versions for several affected products and recommends to update to the latest ...

SSA-216014 V1.0: Vulnerabilities in EFI variable of SIMATIC IPCs, SIMATIC Tablet PCs, and SIMATIC Field PGs

Titel

SSA-216014 V1.0: Vulnerabilities in EFI variable of SIMATIC IPCs, SIMATIC Tablet PCs, and SIMATIC Field PGs

Veröffentlicht

11. März 2025 01:00

URL

https://cert-portal.siemens.com/productcert/html/ssa-216014.html

Text

Multiple vulnerabilities has been identified in Siemens SIMATIC IPCs, SIMATIC Tablet PCs, and SIMATIC Field PGs that can allow an authenticated attacker to alter the secure boot and password configurations. Siemens has released new versions of BIOS for several affected products and recommends to update to the latest versions. Siemens ...

Dienstag, 04.03.2025

Hitachi Energy UNEM/ECST

Titel

Hitachi Energy UNEM/ECST

Veröffentlicht

4. März 2025 13:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-25-063-05

Text

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.8 ATTENTION: Low Attack Complexity Vendor: Hitachi Energy Equipment: XMC20, ECST, UNEM Vulnerability: Improper Validation of Certificate with Host Mismatch 2. RISK EVALUATION Successful exploitation of this vulnerability could allow attackers to intercept or falsify data exchanges between the client and the server. ...

https://www.cisa.gov/news-events/ics-advisories/icsa-25-063-04

Hitachi Energy XMC20

Titel

Hitachi Energy XMC20

Veröffentlicht

4. März 2025 13:00

URL

Text

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: XMC20 Vulnerability: Relative Path Traversal 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to access files or directories outside the authorized scope. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Hitachi ...

https://www.cisa.gov/news-events/ics-advisories/icsa-25-063-07

GMOD Apollo

Titel

GMOD Apollo

Veröffentlicht

4. März 2025 13:00

URL

Text

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: GMOD Equipment: Apollo Vulnerabilities: Incorrect Privilege Assignment, Relative Path Traversal, Missing Authentication for Critical Function, Generation of Error Message Containing Sensitive Information 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to escalate ...

Edimax IC-7100 IP Camera

Titel

Edimax IC-7100 IP Camera

Veröffentlicht

4. März 2025 13:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-25-063-08

Text

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: Edimax Equipment: IC-7100 IP Camera Vulnerability: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to send ...

Hitachi Energy MACH PS700

Titel

Hitachi Energy MACH PS700

Veröffentlicht

4. März 2025 13:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-25-063-03

Text

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.7 ATTENTION: Vendor: Hitachi Energy Equipment: MACH PS700 Vulnerability: Uncontrolled Search Path Element 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to escalate privileges and gain control over the software. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Hitachi Energy reports ...