September 2024
10.09.2024
SIEMENS CERT
SSA-783481 V1.2 (Last Update: 2024-09-10): Denial-of-Service Vulnerability in LOGO! 8 BM
Titel
SSA-783481 V1.2 (Last Update: 2024-09-10): Denial-of-Service Vulnerability in LOGO! 8 BM
Veröffentlicht
10. September 2024 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-783481.html
Text
A Denial-of-Service vulnerability has been identified in LOGO! 8 BM. This vulnerability could allow an attacker to crash a device, if a user is tricked into loading a malicious project file onto an affected device. The vulnerability is related to the hardware of the product. Siemens has released new hardware ...
10.09.2024
SIEMENS CERT
SSA-792319 V1.1 (Last Update: 2024-09-10): Missing Read Out Protection in SENTRON 7KM PAC3x20 Devices
Titel
SSA-792319 V1.1 (Last Update: 2024-09-10): Missing Read Out Protection in SENTRON 7KM PAC3x20 Devices
Veröffentlicht
10. September 2024 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-792319.html
Text
The read out protection of the internal flash of affected devices was not properly set at the end of the manufacturing process. An attacker with physical access to the device could read out the data. Siemens has released new versions for the affected products and recommends to update to the ...
10.09.2024
SIEMENS CERT
SSA-765405 V1.0: Multiple Vulnerabilities in SIMATIC RFID Readers
Titel
SSA-765405 V1.0: Multiple Vulnerabilities in SIMATIC RFID Readers
Veröffentlicht
10. September 2024 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-765405.html
Text
SIMATIC RFID Readers contain multiple vulnerabilities that could allow an attacker to cause Denial-of-Service, exploit hidden functionality and information exposure. Siemens has released new versions for the affected products and recommends to update to the latest versions.
10.09.2024
SIEMENS CERT
SSA-293562 V3.6 (Last Update: 2024-09-10): Denial of Service Vulnerabilities in PROFINET DCP Implementation of Industrial Products
Titel
SSA-293562 V3.6 (Last Update: 2024-09-10): Denial of Service Vulnerabilities in PROFINET DCP Implementation of Industrial Products
Veröffentlicht
10. September 2024 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-293562.html
Text
Several industrial devices are affected by two vulnerabilities that could allow an attacker to cause a denial of service condition via PROFINET DCP network packets under certain circumstances. The precondition for this scenario is a direct layer 2 access to the affected products. PROFIBUS interfaces are not affected. Siemens has ...
10.09.2024
SIEMENS CERT
SSA-753746 V1.4 (Last Update: 2024-09-10): Denial of Service Vulnerabilities in SIMATIC WinCC Affecting Other SIMATIC Software ...
Titel
SSA-753746 V1.4 (Last Update: 2024-09-10): Denial of Service Vulnerabilities in SIMATIC WinCC Affecting Other SIMATIC Software Products
Veröffentlicht
10. September 2024 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-753746.html
Text
Two null point dereference vulnerabilities affect multiple SIMATIC software products. These could allow an attacker to cause a persistent denial of service condition in the RPC Server of these products. Siemens has released new versions for the affected products and recommends to update to the latest versions.
10.09.2024
SIEMENS CERT
SSA-103653 V1.0: Denial-of-Service Vulnerability in Automation License Manager
Titel
SSA-103653 V1.0: Denial-of-Service Vulnerability in Automation License Manager
Veröffentlicht
10. September 2024 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-103653.html
Text
A vulnerability was identified in the Automation License Manager software that could be triggered by sending specially crafted packets to port 4410/tcp of an affected system. This could cause a denial-of-service preventing legitimate users from using the system. Siemens has released a new version for Automation License Manager V6.2 and ...
10.09.2024
SIEMENS CERT
SSA-280603 V1.1 (Last Update: 2024-09-10): Denial of Service Vulnerability in SINUMERIK ONE and SINUMERIK MC
Titel
SSA-280603 V1.1 (Last Update: 2024-09-10): Denial of Service Vulnerability in SINUMERIK ONE and SINUMERIK MC
Veröffentlicht
10. September 2024 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-280603.html
Text
A vulnerability has been identified in the integrated S7-1500 CPU of SINUMERIK ONE and SINUMERIK MC products that could allow an attacker to cause a denial of service condition. In order to exploit the vulnerability, an attacker must have access to the affected devices on port 102/tcp. Siemens is preparing ...
10.09.2024
SIEMENS CERT
SSA-921449 V1.1 (Last Update: 2024-09-10): Plaintext Storage of a Password Vulnerability in LOGO! V8.3 BM Devices
Titel
SSA-921449 V1.1 (Last Update: 2024-09-10): Plaintext Storage of a Password Vulnerability in LOGO! V8.3 BM Devices
Veröffentlicht
10. September 2024 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-921449.html
Text
LOGO! V8.3 BM (incl. SIPLUS variants) devices contain a plaintext storage of a password vulnerability. This could allow an attacker with phyiscal access to an affected device to extract user-set passwords from an embedded storage IC. Siemens has released new hardware versions with the LOGO! V8.4 BM and the SIPLUS ...
10.09.2024
SIEMENS CERT
SSA-883918 V1.1 (Last Update: 2024-09-10): Information Disclosure Vulnerability in SIMATIC WinCC
Titel
SSA-883918 V1.1 (Last Update: 2024-09-10): Information Disclosure Vulnerability in SIMATIC WinCC
Veröffentlicht
10. September 2024 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-883918.html
Text
Multiple versions of SIMATIC WinCC and SIMATIC PCS 7 do not properly handle certain requests to their web application (WinCC WebNavigator, PCS 7 Web Server, and PCS 7 Web Diagnostics Server), which may lead to the leak of privileged information. This could allow an unauthenticated remote attacker to retrieve information ...
10.09.2024
SIEMENS CERT
SSA-359713 V1.0: Authorization Bypass Vulnerability in Industrial Edge Management
Titel
SSA-359713 V1.0: Authorization Bypass Vulnerability in Industrial Edge Management
Veröffentlicht
10. September 2024 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-359713.html
Text
Industrial Edge Management contains an Authorization Bypass vulnerability that could allow an unauthenticated remote attacker to impersonate other devices onboarded to the system. Siemens has released new versions for the affected products and recommends to update to the latest versions.
10.09.2024
SIEMENS CERT
SSA-869574 V1.0: Multiple Vulnerabilities in SINEMA Remote Connect Server Before V3.2 SP2
Titel
SSA-869574 V1.0: Multiple Vulnerabilities in SINEMA Remote Connect Server Before V3.2 SP2
Veröffentlicht
10. September 2024 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-869574.html
Text
SINEMA Remote Connect Server before V3.2 SP2 is affected by multiple vulnerabilities. Siemens has released a new version for SINEMA Remote Connect Client and recommends to update to the latest version.
10.09.2024
SIEMENS CERT
SSA-349422 V2.1 (Last Update: 2024-09-10): Denial of Service Vulnerability in Industrial Real-Time (IRT) Devices
Titel
SSA-349422 V2.1 (Last Update: 2024-09-10): Denial of Service Vulnerability in Industrial Real-Time (IRT) Devices
Veröffentlicht
10. September 2024 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-349422.html
Text
A vulnerability in the affected products could allow an unauthorized attacker with network access to perform a denial-of-service attack resulting in loss of real-time synchronization. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are ...
10.09.2024
SIEMENS CERT
SSA-844582 V1.1 (Last Update: 2024-09-10): Electromagnetic Fault Injection in LOGO! V8.3 BM Devices Results in Broken LOGO! V8....
Titel
SSA-844582 V1.1 (Last Update: 2024-09-10): Electromagnetic Fault Injection in LOGO! V8.3 BM Devices Results in Broken LOGO! V8.3 Product CA
Veröffentlicht
10. September 2024 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-844582.html
Text
LOGO! V8.3 BM (incl. SIPLUS variants) devices contain a vulnerability that could allow an electromagnetic fault injection. This could allow an attacker to dump and debug the firmware, including the manipulation of memory. Further actions could allow to inject public keys of custom created key pairs which are then signed ...
10.09.2024
SIEMENS CERT
SSA-721642 V1.0: Injection Vulnerability in SCALANCE W700 802.11 AX Family Before V2.4
Titel
SSA-721642 V1.0: Injection Vulnerability in SCALANCE W700 802.11 AX Family Before V2.4
Veröffentlicht
10. September 2024 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-721642.html
Text
Siemens has released new versions for the affected products and recommends to update to the latest versions.
10.09.2024
SIEMENS CERT
SSA-832273 V1.5 (Last Update: 2024-09-10): Multiple Vulnerabilities in Fortigate NGFW Before V7.4.3 on RUGGEDCOM APE1808 Devices
Titel
SSA-832273 V1.5 (Last Update: 2024-09-10): Multiple Vulnerabilities in Fortigate NGFW Before V7.4.3 on RUGGEDCOM APE1808 Devices
Veröffentlicht
10. September 2024 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-832273.html
Text
Fortinet has published information on vulnerabilities in FORTIOS. This advisory lists the related Siemens Industrial products. Siemens has released a new version of Fortigate NGFW for RUGGEDCOM APE1808 and recommends to update to the latest version. Siemens recommends to consult and implement the workarounds provided in Fortinet’s upstream security notifications.
10.09.2024
SIEMENS CERT
SSA-342438 V1.0: Privilege Escalation Vulnerability in SINUMERIK ONE, SINUMERIK 840D and SINUMERIK 828D
Titel
SSA-342438 V1.0: Privilege Escalation Vulnerability in SINUMERIK ONE, SINUMERIK 840D and SINUMERIK 828D
Veröffentlicht
10. September 2024 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-342438.html
Text
SINUMERIK ONE, SINUMERIK 840D sl and SINUMERIK 828D are affected by a privilege escalation vulnerability that could allow an authenticated local attacker to escalate their privileges in the underlying system. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens recommends countermeasures ...
August 2024
13.08.2024
SIEMENS CERT
SSA-068047 V1.1 (Last Update: 2024-08-13): Multiple Vulnerabilities in SCALANCE M-800 Family Before V7.2.2
Titel
SSA-068047 V1.1 (Last Update: 2024-08-13): Multiple Vulnerabilities in SCALANCE M-800 Family Before V7.2.2
Veröffentlicht
13. August 2024 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-068047.html
Text
SCALANCE M-800 family before V7.2.2 is affected by multiple vulnerabilities. Siemens has released new versions for the affected products and recommends to update to the latest versions.
13.08.2024
SIEMENS CERT
SSA-087301 V1.0: Multiple Vulnerabilities in SCALANCE M-800 Family Before V8.1
Titel
SSA-087301 V1.0: Multiple Vulnerabilities in SCALANCE M-800 Family Before V8.1
Veröffentlicht
13. August 2024 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-087301.html
Text
SCALANCE M-800 family before V8.1 is affected by multiple vulnerabilities. Siemens has released new versions for the affected products and recommends to update to the latest versions.
13.08.2024
SIEMENS CERT
SSA-364175 V1.1 (Last Update: 2024-08-13): Multiple Vulnerabilities in Palo Alto Networks Virtual NGFW on RUGGEDCOM APE1808 Dev...
Titel
SSA-364175 V1.1 (Last Update: 2024-08-13): Multiple Vulnerabilities in Palo Alto Networks Virtual NGFW on RUGGEDCOM APE1808 Devices
Veröffentlicht
13. August 2024 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-364175.html
Text
Palo Alto Networks has published [1] information on vulnerabilities in PAN-OS. This advisory lists the related Siemens Industrial products affected by these vulnerabilities. Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available. Customers are advised to consult and implement the workarounds ...
13.08.2024
SIEMENS CERT
SSA-357412 V1.0: PRT File Parsing Vulnerability in NX Before V2406.3000
Titel
SSA-357412 V1.0: PRT File Parsing Vulnerability in NX Before V2406.3000
Veröffentlicht
13. August 2024 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-357412.html
Text
NX (incl. NX student versions) before V2406.3000 contains an out-of-bounds read vulnerability that could be triggered when the application reads PRT files. If a user is tricked to open a malicious file using the affected application, this could lead to a crash, and potentially also to arbitrary code execution on ...
13.08.2024
SIEMENS CERT
SSA-180704 V1.1 (Last Update: 2024-08-13): Multiple Vulnerabilities in SCALANCE M-800 Family Before V8.0
Titel
SSA-180704 V1.1 (Last Update: 2024-08-13): Multiple Vulnerabilities in SCALANCE M-800 Family Before V8.0
Veröffentlicht
13. August 2024 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-180704.html
Text
SCALANCE M-800 family before V8.0 is affected by multiple vulnerabilities. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens recommends countermeasures for products where fixes are not, or not yet available.
13.08.2024
SIEMENS CERT
SSA-116924 V1.2 (Last Update: 2024-08-13): Path Traversal Vulnerability in TIA Portal
Titel
SSA-116924 V1.2 (Last Update: 2024-08-13): Path Traversal Vulnerability in TIA Portal
Veröffentlicht
13. August 2024 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-116924.html
Text
TIA Portal contains a path traversal vulnerability that could allow the creation or overwrite of arbitrary files in the engineering system. If the user is tricked to open a malicious PC system configuration file, an attacker could exploit this vulnerability to achieve arbitrary code execution. Siemens has released new versions ...
13.08.2024
SIEMENS CERT
SSA-771940 V1.1 (Last Update: 2024-08-13): X_T File Parsing Vulnerabilities in Teamcenter Visualization and JT2Go
Titel
SSA-771940 V1.1 (Last Update: 2024-08-13): X_T File Parsing Vulnerabilities in Teamcenter Visualization and JT2Go
Veröffentlicht
13. August 2024 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-771940.html
Text
Teamcenter Visualization and JT2Go are affected by out of bounds read, stack exhaustion and null pointer dereference vulnerabilities that could be triggered when the application reads files in X_T format. If a user is tricked to open a malicious file with the affected applications, an attacker could leverage the vulnerability ...
13.08.2024
SIEMENS CERT
SSA-722010 V1.1 (Last Update: 2024-08-13): Datalogics File Parsing Vulnerability in Teamcenter Visualization and JT2Go
Titel
SSA-722010 V1.1 (Last Update: 2024-08-13): Datalogics File Parsing Vulnerability in Teamcenter Visualization and JT2Go
Veröffentlicht
13. August 2024 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-722010.html
Text
Siemens Teamcenter Visualization and JT2Go are affected by an out of bounds read vulnerability in the APDFL library from Datalogics. If a user is tricked to open a malicious PDF file with the affected products, this could lead the application to crash or potentially lead to arbitrary code execution. Siemens ...
13.08.2024
SIEMENS CERT
SSA-750499 V1.1 (Last Update: 2024-08-13): Weak Encryption Vulnerability in SIPROTEC 5 Devices
Titel
SSA-750499 V1.1 (Last Update: 2024-08-13): Weak Encryption Vulnerability in SIPROTEC 5 Devices
Veröffentlicht
13. August 2024 02:00
URL
https://cert-portal.siemens.com/productcert/html/ssa-750499.html
Text
The SIPROTEC 5 devices are supporting weak encryption. This could allow an unauthorized attacker in a man-in-the-middle position to read any data passed over the connection between legitimate clients and the affected device. Siemens has released new versions for several affected products and recommends to update to the latest versions. ...

Letzte Updates

BOSCH PSIRT
10.06.2025
SIEMENS CERT
21.07.2025
US CERT
21.07.2025
US CERT (ICS)
29.07.2025

Nach Quelle

Archiv

2025
2024
2023
2022
2021
2020
2019
2018
2017

Feeds