Dezember 2021
Titel
SSA-133772 V1.0: Zip Path Traversal Vulnerability in Teamcenter Active Workspace
Veröffentlicht
14. Dezember 2021 01:00
Text
A zip path traversal vulnerability in Teamcenter Active Workspace could allow an attacker to achieve remote code execution. Siemens has released updates for the affected products and recommends to update to the latest versions.
Titel
SSA-772220 V1.4 (Last Update: 2021-12-14): OpenSSL Vulnerabilities in Industrial Products
Veröffentlicht
14. Dezember 2021 01:00
Text
OpenSSL has published a security advisory [0] about a vulnerability in OpenSSL versions 1.1.1 < 1.1.1k, that allows an unauthenticated attacker to cause a Denial-of-Service (DoS) if a maliciously crafted renegotiation message is sent. Siemens has released updates for several affected products and recommends to update to the latest versions. ...
Titel
SSA-629512 V1.3 (Last Update: 2021-12-14): Local Privilege Escalation Vulnerability in TIA Portal
Veröffentlicht
14. Dezember 2021 01:00
Text
The latest updates for TIA Portal fix a vulnerability that could allow a local attacker to execute arbitrary code with SYSTEM privileges. Update: The previously provided fixes only correctly set the permissions on English Windows versions. Siemens is preparing updates and recommends specific countermeasures for products where updates are not, ...
Titel
SSA-580693 V1.1 (Last Update: 2021-12-14): WIBU Systems CodeMeter Runtime Denial-of-Service Vulnerability in Siemens Products
Veröffentlicht
14. Dezember 2021 01:00
Text
WIBU Systems published information about a denial-of-service vulnerability and an associated fix release version of CodeMeter Runtime, a product provided by WIBU Systems and used in several Siemens products for license management. The vulnerability is described in the section “Vulnerability Classification” below and got assigned the CVE ID CVE-2021-41057. Successful ...
Titel
SSA-549234 V1.1 (Last Update: 2021-12-14): Denial-of-Service Vulnerability in SIMATIC NET CP Modules
Veröffentlicht
14. Dezember 2021 01:00
Text
A denial of service vulnerability was identified in different types of Communication Processors. An attacker could exploit this vulnerability causing the device to become un-operational until the device is restarted. Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available.
Titel
SSA-324955 V1.7 (Last Update: 2021-12-14): SAD DNS Attack in Linux Based Products
Veröffentlicht
14. Dezember 2021 01:00
Text
A vulnerability made public under the name SAD DNS affects Domain Name System resolvers due to a vulnerability in the Linux kernel when handling ICMP packets. The Siemens products which are affected are listed below. For more information please see https://www.saddns.net/. Siemens has released updates for several affected products and ...
Titel
SSA-114589 V1.1 (Last Update: 2021-12-14): Multiple Vulnerabilities in Nucleus RTOS based APOGEE, TALON and Desigo PXC/PXM Products
Veröffentlicht
14. Dezember 2021 01:00
Text
Multiple vulnerabilities (also known as “NUCLEUS:13”) have be identified in the Nucleus RTOS (real-time operating system) and reported in the Siemens Security Advisory SSA-044112: https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf. The products listed below use affected versions of the Nucleus software and inherently contain these vulnerabilities. Siemens is preparing updates and recommends specific countermeasures for ...
Titel
SSA-044112 V1.1 (Last Update: 2021-12-14): Multiple Vulnerabilities (NUCLEUS:13) in the TCP/IP Stack of Nucleus RTOS
Veröffentlicht
14. Dezember 2021 01:00
Text
The TCP/IP stack and related services (FTP, TFTP) of the networking component (Nucleus NET) in Nucleus Real-Time Operating System (RTOS) contain several vulnerabilities, also known as “NUCLEUS:13” and as documented below. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends countermeasures ...
Titel
SSA-802578 V1.0: Multiple File Parsing Vulnerabilities in JTTK before V11.1.1.0 and JT Utilities before V13.1.1.0
Veröffentlicht
14. Dezember 2021 01:00
Text
JT Open Toolkit (JTTK) before V11.1.1.0 contains multiple vulnerabilities that could be triggered when it reads a maliciously crafted JT file. These vulnerabilities also affects JT Utilities before V13.1.1.0. If a user is tricked to open a malicious JT file with any of the affected products, this could lead the ...
Titel
SSA-620288 V1.0: Multiple Vulnerabilities (NUCLEUS:13) in CAPITAL VSTAR
Veröffentlicht
14. Dezember 2021 01:00
Text
Multiple vulnerabilities (also known as “NUCLEUS:13”) have be identified in the Nucleus RTOS (real-time operating system) and reported in the Siemens Security Advisory SSA-044112: https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf. CAPITAL VSTAR uses an affected version of the Nucleus software and inherently contains several of these vulnerabilities. Siemens recommends specific countermeasures for products where updates ...
Titel
SSA-595101 V1.0: Multiple File Parsing Vulnerabilities in JT2Go and Teamcenter Visualization before V13.2.0.5
Veröffentlicht
14. Dezember 2021 01:00
Text
Siemens has released version V13.2.0.5 for JT2Go and Teamcenter Visualization to fix multiple vulnerabilities that could be triggered when the products read maliciously crafted files in different file formats (PDF, JT, TIFF, CGM and TIF). If a user is tricked to open a malicious file with any of the affected ...
Titel
SSA-523250 V1.0: Improper Certificate Validation Vulnerability in SINUMERIK Edge
Veröffentlicht
14. Dezember 2021 01:00
Text
A vulnerability was found in SINUMERIK Edge that could allow an attacker to spoof a trusted entity by interfering in the communication path between the client and the intended server. Siemens has released an update for the SINUMERIK Edge and recommends to update to the latest version.
Titel
SSA-496292 V1.0: Remote Code Execution Vulnerability in POWER METER SICAM Q100
Veröffentlicht
14. Dezember 2021 01:00
Text
POWER METER SICAM Q100 contains a vulnerability that could allow an attacker to remotely execute code. Siemens has released updates for the affected products and recommends to update to the latest versions.
Titel
SSA-463116 V1.0: Multiple Access Control Vulnerabilities in Siveillance Identity before V1.6.284.0
Veröffentlicht
14. Dezember 2021 01:00
Text
Siveillance Identity contains multiple vulnerabilities that could allow an unauthenticated remote attacker to access or modify several internal application resources. Siemens has released updates for the affected products and recommends to update to the latest versions.
Titel
SSA-400332 V1.0: Insufficient Design IP Protection in IEEE 1735 Recommended Practice - Impact to Questa and ModelSim
Veröffentlicht
14. Dezember 2021 01:00
Text
Recent security research identifies weaknesses in the IEEE 1735 recommended practice for encryption of Design IP, which could allow a sophisticated attacker access to unencrypted Design IP data in IEEE 1735-compliant products. This advisory addresses the specific details for the affected Siemens software products: Questa and ModelSim simulators. Siemens is ...
Titel
SSA-396621 V1.0: Multiple File Parsing Vulnerabilities in JTTK before V10.8.1.1 and JT Utilities before V12.8.1.1
Veröffentlicht
14. Dezember 2021 01:00
Text
JT Open Toolkit (JTTK) before V10.8.1.1 contains multiple vulnerabilities that could be triggered when it reads a maliciously crafted JT file. These vulnerabilities also affects JT Utilities before V12.8.1.1. If a user is tricked to open a malicious file with any of the affected products, this could lead the application ...
Titel
SSA-390195 V1.0: LibVNC Vulnerabilities in SIMATIC ITC Products
Veröffentlicht
14. Dezember 2021 01:00
Text
Multiple LibVNC vulnerabilities in the affected products listed below could allow remote code execution, information disclosure and Denial-of-Service attacks under certain conditions. Siemens has released updates for the affected products and recommends to update to the latest versions.
Titel
SSA-661247 V1.0: Apache Log4j Vulnerability (CVE-2021-44228, Log4Shell) - Impact to Siemens Products
Veröffentlicht
13. Dezember 2021 01:00
Text
On 2021-12-09, a vulnerability in Apache Log4j (a logging tool used in many Java-based applications) was disclosed, that could allow remote unauthenticated attackers to execute code on vulnerable systems. The vulnerability is tracked as CVE-2021-44228 and is also known as “Log4Shell”. Siemens is currently investigating to determine which products are ...
November 2021
Titel
SSA-185699 V1.1 (Last Update: 2021-11-09): Out of Bounds Write Vulnerabilities (NAME:WRECK) in the DNS Module of Nucleus RTOS
Veröffentlicht
9. November 2021 01:00
Text
Security researchers discovered and disclosed 9 vulnerabilities in several DNS implementations, also known as “NAME:WRECK” vulnerabilities. The vulnerabilities described in this advisory are from this set. The DNS client of the networking component (Nucleus NET) in Nucleus Real-Time Operating System (RTOS) contains two out of bounds write vulnerabilities in the ...
Titel
SSA-324955 V1.6 (Last Update: 2021-11-09): SAD DNS Attack in Linux Based Products
Veröffentlicht
9. November 2021 01:00
Text
A vulnerability made public under the name SAD DNS affects Domain Name System resolvers due to a vulnerability in the Linux kernel when handling ICMP packets. The Siemens products which are affected are listed below. For more information please see https://www.saddns.net/. Siemens has released updates for several affected products and ...
Titel
SSA-772220 V1.3 (Last Update: 2021-11-09): OpenSSL Vulnerabilities in Industrial Products
Veröffentlicht
9. November 2021 01:00
Text
OpenSSL has published a security advisory [0] about a vulnerability in OpenSSL versions 1.1.1 < 1.1.1k, that allows an unauthenticated attacker to cause a Denial-of-Service (DoS) if a maliciously crafted renegotiation message is sent. Siemens has released updates for several affected products and recommends to update to the latest versions. ...
Titel
SSA-705111 V1.1 (Last Update: 2021-11-09): Multiple Vulnerabilities (NAME:WRECK) in the DNS Module of Nucleus RTOS
Veröffentlicht
9. November 2021 01:00
Text
Security researchers discovered and disclosed 9 vulnerabilities in several DNS implementations, also known as “NAME:WRECK” vulnerabilities. The vulnerabilities described in this advisory are from this set. The DNS client of affected products contains multiple vulnerabilities related to the handling of DNS responses and requests. The most severe could allow an ...
Titel
SSA-675303 V1.2 (Last Update: 2021-11-09): WIBU Systems CodeMeter Runtime Vulnerabilities in Siemens Products
Veröffentlicht
9. November 2021 01:00
Text
WIBU Systems published information about two vulnerabilities and an associated fix release version of CodeMeter Runtime, a product provided by WIBU Systems and used in several Siemens products for license management. The vulnerabilities are described in the section “Vulnerability Classification” below and got assigned the CVE IDs CVE-2021-20093 and CVE-2021-20094. ...
Titel
SSB-439005 V3.9 (Last Update: 2021-11-09): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP
Veröffentlicht
9. November 2021 01:00
Text
Titel
SSA-362164 V1.1 (Last Update: 2021-11-09): Predictable Initial Sequence Numbers in the TCP/IP Stack of Nucleus RTOS
Veröffentlicht
9. November 2021 01:00
Text
The networking component (Nucleus NET) in Nucleus Real-Time Operating System (RTOS) use Initial Sequence Numbers for TCP-Sessions that are predictable. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not available.

Letzte Updates

BOSCH PSIRT
31.10.2024
SIEMENS CERT
22.11.2024
US CERT
08.11.2024
US CERT (ICS)
21.11.2024

Nach Quelle

Archiv

2024
2023
2022
2021
2020
2019
2018
2017

Feeds