September 2021
14.09.2021
SIEMENS CERT
SSA-324955 V1.4 (Last Update: 2021-09-14): SAD DNS Attack in Linux Based Products
Titel
SSA-324955 V1.4 (Last Update: 2021-09-14): SAD DNS Attack in Linux Based Products
Veröffentlicht
14. September 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-324955.pdf
Text
A vulnerability made public under the name SAD DNS affects Domain Name System resolvers due to a vulnerability in the Linux kernel when handling ICMP packets. The Siemens products which are affected are listed below. For more information please see https://www.saddns.net/. Siemens has released updates for several affected products and ...
14.09.2021
SIEMENS CERT
SSA-312271 V1.8 (Last Update: 2021-09-14): Unquoted Search Path Vulnerabilities in Windows-based Industrial Software Applications
Titel
SSA-312271 V1.8 (Last Update: 2021-09-14): Unquoted Search Path Vulnerabilities in Windows-based Industrial Software Applications
Veröffentlicht
14. September 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-312271.pdf
Text
Several industrial products as listed below contain a local privilege escalation vulnerabilities that could allow authorized local users with administrative privileges to execute custom code with SYSTEM level privileges. Siemens has released updates for the affected products and recommends to update to the latest versions.
14.09.2021
SIEMENS CERT
SSA-150692 V1.0: Multiple Vulnerabilities in RUGGEDCOM ROX
Titel
SSA-150692 V1.0: Multiple Vulnerabilities in RUGGEDCOM ROX
Veröffentlicht
14. September 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-150692.pdf
Text
Multiple vulnerabilities in RUGGEDCOM ROX devices have been detected, ranging from command injection to filesystem traversal. An attacker could exploit these to gain root access to the affected devices. Siemens has released updates for the affected products and recommends to update to the latest versions.
14.09.2021
SIEMENS CERT
SSA-100232 V1.3 (Last Update: 2021-09-14): Denial-of-Service vulnerability in SCALANCE X Switches
Titel
SSA-100232 V1.3 (Last Update: 2021-09-14): Denial-of-Service vulnerability in SCALANCE X Switches
Veröffentlicht
14. September 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-100232.pdf
Text
A vulnerability in several SCALANCE X devices could allow an unauthenticated attacker with network access to an affected device to perform a denial-of-service. Siemens has released an update for SCALANCE X-200IRT and recommends to update to the latest version. Siemens recommends specific countermeasures for products where updates are not, or ...
14.09.2021
SIEMENS CERT
SSA-997732 V1.0: Modfem File Parsing Vulnerability in Simcenter Femap before V2021.2
Titel
SSA-997732 V1.0: Modfem File Parsing Vulnerability in Simcenter Femap before V2021.2
Veröffentlicht
14. September 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-997732.pdf
Text
Siemens Simcenter Femap is affected by a vulnerability that could be triggered when the application reads modfem files. If a user is tricked to open a malicious file with the affected application, an attacker could leverage this vulnerability to leak information in the context of the current process. Siemens recommends ...
14.09.2021
SIEMENS CERT
SSA-987403 V1.0: Multiple Vulnerabilities in Teamcenter
Titel
SSA-987403 V1.0: Multiple Vulnerabilities in Teamcenter
Veröffentlicht
14. September 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-987403.pdf
Text
Teamcenter is affected by three vulnerabilities namely incorrect privilege assignment, Insecure Direct Object Reference (IDOR) and XML External Entity Injection (XXE). Siemens has released updates for the affected products and recommends to update to the latest versions.
14.09.2021
SIEMENS CERT
SSA-944498 V1.0: Buffer Overflow Vulnerability in Web Server of APOGEE and TALON Automation Devices
Titel
SSA-944498 V1.0: Buffer Overflow Vulnerability in Web Server of APOGEE and TALON Automation Devices
Veröffentlicht
14. September 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-944498.pdf
Text
A buffer overflow vulnerability in the integrated web server of multiple APOGEE and TALON automation devices could allow a remote attacker to execute arbitrary code on the devices with root privileges. Affected devices include the APOGEE MBC/MEC/PXC P2 Ethernet devices with Power Open Processors (PPC), APOGEE PXC BACnet devices, and ...
14.09.2021
SIEMENS CERT
SSA-847986 V1.0: Denial-of-Service Vulnerabilities in SIPROTEC 5 relays
Titel
SSA-847986 V1.0: Denial-of-Service Vulnerabilities in SIPROTEC 5 relays
Veröffentlicht
14. September 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-847986.pdf
Text
The latest update for SIPROTEC 5 relays fixes two vulnerabilities that could allow a remote attacker to cause a denial-of-service or potentially trigger a remote code execution under certain circumstances. Siemens has released an update for SIPROTEC 5 relays and recommends to update to the latest version.
14.09.2021
SIEMENS CERT
SSA-835377 V1.0: Missing Authentication Vulnerability in SINEMA Server
Titel
SSA-835377 V1.0: Missing Authentication Vulnerability in SINEMA Server
Veröffentlicht
14. September 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-835377.pdf
Text
The latest update for SINEMA Server fixes a vulnerability that could allow an unauthenticated attacker to obtain encoded system configuration backup files under certain conditions. Siemens has released an update for the SINEMA Server and recommends to update to the latest version.
14.09.2021
SIEMENS CERT
SSA-756638 V1.0: Vulnerabilities in Third-Party Component Mbed TLS of LOGO! CMR Family and SIMATIC RTU 3000 Family
Titel
SSA-756638 V1.0: Vulnerabilities in Third-Party Component Mbed TLS of LOGO! CMR Family and SIMATIC RTU 3000 Family
Veröffentlicht
14. September 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-756638.pdf
Text
Devices of the LOGO! CMR family and the SIMATIC RTU 3000 family are affected by several vulnerabilities in the third party component Mbed TLS. They could allow an attacker with access to any of the interfaces of an affected device to impact the availability or to communicate with invalid certificates. ...
14.09.2021
SIEMENS CERT
SSA-692317 V1.0: Authorization Bypass Vulnerability in Industrial Edge
Titel
SSA-692317 V1.0: Authorization Bypass Vulnerability in Industrial Edge
Veröffentlicht
14. September 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-692317.pdf
Text
The latest update for Industrial Edge fixes a vulnerability that could allow an unauthenticated attacker to change the password of any user in the system. With this an attacker could impersonate any valid user on an affected system. Siemens has released updates for the affected products and recommends to update ...
14.09.2021
SIEMENS CERT
SSA-676336 V1.0: OpenSSH Vulnerabilities in SCALANCE X-200 and X-300/X408 Switches
Titel
SSA-676336 V1.0: OpenSSH Vulnerabilities in SCALANCE X-200 and X-300/X408 Switches
Veröffentlicht
14. September 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-676336.pdf
Text
The latest update of the SCALANCE X-200 and X-300/X408 switches families fixes multiple OpenSSH vulnerabilities. The most severe of these vulnerabilities could allow a denial of service condition. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and ...
14.09.2021
SIEMENS CERT
SSA-549234 V1.0: Denial-of-Service Vulnerability in SIMATIC NET CP Modules
Titel
SSA-549234 V1.0: Denial-of-Service Vulnerability in SIMATIC NET CP Modules
Veröffentlicht
14. September 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-549234.pdf
Text
A Denial of Service vulnerability was identified in different types of Communication Processors. An attacker could exploit this vulnerability causing the device to become un-operational until the device is restarted. Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available.
14.09.2021
SIEMENS CERT
SSA-535997 V1.0: Cleartext Storage of Sensitive Information in Multiple SIMATIC Products
Titel
SSA-535997 V1.0: Cleartext Storage of Sensitive Information in Multiple SIMATIC Products
Veröffentlicht
14. September 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-535997.pdf
Text
A cleartext vulnerability was found in the SIMATIC communication processors CP 1543-1 and CP 1545-1 that could allow an attacker to read sensitive information. Siemens has released an update for the SIMATIC CP 1543-1 (incl. SIPLUS variants) and recommends to update to the latest version. Siemens is preparing further updates ...
14.09.2021
SIEMENS CERT
SSA-535380 V1.0: Command Injection Vulnerability in Siveillance OIS Affecting Several Building Management Systems
Titel
SSA-535380 V1.0: Command Injection Vulnerability in Siveillance OIS Affecting Several Building Management Systems
Veröffentlicht
14. September 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-535380.pdf
Text
The Siveillance Open Interface Services (OIS) application used for integration of different subsystems to several Siemens building management systems contains a command injection vulnerability that could allow a remote unauthenticated attacker to execute code on the affected system with root privileges. Siemens has released patches and updates for Siveillance OIS ...
14.09.2021
SIEMENS CERT
SSA-500748 V1.0: Denial-of-Service Vulnerabilities in SIPROTEC 5 Devices
Titel
SSA-500748 V1.0: Denial-of-Service Vulnerabilities in SIPROTEC 5 Devices
Veröffentlicht
14. September 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-500748.pdf
Text
The latest update for SIPROTEC 5 family devices fixes a vulnerability in the web interface which could allow unauthorized users to cause a Denial-of-Service situation by sending maliciously crafted web requests. Siemens has released an update for the SIPROTEC 5 and recommends to update to the latest version.
14.09.2021
SIEMENS CERT
SSA-453715 V1.0: Deserialization Vulnerability in CCOM Communication Component of Desigo CC Family
Titel
SSA-453715 V1.0: Deserialization Vulnerability in CCOM Communication Component of Desigo CC Family
Veröffentlicht
14. September 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-453715.pdf
Text
Desigo CC, Desigo CC Compact and Cerberus DMS that use CCOM communication component hosted in IIS contain a deserialisation vulnerability that could allow an unauthenticated attacker to perform remote code execution. Only those systems that use Windows App and/or IE XBAP Web Client are affected. Regular installed clients and the ...
14.09.2021
SIEMENS CERT
SSA-413407 V1.0: Path Traversal Vulnerability in Teamcenter Active Workspace
Titel
SSA-413407 V1.0: Path Traversal Vulnerability in Teamcenter Active Workspace
Veröffentlicht
14. September 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-413407.pdf
Text
Teamcenter Active Workspace contains a path traversal vulnerability that could lead to access control violations. Siemens has released updates for the affected products and recommends to update to the latest versions.
14.09.2021
SIEMENS CERT
SSA-334944 V1.0: Vulnerability in SINEMA Remote Connect Server
Titel
SSA-334944 V1.0: Vulnerability in SINEMA Remote Connect Server
Veröffentlicht
14. September 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-334944.pdf
Text
Multiple vulnerabilities in SINEMA Remote Connect Server could allow an unauthorized remote attacker to retrieve or manipulate sensitive information from the affected software. In addition, the attacker could also cause a Denial-of-Service condition in devices controlled by the affected software. Siemens has released an update for the SINEMA Remote Connect ...
14.09.2021
SIEMENS CERT
SSA-330339 V1.0: Web Vulnerabilities in SINEC NMS
Titel
SSA-330339 V1.0: Web Vulnerabilities in SINEC NMS
Veröffentlicht
14. September 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-330339.pdf
Text
A recent update for SINEC NMS fixed multiple vulnerabilities. The most severe of these vulnerabilities could allow an attacker to manipulate the SINEC NMS configuration by tricking an admin to click on a malicious link. Siemens has released an update for SINEC NMS and recommends to update to the latest ...
14.09.2021
SIEMENS CERT
SSA-316383 V1.0: NumberJack Vulnerability in LOGO! CMR family and SIMATIC RTU 3000 family
Titel
SSA-316383 V1.0: NumberJack Vulnerability in LOGO! CMR family and SIMATIC RTU 3000 family
Veröffentlicht
14. September 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-316383.pdf
Text
A vulnerability has been identified in the underlying TCP/IP stack of LOGO! CMR family and SIMATIC RTU 3000 family devices. It could allow an attacker with network access to the LAN interface of an affected device to hijack an ongoing connection or spoof a new one. The WAN interface, however, ...
14.09.2021
SIEMENS CERT
SSA-288459 V1.0: Heap Overflow Vulnerability in RFID terminals
Titel
SSA-288459 V1.0: Heap Overflow Vulnerability in RFID terminals
Veröffentlicht
14. September 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-288459.pdf
Text
A heap overflow vulnerability in dhclient of the affected products, which has been published alongside other vulnerabilities as part of NAME:WRECK could allow an attacker to potentially remotely execute code. Siemens recommends specific countermeasures for products.
August 2021
19.08.2021
SIEMENS CERT
SSA-816035 V1.0: Code Execution Vulnerability in SINEMA Remote Connect Client
Titel
SSA-816035 V1.0: Code Execution Vulnerability in SINEMA Remote Connect Client
Veröffentlicht
19. August 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-816035.pdf
Text
The latest update for SINEMA Remote Connect Client fixes a vulnerability that could allow a local attacker to escalate privileges or even allow remote code execution under certain circumstances. Siemens has released a firmware update for SINEMA Remote Connect Client and proposes mitigations if an update is not possible.
10.08.2021
SIEMENS CERT
SSA-941426 V1.1 (Last Update: 2021-08-10): Multiple LLDP Vulnerabilities in Industrial Products
Titel
SSA-941426 V1.1 (Last Update: 2021-08-10): Multiple LLDP Vulnerabilities in Industrial Products
Veröffentlicht
10. August 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-941426.pdf
Text
There are multiple vulnerabilities in an underlying Link Layer Discovery Protocol (LLDP) third party library. Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available.
10.08.2021
SIEMENS CERT
SSA-844761 V1.2 (Last Update: 2021-08-10): Multiple Vulnerabilities in SiNVR/SiVMS Video Server
Titel
SSA-844761 V1.2 (Last Update: 2021-08-10): Multiple Vulnerabilities in SiNVR/SiVMS Video Server
Veröffentlicht
10. August 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf
Text
The Video Server application in SiNVR/SiVMS solutions contains five vulnerabilities involving information disclosure (CVE-2019-19291, CVE-2019-19299), path traversal (CVE-2019-19296, CVE-2019-19297), and denial-of-service (CVE-2019-19298). PKE has released updates of the application that fixes the reported vulnerabilities, except for CVE-2019-19299. This update is not available under the former Siemens OEM brand name SiNVR. ...

Letzte Updates

BOSCH PSIRT
21.08.2024
SIEMENS CERT
12.09.2024
US CERT
19.09.2024
US CERT (ICS)
19.09.2024

Nach Quelle

Archiv

2024
2023
2022
2021
2020
2019
2018
2017

Feeds