Bulletins | CERT@VDE

…
45
46
47 (current)
48
49
…

Dezember 2021

SSA-661247 V2.0 (Last Update: 2021-12-27): Apache Log4j Vulnerabilities (Log4Shell, CVE-2021-44228, CVE-2021-45046) - Impact to...

Titel

SSA-661247 V2.0 (Last Update: 2021-12-27): Apache Log4j Vulnerabilities (Log4Shell, CVE-2021-44228, CVE-2021-45046) - Impact to Siemens Products

Veröffentlicht

27. Dezember 2021 01:00

URL

https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf

Text

On 2021-12-09, a vulnerability in Apache Log4j (a logging tool used in many Java-based applications) was disclosed, that could allow remote unauthenticated attackers to execute code on vulnerable systems. The vulnerability is tracked as CVE-2021-44228 and is also known as “Log4Shell”. On 2021-12-14 an additional denial of service vulnerability (CVE-2021-45046) ...

SSA-479842 V1.1 (Last Update: 2021-12-23): Apache Log4j Vulnerabilities - Impact to Siemens Energy Sensformer / Sensgear (Platf...

Titel

SSA-479842 V1.1 (Last Update: 2021-12-23): Apache Log4j Vulnerabilities - Impact to Siemens Energy Sensformer / Sensgear (Platform, Basic and Advanced)

Veröffentlicht

23. Dezember 2021 01:00

URL

https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf

Text

On 2021-12-09, a vulnerability in Apache Log4j (a logging tool used in many Java-based applications) was disclosed, that could allow remote unauthenticated attackers to execute code on vulnerable systems. The vulnerability is tracked as CVE-2021-44228 and is also known as “Log4Shell”. On 2021-12-14 an additional denial of service vulnerability (CVE-2021-45046) ...

SSA-661247 V1.9 (Last Update: 2021-12-23): Apache Log4j Vulnerabilities (Log4Shell, CVE-2021-44228, CVE-2021-45046) - Impact to...

Titel

SSA-661247 V1.9 (Last Update: 2021-12-23): Apache Log4j Vulnerabilities (Log4Shell, CVE-2021-44228, CVE-2021-45046) - Impact to Siemens Products

Veröffentlicht

23. Dezember 2021 01:00

URL

https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf

Text

On 2021-12-09, a vulnerability in Apache Log4j (a logging tool used in many Java-based applications) was disclosed, that could allow remote unauthenticated attackers to execute code on vulnerable systems. The vulnerability is tracked as CVE-2021-44228 and is also known as “Log4Shell”. On 2021-12-14 an additional denial of service vulnerability (CVE-2021-45046) ...

SSA-661247 V1.8 (Last Update: 2021-12-22): Apache Log4j Vulnerabilities (Log4Shell, CVE-2021-44228, CVE-2021-45046) - Impact to...

Titel

SSA-661247 V1.8 (Last Update: 2021-12-22): Apache Log4j Vulnerabilities (Log4Shell, CVE-2021-44228, CVE-2021-45046) - Impact to Siemens Products

Veröffentlicht

22. Dezember 2021 01:00

URL

https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf

Text

On 2021-12-09, a vulnerability in Apache Log4j (a logging tool used in many Java-based applications) was disclosed, that could allow remote unauthenticated attackers to execute code on vulnerable systems. The vulnerability is tracked as CVE-2021-44228 and is also known as “Log4Shell”. On 2021-12-14 an additional denial of service vulnerability (CVE-2021-45046) ...

SSA-479842 V1.0: Apache Log4j Vulnerabilities - Impact to Siemens Energy Sensformer (Platform, Basic and Advanced)

Titel

SSA-479842 V1.0: Apache Log4j Vulnerabilities - Impact to Siemens Energy Sensformer (Platform, Basic and Advanced)

Veröffentlicht

21. Dezember 2021 01:00

URL

https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf

Text

On 2021-12-09, a vulnerability in Apache Log4j (a logging tool used in many Java-based applications) was disclosed, that could allow remote unauthenticated attackers to execute code on vulnerable systems. The vulnerability is tracked as CVE-2021-44228 and is also known as “Log4Shell”. On 2021-12-14 an additional denial of service vulnerability (CVE-2021-45046) ...

SSA-661247 V1.7 (Last Update: 2021-12-21): Apache Log4j Vulnerabilities (Log4Shell, CVE-2021-44228, CVE-2021-45046) - Impact to...

Titel

SSA-661247 V1.7 (Last Update: 2021-12-21): Apache Log4j Vulnerabilities (Log4Shell, CVE-2021-44228, CVE-2021-45046) - Impact to Siemens Products

Veröffentlicht

21. Dezember 2021 01:00

URL

https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf

Text

On 2021-12-09, a vulnerability in Apache Log4j (a logging tool used in many Java-based applications) was disclosed, that could allow remote unauthenticated attackers to execute code on vulnerable systems. The vulnerability is tracked as CVE-2021-44228 and is also known as “Log4Shell”. On 2021-12-14 an additional denial of service vulnerability (CVE-2021-45046) ...

SSA-397453 V1.0: Apache Log4j Vulnerabilities (Log4Shell, CVE-2021-44228, CVE-2021-45046) - Impact to Siemens Energy TraceAlert...

Titel

SSA-397453 V1.0: Apache Log4j Vulnerabilities (Log4Shell, CVE-2021-44228, CVE-2021-45046) - Impact to Siemens Energy TraceAlertServerPLUS

Veröffentlicht

20. Dezember 2021 01:00

URL

https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf

Text

On 2021-12-09, a vulnerability in Apache Log4j (a logging library used in many Java-based applications) was disclosed, that could allow remote unauthenticated attackers to execute code on vulnerable systems. The vulnerability is tracked as CVE-2021-44228 and is also known as “Log4Shell”. On 2021-12-14 an additional denial of service vulnerability (CVE-2021-45046) ...

SSA-661247 V1.6 (Last Update: 2021-12-20): Apache Log4j Vulnerabilities (Log4Shell, CVE-2021-44228, CVE-2021-45046) - Impact to...

Titel

SSA-661247 V1.6 (Last Update: 2021-12-20): Apache Log4j Vulnerabilities (Log4Shell, CVE-2021-44228, CVE-2021-45046) - Impact to Siemens Products

Veröffentlicht

20. Dezember 2021 01:00

URL

https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf

Text

On 2021-12-09, a vulnerability in Apache Log4j (a logging tool used in many Java-based applications) was disclosed, that could allow remote unauthenticated attackers to execute code on vulnerable systems. The vulnerability is tracked as CVE-2021-44228 and is also known as “Log4Shell”. On 2021-12-14 an additional denial of service vulnerability (CVE-2021-45046) ...

SSA-501673 V1.0: Apache Log4j Denial of Service Vulnerability (CVE-2021-45105) - Impact to Siemens Products

Titel

SSA-501673 V1.0: Apache Log4j Denial of Service Vulnerability (CVE-2021-45105) - Impact to Siemens Products

Veröffentlicht

19. Dezember 2021 01:00

URL

https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf

Text

Apache Log4j2 versions 2.0-alpha1 through 2.16.0 contain a vulnerability (CVE-2021-45105) that could allow attackers to cause a denial of service condition in affected applications [1]. This advisory informs about the impact of CVE-2021-45105 to Siemens products and the corresponding remediation and mitigation measures. The vulnerability is different from the JNDI ...

SSA-661247 V1.5 (Last Update: 2021-12-19): Apache Log4j Vulnerabilities (Log4Shell, CVE-2021-44228, CVE-2021-45046) - Impact to...

Titel

SSA-661247 V1.5 (Last Update: 2021-12-19): Apache Log4j Vulnerabilities (Log4Shell, CVE-2021-44228, CVE-2021-45046) - Impact to Siemens Products

Veröffentlicht

19. Dezember 2021 01:00

URL

https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf

Text

On 2021-12-09, a vulnerability in Apache Log4j (a logging tool used in many Java-based applications) was disclosed, that could allow remote unauthenticated attackers to execute code on vulnerable systems. The vulnerability is tracked as CVE-2021-44228 and is also known as “Log4Shell”. On 2021-12-14 an additional denial of service vulnerability (CVE-2021-45046) ...

SSA-661247 V1.4 (Last Update: 2021-12-18): Apache Log4j Vulnerabilities (Log4Shell, CVE-2021-44228, CVE-2021-45046) - Impact to...

Titel

SSA-661247 V1.4 (Last Update: 2021-12-18): Apache Log4j Vulnerabilities (Log4Shell, CVE-2021-44228, CVE-2021-45046) - Impact to Siemens Products

Veröffentlicht

18. Dezember 2021 01:00

URL

https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf

Text

On 2021-12-09, a vulnerability in Apache Log4j (a logging tool used in many Java-based applications) was disclosed, that could allow remote unauthenticated attackers to execute code on vulnerable systems. The vulnerability is tracked as CVE-2021-44228 and is also known as “Log4Shell”. On 2021-12-14 an additional denial of service vulnerability (CVE-2021-45046) ...

SSA-661247 V1.3 (Last Update: 2021-12-17): Apache Log4j Vulnerabilities (Log4Shell, CVE-2021-44228, CVE-2021-45046) - Impact to...

Titel

SSA-661247 V1.3 (Last Update: 2021-12-17): Apache Log4j Vulnerabilities (Log4Shell, CVE-2021-44228, CVE-2021-45046) - Impact to Siemens Products

Veröffentlicht

17. Dezember 2021 01:00

URL

https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf

Text

On 2021-12-09, a vulnerability in Apache Log4j (a logging tool used in many Java-based applications) was disclosed, that could allow remote unauthenticated attackers to execute code on vulnerable systems. The vulnerability is tracked as CVE-2021-44228 and is also known as “Log4Shell”. On 2021-12-14 an additional denial of service vulnerability (CVE-2021-45046) ...

SSA-661247 V1.2 (Last Update: 2021-12-16): Apache Log4j Vulnerabilities (Log4Shell, CVE-2021-44228, CVE-2021-45046) - Impact to...

Titel

SSA-661247 V1.2 (Last Update: 2021-12-16): Apache Log4j Vulnerabilities (Log4Shell, CVE-2021-44228, CVE-2021-45046) - Impact to Siemens Products

Veröffentlicht

16. Dezember 2021 01:00

URL

https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf

Text

On 2021-12-09, a vulnerability in Apache Log4j (a logging tool used in many Java-based applications) was disclosed, that could allow remote unauthenticated attackers to execute code on vulnerable systems. The vulnerability is tracked as CVE-2021-44228 and is also known as “Log4Shell”. On 2021-12-14 an additional denial of service vulnerability (CVE-2021-45046) ...

SSA-714170 V1.0: Apache Log4j Vulnerabilities (Log4Shell, CVE-2021-44228, CVE-2021-45046) - Impact to SPPA-T3000

Titel

SSA-714170 V1.0: Apache Log4j Vulnerabilities (Log4Shell, CVE-2021-44228, CVE-2021-45046) - Impact to SPPA-T3000

Veröffentlicht

16. Dezember 2021 01:00

URL

https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf

Text

On 2021-12-09, a vulnerability in Apache Log4j (a logging tool used in many Java-based applications) was disclosed, that could allow remote unauthenticated attackers to execute code on vulnerable systems. The vulnerability is tracked as CVE-2021-44228 and is also known as “Log4Shell”. On 2021-12-14 an additional denial of service vulnerability (CVE-2021-45046) ...

SSA-661247 V1.1 (Last Update: 2021-12-15): Apache Log4j Vulnerabilities (Log4Shell, CVE-2021-44228, CVE-2021-45046) - Impact to...

Titel

SSA-661247 V1.1 (Last Update: 2021-12-15): Apache Log4j Vulnerabilities (Log4Shell, CVE-2021-44228, CVE-2021-45046) - Impact to Siemens Products

Veröffentlicht

15. Dezember 2021 01:00

URL

https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf

Text

On 2021-12-09, a vulnerability in Apache Log4j (a logging tool used in many Java-based applications) was disclosed, that could allow remote unauthenticated attackers to execute code on vulnerable systems. The vulnerability is tracked as CVE-2021-44228 and is also known as “Log4Shell”. On 2021-12-14 an additional denial of service vulnerability (CVE-2021-45046) ...

SSA-580693 V1.1 (Last Update: 2021-12-14): WIBU Systems CodeMeter Runtime Denial-of-Service Vulnerability in Siemens Products

Titel

SSA-580693 V1.1 (Last Update: 2021-12-14): WIBU Systems CodeMeter Runtime Denial-of-Service Vulnerability in Siemens Products

Veröffentlicht

14. Dezember 2021 01:00

URL

https://cert-portal.siemens.com/productcert/pdf/ssa-580693.pdf

Text

WIBU Systems published information about a denial-of-service vulnerability and an associated fix release version of CodeMeter Runtime, a product provided by WIBU Systems and used in several Siemens products for license management. The vulnerability is described in the section “Vulnerability Classification” below and got assigned the CVE ID CVE-2021-41057. Successful ...

SSA-772220 V1.4 (Last Update: 2021-12-14): OpenSSL Vulnerabilities in Industrial Products

Titel

SSA-772220 V1.4 (Last Update: 2021-12-14): OpenSSL Vulnerabilities in Industrial Products

Veröffentlicht

14. Dezember 2021 01:00

URL

https://cert-portal.siemens.com/productcert/pdf/ssa-772220.pdf

Text

OpenSSL has published a security advisory [0] about a vulnerability in OpenSSL versions 1.1.1 < 1.1.1k, that allows an unauthenticated attacker to cause a Denial-of-Service (DoS) if a maliciously crafted renegotiation message is sent. Siemens has released updates for several affected products and recommends to update to the latest versions. ...

SSA-629512 V1.3 (Last Update: 2021-12-14): Local Privilege Escalation Vulnerability in TIA Portal

Titel

SSA-629512 V1.3 (Last Update: 2021-12-14): Local Privilege Escalation Vulnerability in TIA Portal

Veröffentlicht

14. Dezember 2021 01:00

URL

https://cert-portal.siemens.com/productcert/pdf/ssa-629512.pdf

Text

The latest updates for TIA Portal fix a vulnerability that could allow a local attacker to execute arbitrary code with SYSTEM privileges. Update: The previously provided fixes only correctly set the permissions on English Windows versions. Siemens is preparing updates and recommends specific countermeasures for products where updates are not, ...

SSA-549234 V1.1 (Last Update: 2021-12-14): Denial-of-Service Vulnerability in SIMATIC NET CP Modules

Titel

SSA-549234 V1.1 (Last Update: 2021-12-14): Denial-of-Service Vulnerability in SIMATIC NET CP Modules

Veröffentlicht

14. Dezember 2021 01:00

URL

https://cert-portal.siemens.com/productcert/pdf/ssa-549234.pdf

Text

A denial of service vulnerability was identified in different types of Communication Processors. An attacker could exploit this vulnerability causing the device to become un-operational until the device is restarted. Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available.

SSA-324955 V1.7 (Last Update: 2021-12-14): SAD DNS Attack in Linux Based Products

Titel

SSA-324955 V1.7 (Last Update: 2021-12-14): SAD DNS Attack in Linux Based Products

Veröffentlicht

14. Dezember 2021 01:00

URL

https://cert-portal.siemens.com/productcert/pdf/ssa-324955.pdf

Text

A vulnerability made public under the name SAD DNS affects Domain Name System resolvers due to a vulnerability in the Linux kernel when handling ICMP packets. The Siemens products which are affected are listed below. For more information please see https://www.saddns.net/. Siemens has released updates for several affected products and ...

SSA-114589 V1.1 (Last Update: 2021-12-14): Multiple Vulnerabilities in Nucleus RTOS based APOGEE, TALON and Desigo PXC/PXM Prod...

Titel

SSA-114589 V1.1 (Last Update: 2021-12-14): Multiple Vulnerabilities in Nucleus RTOS based APOGEE, TALON and Desigo PXC/PXM Products

Veröffentlicht

14. Dezember 2021 01:00

URL

https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf

Text

Multiple vulnerabilities (also known as “NUCLEUS:13”) have be identified in the Nucleus RTOS (real-time operating system) and reported in the Siemens Security Advisory SSA-044112: https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf. The products listed below use affected versions of the Nucleus software and inherently contain these vulnerabilities. Siemens is preparing updates and recommends specific countermeasures for ...

SSA-044112 V1.1 (Last Update: 2021-12-14): Multiple Vulnerabilities (NUCLEUS:13) in the TCP/IP Stack of Nucleus RTOS

Titel

SSA-044112 V1.1 (Last Update: 2021-12-14): Multiple Vulnerabilities (NUCLEUS:13) in the TCP/IP Stack of Nucleus RTOS

Veröffentlicht

14. Dezember 2021 01:00

URL

https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf

Text

The TCP/IP stack and related services (FTP, TFTP) of the networking component (Nucleus NET) in Nucleus Real-Time Operating System (RTOS) contain several vulnerabilities, also known as “NUCLEUS:13” and as documented below. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends countermeasures ...

SSA-802578 V1.0: Multiple File Parsing Vulnerabilities in JTTK before V11.1.1.0 and JT Utilities before V13.1.1.0

Titel

SSA-802578 V1.0: Multiple File Parsing Vulnerabilities in JTTK before V11.1.1.0 and JT Utilities before V13.1.1.0

Veröffentlicht

14. Dezember 2021 01:00

URL

https://cert-portal.siemens.com/productcert/pdf/ssa-802578.pdf

Text

JT Open Toolkit (JTTK) before V11.1.1.0 contains multiple vulnerabilities that could be triggered when it reads a maliciously crafted JT file. These vulnerabilities also affects JT Utilities before V13.1.1.0. If a user is tricked to open a malicious JT file with any of the affected products, this could lead the ...

SSA-620288 V1.0: Multiple Vulnerabilities (NUCLEUS:13) in CAPITAL VSTAR

Titel

SSA-620288 V1.0: Multiple Vulnerabilities (NUCLEUS:13) in CAPITAL VSTAR

Veröffentlicht

14. Dezember 2021 01:00

URL

https://cert-portal.siemens.com/productcert/pdf/ssa-620288.pdf

Text

Multiple vulnerabilities (also known as “NUCLEUS:13”) have be identified in the Nucleus RTOS (real-time operating system) and reported in the Siemens Security Advisory SSA-044112: https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf. CAPITAL VSTAR uses an affected version of the Nucleus software and inherently contains several of these vulnerabilities. Siemens recommends specific countermeasures for products where updates ...

SSA-595101 V1.0: Multiple File Parsing Vulnerabilities in JT2Go and Teamcenter Visualization before V13.2.0.5

Titel

SSA-595101 V1.0: Multiple File Parsing Vulnerabilities in JT2Go and Teamcenter Visualization before V13.2.0.5

Veröffentlicht

14. Dezember 2021 01:00

URL

https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdf

Text

Siemens has released version V13.2.0.5 for JT2Go and Teamcenter Visualization to fix multiple vulnerabilities that could be triggered when the products read maliciously crafted files in different file formats (PDF, JT, TIFF, CGM and TIF). If a user is tricked to open a malicious file with any of the affected ...

…
45
46
47 (current)
48
49
…

Letzte Updates

BOSCH PSIRT

15.01.2025

SIEMENS CERT

17.04.2025

US CERT

01.04.2025

US CERT (ICS)

17.04.2025

Nach Quelle

BOSCH PSIRT (87)
SIEMENS CERT (1991)
US CERT (175)
US CERT (ICS) (1816)

Archiv

2025

April (56)
März (57)
Februar (59)
Januar (52)

2024

Dezember (57)
November (53)
Oktober (66)
September (69)
August (59)
Juli (63)
Juni (53)
Mai (64)
April (41)
März (45)
Februar (45)
Januar (41)

2023

Dezember (57)
November (58)
Oktober (46)
September (51)
August (62)
Juli (49)
Juni (49)
Mai (52)
April (67)
März (67)
Februar (71)
Januar (60)

2022

Dezember (65)
November (46)
Oktober (61)
September (55)
August (88)
Juli (61)
Juni (91)
Mai (58)
April (83)
März (72)
Februar (70)
Januar (37)

2021

Dezember (73)
November (46)
Oktober (49)
September (73)
August (33)
Juli (33)
Juni (30)
Mai (30)
April (37)
März (46)
Februar (42)
Januar (27)

2020

Dezember (32)
November (19)
Oktober (30)
September (33)
August (26)
Juli (51)
Juni (51)
Mai (26)
April (39)
März (45)
Februar (106)
Januar (35)

2019

Dezember (33)
November (14)
Oktober (37)
September (34)
August (26)
Juli (28)
Juni (22)
Mai (37)
April (28)
März (19)
Februar (36)
Januar (37)

2018

Dezember (36)
November (36)
Oktober (34)
September (22)
August (26)
Juli (18)
Juni (26)
Mai (42)
April (31)
März (37)
Februar (24)
Januar (10)

2017

Dezember (1)
August (1)
Juli (2)
Juni (1)
Mai (1)
April (1)
März (1)

Feeds

RSS / Atom