Mai 2021
11.05.2021
SIEMENS CERT
SSA-794542 V1.1 (Last Update: 2021-05-11): Insecure Folder Permissions in SIMARIS Configuration
Titel
SSA-794542 V1.1 (Last Update: 2021-05-11): Insecure Folder Permissions in SIMARIS Configuration
Veröffentlicht
11. Mai 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-794542.pdf
Text
The installation of SIMARIS configuration causes insecure folder permissions that could allow vertical privilege escalation. Siemens has released an update for SIMARIS and recommends to update to the latest version.
11.05.2021
SIEMENS CERT
SSA-723417 V1.0: Multiple Vulnerabilities in SCALANCE W1750D
Titel
SSA-723417 V1.0: Multiple Vulnerabilities in SCALANCE W1750D
Veröffentlicht
11. Mai 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf
Text
Siemens SCALANCE W1750D is a brand-labeled device. Aruba has released a related security advisory ARUBA-PSA-2021-007 disclosing vulnerabilities in its Aruba Instant product line. Siemens is preparing updates and recommends countermeasures for products where updates are not, or not yet available.
11.05.2021
SIEMENS CERT
SSA-752103 V1.0: Telnet Authentication Vulnerability in SINAMICS Medium Voltage Products
Titel
SSA-752103 V1.0: Telnet Authentication Vulnerability in SINAMICS Medium Voltage Products
Veröffentlicht
11. Mai 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-752103.pdf
Text
SINAMICS medium voltage products, with telnet enabled on SIMATIC comfort HMI Panels, are affected by a remote access vulnerability that could allow an attacker, under certain conditions, to gain full remote access to the HMI. Note that by default telnet is disabled, but it can be enabled on request by ...
11.05.2021
SIEMENS CERT
SSA-936080 V1.1 (Last Update: 2021-05-11): Multiple Vulnerabilities in Third-Party Component libcurl
Titel
SSA-936080 V1.1 (Last Update: 2021-05-11): Multiple Vulnerabilities in Third-Party Component libcurl
Veröffentlicht
11. Mai 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-936080.pdf
Text
SIMATIC NET CM 1542-1, SCALANCE SC600 family and SIMATIC NET CP 343-1 Advanced devices are vulnerable to a vulnerability in the third party component libcurl that could allow an attacker to cause a Denial-of-Service condition on the affected devices. Siemens has released an update for SCALANCE SC600. For the remaining ...
11.05.2021
SIEMENS CERT
SSA-646763 V1.3 (Last Update: 2021-05-11): DNSpooq - Dnsmasq Vulnerabilities in SCALANCE and RUGGEDCOM Devices
Titel
SSA-646763 V1.3 (Last Update: 2021-05-11): DNSpooq - Dnsmasq Vulnerabilities in SCALANCE and RUGGEDCOM Devices
Veröffentlicht
11. Mai 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-646763.pdf
Text
Security researchers discovered and disclosed seven vulnerabilities in the open-source DNS component “dnsmasq”, also known as “DNSpooq” vulnerabilities (CVE-2020-25681 through CVE-2020-25687). Three vulnerabilities (CVE-2020-25684 through CVE-2020-25686) affect the validation of DNS responses and impact several SCALANCE and RUGGEDCOM devices as listed below. Siemens has released updates for several affected products ...
11.05.2021
SIEMENS CERT
SSA-541018 V1.1 (Last Update: 2021-05-11): Embedded TCP/IP Stack Vulnerabilities (AMNESIA:33) in SENTRON PAC / 3VA Devices (Par...
Titel
SSA-541018 V1.1 (Last Update: 2021-05-11): Embedded TCP/IP Stack Vulnerabilities (AMNESIA:33) in SENTRON PAC / 3VA Devices (Part 2)
Veröffentlicht
11. Mai 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-541018.pdf
Text
Security researchers discovered and disclosed 33 vulnerabilities in several open-source TCP/IP stacks for embedded devices, also known as “AMNESIA:33” vulnerabilities. This advisory describes the impact of two of these vulnerabilities (CVE-2020-13987, CVE-2020-17437) to Siemens products. Siemens has released updates for several affected products and recommends to update to the latest ...
11.05.2021
SIEMENS CERT
SSA-478893 V1.1 (Last Update: 2021-05-11): TightVNC Vulnerabilities in Industrial Products (Revoked)
Titel
SSA-478893 V1.1 (Last Update: 2021-05-11): TightVNC Vulnerabilities in Industrial Products (Revoked)
Veröffentlicht
11. Mai 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-478893.pdf
Text
Multiple TightVNC (V1.x) vulnerabilities could allow remote code execution and Denial-of-Service attacks under certain conditions. Siemens has previously released this advisory containing a set of products that were considered to be affected. Through Siemens’ continuous investigation processes it was identified that all products previously advised are not affected by any ...
11.05.2021
SIEMENS CERT
SSA-462066 V2.3 (Last Update: 2021-05-11): Vulnerability known as TCP SACK PANIC in Industrial Products
Titel
SSA-462066 V2.3 (Last Update: 2021-05-11): Vulnerability known as TCP SACK PANIC in Industrial Products
Veröffentlicht
11. Mai 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf
Text
Multiple industrial products are affected by a vulnerability in the kernel known as TCP SACK PANIC. The vulnerability could allow a remote attacker to cause a denial of service condition. Siemens has released updates for several affected products and recommends to update to the new versions. Siemens is preparing further ...
11.05.2021
SIEMENS CERT
SSB-439005 V3.4 (Last Update: 2021-05-11): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 151...
Titel
SSB-439005 V3.4 (Last Update: 2021-05-11): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP
Veröffentlicht
11. Mai 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssb-439005.pdf
Text
11.05.2021
SIEMENS CERT
SSA-983548 V1.0: Multiple SPP File Parsing Vulnerabilities in Tecnomatix Plant Simulation
Titel
SSA-983548 V1.0: Multiple SPP File Parsing Vulnerabilities in Tecnomatix Plant Simulation
Veröffentlicht
11. Mai 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-983548.pdf
Text
Siemens Tecnomatix Plant Simulation has released an update for version V16.0 that fixes multiple vulnerabilities that could be triggered when the application reads SPP files. If a user is tricked to open a malicious file using the affected application, this could lead to a crash, and potentially also to arbitrary ...
11.05.2021
SIEMENS CERT
SSA-940818 V1.0: UltraVNC Vulnerabilities in SIMATIC HMIs/WinCC Products
Titel
SSA-940818 V1.0: UltraVNC Vulnerabilities in SIMATIC HMIs/WinCC Products
Veröffentlicht
11. Mai 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-940818.pdf
Text
UltraVNC vulnerabilities in the affected products listed below could allow remote code execution, information disclosure and Denial-of-Service attacks under certain conditions. Siemens has released updates for the affected products and recommends to update to the latest versions.
11.05.2021
SIEMENS CERT
SSA-919955 V1.0: Information Disclosure Vulnerability in Mendix Database Replication Module
Titel
SSA-919955 V1.0: Information Disclosure Vulnerability in Mendix Database Replication Module
Veröffentlicht
11. Mai 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-919955.pdf
Text
The latest update of Mendix Database Replication module fixes a infomation disclosure vulnerability. Mendix has released an update for the Mendix Database Replication module and recommends to update to the latest version.
April 2021
14.04.2021
SIEMENS CERT
SSA-875726 V1.0: Privilege Escalation Vulnerability in Mendix
Titel
SSA-875726 V1.0: Privilege Escalation Vulnerability in Mendix
Veröffentlicht
14. April 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-875726.pdf
Text
The latest updates for Mendix fix a vulnerability in Mendix Applications that could allow malicious authorized users to escalate their privileges. Mendix has released an update for Mendix and recommends to update to the latest version.
13.04.2021
SIEMENS CERT
SSA-497656 V1.0: Multiple NTP Vulnerabilities in TIM 4R-IE Devices
Titel
SSA-497656 V1.0: Multiple NTP Vulnerabilities in TIM 4R-IE Devices
Veröffentlicht
13. April 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf
Text
There are multiple vulnerabilities in the underlying NTP component of the affected TIM 4R-IE. Siemens recommends specific countermeasures for products where updates are not, or not yet available.
13.04.2021
SIEMENS CERT
SSA-979775 V1.1 (Last Update: 2021-04-13): Stack Overflow Vulnerability in SCALANCE and RUGGEDCOM Devices
Titel
SSA-979775 V1.1 (Last Update: 2021-04-13): Stack Overflow Vulnerability in SCALANCE and RUGGEDCOM Devices
Veröffentlicht
13. April 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-979775.pdf
Text
Several firmware versions of the SCALANCE and RUGGEDCOM devices listed below are affected by a vulnerability in the passive listening feature that could allow an attacker to cause a reboot or, under specific circumstances, attain remote code execution of the affected devices. Siemens has released updates for the affected products ...
13.04.2021
SIEMENS CERT
SSA-978220 V1.4 (Last Update: 2021-04-13): Denial-of-Service Vulnerability over SNMP in Multiple Industrial Products
Titel
SSA-978220 V1.4 (Last Update: 2021-04-13): Denial-of-Service Vulnerability over SNMP in Multiple Industrial Products
Veröffentlicht
13. April 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-978220.pdf
Text
Several industrial products are affected by a vulnerability that could allow remote attackers to conduct a Denial-of-Service (DoS) attack by sending specially crafted packets to port 161/udp (SNMP). Siemens has released updates for several affected products and recommends to update to the new versions. Siemens is preparing further updates and ...
13.04.2021
SIEMENS CERT
SSA-951513 V1.2 (Last Update: 2021-04-13): Clickjacking Vulnerability in SCALANCE S, SCALANCE X-300, X-200IRT, and X-200 Switch...
Titel
SSA-951513 V1.2 (Last Update: 2021-04-13): Clickjacking Vulnerability in SCALANCE S, SCALANCE X-300, X-200IRT, and X-200 Switch Families
Veröffentlicht
13. April 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-951513.pdf
Text
Several SCALANCE X switches contain a vulnerability that could allow an attacker to perform administrative actions if the victim is tricked into clicking on a website controlled by the attacker. The attack only works if the victim has an authenticated session on the administrative interface of the switch. Siemens has ...
13.04.2021
SIEMENS CERT
SSA-844761 V1.1 (Last Update: 2021-04-13): Multiple Vulnerabilities in SiNVR/SiVMS Video Server
Titel
SSA-844761 V1.1 (Last Update: 2021-04-13): Multiple Vulnerabilities in SiNVR/SiVMS Video Server
Veröffentlicht
13. April 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf
Text
The Video Server application in SiNVR/SiVMS solutions contains five vulnerabilities involving information disclosure (CVE-2019-19291, CVE-2019-19299), path traversal (CVE-2019-19296, CVE-2019-19297), and denial-of-service (CVE-2019-19298). PKE has released an update of the application that fixes the reported vulnerabilities, except for CVE-2019-19298 and CVE-2019-19299. This update is not available under the former Siemens OEM ...
13.04.2021
SIEMENS CERT
SSA-841348 V1.7 (Last Update: 2021-04-13): Multiple Vulnerabilities in the UMC Stack
Titel
SSA-841348 V1.7 (Last Update: 2021-04-13): Multiple Vulnerabilities in the UMC Stack
Veröffentlicht
13. April 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf
Text
The latest update for the below listed products fixes two security vulnerabilities that could allow an attacker to cause a partial Denial-of-Service on the UMC component of the affected devices under certain circumstances, and one vulnerability that could allow an attacker to locally escalate privileges from a user with administrative ...
13.04.2021
SIEMENS CERT
SSA-715184 V1.1 (Last Update: 2021-04-13): Multiple File Parsing Vulnerabilities in Solid Edge
Titel
SSA-715184 V1.1 (Last Update: 2021-04-13): Multiple File Parsing Vulnerabilities in Solid Edge
Veröffentlicht
13. April 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-715184.pdf
Text
Siemens has released new versions for Solid Edge to fix multiple vulnerabilities that could be triggered when the application reads files in different file formats (PAR, DFT, XML extensions). If a user is tricked to open a malicious file with the affected application, this could lead to a crash, and ...
13.04.2021
SIEMENS CERT
SSA-689942 V1.3 (Last Update: 2021-04-13): Denial-of-Service and DLL Hijacking Vulnerabilities in Multiple SIMATIC Software Pro...
Titel
SSA-689942 V1.3 (Last Update: 2021-04-13): Denial-of-Service and DLL Hijacking Vulnerabilities in Multiple SIMATIC Software Products
Veröffentlicht
13. April 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-689942.pdf
Text
Multiple SIMATIC Software products are affected by two vulnerabilities that could allow an attacker to manipulate project files that may lead to Remote Code Execution or Denial-of-Service attacks. Siemens has released updates to some of the affected products and recommends that customers update to the latest version. Siemens is preparing ...
13.04.2021
SIEMENS CERT
SSA-646763 V1.2 (Last Update: 2021-04-13): DNSpooq - Dnsmasq Vulnerabilities in SCALANCE and RUGGEDCOM Devices
Titel
SSA-646763 V1.2 (Last Update: 2021-04-13): DNSpooq - Dnsmasq Vulnerabilities in SCALANCE and RUGGEDCOM Devices
Veröffentlicht
13. April 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-646763.pdf
Text
Security researchers discovered and disclosed seven vulnerabilities in the open-source DNS component “dnsmasq”, also known as “DNSpooq” vulnerabilities (CVE-2020-25681 through CVE-2020-25687). Three vulnerabilities (CVE-2020-25684 through CVE-2020-25686) affect the validation of DNS responses and impact several SCALANCE and RUGGEDCOM devices as listed below. Siemens has released updates for several affected products ...
13.04.2021
SIEMENS CERT
SSA-591405 V1.2 (Last Update: 2021-04-13): Web Vulnerabilities in SCALANCE S-600 Family
Titel
SSA-591405 V1.2 (Last Update: 2021-04-13): Web Vulnerabilities in SCALANCE S-600 Family
Veröffentlicht
13. April 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-591405.pdf
Text
The firmware for SCALANCE S-600 family devices contains multiple web vulnerabilities. The vulnerabilities could allow an remote attacker to conduct Denial-of-Service attacks or perform Cross-Site Scripting attacks. Siemens has released updates for the affected products and recommends to update to the latest versions, or to upgrade to a successor product.
13.04.2021
SIEMENS CERT
SSA-541017 V1.3 (Last Update: 2021-04-13): Embedded TCP/IP Stack Vulnerabilities (AMNESIA:33) in SIRIUS 3RW5 Modbus TCP and SEN...
Titel
SSA-541017 V1.3 (Last Update: 2021-04-13): Embedded TCP/IP Stack Vulnerabilities (AMNESIA:33) in SIRIUS 3RW5 Modbus TCP and SENTRON PAC / 3VA Devices
Veröffentlicht
13. April 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-541017.pdf
Text
Security researchers discovered and disclosed 33 vulnerabilities in several open-source TCP/IP stacks for embedded devices, also known as “AMNESIA:33” vulnerabilities. This advisory describes the impact of one of these vulnerabilities (CVE-2020-13988) to Siemens products. Siemens has released updates for the affected products and recommends to update to the latest versions. ...
13.04.2021
SIEMENS CERT
SSA-534763 V1.4 (Last Update: 2021-04-13): Special Register Buffer Data Sampling (SRBDS) aka Crosstalk in Industrial Products
Titel
SSA-534763 V1.4 (Last Update: 2021-04-13): Special Register Buffer Data Sampling (SRBDS) aka Crosstalk in Industrial Products
Veröffentlicht
13. April 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-534763.pdf
Text
Security researchers published information on a vulnerability known as Crosstalk (INTEL-SA-00320). This vulnerability affects modern Intel processors to a varying degree. Several Siemens Industrial Products contain processors that are affected by the vulnerability. Siemens is preparing updates and recommends specific countermeasures until fixes are available.

Letzte Updates

BOSCH PSIRT
21.08.2024
SIEMENS CERT
12.09.2024
US CERT
19.09.2024
US CERT (ICS)
19.09.2024

Nach Quelle

Archiv

2024
2023
2022
2021
2020
2019
2018
2017

Feeds