Oktober 2024
Titel
SSA-959281 V1.0: XML File Parsing Vulnerabilities in Teamcenter Visualization and JT2Go
Veröffentlicht
8. Oktober 2024 02:00
Text
Siemens Teamcenter Visualization and JT2Go are affected by stack buffer overflow and null pointer dereference vulnerabilities that could be triggered while parsing XML file. If a user is tricked to open a malicious XML file with any of the affected products, this could cause the application to crash or potentially ...
Titel
SSA-039007 V1.1 (Last Update: 2024-10-08): Heap-based Buffer Overflow Vulnerability in User Management Component (UMC)
Veröffentlicht
8. Oktober 2024 02:00
Text
Siemens User Management Component (UMC) is affected by a heap-based buffer overflow vulnerability which could allow an unauthenticated remote attacker arbitrary code execution. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends countermeasures for ...
Titel
SSA-148641 V1.3 (Last Update: 2024-10-08): XPath Constraint Vulnerability in Mendix Runtime
Veröffentlicht
8. Oktober 2024 02:00
Text
A XPath Constraint vulnerability in the Mendix Runtime was discovered, that can affect the running applications. The vulnerability could allow a malicious user to deduce contents of inaccessible attributes and modify sensitive data. Siemens has released new versions for the affected products and recommends to update to the latest versions.
Titel
SSA-254396 V1.0: Vulnerability in Nozomi Guardian/CMC Before 24.3.1 on RUGGEDCOM APE1808 Devices
Veröffentlicht
8. Oktober 2024 02:00
Text
Nozomi Networks has published information on vulnerabilities in Nozomi Guardian/CMC before 24.2.0. This advisory lists the related Siemens Industrial products affected by these vulnerabilities. Siemens has released new versions for the affected products and recommends to update to the latest versions.
Titel
SSA-097435 V1.2 (Last Update: 2024-10-08): Usernames Disclosure Vulnerability in Mendix Runtime
Veröffentlicht
8. Oktober 2024 02:00
Text
Mendix Runtime contains an observable response discrepancy vulnerability when validating usernames during authentication. This could allow unauthenticated remote attackers to distinguish between valid and invalid usernames. Siemens has released new versions for the affected products and recommends to update to the latest versions.
Titel
SSA-054046 V1.0: Unauthenticated Information Disclosure in Web Server of SIMATIC S7-1500 CPUs
Veröffentlicht
8. Oktober 2024 02:00
Text
Several SIMATIC S7-1500 CPU versions are affected by an authentication bypass vulnerability that could allow an unauthenticated remote attacker to gain knowledge about actual and configured maximum cycle times and communication load of the CPU. Siemens has released new versions for several affected products and recommends to update to the ...
Titel
SSA-321292 V1.6 (Last Update: 2024-10-08): Denial of Service in the OPC Foundation Local Discovery Server (LDS) in Industrial Products
Veröffentlicht
8. Oktober 2024 02:00
Text
A vulnerability has been identified in the OPC Foundation Local Discovery Server (LDS) [0] of several industrial products. The vulnerability could cause a denial of service condition on the service or the device. Siemens has released new versions for several affected products and recommends to update to the latest versions. ...
Titel
SSA-398330 V1.9 (Last Update: 2024-10-08): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
Veröffentlicht
8. Oktober 2024 02:00
Text
Multiple vulnerabilities have been identified in the additional GNU/Linux subsystem of the firmware version V3.1 for the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP (incl. SIPLUS variant). These GNU/Linux vulnerabilities have been externally identified. Siemens is preparing fix versions and recommends specific countermeasures for products where fixes are not, or not ...
Titel
SSA-368868 V1.0: Multiple Vulnerabilities in WibuKey for Windows
Veröffentlicht
8. Oktober 2024 02:00
Text
Several Siemens products (optionally) offer the use of WibuKey Dongles [1] for licensing. According to a recent publication by WIBU Systems (WIBU-94453 at [2]), the Windows device driver for these Dongles contains vulnerabilities as listed below. [1] https://www.wibu.com/products/wibukey.html [2] https://www.wibu.com/support/security-advisories.html WIBU Systems has released a new version for WibuKey for ...
Titel
SSA-366067 V1.1 (Last Update: 2024-10-08): Multiple Vulnerabilities in Fortigate NGFW Before V7.4.1 on RUGGEDCOM APE1808 Devices
Veröffentlicht
8. Oktober 2024 02:00
Text
Fortinet has published information on vulnerabilities in FORTIOS. This advisory lists the related Siemens Industrial products. Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available. Siemens recommends to consult and implement the workarounds provided in Fortinet’s upstream security notifications.
Titel
SSA-364175 V1.2 (Last Update: 2024-10-08): Multiple Vulnerabilities in Palo Alto Networks Virtual NGFW on RUGGEDCOM APE1808 Devices Before V11.1.4-h1
Veröffentlicht
8. Oktober 2024 02:00
Text
Palo Alto Networks has published [1] information on vulnerabilities in PAN-OS. This advisory lists the related Siemens Industrial products affected by these vulnerabilities. Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available. Customers are advised to consult and implement the workarounds ...
Titel
SSA-340240 V1.0: Denial of Service Vulnerability in Sentron Powercenter 1000 with 3RV2921-5M accessory
Veröffentlicht
8. Oktober 2024 02:00
Text
A vulnerability in Sentron Powercenter 1000 with 3RV2921-5M accessory could allow an attacker to cause a denial of service condition. Siemens is preparing fix versions and recommends specific countermeasures for products where fixes are not, or not yet available.
Titel
SSA-426509 V1.0: Multiple Local Code Execution Vulnerabilities in Questa and ModelSim Before V2024.3
Veröffentlicht
8. Oktober 2024 02:00
Text
Questa and ModelSim (incl. OEM Editions) are affected by multiple vulnerabilities that could allow a local attacker to inject arbitrary code and escalate privileges. Siemens has released new versions for the affected products and recommends to update to the latest versions.
Titel
SSA-955858 V1.3 (Last Update: 2024-10-08): Multiple Vulnerabilities in LOGO! 8 BM Devices
Veröffentlicht
8. Oktober 2024 02:00
Text
LOGO! 8 BM (incl. SIPLUS variants) contains multiple web-related vulnerabilities. These could allow an attacker to execute code remotely, put the device into a denial of service state or retrieve parts of the memory. The vulnerabilities are related to the hardware of the product. Siemens has released new hardware versions ...
Titel
SSA-852501 V1.0: Multiple Memory Corruption Vulnerabilities in Simcenter Nastran Before 2406.5000
Veröffentlicht
8. Oktober 2024 02:00
Text
Simcenter Nastran contains multiple memory corruption vulnerabilities that could be triggered when the application reads files in BDF file formats. If a user is tricked to open a malicious file with any of the affected products, this could lead the application to crash or potentially lead to arbitrary code execution. ...
Titel
SSA-850560 V1.0: Use of 4-Digit PIN in SENTRON PAC3200 Devices
Veröffentlicht
8. Oktober 2024 02:00
Text
SENTRON PAC3200 only provide a 4-digit PIN to protect from administrative access via Modbus TCP interface. Attackers with access to the Modbus TCP interface could easily bypass this protection by brute-force attacks or by monitoring the Modbus cleartext communication. Siemens recommends specific countermeasures for products where fixes are not, or ...
Titel
SSA-783481 V1.3 (Last Update: 2024-10-08): Denial-of-Service Vulnerability in LOGO! 8 BM
Veröffentlicht
8. Oktober 2024 02:00
Text
A Denial-of-Service vulnerability has been identified in LOGO! 8 BM. This vulnerability could allow an attacker to crash a device, if a user is tricked into loading a malicious project file onto an affected device. The vulnerability is related to the hardware of the product. Siemens has released new hardware ...
Titel
SSA-711309 V2.1 (Last Update: 2024-10-08): Denial of Service Vulnerability in the OPC UA Implementations of SIMATIC Products
Veröffentlicht
8. Oktober 2024 02:00
Text
The OPC UA implementations (ANSI C and C++) as used in several SIMATIC products contain a denial of service vulnerability that could allow an unauthenticated remote attacker to create a denial of service condition by sending a specially crafted certificate. Siemens has released new versions for several affected products and ...
September 2024
Titel
SSA-097435 V1.1 (Last Update: 2024-09-12): Usernames Disclosure Vulnerability in Mendix Runtime
Veröffentlicht
12. September 2024 02:00
Text
Mendix Runtime contains an observable response discrepancy vulnerability when validating usernames during authentication. This could allow unauthenticated remote attackers to distinguish between valid and invalid usernames. Siemens has released new versions for the affected products and recommends to update to the latest versions.
Titel
SSA-423808 V1.0: Multiple NULL Pointer Dereference Vulnerabilities in Industrial Products
Veröffentlicht
10. September 2024 02:00
Text
Multiple NULL pointer dereference vulnerabilities in the affected products could allow an attacker with network access to the webserver, to perform a denial of service attack. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where ...
Titel
SSA-417159 V1.0: Multiple Vulnerabilities in SINEMA Remote Connect Client Before V3.2 SP2
Veröffentlicht
10. September 2024 02:00
Text
SINEMA Remote Connect Client before V3.2 SP2 is affected by multiple vulnerabilities. Siemens has released a new version for SINEMA Remote Connect Client and recommends to update to the latest version.
Titel
SSA-446545 V1.0: Impact of RegreSSHion (CVE-2024-6387) in Siemens Industrial Products
Veröffentlicht
10. September 2024 02:00
Text
An OpenSSH vulnerability, known as regreSSHion, affects multiple Siemens industrial products. This security regression vulnerability consists in a race condition which may allow an unauthenticated remote attacker to achieve remote code execution with high impact on the affected system. Siemens has released new versions for several affected products and recommends ...
Titel
SSA-427715 V1.0: Stack-Based Buffer Overflow Vulnerability in Tecnomatix Plant Simulation
Veröffentlicht
10. September 2024 02:00
Text
Siemens Tecnomatix Plant Simulation is affected by a stack-based buffer overflow vulnerability that could be triggered when the application reads files in SPP file format. If a user is tricked to open a malicious file with any of the affected products, this could lead the application to crash or potentially ...
Titel
SSA-359713 V1.0: Authorization Bypass Vulnerability in Industrial Edge Management
Veröffentlicht
10. September 2024 02:00
Text
Industrial Edge Management contains an Authorization Bypass vulnerability that could allow an unauthenticated remote attacker to impersonate other devices onboarded to the system. Siemens has released new versions for the affected products and recommends to update to the latest versions.
Titel
SSA-455250 V1.3 (Last Update: 2024-09-10): Multiple Vulnerabilities in Palo Alto Networks Virtual NGFW on RUGGEDCOM APE1808 Devices Before V11.1.2-h3
Veröffentlicht
10. September 2024 02:00
Text
Palo Alto Networks has published [1] information on vulnerabilities in PAN-OS. This advisory lists the related Siemens Industrial products affected by these vulnerabilities. Siemens has released a new version of Palo Alto Networks Virtual NGFW for RUGGEDCOM APE1808 and recommends to update to the latest version. Customers are advised to ...

Letzte Updates

BOSCH PSIRT
15.01.2025
SIEMENS CERT
15.01.2025
US CERT
15.01.2025
US CERT (ICS)
21.01.2025

Nach Quelle

Archiv

2025
2024
2023
2022
2021
2020
2019
2018
2017

Feeds