Juli 2021
13.07.2021
SIEMENS CERT
SSA-729965 V1.0: TLS Certificate Validation Vulnerability in SINUMERIK Integrate Operate Client
Titel
SSA-729965 V1.0: TLS Certificate Validation Vulnerability in SINUMERIK Integrate Operate Client
Veröffentlicht
13. Juli 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-729965.pdf
Text
The latest update for SINUMERIK Integrate Operate Client fixes a vulnerability that could allow an attacker to spoof any SSL server certificate and conduct man-in-the-middle attacks. Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available
13.07.2021
SIEMENS CERT
SSA-772220 V1.0: OpenSSL Vulnerabilities in Industrial Products
Titel
SSA-772220 V1.0: OpenSSL Vulnerabilities in Industrial Products
Veröffentlicht
13. Juli 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-772220.pdf
Text
OpenSSL has published a security advisory [0] about a vulnerability in OpenSSL versions 1.1.1 < k, that allows an unauthenticated attacker to cause a Denial-of-Service (DoS) if a a maliciously crafted renegotiation message is sent. Siemens is preparing updates and recommends countermeasures for products where updates are not, or not ...
13.07.2021
SIEMENS CERT
SSA-434536 V1.0: Memory Protection Bypass Vulnerability in SINUMERIK ONE and SINUMERIK MC
Titel
SSA-434536 V1.0: Memory Protection Bypass Vulnerability in SINUMERIK ONE and SINUMERIK MC
Veröffentlicht
13. Juli 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-434536.pdf
Text
SINUMERIK ONE and SINUMERIK MC products are affected by a memory protection bypass vulnerability in the integrated S7-1500 CPU that could allow an attacker to write arbitrary data and code to protected memory areas or read sensitive data to launch further attacks on the CPU. Siemens is preparing updates and ...
13.07.2021
SIEMENS CERT
SSA-913875 V1.0: Frame Aggregation and Fragmentation Vulnerabilities in 802.11
Titel
SSA-913875 V1.0: Frame Aggregation and Fragmentation Vulnerabilities in 802.11
Veröffentlicht
13. Juli 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf
Text
Twelve vulnerabilities in the implementation of frame aggregation and fragmentation of the 802.11 standard, under the name of FragAttacks, have been published. Successful exploitation of these vulnerabilities could allow an attacker within Wi-Fi range to forge encrypted frames, which could result in sensitive data disclosure and possibly traffic manipulation. The ...
13.07.2021
SIEMENS CERT
SSA-941426 V1.0: Multiple LLDP Vulnerabilities in Industrial Products
Titel
SSA-941426 V1.0: Multiple LLDP Vulnerabilities in Industrial Products
Veröffentlicht
13. Juli 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-941426.pdf
Text
There are multiple vulnerabilities in an underlying Link Layer Discovery Protocol (LLDP) third party library. Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available.
13.07.2021
SIEMENS CERT
SSA-203306 V1.5 (Last Update: 2021-07-13): Password Vulnerabilities in SIPROTEC 4 and SIPROTEC Compact Relay Families
Titel
SSA-203306 V1.5 (Last Update: 2021-07-13): Password Vulnerabilities in SIPROTEC 4 and SIPROTEC Compact Relay Families
Veröffentlicht
13. Juli 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-203306.pdf
Text
SIPROTEC 4 and SIPROTEC Compact devices could allow access authorization passwords to be reconstructed or overwritten via engineering mechanisms that involve DIGSI 4 and EN100 Ethernet communication modules. Siemens has released updates for several affected products, and recommends specific countermeasures for the remaining products.
13.07.2021
SIEMENS CERT
SSA-324955 V1.2 (Last Update: 2021-07-13): SAD DNS Attack in Linux Based Products
Titel
SSA-324955 V1.2 (Last Update: 2021-07-13): SAD DNS Attack in Linux Based Products
Veröffentlicht
13. Juli 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-324955.pdf
Text
A vulnerability made public under the name SAD DNS affects Domain Name System resolvers due to a vulnerability in the Linux kernel when handling ICMP packets. The Siemens products which are affected are listed below. For more information please see https://www.saddns.net/. Siemens has released updates for several affected products and ...
13.07.2021
SIEMENS CERT
SSB-439005 V3.5 (Last Update: 2021-07-13): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 151...
Titel
SSB-439005 V3.5 (Last Update: 2021-07-13): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP
Veröffentlicht
13. Juli 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssb-439005.pdf
Text
13.07.2021
SIEMENS CERT
SSA-462066 V2.4 (Last Update: 2021-07-13): Vulnerability known as TCP SACK PANIC in Industrial Products
Titel
SSA-462066 V2.4 (Last Update: 2021-07-13): Vulnerability known as TCP SACK PANIC in Industrial Products
Veröffentlicht
13. Juli 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf
Text
Multiple industrial products are affected by a vulnerability in the kernel known as TCP SACK PANIC. The vulnerability could allow a remote attacker to cause a denial of service condition. Siemens has released updates for several affected products and recommends to update to the new versions. Siemens is preparing further ...
13.07.2021
SIEMENS CERT
SSA-841348 V1.8 (Last Update: 2021-07-13): Multiple Vulnerabilities in the UMC Stack
Titel
SSA-841348 V1.8 (Last Update: 2021-07-13): Multiple Vulnerabilities in the UMC Stack
Veröffentlicht
13. Juli 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf
Text
The latest update for the below listed products fixes two security vulnerabilities that could allow an attacker to cause a partial Denial-of-Service on the UMC component of the affected devices under certain circumstances, and one vulnerability that could allow an attacker to locally escalate privileges from a user with administrative ...
Juni 2021
08.06.2021
SIEMENS CERT
SSA-678983 V1.1 (Last Update: 2021-06-08): Vulnerabilities in Industrial PCs and CNC devices using Intel CPUs (November 2020)
Titel
SSA-678983 V1.1 (Last Update: 2021-06-08): Vulnerabilities in Industrial PCs and CNC devices using Intel CPUs (November 2020)
Veröffentlicht
8. Juni 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-678983.pdf
Text
Intel has published information on vulnerabilities in Intel products in November 2020. This advisory lists the Siemens IPC related products, that are affected by these vulnerabilities. In this advisory we take a representative CVE from each advisory: “Intel CSME, SPS, TXE, AMT and DAL Advisory” Intel-SA-00391 is represented by CVE-2020-8745 ...
08.06.2021
SIEMENS CERT
SSA-542525 V1.3 (Last Update: 2021-06-08): Authentication Vulnerabilities in SIMATIC HMI Products
Titel
SSA-542525 V1.3 (Last Update: 2021-06-08): Authentication Vulnerabilities in SIMATIC HMI Products
Veröffentlicht
8. Juni 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-542525.pdf
Text
SIMATIC HMI Products are affected by two vulnerabilities that could allow a remote attacker to discover user passwords and obtain access to the Sm@rt Server via a brute-force attack. Siemens has released updates for the affected products and recommends to update to the latest versions. Siemens also suggests following the ...
08.06.2021
SIEMENS CERT
SSA-574442 V1.1 (Last Update: 2021-06-08): Multiple PAR and DFT File Parsing Vulnerabilities in Solid Edge
Titel
SSA-574442 V1.1 (Last Update: 2021-06-08): Multiple PAR and DFT File Parsing Vulnerabilities in Solid Edge
Veröffentlicht
8. Juni 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-574442.pdf
Text
Siemens has released a new version for Solid Edge to fix multiple vulnerabilities that could be triggered when the application reads files in different file formats (PAR, DFT extensions). If a user is tricked to open a malicious file with the affected application, this could lead to a crash, and ...
08.06.2021
SIEMENS CERT
SSA-208356 V1.0: DFT File Parsing Vulnerabilities in Solid Edge
Titel
SSA-208356 V1.0: DFT File Parsing Vulnerabilities in Solid Edge
Veröffentlicht
8. Juni 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-208356.pdf
Text
Siemens has released a new version for Solid Edge to fix two vulnerabilities that could be triggered when the application read files in DFT file format. If a user is tricked to opening of a malicious file with the affected products, this could lead to application crash, or potentially arbitrary ...
08.06.2021
SIEMENS CERT
SSA-200951 V1.0: Multiple Vulnerabilities in Third-Party Component libcurl of TIM Devices
Titel
SSA-200951 V1.0: Multiple Vulnerabilities in Third-Party Component libcurl of TIM Devices
Veröffentlicht
8. Juni 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-200951.pdf
Text
SIMATIC TIM 1531 IRC devices are vulnerable to multiple vulnerabilities in the third party component libcurl that could allow an attacker to extract sensitive information and pass a revoked certificate as valid. Siemens has released an update for SIMATIC TIM 1531 IRC and recommends to update to the latest versions.
08.06.2021
SIEMENS CERT
SSA-133038 V1.0: Multiple Modfem File Parsing Vulnerabilities in Simcenter Femap
Titel
SSA-133038 V1.0: Multiple Modfem File Parsing Vulnerabilities in Simcenter Femap
Veröffentlicht
8. Juni 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-133038.pdf
Text
Siemens Simcenter Femap is affected by two vulnerabilities that could be triggered when the application reads modfem files. If a user is tricked to open a malicious file with the affected application, this could lead to a crash, and potentially also to arbitrary code execution or data extraction on the ...
08.06.2021
SIEMENS CERT
SSA-211752 V1.0: Multiple NTP-Client Related Vulnerabilities in SIMATIC NET CP 443-1 OPC UA
Titel
SSA-211752 V1.0: Multiple NTP-Client Related Vulnerabilities in SIMATIC NET CP 443-1 OPC UA
Veröffentlicht
8. Juni 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf
Text
All versions of the SIMATIC NET CP 443-1 OPC UA contain multiple vulnerabilities in the underlying third party component NTP. Siemens recommends specific countermeasures for products where updates are not, or not yet available.
08.06.2021
SIEMENS CERT
SSA-419820 V1.0: Denial-of-Service Vulnerability in TIM 1531 IRC
Titel
SSA-419820 V1.0: Denial-of-Service Vulnerability in TIM 1531 IRC
Veröffentlicht
8. Juni 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-419820.pdf
Text
The latest update for TIM 1531 IRC fixes a vulnerability that could allow a remote attacker to cause a denial-of-service under certain circumstances. Siemens has released an update for the TIM 1531 IRC and recommends to update to the latest version.
08.06.2021
SIEMENS CERT
SSA-522654 V1.0: Privilege Escalation Vulnerability in Mendix SAML Module
Titel
SSA-522654 V1.0: Privilege Escalation Vulnerability in Mendix SAML Module
Veröffentlicht
8. Juni 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-522654.pdf
Text
The latest update of Mendix SAML module fixes a privilege escalation vulnerability. Mendix has released an update for the Mendix SAML module and recommends to update to the latest version.
08.06.2021
SIEMENS CERT
SSA-645530 V1.0: TIFF File Parsing Vulnerability in JT2Go and Teamcenter Visualization before V13.1.0.3
Titel
SSA-645530 V1.0: TIFF File Parsing Vulnerability in JT2Go and Teamcenter Visualization before V13.1.0.3
Veröffentlicht
8. Juni 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-645530.pdf
Text
Siemens has released version V13.1.0.3 for JT2Go and Teamcenter Visualization to fix a vulnerability that could be triggered when the products read files in TIFF file format. If a user is tricked to opening of a malicious file with the affected products, this could lead to application crash, or potentially ...
08.06.2021
SIEMENS CERT
SSA-787292 V1.0: Denial-of-Service Vulnerability in SIMATIC RFID Readers
Titel
SSA-787292 V1.0: Denial-of-Service Vulnerability in SIMATIC RFID Readers
Veröffentlicht
8. Juni 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-787292.pdf
Text
The latest updates for SIMATIC RF products fix a vulnerability that could allow an unauthorized attacker to crash the OPC UA service of the affected devices. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific ...
08.06.2021
SIEMENS CERT
SSA-293562 V3.2 (Last Update: 2021-06-08): Vulnerabilities in Industrial Products
Titel
SSA-293562 V3.2 (Last Update: 2021-06-08): Vulnerabilities in Industrial Products
Veröffentlicht
8. Juni 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-293562.pdf
Text
Several industrial devices are affected by two vulnerabilities that could allow an attacker to cause a Denial-of-Service condition via PROFINET DCP network packets under certain circumstances. The precondition for this scenario is a direct layer 2 access to the affected products. PROFIBUS interfaces are not affected. Siemens has released updates ...
08.06.2021
SIEMENS CERT
SSA-312271 V1.7 (Last Update: 2021-06-08): Unquoted Search Path Vulnerabilities in Windows-based Industrial Software Applications
Titel
SSA-312271 V1.7 (Last Update: 2021-06-08): Unquoted Search Path Vulnerabilities in Windows-based Industrial Software Applications
Veröffentlicht
8. Juni 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-312271.pdf
Text
The latest update for affected products fix local privilege escalation vulnerabilities that could allow authorized local users with administrative privileges to execute custom code with SYSTEM level privileges. Siemens has released updates for some of the affected products, and is working on further updates. For the remaining affected products, Siemens ...
08.06.2021
SIEMENS CERT
SSA-324955 V1.1 (Last Update: 2021-06-08): SAD DNS Attack in Linux Based Products
Titel
SSA-324955 V1.1 (Last Update: 2021-06-08): SAD DNS Attack in Linux Based Products
Veröffentlicht
8. Juni 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-324955.pdf
Text
A vulnerability made public under the name SAD DNS affects Domain Name System resolvers due to a vulnerability in the Linux kernel when handling ICMP packets. The Siemens products which are affected are listed below. For more information please see https://www.saddns.net/. Siemens has released updates for several affected products and ...
08.06.2021
SIEMENS CERT
SSA-346262 V3.0 (Last Update: 2021-06-08): Denial-of-Service in Industrial Products
Titel
SSA-346262 V3.0 (Last Update: 2021-06-08): Denial-of-Service in Industrial Products
Veröffentlicht
8. Juni 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-346262.pdf
Text
Several industrial products are affected by a vulnerability that could allow remote attackers to conduct a Denial-of-Service (DoS) attack by sending specially crafted packets to port 161/udp (SNMP). Siemens has released updates for several affected products, and recommends that customers update to the new version. Siemens is preparing further updates ...

Letzte Updates

BOSCH PSIRT
25.04.2025
SIEMENS CERT
14.05.2025
US CERT
01.04.2025
US CERT (ICS)
13.05.2025

Nach Quelle

Archiv

2025
2024
2023
2022
2021
2020
2019
2018
2017

Feeds