Juli 2021
13.07.2021
SIEMENS CERT
SSA-772220 V1.0: OpenSSL Vulnerabilities in Industrial Products
Titel
SSA-772220 V1.0: OpenSSL Vulnerabilities in Industrial Products
Veröffentlicht
13. Juli 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-772220.pdf
Text
OpenSSL has published a security advisory [0] about a vulnerability in OpenSSL versions 1.1.1 < k, that allows an unauthenticated attacker to cause a Denial-of-Service (DoS) if a a maliciously crafted renegotiation message is sent. Siemens is preparing updates and recommends countermeasures for products where updates are not, or not ...
13.07.2021
SIEMENS CERT
SSA-729965 V1.0: TLS Certificate Validation Vulnerability in SINUMERIK Integrate Operate Client
Titel
SSA-729965 V1.0: TLS Certificate Validation Vulnerability in SINUMERIK Integrate Operate Client
Veröffentlicht
13. Juli 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-729965.pdf
Text
The latest update for SINUMERIK Integrate Operate Client fixes a vulnerability that could allow an attacker to spoof any SSL server certificate and conduct man-in-the-middle attacks. Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available
13.07.2021
SIEMENS CERT
SSA-675303 V1.0: WIBU Systems CodeMeter Runtime Vulnerabilities in Siemens Products
Titel
SSA-675303 V1.0: WIBU Systems CodeMeter Runtime Vulnerabilities in Siemens Products
Veröffentlicht
13. Juli 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-675303.pdf
Text
WIBU Systems disclosed two vulnerabilities and a new release version of CodeMeter Runtime, a product provided by WIBU Systems and used in several Siemens products for license management. The vulnerabilities are described in the section “Vulnerability Classification” below and got assigned the CVE IDs CVE-2021-20093 and CVE-2021-20094. Successful exploitation of ...
13.07.2021
SIEMENS CERT
SSA-661034 V1.0: Incorrect Permission Assignment in Multiple SIMATIC Software Products
Titel
SSA-661034 V1.0: Incorrect Permission Assignment in Multiple SIMATIC Software Products
Veröffentlicht
13. Juli 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-661034.pdf
Text
Multiple SIMATIC software products are affected by a vulnerability that could allow an attacker to change the content of certain metafiles and subsequently manipulate parameters or behaviour of devices configured by the affected software products. Siemens has released an update for the SIMATIC STEP 7 V5.X and recommends to update ...
13.07.2021
SIEMENS CERT
SSA-641963 V1.0: Remote Code Execution Vulnerability in Multiple SIMATIC Software Products
Titel
SSA-641963 V1.0: Remote Code Execution Vulnerability in Multiple SIMATIC Software Products
Veröffentlicht
13. Juli 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-641963.pdf
Text
Multiple SIMATIC Software products are affected by a vulnerability that could allow an attacker to manipulate project files and remotely execute code. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not, or not ...
13.07.2021
SIEMENS CERT
SSA-599968 V1.0: Denial-of-Service Vulnerability in Profinet Devices
Titel
SSA-599968 V1.0: Denial-of-Service Vulnerability in Profinet Devices
Veröffentlicht
13. Juli 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-599968.pdf
Text
A vulnerability in affected devices could allow an attacker to perform a denial-of-service attack if a large amount of Profinet Discovery and Configuration Protocol (DCP) reset packets is sent to the affected devices. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens ...
13.07.2021
SIEMENS CERT
SSA-560465 V1.0: DHCP Client Vulnerability in VxWorks-based Industrial Products
Titel
SSA-560465 V1.0: DHCP Client Vulnerability in VxWorks-based Industrial Products
Veröffentlicht
13. Juli 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-560465.pdf
Text
Various industry products are affected by a DHCP client vulnerability in Wind River VxWorks, that could allow an attacker to cause a heap-based buffer overflow. Siemens recommends specific countermeasures for products where updates are not, or not yet available.
13.07.2021
SIEMENS CERT
SSA-483182 V1.0: Multiple File Parsing Vulnerabilities in JT2Go and Teamcenter Visualization before V13.2
Titel
SSA-483182 V1.0: Multiple File Parsing Vulnerabilities in JT2Go and Teamcenter Visualization before V13.2
Veröffentlicht
13. Juli 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf
Text
Siemens has released version V13.2 for JT2Go and Teamcenter Visualization to fix multiple vulnerabilities that could be triggered when the products read files in different file formats (GIF, TIFF, BMP, J2K, JT, SGI, PDF, PCT, PCX, PAR and ASM ). If a user is tricked to opening of a malicious ...
13.07.2021
SIEMENS CERT
SSA-434535 V1.0: Memory Protection Bypass Vulnerability in SINAMICS PERFECT HARMONY GH180 Drives
Titel
SSA-434535 V1.0: Memory Protection Bypass Vulnerability in SINAMICS PERFECT HARMONY GH180 Drives
Veröffentlicht
13. Juli 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-434535.pdf
Text
Several models of SINAMICS PERFECT HARMONY GH180 Drives are affected by a memory protection bypass vulnerability in the integrated S7-1500 or S7-1200 CPU that could allow an attacker to write arbitrary data and code to protected memory areas or read sensitive data to launch further attacks on the CPU. Siemens ...
13.07.2021
SIEMENS CERT
SSA-373591 V1.0: Buffer Overflow Vulnerability in RUGGEDCOM ROS Devices
Titel
SSA-373591 V1.0: Buffer Overflow Vulnerability in RUGGEDCOM ROS Devices
Veröffentlicht
13. Juli 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-373591.pdf
Text
The latest update for RUGGEDCOM ROS devices fixes a buffer overflow vulnerability in the third party component that could allow an attacker with network access to an affected device to cause a remote code execution condition. Siemens has released updates for the affected products and recommends to update to the ...
13.07.2021
SIEMENS CERT
SSA-352521 V1.0: Access Check Bypass Vulnerability in Mendix
Titel
SSA-352521 V1.0: Access Check Bypass Vulnerability in Mendix
Veröffentlicht
13. Juli 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-352521.pdf
Text
An incorrect authorization check in Mendix applications could allow an attacker to bypass write permissions to attributes of objects under certain circumstances. Mendix has released an update for Mendix and recommends to update to the latest version.
13.07.2021
SIEMENS CERT
SSA-209268 V1.0: Multiple JT File Parsing Vulnerabilities in JT Utilities before V13.0.2.0
Titel
SSA-209268 V1.0: Multiple JT File Parsing Vulnerabilities in JT Utilities before V13.0.2.0
Veröffentlicht
13. Juli 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-209268.pdf
Text
Siemens has released version V13.0.2.0 for JT Utilities to fix multiple vulnerabilities that could be triggered when reading JT files. Siemens recommends to update to the latest version, which contains solutions to all the vulnerabilities listed in this advisory. Standing recommendation is to avoid opening of untrusted files from unknown ...
13.07.2021
SIEMENS CERT
SSA-173615 V1.0: Multiple PAR and ASM File Parsing Vulnerabilities in Solid Edge
Titel
SSA-173615 V1.0: Multiple PAR and ASM File Parsing Vulnerabilities in Solid Edge
Veröffentlicht
13. Juli 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-173615.pdf
Text
Siemens has released version SE2021MP5 for Solid Edge to fix multiple heap based buffer overflow vulnerabilities that could be triggered when the application read files in PAR or ASM file formats. If a user is tricked to open a malicious file with the affected application, this could lead to a ...
13.07.2021
SIEMENS CERT
SSA-448291 V1.0: Denial-of-Service Vulnerability in ARP Protocol of RWG Universal Controllers
Titel
SSA-448291 V1.0: Denial-of-Service Vulnerability in ARP Protocol of RWG Universal Controllers
Veröffentlicht
13. Juli 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-448291.pdf
Text
A Denial-of-Service vulnerability was found affecting the ARP protocol on RWG Universal Controller devices. Siemens has released updates for the affected products and recommends to update to the latest versions.
13.07.2021
SIEMENS CERT
SSA-434536 V1.0: Memory Protection Bypass Vulnerability in SINUMERIK ONE and SINUMERIK MC
Titel
SSA-434536 V1.0: Memory Protection Bypass Vulnerability in SINUMERIK ONE and SINUMERIK MC
Veröffentlicht
13. Juli 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-434536.pdf
Text
SINUMERIK ONE and SINUMERIK MC products are affected by a memory protection bypass vulnerability in the integrated S7-1500 CPU that could allow an attacker to write arbitrary data and code to protected memory areas or read sensitive data to launch further attacks on the CPU. Siemens is preparing updates and ...
Juni 2021
08.06.2021
SIEMENS CERT
SSA-678983 V1.1 (Last Update: 2021-06-08): Vulnerabilities in Industrial PCs and CNC devices using Intel CPUs (November 2020)
Titel
SSA-678983 V1.1 (Last Update: 2021-06-08): Vulnerabilities in Industrial PCs and CNC devices using Intel CPUs (November 2020)
Veröffentlicht
8. Juni 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-678983.pdf
Text
Intel has published information on vulnerabilities in Intel products in November 2020. This advisory lists the Siemens IPC related products, that are affected by these vulnerabilities. In this advisory we take a representative CVE from each advisory: “Intel CSME, SPS, TXE, AMT and DAL Advisory” Intel-SA-00391 is represented by CVE-2020-8745 ...
08.06.2021
SIEMENS CERT
SSA-133038 V1.0: Multiple Modfem File Parsing Vulnerabilities in Simcenter Femap
Titel
SSA-133038 V1.0: Multiple Modfem File Parsing Vulnerabilities in Simcenter Femap
Veröffentlicht
8. Juni 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-133038.pdf
Text
Siemens Simcenter Femap is affected by two vulnerabilities that could be triggered when the application reads modfem files. If a user is tricked to open a malicious file with the affected application, this could lead to a crash, and potentially also to arbitrary code execution or data extraction on the ...
08.06.2021
SIEMENS CERT
SSA-200951 V1.0: Multiple Vulnerabilities in Third-Party Component libcurl of TIM Devices
Titel
SSA-200951 V1.0: Multiple Vulnerabilities in Third-Party Component libcurl of TIM Devices
Veröffentlicht
8. Juni 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-200951.pdf
Text
SIMATIC TIM 1531 IRC devices are vulnerable to multiple vulnerabilities in the third party component libcurl that could allow an attacker to extract sensitive information and pass a revoked certificate as valid. Siemens has released an update for SIMATIC TIM 1531 IRC and recommends to update to the latest versions.
08.06.2021
SIEMENS CERT
SSA-208356 V1.0: DFT File Parsing Vulnerabilities in Solid Edge
Titel
SSA-208356 V1.0: DFT File Parsing Vulnerabilities in Solid Edge
Veröffentlicht
8. Juni 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-208356.pdf
Text
Siemens has released a new version for Solid Edge to fix two vulnerabilities that could be triggered when the application read files in DFT file format. If a user is tricked to opening of a malicious file with the affected products, this could lead to application crash, or potentially arbitrary ...
08.06.2021
SIEMENS CERT
SSA-346262 V3.0 (Last Update: 2021-06-08): Denial-of-Service in Industrial Products
Titel
SSA-346262 V3.0 (Last Update: 2021-06-08): Denial-of-Service in Industrial Products
Veröffentlicht
8. Juni 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-346262.pdf
Text
Several industrial products are affected by a vulnerability that could allow remote attackers to conduct a Denial-of-Service (DoS) attack by sending specially crafted packets to port 161/udp (SNMP). Siemens has released updates for several affected products, and recommends that customers update to the new version. Siemens is preparing further updates ...
08.06.2021
SIEMENS CERT
SSA-473245 V2.0 (Last Update: 2021-06-08): Denial-of-Service Vulnerability in Profinet Devices
Titel
SSA-473245 V2.0 (Last Update: 2021-06-08): Denial-of-Service Vulnerability in Profinet Devices
Veröffentlicht
8. Juni 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-473245.pdf
Text
A vulnerability in affected devices could allow an attacker to perform a denial-of-service attack if a large amount of specially crafted UDP packets are sent to the device. Siemens has released updates for several affected products, and recommends that customers update to the new version. Siemens is preparing further updates ...
08.06.2021
SIEMENS CERT
SSA-534763 V1.5 (Last Update: 2021-06-08): Special Register Buffer Data Sampling (SRBDS) aka Crosstalk in Industrial Products
Titel
SSA-534763 V1.5 (Last Update: 2021-06-08): Special Register Buffer Data Sampling (SRBDS) aka Crosstalk in Industrial Products
Veröffentlicht
8. Juni 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-534763.pdf
Text
Security researchers published information on a vulnerability known as Crosstalk (INTEL-SA-00320). This vulnerability affects modern Intel processors to a varying degree. Several Siemens Industrial Products contain processors that are affected by the vulnerability. Siemens is preparing updates and recommends specific countermeasures until fixes are available.
08.06.2021
SIEMENS CERT
SSA-542525 V1.3 (Last Update: 2021-06-08): Authentication Vulnerabilities in SIMATIC HMI Products
Titel
SSA-542525 V1.3 (Last Update: 2021-06-08): Authentication Vulnerabilities in SIMATIC HMI Products
Veröffentlicht
8. Juni 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-542525.pdf
Text
SIMATIC HMI Products are affected by two vulnerabilities that could allow a remote attacker to discover user passwords and obtain access to the Sm@rt Server via a brute-force attack. Siemens has released updates for the affected products and recommends to update to the latest versions. Siemens also suggests following the ...
08.06.2021
SIEMENS CERT
SSA-574442 V1.1 (Last Update: 2021-06-08): Multiple PAR and DFT File Parsing Vulnerabilities in Solid Edge
Titel
SSA-574442 V1.1 (Last Update: 2021-06-08): Multiple PAR and DFT File Parsing Vulnerabilities in Solid Edge
Veröffentlicht
8. Juni 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-574442.pdf
Text
Siemens has released a new version for Solid Edge to fix multiple vulnerabilities that could be triggered when the application reads files in different file formats (PAR, DFT extensions). If a user is tricked to open a malicious file with the affected application, this could lead to a crash, and ...
08.06.2021
SIEMENS CERT
SSA-211752 V1.0: Multiple NTP-Client Related Vulnerabilities in SIMATIC NET CP 443-1 OPC UA
Titel
SSA-211752 V1.0: Multiple NTP-Client Related Vulnerabilities in SIMATIC NET CP 443-1 OPC UA
Veröffentlicht
8. Juni 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf
Text
All versions of the SIMATIC NET CP 443-1 OPC UA contain multiple vulnerabilities in the underlying third party component NTP. Siemens recommends specific countermeasures for products where updates are not, or not yet available.

Letzte Updates

BOSCH PSIRT
14.08.2025
SIEMENS CERT
16.09.2025
US CERT
25.08.2025
US CERT (ICS)
16.09.2025

Nach Quelle

Archiv

2025
2024
2023
2022
2021
2020
2019
2018
2017

Feeds