Mai 2021
11.05.2021
SIEMENS CERT
SSA-501073 V1.0: Vulnerabilities in Controllers CPU 1518 MFP using Intel CPUs (November 2020)
Titel
SSA-501073 V1.0: Vulnerabilities in Controllers CPU 1518 MFP using Intel CPUs (November 2020)
Veröffentlicht
11. Mai 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-501073.pdf
Text
Intel has published information on vulnerabilities in Intel products in November 2020. This advisory lists the Siemens Controllers that are affected by these vulnerabilities. In this advisory we take a representative CVE from each advisory: “Intel CSME, SPS, TXE, AMT and DAL Advisory” Intel-SA-00391 is represented by CVE-2020-8744 “BIOS Advisory” ...
11.05.2021
SIEMENS CERT
SSA-324955 V1.0: SAD DNS Attack in Linux Based Products
Titel
SSA-324955 V1.0: SAD DNS Attack in Linux Based Products
Veröffentlicht
11. Mai 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-324955.pdf
Text
A vulnerability made public under the name SAD DNS affects Domain Name System resolvers due to a vulnerability in the Linux kernel when handling ICMP packets. The Siemens products which are affected are listed below. For more information please see https://www.saddns.net/. Siemens has released updates for several affected products and ...
11.05.2021
SIEMENS CERT
SSA-286838 V1.0: Multiple Vulnerabilities in SINAMICS Medium Voltage Products
Titel
SSA-286838 V1.0: Multiple Vulnerabilities in SINAMICS Medium Voltage Products
Veröffentlicht
11. Mai 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf
Text
SINAMICS medium voltage products, with Sm@rtServer enabled on SIMATIC comfort HMI Panels, are affected by multiple vulnerabilities that could allow an attacker, under certain conditions, to gain full remote access to the HMI. Note that by default Sm@rtServer is disabled, but it can be enabled on request by the system ...
11.05.2021
SIEMENS CERT
SSA-116379 V1.0: Denial-of-Service Vulnerability in OSPF Packet Handling of SCALANCE XM-400 and XR-500 Devices
Titel
SSA-116379 V1.0: Denial-of-Service Vulnerability in OSPF Packet Handling of SCALANCE XM-400 and XR-500 Devices
Veröffentlicht
11. Mai 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-116379.pdf
Text
SCALANCE XM-400 and XR-500 devices contain a vulnerability in the OSPF protocol implementation that could allow an unauthenticated remote attacker to create a permanent denial-of-service condition. Siemens has released updates for the affected products and recommends to update to the latest versions.
11.05.2021
SIEMENS CERT
SSA-678983 V1.0: Vulnerabilities in Industrial PCs and CNC devices using Intel CPUs (November 2020)
Titel
SSA-678983 V1.0: Vulnerabilities in Industrial PCs and CNC devices using Intel CPUs (November 2020)
Veröffentlicht
11. Mai 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-678983.pdf
Text
Intel has published information on vulnerabilities in Intel products in November 2020. This advisory lists the Siemens IPC related products, that are affected by these vulnerabilities. In this advisory we take a representative CVE from each advisory: “Intel CSME, SPS, TXE, AMT and DAL Advisory” Intel-SA-00391 is represented by CVE-2020-8745 ...
11.05.2021
SIEMENS CERT
SSA-794542 V1.1 (Last Update: 2021-05-11): Insecure Folder Permissions in SIMARIS Configuration
Titel
SSA-794542 V1.1 (Last Update: 2021-05-11): Insecure Folder Permissions in SIMARIS Configuration
Veröffentlicht
11. Mai 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-794542.pdf
Text
The installation of SIMARIS configuration causes insecure folder permissions that could allow vertical privilege escalation. Siemens has released an update for SIMARIS and recommends to update to the latest version.
11.05.2021
SIEMENS CERT
SSA-723417 V1.0: Multiple Vulnerabilities in SCALANCE W1750D
Titel
SSA-723417 V1.0: Multiple Vulnerabilities in SCALANCE W1750D
Veröffentlicht
11. Mai 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf
Text
Siemens SCALANCE W1750D is a brand-labeled device. Aruba has released a related security advisory ARUBA-PSA-2021-007 disclosing vulnerabilities in its Aruba Instant product line. Siemens is preparing updates and recommends countermeasures for products where updates are not, or not yet available.
April 2021
14.04.2021
SIEMENS CERT
SSA-875726 V1.0: Privilege Escalation Vulnerability in Mendix
Titel
SSA-875726 V1.0: Privilege Escalation Vulnerability in Mendix
Veröffentlicht
14. April 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-875726.pdf
Text
The latest updates for Mendix fix a vulnerability in Mendix Applications that could allow malicious authorized users to escalate their privileges. Mendix has released an update for Mendix and recommends to update to the latest version.
13.04.2021
SIEMENS CERT
SSA-163226 V1.0: CELL File Parsing Vulnerability in Tecnomatix RobotExpert
Titel
SSA-163226 V1.0: CELL File Parsing Vulnerability in Tecnomatix RobotExpert
Veröffentlicht
13. April 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-163226.pdf
Text
Siemens Tecnomatix RobotExpert version V16.1 fixes a vulnerability that could be triggered when the application reads CELL files. If a user is tricked to open a malicious file with the affected application, this could lead to a crash, and potentially also to arbitrary code execution or data extraction on the ...
13.04.2021
SIEMENS CERT
SSA-185699 V1.0: Out of Bounds Write Vulnerabilities (NAME:WRECK) in the DNS Module of Nucleus Products
Titel
SSA-185699 V1.0: Out of Bounds Write Vulnerabilities (NAME:WRECK) in the DNS Module of Nucleus Products
Veröffentlicht
13. April 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-185699.pdf
Text
Security researchers discovered and disclosed 9 vulnerabilities in several DNS implementations, also known as “NAME:WRECK” vulnerabilities. The vulnerabilities described in this advisories are from this set. The DNS client of affected products contains two out of bounds write vulnerabilities in the handling of DNS responses that could allow an attacker ...
13.04.2021
SIEMENS CERT
SSA-187092 V1.0: Several Buffer-Overflow Vulnerabilities in Web Server of SCALANCE X-200
Titel
SSA-187092 V1.0: Several Buffer-Overflow Vulnerabilities in Web Server of SCALANCE X-200
Veröffentlicht
13. April 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-187092.pdf
Text
Several SCALANCE X-200 switches contain buffer overflow vulnerabilities in the web server. In the most severe case an attacker could potentially remotely execute code. Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available.
13.04.2021
SIEMENS CERT
SSA-201384 V1.0: Predictable UDP Port Number Vulnerability (NAME:WRECK) in the DNS Module of Nucleus Products
Titel
SSA-201384 V1.0: Predictable UDP Port Number Vulnerability (NAME:WRECK) in the DNS Module of Nucleus Products
Veröffentlicht
13. April 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-201384.pdf
Text
Security researchers discovered and disclosed 9 vulnerabilities in several DNS implementations, also known as “NAME:WRECK” vulnerabilities. The vulnerability described in this advisories is from this set. The DNS client of affected products contains a vulnerability related to the handling of UDP port numbers in DNS requests that could allow an ...
13.04.2021
SIEMENS CERT
SSA-248289 V1.0: Denial-of-Service Vulnerabilities in the IPv6 Stack of Nucleus Products
Titel
SSA-248289 V1.0: Denial-of-Service Vulnerabilities in the IPv6 Stack of Nucleus Products
Veröffentlicht
13. April 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-248289.pdf
Text
The IPv6 stack of affected products contains two vulnerabilities when processing IPv6 headers which could allow an attacker to cause a denial-of-service condition. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing updates and recommends specific countermeasures for products where ...
13.04.2021
SIEMENS CERT
SSA-292794 V1.0: Multiple Denial-of-Service Vulnerabilities in SINEMA Remote Connect Server
Titel
SSA-292794 V1.0: Multiple Denial-of-Service Vulnerabilities in SINEMA Remote Connect Server
Veröffentlicht
13. April 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-292794.pdf
Text
The latest update for SINEMA Remote Connect Server fixes two Denial-of-Service vulnerabilities in the underlying third-party XML parser. Siemens has released updates for the affected product and recommends to update to the latest versions.
13.04.2021
SIEMENS CERT
SSA-497656 V1.0: Multiple NTP Vulnerabilities in TIM 4R-IE Devices
Titel
SSA-497656 V1.0: Multiple NTP Vulnerabilities in TIM 4R-IE Devices
Veröffentlicht
13. April 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf
Text
There are multiple vulnerabilities in the underlying NTP component of the affected TIM 4R-IE. Siemens recommends specific countermeasures for products where updates are not, or not yet available.
13.04.2021
SIEMENS CERT
SSA-574442 V1.0: Multiple PAR and DFT File Parsing Vulnerabilities in Solid Edge
Titel
SSA-574442 V1.0: Multiple PAR and DFT File Parsing Vulnerabilities in Solid Edge
Veröffentlicht
13. April 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-574442.pdf
Text
Siemens has released a new version for Solid Edge to fix multiple vulnerabilities that could be triggered when the application reads files in different file formats (PAR, DFT extensions). If a user is tricked to open a malicious file with the affected application, this could lead to a crash, and ...
13.04.2021
SIEMENS CERT
SSA-669158 V1.0: DNS Client Vulnerabilities in SIMOTICS CONNECT 400
Titel
SSA-669158 V1.0: DNS Client Vulnerabilities in SIMOTICS CONNECT 400
Veröffentlicht
13. April 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-669158.pdf
Text
SIMOTICS CONNECT 400 is affected by DNS Client vulnerabilities as initially reported in Siemens Security Advisory SSA-705111 for the Mentor DNS Module. Siemens is preparing updates and recommends countermeasures for products where updates are not, or not yet available.
13.04.2021
SIEMENS CERT
SSA-853866 V1.0: User Credentials Disclosure Vulnerability in Siveillance Video Open Network Bridge (ONVIF)
Titel
SSA-853866 V1.0: User Credentials Disclosure Vulnerability in Siveillance Video Open Network Bridge (ONVIF)
Veröffentlicht
13. April 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-853866.pdf
Text
Siemens has released hotfixes for Siveillance Video Open Network Bridge (ONVIF) which fix a security vulnerability related to unsecure storage of ONVIF user credentials. The vulnerability could allow an authenticated remote attacker to retrieve and decrypt all user credentials stored on the ONVIF server. Siemens recommends to apply the hotfixes ...
13.04.2021
SIEMENS CERT
SSA-983300 V1.0: Vulnerabilities in LOGO! Soft Comfort
Titel
SSA-983300 V1.0: Vulnerabilities in LOGO! Soft Comfort
Veröffentlicht
13. April 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-983300.pdf
Text
Two vulnerabilities have been identified in the LOGO! Soft Comfort software. These could allow an attacker to take over a system with the affected software installed. Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available.
13.04.2021
SIEMENS CERT
SSA-705111 V1.0: Vulnerabilities (NAME:WRECK) in DNS Module of Nucleus Products
Titel
SSA-705111 V1.0: Vulnerabilities (NAME:WRECK) in DNS Module of Nucleus Products
Veröffentlicht
13. April 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-705111.pdf
Text
Security researchers discovered and disclosed 9 vulnerabilities in several DNS implementations, also known as “NAME:WRECK” vulnerabilities. The vulnerabilities described in this advisories are from this set. The DNS client of affected products contains multiple vulnerabilities related to the handling of DNS responses and requests. The most severe could allow an ...
13.04.2021
SIEMENS CERT
SSA-296266 V1.1 (Last Update: 2021-04-13): Denial-of-Service Vulnerability in SCALANCE and RUGGEDCOM Devices
Titel
SSA-296266 V1.1 (Last Update: 2021-04-13): Denial-of-Service Vulnerability in SCALANCE and RUGGEDCOM Devices
Veröffentlicht
13. April 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-296266.pdf
Text
Some firmware versions of the SCALANCE and RUGGEDCOM devices listed below are affected by a vulnerability in the SSH authentication that could allow an attacker to cause a Denial-of-Service under certain conditions. Siemens has released updates for the affected products and recommends to update to the latest version.
13.04.2021
SIEMENS CERT
SSB-439005 V3.3 (Last Update: 2021-04-13): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 151...
Titel
SSB-439005 V3.3 (Last Update: 2021-04-13): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP
Veröffentlicht
13. April 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssb-439005.pdf
Text
13.04.2021
SIEMENS CERT
SSA-761617 V1.1 (Last Update: 2021-04-13): Authentication Bypass and Information Disclosure Vulnerabilities in SiNVR/SiVMS Vide...
Titel
SSA-761617 V1.1 (Last Update: 2021-04-13): Authentication Bypass and Information Disclosure Vulnerabilities in SiNVR/SiVMS Video Server
Veröffentlicht
13. April 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-761617.pdf
Text
The Video Server application in SiNVR/SiVMS solutions contains two vulnerabilities involving authentication bypass (CVE-2019-18339) and information disclosure (CVE-2019-18340). PKE has released an update of the application that fixes CVE-2019-18339. This update is not available under the former Siemens OEM brand name SiNVR. For details see PKE Security Advisory at https://sivms.cloud/wp-content/uploads/2021/03/sivms-cve-fixes_1.0_EN.pdf ...
13.04.2021
SIEMENS CERT
SSA-763427 V1.5 (Last Update: 2021-04-13): Authentication Bypass Vulnerability in SIMATIC NET CP Modules and TIM Devices
Titel
SSA-763427 V1.5 (Last Update: 2021-04-13): Authentication Bypass Vulnerability in SIMATIC NET CP Modules and TIM Devices
Veröffentlicht
13. April 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-763427.pdf
Text
Siemens has released updates for Communication Processor (CP) module families CP 343-1/TIM 3V-IE/TIM 4R-IE/CP 443-1 to resolve an authentication bypass vulnerability that could allow unauthenticated users to perform administrative operations under certain conditions. 2021-04-13: Siemens has also added Profibus devices (CP 342-5 / CP 443-5) to this advisory. For these ...
13.04.2021
SIEMENS CERT
SSA-455843 V1.6 (Last Update: 2021-04-13): WIBU Systems CodeMeter Runtime Vulnerabilities in Siemens and Siemens Energy Products
Titel
SSA-455843 V1.6 (Last Update: 2021-04-13): WIBU Systems CodeMeter Runtime Vulnerabilities in Siemens and Siemens Energy Products
Veröffentlicht
13. April 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-455843.pdf
Text
CISA and WIBU Systems disclosed six vulnerabilities in different versions of CodeMeter Runtime, a product provided by WIBU Systems and used in several Siemens and Siemens Energy products for license management. The vulnerabilities are described in the section “Vulnerability Classification” below and got assigned the CVE IDs CVE-2020-14509, CVE-2020-14513, CVE-2020-14515, ...

Letzte Updates

BOSCH PSIRT
14.08.2025
SIEMENS CERT
09.09.2025
US CERT
25.08.2025
US CERT (ICS)
11.09.2025

Nach Quelle

Archiv

2025
2024
2023
2022
2021
2020
2019
2018
2017

Feeds