October 2024
Title
Siemens Sentron Powercenter 1000
Published
Oct. 10, 2024, 2 p.m.
Summary
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY ...
Title
Siemens Questa and ModelSim
Published
Oct. 10, 2024, 2 p.m.
Summary
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY ...
Title
Siemens HiMed Cockpit
Published
Oct. 10, 2024, 2 p.m.
Summary
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY ...
Title
Rockwell Automation ControlLogix
Published
Oct. 10, 2024, 2 p.m.
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: ControlLogix Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to send a specially crafted CIP message and cause a denial-of-service condition on the affected device. ...
Title
Siemens SIMATIC S7-1500 and S7-1200 CPUs
Published
Oct. 10, 2024, 2 p.m.
Summary
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY ...
Title
Rockwell Automation Verve Asset Manager
Published
Oct. 10, 2024, 2 p.m.
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: Verve Asset Manager Vulnerability: Placement of User into Incorrect Group 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthorized user to access previous data they should no longer have access ...
Title
Siemens PSS SINCAL
Published
Oct. 10, 2024, 2 p.m.
Summary
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY ...
Title
Siemens SINEC Security Monitor
Published
Oct. 10, 2024, 2 p.m.
Summary
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY ...
Title
Siemens SENTRON PAC3200 Devices
Published
Oct. 10, 2024, 2 p.m.
Summary
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY ...
Title
Rockwell Automation PowerFlex 6000T
Published
Oct. 10, 2024, 2 p.m.
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.2 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: PowerFlex 6000T Vulnerability: Improper Check for Unusual or Exceptional Conditions 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ...
Title
Siemens SIMATIC S7-1500 CPUs
Published
Oct. 10, 2024, 2 p.m.
Summary
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY ...
Title
Siemens JT2Go
Published
Oct. 10, 2024, 2 p.m.
Summary
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY ...
Title
SSA-438590 V1.0: Buffer Overflow Vulnerability in Siveillance Video Camera Drivers
Published
Oct. 10, 2024, 2 a.m.
Summary
Several camera device drivers in the Siveillance Video Device Pack contain a buffer overflow vulnerability that could be exploited under strict conditions. This could allow an attacker to execute code with the permissions of the Recording Server user. Siemens has released an update of the Device Pack recommends to apply ...
Title
SSA-097435 V1.3 (Last Update: 2024-10-10): Usernames Disclosure Vulnerability in Mendix Runtime
Published
Oct. 10, 2024, 2 a.m.
Summary
Mendix Runtime contains an observable response discrepancy vulnerability when validating usernames during authentication. This could allow unauthenticated remote attackers to distinguish between valid and invalid usernames. Siemens has released a new version for Mendix Runtime V8 and recommends to update to the latest version. Siemens is preparing further fix versions ...
Title
Microsoft Releases October 2024 Security Updates
Published
Oct. 8, 2024, 8:41 p.m.
Summary
Microsoft released security updates to address vulnerabilities in multiple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following and apply necessary updates: Microsoft Security Update Guide for October
Title
SSA-698820 V1.3 (Last Update: 2024-10-08): Multiple Vulnerabilities in Fortigate NGFW Before V7.4.4 on RUGGEDCOM APE1808 Devices
Published
Oct. 8, 2024, 2 a.m.
Summary
Fortinet has published information on vulnerabilities in FORTIOS. This advisory lists the related Siemens Industrial products. Siemens has released a new version of Fortigate NGFW for RUGGEDCOM APE1808 and recommends to update to the latest version. Siemens recommends to consult and implement the workarounds provided in Fortinet’s upstream security notifications.
Title
SSA-711309 V2.1 (Last Update: 2024-10-08): Denial of Service Vulnerability in the OPC UA Implementations of SIMATIC Products
Published
Oct. 8, 2024, 2 a.m.
Summary
The OPC UA implementations (ANSI C and C++) as used in several SIMATIC products contain a denial of service vulnerability that could allow an unauthenticated remote attacker to create a denial of service condition by sending a specially crafted certificate. Siemens has released new versions for several affected products and ...
Title
SSA-629254 V1.1 (Last Update: 2024-10-08): Remote Code Execution Vulnerability in SIMATIC SCADA and PCS 7 systems
Published
Oct. 8, 2024, 2 a.m.
Summary
The products listed below contain a remote code execution vulnerability that could allow an unauthenticated remote attacker to execute arbitrary code with high privileges. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends countermeasures ...
Title
SSA-783481 V1.3 (Last Update: 2024-10-08): Denial-of-Service Vulnerability in LOGO! 8 BM
Published
Oct. 8, 2024, 2 a.m.
Summary
A Denial-of-Service vulnerability has been identified in LOGO! 8 BM. This vulnerability could allow an attacker to crash a device, if a user is tricked into loading a malicious project file onto an affected device. The vulnerability is related to the hardware of the product. Siemens has released new hardware ...
Title
SSA-844582 V1.2 (Last Update: 2024-10-08): Electromagnetic Fault Injection in LOGO! V8.3 BM Devices Results in Broken LOGO! V8.3 Product CA
Published
Oct. 8, 2024, 2 a.m.
Summary
LOGO! V8.3 BM (incl. SIPLUS variants) devices contain a vulnerability that could allow an electromagnetic fault injection. This could allow an attacker to dump and debug the firmware, including the manipulation of memory. Further actions could allow to inject public keys of custom created key pairs which are then signed ...
Title
SSA-626178 V1.0: Stack-Based Buffer Overflow Vulnerability in JT2Go Before V2406.0003
Published
Oct. 8, 2024, 2 a.m.
Summary
Siemens JT2Go is affected by a stack-based buffer overflow vulnerability that could be triggered when the application reads files in PDF format. If a user is tricked to open a malicious file with any of the affected products, this could lead the application to crash or potentially lead to arbitrary ...
Title
SSA-430425 V1.0: Multiple Vulnerabilities in SINEC Security Monitor before V4.9.0
Published
Oct. 8, 2024, 2 a.m.
Summary
SINEC Security Monitor before V4.9.0 contains multiple vulnerabilities. Siemens has released a new version for Siemens SINEC Security Monitor and recommends to update to the latest version.
Title
SSA-876787 V1.0: Open Redirect Vulnerability in SIMATIC S7-1500 and S7-1200 CPUs
Published
Oct. 8, 2024, 2 a.m.
Summary
Several SIMATIC S7-1500 and S7-1200 CPU versions are affected by an open redirect vulnerability that could allow an attacker to make the web server of affected devices redirect a legitimate user to an attacker-chosen URL. For a successful attack, the legitimate user must actively click on an attacker-crafted link. Siemens ...
Title
SSA-852501 V1.0: Multiple Memory Corruption Vulnerabilities in Simcenter Nastran Before 2406.5000
Published
Oct. 8, 2024, 2 a.m.
Summary
Simcenter Nastran contains multiple memory corruption vulnerabilities that could be triggered when the application reads files in BDF file formats. If a user is tricked to open a malicious file with any of the affected products, this could lead the application to crash or potentially lead to arbitrary code execution. ...
Title
SSA-426509 V1.0: Multiple Local Code Execution Vulnerabilities in Questa and ModelSim Before V2024.3
Published
Oct. 8, 2024, 2 a.m.
Summary
Questa and ModelSim (incl. OEM Editions) are affected by multiple vulnerabilities that could allow a local attacker to inject arbitrary code and escalate privileges. Siemens has released new versions for the affected products and recommends to update to the latest versions.

Last Updates

BOSCH PSIRT
02.10.2024
SIEMENS CERT
10.10.2024
US CERT
08.10.2024
US CERT (ICS)
10.10.2024

By Source

Archive

2024
2023
2022
2021
2020
2019
2018
2017

Feeds