Bulletins | CERT@VDE

…
99
100
101 (current)
102
103
…

December 2021

14.12.2021

SIEMENS CERT

SSA-352143 V1.0: Multiple File Parsing Vulnerabilities in JTTK before V11.0.3.0 and JT Utilities before V13.0.3.0

Title

SSA-352143 V1.0: Multiple File Parsing Vulnerabilities in JTTK before V11.0.3.0 and JT Utilities before V13.0.3.0

Published

Dec. 14, 2021, 1 a.m.

URL

https://cert-portal.siemens.com/productcert/pdf/ssa-352143.pdf

Summary

JT Open Toolkit (JTTK) before V11.0.3.0 contains multiple vulnerabilities that could be triggered when the affected product reads a maliciously crafted JT file. These vulnerabilities also affects JT Utilities before V13.0.3.0. If a user is tricked to open a malicious file with any of the affected products, this could lead ...

14.12.2021

SIEMENS CERT

SSA-199605 V1.0: Arbitrary File Download Vulnerability in SIMATIC eaSie PCS 7 Skill Package

Title

SSA-199605 V1.0: Arbitrary File Download Vulnerability in SIMATIC eaSie PCS 7 Skill Package

Published

Dec. 14, 2021, 1 a.m.

URL

https://cert-portal.siemens.com/productcert/pdf/ssa-199605.pdf

Summary

SIMATIC eaSie PCS 7 Skill Package contains a path traversal vulnerability that could allow an authenticated remote attacker to read arbitrary files for the application server. Siemens has released an update for the SIMATIC eaSie PCS 7 Skill Package and recommends to update to the latest version.

14.12.2021

SIEMENS CERT

SSA-161331 V1.0: Scene File Parsing Vulnerability in Simcenter STAR-CCM+ Viewer before V2021.3.1

Title

SSA-161331 V1.0: Scene File Parsing Vulnerability in Simcenter STAR-CCM+ Viewer before V2021.3.1

Published

Dec. 14, 2021, 1 a.m.

URL

https://cert-portal.siemens.com/productcert/pdf/ssa-161331.pdf

Summary

Siemens Simcenter STAR-CCM+ Viewer is affected by a vulnerability that could be triggered when the application reads scene (.sce) files. If a user is tricked to open a malicious file with the affected application, this could lead to a crash, and potentially also to arbitrary code execution or data extraction ...

14.12.2021

SIEMENS CERT

SSA-133772 V1.0: Zip Path Traversal Vulnerability in Teamcenter Active Workspace

Title

SSA-133772 V1.0: Zip Path Traversal Vulnerability in Teamcenter Active Workspace

Published

Dec. 14, 2021, 1 a.m.

URL

https://cert-portal.siemens.com/productcert/pdf/ssa-133772.pdf

Summary

A zip path traversal vulnerability in Teamcenter Active Workspace could allow an attacker to achieve remote code execution. Siemens has released updates for the affected products and recommends to update to the latest versions.

13.12.2021

SIEMENS CERT

SSA-661247 V1.0: Apache Log4j Vulnerability (CVE-2021-44228, Log4Shell) - Impact to Siemens Products

Title

SSA-661247 V1.0: Apache Log4j Vulnerability (CVE-2021-44228, Log4Shell) - Impact to Siemens Products

Published

Dec. 13, 2021, 1 a.m.

URL

https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf

Summary

On 2021-12-09, a vulnerability in Apache Log4j (a logging tool used in many Java-based applications) was disclosed, that could allow remote unauthenticated attackers to execute code on vulnerable systems. The vulnerability is tracked as CVE-2021-44228 and is also known as “Log4Shell”. Siemens is currently investigating to determine which products are ...

Last Updates

By Source

Archive

2025

2024

2023

2022

2021

2020

2019

2018

2017

Feeds