September 2021
14.09.2021
SIEMENS CERT
SSA-780073 V1.8 (Last Update: 2021-09-14): Denial-of-Service Vulnerability in PROFINET Devices via DCE-RPC Packets
Title
SSA-780073 V1.8 (Last Update: 2021-09-14): Denial-of-Service Vulnerability in PROFINET Devices via DCE-RPC Packets
Published
Sept. 14, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-780073.pdf
Summary
Products that include the Siemens PROFINET-IO (PNIO) stack in versMions prior V06.00 are potentially affected by a denial-of-service vulnerability when multiple legitimate diagnostic package requests are sent to the DCE-RPC interface. Siemens has released updates for several affected products and recommends to update to the new versions. Siemens is preparing ...
14.09.2021
SIEMENS CERT
SSA-772220 V1.2 (Last Update: 2021-09-14): OpenSSL Vulnerabilities in Industrial Products
Title
SSA-772220 V1.2 (Last Update: 2021-09-14): OpenSSL Vulnerabilities in Industrial Products
Published
Sept. 14, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-772220.pdf
Summary
OpenSSL has published a security advisory [0] about a vulnerability in OpenSSL versions 1.1.1 < 1.1.1k, that allows an unauthenticated attacker to cause a Denial-of-Service (DoS) if a maliciously crafted renegotiation message is sent. Siemens is preparing updates and recommends countermeasures for products where updates are not, or not yet ...
14.09.2021
SIEMENS CERT
SSA-756744 V1.1 (Last Update: 2021-09-14): OS Command Injection Vulnerability in SINEC NMS
Title
SSA-756744 V1.1 (Last Update: 2021-09-14): OS Command Injection Vulnerability in SINEC NMS
Published
Sept. 14, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-756744.pdf
Summary
The latest update for SINEC NMS fixes a vulnerability that could allow an authenticated remote attacker to execute arbitrary code on the system, with system privileges, under certain conditions. Siemens has released an update for SINEC NMS and recommends to update to the latest version.
14.09.2021
SIEMENS CERT
SSA-675303 V1.1 (Last Update: 2021-09-14): WIBU Systems CodeMeter Runtime Vulnerabilities in Siemens Products
Title
SSA-675303 V1.1 (Last Update: 2021-09-14): WIBU Systems CodeMeter Runtime Vulnerabilities in Siemens Products
Published
Sept. 14, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-675303.pdf
Summary
WIBU Systems disclosed two vulnerabilities and a new release version of CodeMeter Runtime, a product provided by WIBU Systems and used in several Siemens products for license management. The vulnerabilities are described in the section “Vulnerability Classification” below and got assigned the CVE IDs CVE-2021-20093 and CVE-2021-20094. Successful exploitation of ...
14.09.2021
SIEMENS CERT
SSA-661034 V1.1 (Last Update: 2021-09-14): Incorrect Permission Assignment in Multiple SIMATIC Software Products
Title
SSA-661034 V1.1 (Last Update: 2021-09-14): Incorrect Permission Assignment in Multiple SIMATIC Software Products
Published
Sept. 14, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-661034.pdf
Summary
Multiple SIMATIC software products are affected by a vulnerability that could allow an attacker to change the content of certain metafiles and subsequently manipulate parameters or behaviour of devices configured by the affected software products. Siemens has released updates for several affected products and recommends to update to the latest ...
14.09.2021
SIEMENS CERT
SSA-599968 V1.2 (Last Update: 2021-09-14): Denial-of-Service Vulnerability in Profinet Devices
Title
SSA-599968 V1.2 (Last Update: 2021-09-14): Denial-of-Service Vulnerability in Profinet Devices
Published
Sept. 14, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-599968.pdf
Summary
A vulnerability in affected devices could allow an attacker to perform a denial-of-service attack if a large amount of Profinet Discovery and Configuration Protocol (DCP) reset packets is sent to the affected devices. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens ...
14.09.2021
SIEMENS CERT
SSA-538778 V1.1 (Last Update: 2021-09-14): SmartVNC Vulnerabilities in SIMATIC HMI/WinCC Products
Title
SSA-538778 V1.1 (Last Update: 2021-09-14): SmartVNC Vulnerabilities in SIMATIC HMI/WinCC Products
Published
Sept. 14, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-538778.pdf
Summary
Multiple SmartVNC vulnerabilities in the affected products listed below could allow remote code execution and Denial-of-Service attacks under certain conditions. Siemens has released updates for the affected products and recommends to update to the latest version.
14.09.2021
SIEMENS CERT
SSA-462066 V2.5 (Last Update: 2021-09-14): Vulnerability known as TCP SACK PANIC in Industrial Products
Title
SSA-462066 V2.5 (Last Update: 2021-09-14): Vulnerability known as TCP SACK PANIC in Industrial Products
Published
Sept. 14, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf
Summary
Multiple industrial products are affected by a vulnerability in the kernel known as TCP SACK PANIC. The vulnerability could allow a remote attacker to cause a denial of service condition. Siemens has released updates for several affected products and recommends to update to the new versions. Siemens is preparing further ...
14.09.2021
SIEMENS CERT
SSB-439005 V3.7 (Last Update: 2021-09-14): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 151...
Title
SSB-439005 V3.7 (Last Update: 2021-09-14): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP
Published
Sept. 14, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssb-439005.pdf
Summary
14.09.2021
SIEMENS CERT
SSA-434536 V1.1 (Last Update: 2021-09-14): Memory Protection Bypass Vulnerability in SINUMERIK ONE and SINUMERIK MC
Title
SSA-434536 V1.1 (Last Update: 2021-09-14): Memory Protection Bypass Vulnerability in SINUMERIK ONE and SINUMERIK MC
Published
Sept. 14, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-434536.pdf
Summary
SINUMERIK ONE and SINUMERIK MC products are affected by a memory protection bypass vulnerability in the integrated S7-1500 CPU that could allow an attacker to write arbitrary data and code to protected memory areas or read sensitive data to launch further attacks on the CPU. Siemens has released updates for ...
14.09.2021
SIEMENS CERT
SSA-434534 V1.1 (Last Update: 2021-09-14): Memory Protection Bypass Vulnerability in SIMATIC S7-1200 and S7-1500 CPU Families
Title
SSA-434534 V1.1 (Last Update: 2021-09-14): Memory Protection Bypass Vulnerability in SIMATIC S7-1200 and S7-1500 CPU Families
Published
Sept. 14, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-434534.pdf
Summary
SIMATIC S7-1200 and S7-1500 CPU products contain a memory protection bypass vulnerability that could allow an attacker to write arbitrary data and code to protected memory areas or read sensitive data to launch further attacks. Siemens has released updates for several affected products and strongly recommends to update to the ...
14.09.2021
SIEMENS CERT
SSA-428051 V1.1 (Last Update: 2021-09-14): Privilege Escalation Vulnerability in TIA Administrator
Title
SSA-428051 V1.1 (Last Update: 2021-09-14): Privilege Escalation Vulnerability in TIA Administrator
Published
Sept. 14, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-428051.pdf
Summary
The latest update for TIA Administrator, installed together with TIA Portal and PCS neo, fixes a privilege escalation vulnerability that could allow local users to escalate privileges and execute code as local SYSTEM user. Siemens has released updates for the affected products and recommends to update to the latest versions.
14.09.2021
SIEMENS CERT
SSA-324955 V1.4 (Last Update: 2021-09-14): SAD DNS Attack in Linux Based Products
Title
SSA-324955 V1.4 (Last Update: 2021-09-14): SAD DNS Attack in Linux Based Products
Published
Sept. 14, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-324955.pdf
Summary
A vulnerability made public under the name SAD DNS affects Domain Name System resolvers due to a vulnerability in the Linux kernel when handling ICMP packets. The Siemens products which are affected are listed below. For more information please see https://www.saddns.net/. Siemens has released updates for several affected products and ...
14.09.2021
SIEMENS CERT
SSA-312271 V1.8 (Last Update: 2021-09-14): Unquoted Search Path Vulnerabilities in Windows-based Industrial Software Applications
Title
SSA-312271 V1.8 (Last Update: 2021-09-14): Unquoted Search Path Vulnerabilities in Windows-based Industrial Software Applications
Published
Sept. 14, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-312271.pdf
Summary
Several industrial products as listed below contain a local privilege escalation vulnerabilities that could allow authorized local users with administrative privileges to execute custom code with SYSTEM level privileges. Siemens has released updates for the affected products and recommends to update to the latest versions.
14.09.2021
SIEMENS CERT
SSA-274900 V1.2 (Last Update: 2021-09-14): Use of hardcoded key in Scalance X devices under certain conditions
Title
SSA-274900 V1.2 (Last Update: 2021-09-14): Use of hardcoded key in Scalance X devices under certain conditions
Published
Sept. 14, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-274900.pdf
Summary
Scalance X devices might not generate a unique random key after factory reset, and use a private key shipped with the firmware Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where ...
14.09.2021
SIEMENS CERT
SSA-187092 V1.1 (Last Update: 2021-09-14): Several Buffer-Overflow Vulnerabilities in Web Server of SCALANCE X-200
Title
SSA-187092 V1.1 (Last Update: 2021-09-14): Several Buffer-Overflow Vulnerabilities in Web Server of SCALANCE X-200
Published
Sept. 14, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-187092.pdf
Summary
Several SCALANCE X-200 switches contain buffer overflow vulnerabilities in the web server. In the most severe case an attacker could potentially remotely execute code. Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available.
14.09.2021
SIEMENS CERT
SSA-139628 V1.2 (Last Update: 2021-09-14): Vulnerabilities in Web Server for Scalance X Products
Title
SSA-139628 V1.2 (Last Update: 2021-09-14): Vulnerabilities in Web Server for Scalance X Products
Published
Sept. 14, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-139628.pdf
Summary
Several SCALANCE X switches contain vulnerabilities in the web server of the affected devices. An unauthenticated attacker could reboot, cause denial-of-service conditions and potentially impact the system by other means through heap and buffer overflow vulnerabilities. Siemens has released updates for several affected products and recommends to update to the ...
14.09.2021
SIEMENS CERT
SSA-102233 V1.6 (Last Update: 2021-09-14): SegmentSmack in VxWorks-based Industrial Devices
Title
SSA-102233 V1.6 (Last Update: 2021-09-14): SegmentSmack in VxWorks-based Industrial Devices
Published
Sept. 14, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-102233.pdf
Summary
The products listed below contain a vulnerability that could allow remote attackers to affect the availability of the devices under certain conditions. The underlying TCP stack can be forced to make very computation expensive calls for every incoming packet which can lead to a Denial-of-Service. Siemens has released an update ...
14.09.2021
SIEMENS CERT
SSA-100232 V1.3 (Last Update: 2021-09-14): Denial-of-Service vulnerability in SCALANCE X Switches
Title
SSA-100232 V1.3 (Last Update: 2021-09-14): Denial-of-Service vulnerability in SCALANCE X Switches
Published
Sept. 14, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-100232.pdf
Summary
A vulnerability in several SCALANCE X devices could allow an unauthenticated attacker with network access to an affected device to perform a denial-of-service. Siemens has released an update for SCALANCE X-200IRT and recommends to update to the latest version. Siemens recommends specific countermeasures for products where updates are not, or ...
14.09.2021
SIEMENS CERT
SSA-997732 V1.0: Modfem File Parsing Vulnerability in Simcenter Femap before V2021.2
Title
SSA-997732 V1.0: Modfem File Parsing Vulnerability in Simcenter Femap before V2021.2
Published
Sept. 14, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-997732.pdf
Summary
Siemens Simcenter Femap is affected by a vulnerability that could be triggered when the application reads modfem files. If a user is tricked to open a malicious file with the affected application, an attacker could leverage this vulnerability to leak information in the context of the current process. Siemens recommends ...
14.09.2021
SIEMENS CERT
SSA-987403 V1.0: Multiple Vulnerabilities in Teamcenter
Title
SSA-987403 V1.0: Multiple Vulnerabilities in Teamcenter
Published
Sept. 14, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-987403.pdf
Summary
Teamcenter is affected by three vulnerabilities namely incorrect privilege assignment, Insecure Direct Object Reference (IDOR) and XML External Entity Injection (XXE). Siemens has released updates for the affected products and recommends to update to the latest versions.
14.09.2021
SIEMENS CERT
SSA-944498 V1.0: Buffer Overflow Vulnerability in Web Server of APOGEE and TALON Automation Devices
Title
SSA-944498 V1.0: Buffer Overflow Vulnerability in Web Server of APOGEE and TALON Automation Devices
Published
Sept. 14, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-944498.pdf
Summary
A buffer overflow vulnerability in the integrated web server of multiple APOGEE and TALON automation devices could allow a remote attacker to execute arbitrary code on the devices with root privileges. Affected devices include the APOGEE MBC/MEC/PXC P2 Ethernet devices with Power Open Processors (PPC), APOGEE PXC BACnet devices, and ...
14.09.2021
SIEMENS CERT
SSA-847986 V1.0: Denial-of-Service Vulnerabilities in SIPROTEC 5 relays
Title
SSA-847986 V1.0: Denial-of-Service Vulnerabilities in SIPROTEC 5 relays
Published
Sept. 14, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-847986.pdf
Summary
The latest update for SIPROTEC 5 relays fixes two vulnerabilities that could allow a remote attacker to cause a denial-of-service or potentially trigger a remote code execution under certain circumstances. Siemens has released an update for SIPROTEC 5 relays and recommends to update to the latest version.
14.09.2021
SIEMENS CERT
SSA-835377 V1.0: Missing Authentication Vulnerability in SINEMA Server
Title
SSA-835377 V1.0: Missing Authentication Vulnerability in SINEMA Server
Published
Sept. 14, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-835377.pdf
Summary
The latest update for SINEMA Server fixes a vulnerability that could allow an unauthenticated attacker to obtain encoded system configuration backup files under certain conditions. Siemens has released an update for the SINEMA Server and recommends to update to the latest version.
14.09.2021
SIEMENS CERT
SSA-756638 V1.0: Vulnerabilities in Third-Party Component Mbed TLS of LOGO! CMR Family and SIMATIC RTU 3000 Family
Title
SSA-756638 V1.0: Vulnerabilities in Third-Party Component Mbed TLS of LOGO! CMR Family and SIMATIC RTU 3000 Family
Published
Sept. 14, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-756638.pdf
Summary
Devices of the LOGO! CMR family and the SIMATIC RTU 3000 family are affected by several vulnerabilities in the third party component Mbed TLS. They could allow an attacker with access to any of the interfaces of an affected device to impact the availability or to communicate with invalid certificates. ...

Last Updates

BOSCH PSIRT
15.01.2025
SIEMENS CERT
17.04.2025
US CERT
01.04.2025
US CERT (ICS)
17.04.2025

By Source

Archive

2025
2024
2023
2022
2021
2020
2019
2018
2017

Feeds