July 2021
Title
SSA-729965 V1.0: TLS Certificate Validation Vulnerability in SINUMERIK Integrate Operate Client
Published
July 13, 2021, 2 a.m.
Summary
The latest update for SINUMERIK Integrate Operate Client fixes a vulnerability that could allow an attacker to spoof any SSL server certificate and conduct man-in-the-middle attacks. Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available
Title
SSA-675303 V1.0: WIBU Systems CodeMeter Runtime Vulnerabilities in Siemens Products
Published
July 13, 2021, 2 a.m.
Summary
WIBU Systems disclosed two vulnerabilities and a new release version of CodeMeter Runtime, a product provided by WIBU Systems and used in several Siemens products for license management. The vulnerabilities are described in the section “Vulnerability Classification” below and got assigned the CVE IDs CVE-2021-20093 and CVE-2021-20094. Successful exploitation of ...
Title
SSA-661034 V1.0: Incorrect Permission Assignment in Multiple SIMATIC Software Products
Published
July 13, 2021, 2 a.m.
Summary
Multiple SIMATIC software products are affected by a vulnerability that could allow an attacker to change the content of certain metafiles and subsequently manipulate parameters or behaviour of devices configured by the affected software products. Siemens has released an update for the SIMATIC STEP 7 V5.X and recommends to update ...
Title
SSA-641963 V1.0: Remote Code Execution Vulnerability in Multiple SIMATIC Software Products
Published
July 13, 2021, 2 a.m.
Summary
Multiple SIMATIC Software products are affected by a vulnerability that could allow an attacker to manipulate project files and remotely execute code. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not, or not ...
Title
SSA-622535 V1.0: Multiple Vulnerabilities in Teamcenter Active Workspace
Published
July 13, 2021, 2 a.m.
Summary
Multiple vulnerabilities affecting Teamcenter Active Workspace could lead to sensitive information disclosure and reflected cross site scripting. Siemens has released updates for the affected products and recommends to update to the latest versions.
Title
SSA-599968 V1.0: Denial-of-Service Vulnerability in Profinet Devices
Published
July 13, 2021, 2 a.m.
Summary
A vulnerability in affected devices could allow an attacker to perform a denial-of-service attack if a large amount of Profinet Discovery and Configuration Protocol (DCP) reset packets is sent to the affected devices. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens ...
Title
SSA-560465 V1.0: DHCP Client Vulnerability in VxWorks-based Industrial Products
Published
July 13, 2021, 2 a.m.
Summary
Various industry products are affected by a DHCP client vulnerability in Wind River VxWorks, that could allow an attacker to cause a heap-based buffer overflow. Siemens recommends specific countermeasures for products where updates are not, or not yet available.
Title
SSA-483182 V1.0: Multiple File Parsing Vulnerabilities in JT2Go and Teamcenter Visualization before V13.2
Published
July 13, 2021, 2 a.m.
Summary
Siemens has released version V13.2 for JT2Go and Teamcenter Visualization to fix multiple vulnerabilities that could be triggered when the products read files in different file formats (GIF, TIFF, BMP, J2K, JT, SGI, PDF, PCT, PCX, PAR and ASM ). If a user is tricked to opening of a malicious ...
Title
SSA-434535 V1.0: Memory Protection Bypass Vulnerability in SINAMICS PERFECT HARMONY GH180 Drives
Published
July 13, 2021, 2 a.m.
Summary
Several models of SINAMICS PERFECT HARMONY GH180 Drives are affected by a memory protection bypass vulnerability in the integrated S7-1500 or S7-1200 CPU that could allow an attacker to write arbitrary data and code to protected memory areas or read sensitive data to launch further attacks on the CPU. Siemens ...
Title
SSA-373591 V1.0: Buffer Overflow Vulnerability in RUGGEDCOM ROS Devices
Published
July 13, 2021, 2 a.m.
Summary
The latest update for RUGGEDCOM ROS devices fixes a buffer overflow vulnerability in the third party component that could allow an attacker with network access to an affected device to cause a remote code execution condition. Siemens has released updates for the affected products and recommends to update to the ...
Title
SSA-352521 V1.0: Access Check Bypass Vulnerability in Mendix
Published
July 13, 2021, 2 a.m.
Summary
An incorrect authorization check in Mendix applications could allow an attacker to bypass write permissions to attributes of objects under certain circumstances. Mendix has released an update for Mendix and recommends to update to the latest version.
Title
SSA-209268 V1.0: Multiple JT File Parsing Vulnerabilities in JT Utilities before V13.0.2.0
Published
July 13, 2021, 2 a.m.
Summary
Siemens has released version V13.0.2.0 for JT Utilities to fix multiple vulnerabilities that could be triggered when reading JT files. Siemens recommends to update to the latest version, which contains solutions to all the vulnerabilities listed in this advisory. Standing recommendation is to avoid opening of untrusted files from unknown ...
Title
SSA-173615 V1.0: Multiple PAR and ASM File Parsing Vulnerabilities in Solid Edge
Published
July 13, 2021, 2 a.m.
Summary
Siemens has released version SE2021MP5 for Solid Edge to fix multiple heap based buffer overflow vulnerabilities that could be triggered when the application read files in PAR or ASM file formats. If a user is tricked to open a malicious file with the affected application, this could lead to a ...
Title
SSA-448291 V1.0: Denial-of-Service Vulnerability in ARP Protocol of RWG Universal Controllers
Published
July 13, 2021, 2 a.m.
Summary
A Denial-of-Service vulnerability was found affecting the ARP protocol on RWG Universal Controller devices. Siemens has released updates for the affected products and recommends to update to the latest versions.
Title
SSA-434536 V1.0: Memory Protection Bypass Vulnerability in SINUMERIK ONE and SINUMERIK MC
Published
July 13, 2021, 2 a.m.
Summary
SINUMERIK ONE and SINUMERIK MC products are affected by a memory protection bypass vulnerability in the integrated S7-1500 CPU that could allow an attacker to write arbitrary data and code to protected memory areas or read sensitive data to launch further attacks on the CPU. Siemens is preparing updates and ...
Title
Sensormatic Electronics C-CURE 9000
Published
July 1, 2021, 4:20 p.m.
Summary
This advisory contains mitigations for an Improper Input Validation vulnerability in Sensormatic Electronics C-CURE 9000 industrial software.
Title
Delta Electronics DOPSoft
Published
July 1, 2021, 4:15 p.m.
Summary
This advisory contains mitigations for Out-of-bounds Read vulnerabilities in Delta Electronics DOPSoft software.
Title
Mitsubishi Electric Air Conditioning System
Published
July 1, 2021, 4:10 p.m.
Summary
This advisory contains mitigations for an Incorrect Implementation of Authentication Algorithm vulnerability in Mitsubishi Electric air conditioning systems.
Title
Mitsubishi Electric Air Conditioning Systems
Published
July 1, 2021, 4:05 p.m.
Summary
This advisory contains mitigations for an Improper Restriction of XML External Entity Reference vulnerability in Mitsubishi Electric Air Conditioning Systems.
Title
All Bachmann M1 System Processor Modules
Published
July 1, 2021, 4 p.m.
Summary
This updated advisory is a follow-up to the advisory titled ICSA-21-026-01P All Bachmann M1 System Processor Modules, posted to the HSIN ICS library on January 26, 2021. This advisory is now being released to the ICS webpage on us-cert.cisa.gov. This advisory contains mitigations for a Use of Password Hash with ...
June 2021
Title
Exacq Technologies exacqVision Web Service
Published
June 29, 2021, 4:25 p.m.
Summary
This advisory contains mitigations for a Cross-site Scripting vulnerability in Exacq Technologies exacqVision Web Service software.
Title
Exacq Technologies exacqVision Enterprise Manager
Published
June 29, 2021, 4:20 p.m.
Summary
This advisory contains mitigations for a Cross-site Scripting vulnerability in Exacq Technologies exacqVision Enterprise Manager software.
Title
Panasonic FPWIN Pro
Published
June 29, 2021, 4:15 p.m.
Summary
This advisory contains mitigations for an Improper Restriction of XML External Entity Reference vulnerability in Panasonic FPWIN Pro programming control software.
Title
JTEKT TOYOPUC PLC
Published
June 29, 2021, 4:10 p.m.
Summary
This advisory contains mitigations for an Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in the JTEKT TOYOPUC programmable logic controller (PLC).
Title
CODESYS V2 web server
Published
June 22, 2021, 4:10 p.m.
Summary
This advisory contains mitigations for Stack-based Buffer Overflow, Improper Access Control, Buffer Copy without Checking Size of Input, Improperly Implemented Security Check, Out-of-bounds Write, and Out-of-bounds Read vulnerabilities in CODESYS V2 web servers.

Last Updates

BOSCH PSIRT
15.01.2025
SIEMENS CERT
13.03.2025
US CERT
11.03.2025
US CERT (ICS)
13.03.2025

By Source

Archive

2025
2024
2023
2022
2021
2020
2019
2018
2017

Feeds