September 2021
Title
SSA-692317 V1.0: Authorization Bypass Vulnerability in Industrial Edge
Published
Sept. 14, 2021, 2 a.m.
Summary
The latest update for Industrial Edge fixes a vulnerability that could allow an unauthenticated attacker to change the password of any user in the system. With this an attacker could impersonate any valid user on an affected system. Siemens has released updates for the affected products and recommends to update ...
Title
SSA-676336 V1.0: OpenSSH Vulnerabilities in SCALANCE X-200 and X-300/X408 Switches
Published
Sept. 14, 2021, 2 a.m.
Summary
The latest update of the SCALANCE X-200 and X-300/X408 switches families fixes multiple OpenSSH vulnerabilities. The most severe of these vulnerabilities could allow a denial of service condition. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and ...
Title
SSA-549234 V1.0: Denial-of-Service Vulnerability in SIMATIC NET CP Modules
Published
Sept. 14, 2021, 2 a.m.
Summary
A Denial of Service vulnerability was identified in different types of Communication Processors. An attacker could exploit this vulnerability causing the device to become un-operational until the device is restarted. Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available.
Title
SSA-535997 V1.0: Cleartext Storage of Sensitive Information in Multiple SIMATIC Products
Published
Sept. 14, 2021, 2 a.m.
Summary
A cleartext vulnerability was found in the SIMATIC communication processors CP 1543-1 and CP 1545-1 that could allow an attacker to read sensitive information. Siemens has released an update for the SIMATIC CP 1543-1 (incl. SIPLUS variants) and recommends to update to the latest version. Siemens is preparing further updates ...
Title
SSA-535380 V1.0: Command Injection Vulnerability in Siveillance OIS Affecting Several Building Management Systems
Published
Sept. 14, 2021, 2 a.m.
Summary
The Siveillance Open Interface Services (OIS) application used for integration of different subsystems to several Siemens building management systems contains a command injection vulnerability that could allow a remote unauthenticated attacker to execute code on the affected system with root privileges. Siemens has released patches and updates for Siveillance OIS ...
Title
SSA-500748 V1.0: Denial-of-Service Vulnerabilities in SIPROTEC 5 Devices
Published
Sept. 14, 2021, 2 a.m.
Summary
The latest update for SIPROTEC 5 family devices fixes a vulnerability in the web interface which could allow unauthorized users to cause a Denial-of-Service situation by sending maliciously crafted web requests. Siemens has released an update for the SIPROTEC 5 and recommends to update to the latest version.
Title
SSA-453715 V1.0: Deserialization Vulnerability in CCOM Communication Component of Desigo CC Family
Published
Sept. 14, 2021, 2 a.m.
Summary
Desigo CC, Desigo CC Compact and Cerberus DMS that use CCOM communication component hosted in IIS contain a deserialisation vulnerability that could allow an unauthenticated attacker to perform remote code execution. Only those systems that use Windows App and/or IE XBAP Web Client are affected. Regular installed clients and the ...
Title
SSA-413407 V1.0: Path Traversal Vulnerability in Teamcenter Active Workspace
Published
Sept. 14, 2021, 2 a.m.
Summary
Teamcenter Active Workspace contains a path traversal vulnerability that could lead to access control violations. Siemens has released updates for the affected products and recommends to update to the latest versions.
Title
SSA-334944 V1.0: Vulnerability in SINEMA Remote Connect Server
Published
Sept. 14, 2021, 2 a.m.
Summary
Multiple vulnerabilities in SINEMA Remote Connect Server could allow an unauthorized remote attacker to retrieve or manipulate sensitive information from the affected software. In addition, the attacker could also cause a Denial-of-Service condition in devices controlled by the affected software. Siemens has released an update for the SINEMA Remote Connect ...
Title
SSA-330339 V1.0: Web Vulnerabilities in SINEC NMS
Published
Sept. 14, 2021, 2 a.m.
Summary
A recent update for SINEC NMS fixed multiple vulnerabilities. The most severe of these vulnerabilities could allow an attacker to manipulate the SINEC NMS configuration by tricking an admin to click on a malicious link. Siemens has released an update for SINEC NMS and recommends to update to the latest ...
Title
SSA-316383 V1.0: NumberJack Vulnerability in LOGO! CMR family and SIMATIC RTU 3000 family
Published
Sept. 14, 2021, 2 a.m.
Summary
A vulnerability has been identified in the underlying TCP/IP stack of LOGO! CMR family and SIMATIC RTU 3000 family devices. It could allow an attacker with network access to the LAN interface of an affected device to hijack an ongoing connection or spoof a new one. The WAN interface, however, ...
Title
SSA-288459 V1.0: Heap Overflow Vulnerability in RFID terminals
Published
Sept. 14, 2021, 2 a.m.
Summary
A heap overflow vulnerability in dhclient of the affected products, which has been published alongside other vulnerabilities as part of NAME:WRECK could allow an attacker to potentially remotely execute code. Siemens recommends specific countermeasures for products.
Title
SSA-208530 V1.0: File parsing vulnerabilities in IFC adapter in NX
Published
Sept. 14, 2021, 2 a.m.
Summary
Siemens NX is affected by two vulnerabilities that could be triggered when the application reads ifc files. If a user is tricked to open a malicious file with the affected application, this could lead to an access violation, and potentially also to arbitrary code execution on the target host system. ...
Title
SSA-150692 V1.0: Multiple Vulnerabilities in RUGGEDCOM ROX
Published
Sept. 14, 2021, 2 a.m.
Summary
Multiple vulnerabilities in RUGGEDCOM ROX devices have been detected, ranging from command injection to filesystem traversal. An attacker could exploit these to gain root access to the affected devices. Siemens has released updates for the affected products and recommends to update to the latest versions.
Title
SSA-109294 V1.0: Scene File Parsing Vulnerability in Simcenter STAR-CCM+ Viewer
Published
Sept. 14, 2021, 2 a.m.
Summary
Siemens Simcenter STAR-CCM+ Viewer is affected by a vulnerability that could be triggered when the application reads scene (.sce) files. If a user is tricked to open a malicious file with the affected application, this could lead to a crash, and potentially also to arbitrary code execution or data extraction ...
Title
AVEVA PCS Portal
Published
Sept. 9, 2021, 4:15 p.m.
Summary
This advisory contains mitigations for an Uncontrolled Search Path Element vulnerability in AVEVA PCS Portal sofware.
Title
Delta Electronics DOPSoft 2
Published
Sept. 9, 2021, 4:10 p.m.
Summary
This advisory contains mitigations for Stack-based Buffer Overflow, Out-of-Bounds Write, and Heap-based Buffer Overflow vulnerabilities in Delta Electronics DOPSoft 2 HMI editing software.
Title
Mitsubishi Electric Europe B.V. smartRTU and INEA ME-RTU
Published
Sept. 9, 2021, 4:05 p.m.
Summary
This advisory is a follow-up to a CISA product update titled ICS-ALERT-19-225-01 Mitsubishi Electric Europe B.V. smartRTU and INEA ME-RTU (Update A) published September 10, 2019, on the ICS webpage on us-cert.cisa.gov. This advisory contains mitigations for OS Command Injection, Improper Access Control, Cross-site Scripting, Use of Hard-coded Credentials, Unprotected ...
Title
Mitsubishi Electric Multiple Products (Update C)
Published
Sept. 9, 2021, 4 p.m.
Summary
This updated advisory is a follow-up to the advisory update titled ICSA-20-245-01 Mitsubishi Electric Multiple Products (Update B) that was published May 18, 2021, to the ICS webpage on us-cert.cisa.gov. This advisory contains mitigations for a Predictable Exact Value from Previous Values vulnerability in several Mitsubishi Electric devices.
Title
Hitachi ABB Power Grids System Data Manager
Published
Sept. 7, 2021, 4 p.m.
Summary
This advisory contains mitigations for a Cleartext Storage of Sensitive Information vulnerability in Hitachi ABB Power Grids System Data Manager products.
Title
Johnson Controls Sensormatic Electronics Illustra
Published
Sept. 2, 2021, 4:10 p.m.
Summary
This advisory contains mitigations for an Off-by-one Error vulnerability in Johnson Controls Sensormatic Electronics Illustra camera systems.
Title
JTEKT TOYOPUC Products
Published
Sept. 2, 2021, 4:05 p.m.
Summary
This advisory contains mitigations for a Allocation of Resources Without Limits or Throttling vulnerability in JTEKT TOYOPUC industrial system hardware products.
August 2021
Title
AA21-243A: Ransomware Awareness for Holidays and Weekends
Published
Aug. 31, 2021, 7 p.m.
Summary
Original release date: August 31, 2021 | Last revised: September 2, 2021SummaryImmediate Actions You Can Take Now to Protect Against Ransomware • Make an offline backup of your data. • Do not click on suspicious links. • If you use RDP, secure and monitor it. • Update your OS and ...
Title
Sensormatic Electronics KT-1
Published
Aug. 31, 2021, 4:05 p.m.
Summary
This advisory contains mitigations for a Use of Unmaintained Third-party Components vulnerability in Sensormatic Electronics KT-1 Ethernet-ready single-door controller.
Title
Philips Patient Monitoring Devices (Update A)
Published
Aug. 31, 2021, 4 p.m.
Summary
This updated advisory is a follow-up to the original advisory titled ICSMA-20-254-01 Philips Patient Monitoring Devices that was published September 10, 2020, to the ICS webpage on us-cert.cisa.gov. This advisory contains mitigations for Improper Neutralization of Formula Elements in a CSV File, Cross-site Scripting, Improper Authentication, Improper Check for Certificate ...

Last Updates

BOSCH PSIRT
15.01.2025
SIEMENS CERT
17.04.2025
US CERT
01.04.2025
US CERT (ICS)
17.04.2025

By Source

Archive

2025
2024
2023
2022
2021
2020
2019
2018
2017

Feeds