August 2021
10.08.2021
SIEMENS CERT
SSA-599968 V1.1 (Last Update: 2021-08-10): Denial-of-Service Vulnerability in Profinet Devices
Title
SSA-599968 V1.1 (Last Update: 2021-08-10): Denial-of-Service Vulnerability in Profinet Devices
Published
Aug. 10, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-599968.pdf
Summary
A vulnerability in affected devices could allow an attacker to perform a denial-of-service attack if a large amount of Profinet Discovery and Configuration Protocol (DCP) reset packets is sent to the affected devices. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens ...
10.08.2021
SIEMENS CERT
SSA-541018 V1.2 (Last Update: 2021-08-10): Embedded TCP/IP Stack Vulnerabilities (AMNESIA:33) in SENTRON PAC / 3VA Devices (Par...
Title
SSA-541018 V1.2 (Last Update: 2021-08-10): Embedded TCP/IP Stack Vulnerabilities (AMNESIA:33) in SENTRON PAC / 3VA Devices (Part 2)
Published
Aug. 10, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-541018.pdf
Summary
Security researchers discovered and disclosed 33 vulnerabilities in several open-source TCP/IP stacks for embedded devices, also known as “AMNESIA:33” vulnerabilities. This advisory describes the impact of two of these vulnerabilities (CVE-2020-13987, CVE-2020-17437) to Siemens products. Siemens has released updates for several affected products and recommends to update to the latest ...
10.08.2021
SIEMENS CERT
SSA-492828 V1.1 (Last Update: 2021-08-10): Denial-of-Service Vulnerability in SIMATIC S7-300 CPUs and SINUMERIK Controller
Title
SSA-492828 V1.1 (Last Update: 2021-08-10): Denial-of-Service Vulnerability in SIMATIC S7-300 CPUs and SINUMERIK Controller
Published
Aug. 10, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-492828.pdf
Summary
A vulnerability in S7-300 might allow an attacker to cause a Denial-of-Service condition on port 102 of the affected devices by sending specially crafted packets. Siemens is preparing updates and recommends specific countermeasures until fixes are available.
04.08.2021
BOSCH PSIRT
Cross Site Request Forgery (CSRF) vulnerability in Bosch IP cameras
Title
Cross Site Request Forgery (CSRF) vulnerability in Bosch IP cameras
Published
Aug. 4, 2021, 2 a.m.
URL
https://psirt.bosch.com/security-advisories/bosch-sa-033305-bt.html
Summary

BOSCH-SA-033305-BT: The possibility to conduct a CSRF (Cross Site Request Forgery) attack was discovered in a Penetration Test from Kaspersky ICS CERT during a certification effort from Bosch. Bosch rates this vulnerability with CVSSv3.1 base scores of 7.5 (High), where the actual rating depends on the final rating specific to ...

04.08.2021
SIEMENS CERT
SSA-789208 V1.0: Multiple Vulnerabilities (INFRA:HALT) in Interniche IP-Stack based Low Voltage Devices
Title
SSA-789208 V1.0: Multiple Vulnerabilities (INFRA:HALT) in Interniche IP-Stack based Low Voltage Devices
Published
Aug. 4, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-789208.pdf
Summary
Security researchers discovered and disclosed 14 vulnerabilities in the Interniche IP stack, also known as “INFRA:HALT” vulnerabilities [0]. This advisory describes the impact to Siemens low voltage products, which are only affected by four out of the 14 vulnerabilities. Siemens has released updates for the affected products and recommends to ...
July 2021
28.07.2021
US CERT
AA21-209A: Top Routinely Exploited Vulnerabilities
Title
AA21-209A: Top Routinely Exploited Vulnerabilities
Published
July 28, 2021, 2 p.m.
URL
https://us-cert.cisa.gov/ncas/alerts/aa21-209a
Summary
Original release date: July 28, 2021 | Last revised: August 20, 2021SummaryThis Joint Cybersecurity Advisory was coauthored by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Australian Cyber Security Centre (ACSC), the United Kingdom’s National Cyber Security Centre (NCSC), and the U.S. Federal Bureau of Investigation (FBI). This advisory ...
20.07.2021
US CERT
AA21-201A: Chinese Gas Pipeline Intrusion Campaign, 2011 to 2013
Title
AA21-201A: Chinese Gas Pipeline Intrusion Campaign, 2011 to 2013
Published
July 20, 2021, 3 p.m.
URL
https://us-cert.cisa.gov/ncas/alerts/aa21-201a
Summary
Original release date: July 20, 2021 | Last revised: July 21, 2021SummaryThis Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework, Version 9. See the ATT&CK for Enterprise for all referenced threat actor tactics and techniques. Note: CISA released technical information, including indicators of compromise (IOCs), provided ...
20.07.2021
BOSCH PSIRT
Vulnerabilities in CODESYS V2 runtime systems
Title
Vulnerabilities in CODESYS V2 runtime systems
Published
July 20, 2021, 2 a.m.
URL
https://psirt.bosch.com/security-advisories/bosch-sa-670099.html
Summary

BOSCH-SA-670099: The compact systems CS351E and CS351S and the communication module KE350G with integrated PLC contain technology from CODESYS GmbH. The manufacturer CODESYS GmbH published security bulletins \[1\]\[2\] about a weakness in the protocol for the communication between the PLC runtime and clients. By exploiting these vulnerabilities, attackers can send ...

19.07.2021
US CERT
AA21-200B: Chinese State-Sponsored Cyber Operations: Observed TTPs
Title
AA21-200B: Chinese State-Sponsored Cyber Operations: Observed TTPs
Published
July 19, 2021, 1 p.m.
URL
https://us-cert.cisa.gov/ncas/alerts/aa21-200b
Summary
Original release date: July 19, 2021 | Last revised: August 20, 2021SummaryThis advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework, Version 9, and MITRE D3FEND™ framework, version 0.9.2-BETA-3. See the ATT&CK for Enterprise for all referenced threat actor tactics and techniques and the D3FEND framework for ...
19.07.2021
US CERT
AA21-200A: Tactics, Techniques, and Procedures of Indicted APT40 Actors Associated with China’s MSS Hainan State Security Depar...
Title
AA21-200A: Tactics, Techniques, and Procedures of Indicted APT40 Actors Associated with China’s MSS Hainan State Security Department
Published
July 19, 2021, 1 p.m.
URL
https://us-cert.cisa.gov/ncas/alerts/aa21-200a
Summary
Original release date: July 19, 2021 | Last revised: July 20, 2021SummaryThis Joint Cybersecurity Advisory was written by the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) to provide information on a Chinese Advanced Persistent Threat (APT) group known in open-source reporting as APT40. This ...
13.07.2021
SIEMENS CERT
SSB-439005 V3.5 (Last Update: 2021-07-13): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 151...
Title
SSB-439005 V3.5 (Last Update: 2021-07-13): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP
Published
July 13, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssb-439005.pdf
Summary
13.07.2021
SIEMENS CERT
SSA-324955 V1.2 (Last Update: 2021-07-13): SAD DNS Attack in Linux Based Products
Title
SSA-324955 V1.2 (Last Update: 2021-07-13): SAD DNS Attack in Linux Based Products
Published
July 13, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-324955.pdf
Summary
A vulnerability made public under the name SAD DNS affects Domain Name System resolvers due to a vulnerability in the Linux kernel when handling ICMP packets. The Siemens products which are affected are listed below. For more information please see https://www.saddns.net/. Siemens has released updates for several affected products and ...
13.07.2021
SIEMENS CERT
SSA-203306 V1.5 (Last Update: 2021-07-13): Password Vulnerabilities in SIPROTEC 4 and SIPROTEC Compact Relay Families
Title
SSA-203306 V1.5 (Last Update: 2021-07-13): Password Vulnerabilities in SIPROTEC 4 and SIPROTEC Compact Relay Families
Published
July 13, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-203306.pdf
Summary
SIPROTEC 4 and SIPROTEC Compact devices could allow access authorization passwords to be reconstructed or overwritten via engineering mechanisms that involve DIGSI 4 and EN100 Ethernet communication modules. Siemens has released updates for several affected products, and recommends specific countermeasures for the remaining products.
13.07.2021
SIEMENS CERT
SSA-941426 V1.0: Multiple LLDP Vulnerabilities in Industrial Products
Title
SSA-941426 V1.0: Multiple LLDP Vulnerabilities in Industrial Products
Published
July 13, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-941426.pdf
Summary
There are multiple vulnerabilities in an underlying Link Layer Discovery Protocol (LLDP) third party library. Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available.
13.07.2021
SIEMENS CERT
SSA-913875 V1.0: Frame Aggregation and Fragmentation Vulnerabilities in 802.11
Title
SSA-913875 V1.0: Frame Aggregation and Fragmentation Vulnerabilities in 802.11
Published
July 13, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf
Summary
Twelve vulnerabilities in the implementation of frame aggregation and fragmentation of the 802.11 standard, under the name of FragAttacks, have been published. Successful exploitation of these vulnerabilities could allow an attacker within Wi-Fi range to forge encrypted frames, which could result in sensitive data disclosure and possibly traffic manipulation. The ...
13.07.2021
SIEMENS CERT
SSA-772220 V1.0: OpenSSL Vulnerabilities in Industrial Products
Title
SSA-772220 V1.0: OpenSSL Vulnerabilities in Industrial Products
Published
July 13, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-772220.pdf
Summary
OpenSSL has published a security advisory [0] about a vulnerability in OpenSSL versions 1.1.1 < k, that allows an unauthenticated attacker to cause a Denial-of-Service (DoS) if a a maliciously crafted renegotiation message is sent. Siemens is preparing updates and recommends countermeasures for products where updates are not, or not ...
13.07.2021
SIEMENS CERT
SSA-729965 V1.0: TLS Certificate Validation Vulnerability in SINUMERIK Integrate Operate Client
Title
SSA-729965 V1.0: TLS Certificate Validation Vulnerability in SINUMERIK Integrate Operate Client
Published
July 13, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-729965.pdf
Summary
The latest update for SINUMERIK Integrate Operate Client fixes a vulnerability that could allow an attacker to spoof any SSL server certificate and conduct man-in-the-middle attacks. Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available
13.07.2021
SIEMENS CERT
SSA-675303 V1.0: WIBU Systems CodeMeter Runtime Vulnerabilities in Siemens Products
Title
SSA-675303 V1.0: WIBU Systems CodeMeter Runtime Vulnerabilities in Siemens Products
Published
July 13, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-675303.pdf
Summary
WIBU Systems disclosed two vulnerabilities and a new release version of CodeMeter Runtime, a product provided by WIBU Systems and used in several Siemens products for license management. The vulnerabilities are described in the section “Vulnerability Classification” below and got assigned the CVE IDs CVE-2021-20093 and CVE-2021-20094. Successful exploitation of ...
13.07.2021
SIEMENS CERT
SSA-661034 V1.0: Incorrect Permission Assignment in Multiple SIMATIC Software Products
Title
SSA-661034 V1.0: Incorrect Permission Assignment in Multiple SIMATIC Software Products
Published
July 13, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-661034.pdf
Summary
Multiple SIMATIC software products are affected by a vulnerability that could allow an attacker to change the content of certain metafiles and subsequently manipulate parameters or behaviour of devices configured by the affected software products. Siemens has released an update for the SIMATIC STEP 7 V5.X and recommends to update ...
13.07.2021
SIEMENS CERT
SSA-641963 V1.0: Remote Code Execution Vulnerability in Multiple SIMATIC Software Products
Title
SSA-641963 V1.0: Remote Code Execution Vulnerability in Multiple SIMATIC Software Products
Published
July 13, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-641963.pdf
Summary
Multiple SIMATIC Software products are affected by a vulnerability that could allow an attacker to manipulate project files and remotely execute code. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not, or not ...
13.07.2021
SIEMENS CERT
SSA-622535 V1.0: Multiple Vulnerabilities in Teamcenter Active Workspace
Title
SSA-622535 V1.0: Multiple Vulnerabilities in Teamcenter Active Workspace
Published
July 13, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-622535.pdf
Summary
Multiple vulnerabilities affecting Teamcenter Active Workspace could lead to sensitive information disclosure and reflected cross site scripting. Siemens has released updates for the affected products and recommends to update to the latest versions.
13.07.2021
SIEMENS CERT
SSA-599968 V1.0: Denial-of-Service Vulnerability in Profinet Devices
Title
SSA-599968 V1.0: Denial-of-Service Vulnerability in Profinet Devices
Published
July 13, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-599968.pdf
Summary
A vulnerability in affected devices could allow an attacker to perform a denial-of-service attack if a large amount of Profinet Discovery and Configuration Protocol (DCP) reset packets is sent to the affected devices. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens ...
13.07.2021
SIEMENS CERT
SSA-560465 V1.0: DHCP Client Vulnerability in VxWorks-based Industrial Products
Title
SSA-560465 V1.0: DHCP Client Vulnerability in VxWorks-based Industrial Products
Published
July 13, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-560465.pdf
Summary
Various industry products are affected by a DHCP client vulnerability in Wind River VxWorks, that could allow an attacker to cause a heap-based buffer overflow. Siemens recommends specific countermeasures for products where updates are not, or not yet available.
13.07.2021
SIEMENS CERT
SSA-483182 V1.0: Multiple File Parsing Vulnerabilities in JT2Go and Teamcenter Visualization before V13.2
Title
SSA-483182 V1.0: Multiple File Parsing Vulnerabilities in JT2Go and Teamcenter Visualization before V13.2
Published
July 13, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf
Summary
Siemens has released version V13.2 for JT2Go and Teamcenter Visualization to fix multiple vulnerabilities that could be triggered when the products read files in different file formats (GIF, TIFF, BMP, J2K, JT, SGI, PDF, PCT, PCX, PAR and ASM ). If a user is tricked to opening of a malicious ...
13.07.2021
SIEMENS CERT
SSA-173615 V1.0: Multiple PAR and ASM File Parsing Vulnerabilities in Solid Edge
Title
SSA-173615 V1.0: Multiple PAR and ASM File Parsing Vulnerabilities in Solid Edge
Published
July 13, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-173615.pdf
Summary
Siemens has released version SE2021MP5 for Solid Edge to fix multiple heap based buffer overflow vulnerabilities that could be triggered when the application read files in PAR or ASM file formats. If a user is tricked to open a malicious file with the affected application, this could lead to a ...

Last Updates

BOSCH PSIRT
15.01.2025
SIEMENS CERT
17.04.2025
US CERT
01.04.2025
US CERT (ICS)
17.04.2025

By Source

Archive

2025
2024
2023
2022
2021
2020
2019
2018
2017

Feeds