September 2021
23.09.2021
US CERT (ICS)
Trane Symbio
Title
Trane Symbio
Published
Sept. 23, 2021, 4:10 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-266-01
Summary
This advisory contains mitigations for a Code Injection vulnerability in Trane Symbio 700 and Symbio 800 controllers.
23.09.2021
US CERT (ICS)
Trane Tracer
Title
Trane Tracer
Published
Sept. 23, 2021, 4:05 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-266-02
Summary
This advisory contains mitigations for a Code Injection vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge building automation products.
23.09.2021
US CERT (ICS)
Ovarro TBox (Update A)
Title
Ovarro TBox (Update A)
Published
Sept. 23, 2021, 4 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-054-04
Summary
This updated advisory is a follow-up to the advisory update titled ICSA-21-054-04 Ovarro TBox that was published March 23, 2021, to the ICS webpage on us-cert.cisa.gov. The original advisory was titled ICSA-21-054-04P Ovarro TBox and posted to the HSIN ICS library on February 23, 2021. This advisory contains mitigations for ...
22.09.2021
US CERT
AA21-265A: Conti Ransomware
Title
AA21-265A: Conti Ransomware
Published
Sept. 22, 2021, 7 p.m.
URL
https://us-cert.cisa.gov/ncas/alerts/aa21-265a
Summary
Original release date: September 22, 2021SummaryImmediate Actions You Can Take Now to Protect Against Conti Ransomware • Use multi-factor authentication. • Segment and segregate networks and functions. • Update your operating system and software. Note: This Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework, version 9. ...
16.09.2021
US CERT
AA21-259A: APT Actors Exploiting Newly Identified Vulnerability in ManageEngine ADSelfService Plus
Title
AA21-259A: APT Actors Exploiting Newly Identified Vulnerability in ManageEngine ADSelfService Plus
Published
Sept. 16, 2021, 7 p.m.
URL
https://us-cert.cisa.gov/ncas/alerts/aa21-259a
Summary
Original release date: September 16, 2021SummaryThis Joint Cybersecurity Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework, Version 8. See the ATT&CK for Enterprise for referenced threat actor tactics and for techniques. This joint advisory is the result of analytic efforts between the Federal Bureau of Investigation ...
16.09.2021
US CERT (ICS)
Siemens RUGGEDCOM ROX
Title
Siemens RUGGEDCOM ROX
Published
Sept. 16, 2021, 4:05 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-259-01
Summary
This advisory contains mitigations for Exposure of Sensitive Information to an Unauthorized Actor, Execution with Unnecessary Privileges, and Improper Handling of Insufficient Permissions or Privileges vulnerabilities in Siemens RUGGEDCOM ROX devices.
16.09.2021
US CERT (ICS)
Schneider Electric EcoStruxure and SCADAPack
Title
Schneider Electric EcoStruxure and SCADAPack
Published
Sept. 16, 2021, 4 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-259-02
Summary
This advisory contains mitigations for a Path Traversal vulnerability in Schneider Electric EcoStruxure Control Expert, EcoStruxure Process Expert, SCADAPack RemoteConnect software designed for the x70 SCADAPack system.
14.09.2021
US CERT (ICS)
Digi PortServer TS 16
Title
Digi PortServer TS 16
Published
Sept. 14, 2021, 5:26 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-257-01
Summary
This advisory contains mitigations for an Improper Authentication vulnerability in Digi PortServer TS 16 terminal servers.
14.09.2021
US CERT (ICS)
Johnson Controls Sensormatic Electronics KT-1
Title
Johnson Controls Sensormatic Electronics KT-1
Published
Sept. 14, 2021, 5:24 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-257-02-0
Summary
This advisory contains mitigations for an Authentication Bypass by Capture-replay vulnerability in Sensormatic Electronics KT-1 door controllers. Sensormatic Electronics is a subsidiary of Johnson Controls.
14.09.2021
US CERT (ICS)
Schneider Electric Struxureware Data Center Expert
Title
Schneider Electric Struxureware Data Center Expert
Published
Sept. 14, 2021, 5:22 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-257-03
Summary
This advisory contains mitigations for OS Command Injection, and Path Traversal vulnerabilities in Schneider Electric Struxureware Data Center Expert monitoring software.
14.09.2021
US CERT (ICS)
Siemens Simcenter Femap
Title
Siemens Simcenter Femap
Published
Sept. 14, 2021, 5:20 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-257-04
Summary
This advisory contains mitigations for an Out-of-bounds Read vulnerability in the Siemens Simenter Femap simulation application.
14.09.2021
US CERT (ICS)
Siemens Simcenter STAR-CCM+ Viewer
Title
Siemens Simcenter STAR-CCM+ Viewer
Published
Sept. 14, 2021, 5:18 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-257-05
Summary
This advisory contains mitigations for an Out-of-bounds Write vulnerability in the Siemens Simcenter Star-CCM+ Viewer simulation application.
14.09.2021
US CERT (ICS)
Siemens SIMATIC CP
Title
Siemens SIMATIC CP
Published
Sept. 14, 2021, 5:16 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-257-06
Summary
This advisory contains mitigations for a Cleartext Storage of Sensitive Information vulnerability in Siemens SIMATIC CP communication processors.
14.09.2021
US CERT (ICS)
Siemens APOGEE and TALON
Title
Siemens APOGEE and TALON
Published
Sept. 14, 2021, 5:14 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-257-07
Summary
This advisory contains mitigations for a Classic Buffer Overflow vulnerability in Siemens APOGEE and TALON building automation systems.
14.09.2021
US CERT (ICS)
Siemens Teamcenter Active Workspace
Title
Siemens Teamcenter Active Workspace
Published
Sept. 14, 2021, 5:12 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-257-08
Summary
This advisory contains mitigations for a Path Traversal vulnerability in the Siemens Teamcenter Active Workspace product lifecycle management system.
14.09.2021
US CERT (ICS)
Siemens Teamcenter
Title
Siemens Teamcenter
Published
Sept. 14, 2021, 5:12 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-257-08
Summary
This advisory contains mitigations for Privilege Defined with Unsafe Actions, Authorization Bypass Through User-Controlled Key, and Improper Restriction of XML External Entity Reference vulnerabilities in the Siemens Teamcenter virtualization platform.
14.09.2021
US CERT (ICS)
Siemens NX
Title
Siemens NX
Published
Sept. 14, 2021, 5:10 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-257-09
Summary
This advisory contains mitigations for Use After Free, and Out-of-bounds Read vulnerabilities in Siemens NX industrial software.
14.09.2021
US CERT (ICS)
Siemens SIPROTEC 5 relays
Title
Siemens SIPROTEC 5 relays
Published
Sept. 14, 2021, 5:08 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-257-10
Summary
This advisory contains mitigations for Classic Buffer Overflow vulnerabilities in Siemens SIPROTEC 5 relays.
14.09.2021
SIEMENS CERT
SSA-434536 V1.1 (Last Update: 2021-09-14): Memory Protection Bypass Vulnerability in SINUMERIK ONE and SINUMERIK MC
Title
SSA-434536 V1.1 (Last Update: 2021-09-14): Memory Protection Bypass Vulnerability in SINUMERIK ONE and SINUMERIK MC
Published
Sept. 14, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-434536.pdf
Summary
SINUMERIK ONE and SINUMERIK MC products are affected by a memory protection bypass vulnerability in the integrated S7-1500 CPU that could allow an attacker to write arbitrary data and code to protected memory areas or read sensitive data to launch further attacks on the CPU. Siemens has released updates for ...
14.09.2021
SIEMENS CERT
SSA-434535 V1.1 (Last Update: 2021-09-14): Memory Protection Bypass Vulnerability in SINAMICS PERFECT HARMONY GH180 Drives
Title
SSA-434535 V1.1 (Last Update: 2021-09-14): Memory Protection Bypass Vulnerability in SINAMICS PERFECT HARMONY GH180 Drives
Published
Sept. 14, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-434535.pdf
Summary
Several models of SINAMICS PERFECT HARMONY GH180 Drives are affected by a memory protection bypass vulnerability in the integrated S7-1500 or S7-1200 CPU that could allow an attacker to write arbitrary data and code to protected memory areas or read sensitive data to launch further attacks on the CPU. Siemens ...
14.09.2021
SIEMENS CERT
SSA-434534 V1.1 (Last Update: 2021-09-14): Memory Protection Bypass Vulnerability in SIMATIC S7-1200 and S7-1500 CPU Families
Title
SSA-434534 V1.1 (Last Update: 2021-09-14): Memory Protection Bypass Vulnerability in SIMATIC S7-1200 and S7-1500 CPU Families
Published
Sept. 14, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-434534.pdf
Summary
SIMATIC S7-1200 and S7-1500 CPU products contain a memory protection bypass vulnerability that could allow an attacker to write arbitrary data and code to protected memory areas or read sensitive data to launch further attacks. Siemens has released updates for several affected products and strongly recommends to update to the ...
14.09.2021
SIEMENS CERT
SSA-428051 V1.1 (Last Update: 2021-09-14): Privilege Escalation Vulnerability in TIA Administrator
Title
SSA-428051 V1.1 (Last Update: 2021-09-14): Privilege Escalation Vulnerability in TIA Administrator
Published
Sept. 14, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-428051.pdf
Summary
The latest update for TIA Administrator, installed together with TIA Portal and PCS neo, fixes a privilege escalation vulnerability that could allow local users to escalate privileges and execute code as local SYSTEM user. Siemens has released updates for the affected products and recommends to update to the latest versions.
14.09.2021
SIEMENS CERT
SSA-324955 V1.4 (Last Update: 2021-09-14): SAD DNS Attack in Linux Based Products
Title
SSA-324955 V1.4 (Last Update: 2021-09-14): SAD DNS Attack in Linux Based Products
Published
Sept. 14, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-324955.pdf
Summary
A vulnerability made public under the name SAD DNS affects Domain Name System resolvers due to a vulnerability in the Linux kernel when handling ICMP packets. The Siemens products which are affected are listed below. For more information please see https://www.saddns.net/. Siemens has released updates for several affected products and ...
14.09.2021
SIEMENS CERT
SSA-312271 V1.8 (Last Update: 2021-09-14): Unquoted Search Path Vulnerabilities in Windows-based Industrial Software Applications
Title
SSA-312271 V1.8 (Last Update: 2021-09-14): Unquoted Search Path Vulnerabilities in Windows-based Industrial Software Applications
Published
Sept. 14, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-312271.pdf
Summary
Several industrial products as listed below contain a local privilege escalation vulnerabilities that could allow authorized local users with administrative privileges to execute custom code with SYSTEM level privileges. Siemens has released updates for the affected products and recommends to update to the latest versions.
14.09.2021
SIEMENS CERT
SSA-274900 V1.2 (Last Update: 2021-09-14): Use of hardcoded key in Scalance X devices under certain conditions
Title
SSA-274900 V1.2 (Last Update: 2021-09-14): Use of hardcoded key in Scalance X devices under certain conditions
Published
Sept. 14, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-274900.pdf
Summary
Scalance X devices might not generate a unique random key after factory reset, and use a private key shipped with the firmware Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where ...

Last Updates

BOSCH PSIRT
10.06.2025
SIEMENS CERT
24.06.2025
US CERT
12.06.2025
US CERT (ICS)
03.07.2025

By Source

Archive

2025
2024
2023
2022
2021
2020
2019
2018
2017

Feeds