June 2021
08.06.2021
SIEMENS CERT
SSA-312271 V1.7 (Last Update: 2021-06-08): Unquoted Search Path Vulnerabilities in Windows-based Industrial Software Applications
Title
SSA-312271 V1.7 (Last Update: 2021-06-08): Unquoted Search Path Vulnerabilities in Windows-based Industrial Software Applications
Published
June 8, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-312271.pdf
Summary
The latest update for affected products fix local privilege escalation vulnerabilities that could allow authorized local users with administrative privileges to execute custom code with SYSTEM level privileges. Siemens has released updates for some of the affected products, and is working on further updates. For the remaining affected products, Siemens ...
08.06.2021
SIEMENS CERT
SSA-293562 V3.2 (Last Update: 2021-06-08): Vulnerabilities in Industrial Products
Title
SSA-293562 V3.2 (Last Update: 2021-06-08): Vulnerabilities in Industrial Products
Published
June 8, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-293562.pdf
Summary
Several industrial devices are affected by two vulnerabilities that could allow an attacker to cause a Denial-of-Service condition via PROFINET DCP network packets under certain circumstances. The precondition for this scenario is a direct layer 2 access to the affected products. PROFIBUS interfaces are not affected. Siemens has released updates ...
08.06.2021
SIEMENS CERT
SSA-787292 V1.0: Denial-of-Service Vulnerability in SIMATIC RFID Readers
Title
SSA-787292 V1.0: Denial-of-Service Vulnerability in SIMATIC RFID Readers
Published
June 8, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-787292.pdf
Summary
The latest updates for SIMATIC RF products fix a vulnerability that could allow an unauthorized attacker to crash the OPC UA service of the affected devices. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific ...
08.06.2021
SIEMENS CERT
SSA-645530 V1.0: TIFF File Parsing Vulnerability in JT2Go and Teamcenter Visualization before V13.1.0.3
Title
SSA-645530 V1.0: TIFF File Parsing Vulnerability in JT2Go and Teamcenter Visualization before V13.1.0.3
Published
June 8, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-645530.pdf
Summary
Siemens has released version V13.1.0.3 for JT2Go and Teamcenter Visualization to fix a vulnerability that could be triggered when the products read files in TIFF file format. If a user is tricked to opening of a malicious file with the affected products, this could lead to application crash, or potentially ...
08.06.2021
SIEMENS CERT
SSA-522654 V1.0: Privilege Escalation Vulnerability in Mendix SAML Module
Title
SSA-522654 V1.0: Privilege Escalation Vulnerability in Mendix SAML Module
Published
June 8, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-522654.pdf
Summary
The latest update of Mendix SAML module fixes a privilege escalation vulnerability. Mendix has released an update for the Mendix SAML module and recommends to update to the latest version.
08.06.2021
SIEMENS CERT
SSA-419820 V1.0: Denial-of-Service Vulnerability in TIM 1531 IRC
Title
SSA-419820 V1.0: Denial-of-Service Vulnerability in TIM 1531 IRC
Published
June 8, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-419820.pdf
Summary
The latest update for TIM 1531 IRC fixes a vulnerability that could allow a remote attacker to cause a denial-of-service under certain circumstances. Siemens has released an update for the TIM 1531 IRC and recommends to update to the latest version.
08.06.2021
SIEMENS CERT
SSA-211752 V1.0: Multiple NTP-Client Related Vulnerabilities in SIMATIC NET CP 443-1 OPC UA
Title
SSA-211752 V1.0: Multiple NTP-Client Related Vulnerabilities in SIMATIC NET CP 443-1 OPC UA
Published
June 8, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf
Summary
All versions of the SIMATIC NET CP 443-1 OPC UA contain multiple vulnerabilities in the underlying third party component NTP. Siemens recommends specific countermeasures for products where updates are not, or not yet available.
08.06.2021
SIEMENS CERT
SSA-208356 V1.0: DFT File Parsing Vulnerabilities in Solid Edge
Title
SSA-208356 V1.0: DFT File Parsing Vulnerabilities in Solid Edge
Published
June 8, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-208356.pdf
Summary
Siemens has released a new version for Solid Edge to fix two vulnerabilities that could be triggered when the application read files in DFT file format. If a user is tricked to opening of a malicious file with the affected products, this could lead to application crash, or potentially arbitrary ...
08.06.2021
SIEMENS CERT
SSA-200951 V1.0: Multiple Vulnerabilities in Third-Party Component libcurl of TIM Devices
Title
SSA-200951 V1.0: Multiple Vulnerabilities in Third-Party Component libcurl of TIM Devices
Published
June 8, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-200951.pdf
Summary
SIMATIC TIM 1531 IRC devices are vulnerable to multiple vulnerabilities in the third party component libcurl that could allow an attacker to extract sensitive information and pass a revoked certificate as valid. Siemens has released an update for SIMATIC TIM 1531 IRC and recommends to update to the latest versions.
08.06.2021
SIEMENS CERT
SSA-133038 V1.0: Multiple Modfem File Parsing Vulnerabilities in Simcenter Femap
Title
SSA-133038 V1.0: Multiple Modfem File Parsing Vulnerabilities in Simcenter Femap
Published
June 8, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-133038.pdf
Summary
Siemens Simcenter Femap is affected by two vulnerabilities that could be triggered when the application reads modfem files. If a user is tricked to open a malicious file with the affected application, this could lead to a crash, and potentially also to arbitrary code execution or data extraction on the ...
May 2021
29.05.2021
US CERT
AA21-148A: Sophisticated Spearphishing Campaign Targets Government Organizations, IGOs, and NGOs
Title
AA21-148A: Sophisticated Spearphishing Campaign Targets Government Organizations, IGOs, and NGOs
Published
May 29, 2021, 12:29 a.m.
URL
https://us-cert.cisa.gov/ncas/alerts/aa21-148a
Summary
Original release date: May 28, 2021 | Last revised: May 29, 2021SummaryThis Joint Cybersecurity Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework, Version 9. See the ATT&CK for Enterprise for all referenced threat actor tactics and techniques. The Cybersecurity and Infrastructure Security Agency (CISA) and the ...
28.05.2021
SIEMENS CERT
SSA-434534 V1.0: Memory Protection Bypass Vulnerability in SIMATIC S7-1200 and S7-1500 CPU Families
Title
SSA-434534 V1.0: Memory Protection Bypass Vulnerability in SIMATIC S7-1200 and S7-1500 CPU Families
Published
May 28, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-434534.pdf
Summary
SIMATIC S7-1200 and S7-1500 CPU products contain a memory protection bypass vulnerability that could allow an attacker to write arbitrary data and code to protected memory areas or read sensitive data to launch further attacks. Siemens has released updates for several affected products and strongly recommends to update to the ...
28.05.2021
BOSCH PSIRT
Several Vulnerabilities in Bosch B426, B426-CN/B429-CN, and B426-M
Title
Several Vulnerabilities in Bosch B426, B426-CN/B429-CN, and B426-M
Published
May 28, 2021, 2 a.m.
URL
https://psirt.bosch.com/security-advisories/bosch-sa-196933-bt.html
Summary

BOSCH-SA-196933-BT: A security vulnerability affects the Bosch B426, B426-CN/B429-CN, and B426-M. The vulnerability is exploitable via the network interface. Bosch rates this vulnerability at 8.0 (High) and recommends customers to update vulnerable components with fixed software versions. A second vulnerable condition was found when using http protocol, in which the ...

25.05.2021
SIEMENS CERT
SSA-119468 V1.0: Luxion KeyShot Vulnerabilities in Solid Edge
Title
SSA-119468 V1.0: Luxion KeyShot Vulnerabilities in Solid Edge
Published
May 25, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-119468.pdf
Summary
The Solid Edge installation package includes a specific version of the third-party product KeyShot from Luxion, which may not contain the latest security fixes provided by Luxion. Siemens recommends to update KeyShot according to the information in the Luxion Security Advisory LSA-394129.
19.05.2021
BOSCH PSIRT
Vulnerability in the routing protocol of the PLC runtime
Title
Vulnerability in the routing protocol of the PLC runtime
Published
May 19, 2021, 2 a.m.
URL
https://psirt.bosch.com/security-advisories/bosch-sa-350374.html
Summary

BOSCH-SA-350374: The control systems IndraMotion MTX, MLC and MLD and the ctrlX CORE PLC application contain PLC technology from Codesys GmbH. The manufacturer Codesys GmbH published a security bulletin \[1\] about a weakness in the routing protocol for the communication between the PLC runtime and clients. By exploiting the vulnerability, ...

17.05.2021
SIEMENS CERT
SSA-622830 V1.2 (Last Update: 2021-05-17): Multiple File Parsing Vulnerabilities in JT2Go and Teamcenter Visualization before V...
Title
SSA-622830 V1.2 (Last Update: 2021-05-17): Multiple File Parsing Vulnerabilities in JT2Go and Teamcenter Visualization before V13.1.0
Published
May 17, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf
Summary
Siemens has released version V13.1.0 for JT2Go and Teamcenter Visualization to fix multiple vulnerabilities that could be triggered when the products read files in different file formats (JT, XML, CG4, CGM, PDF, RGB, SGI, TGA, PAR, PCX). If a user is tricked to opening of a malicious file with the ...
17.05.2021
SIEMENS CERT
SSA-695540 V1.0: ASM and PAR File Parsing Vulnerabilities in JT2Go and Teamcenter Visualization before V13.1.0.2
Title
SSA-695540 V1.0: ASM and PAR File Parsing Vulnerabilities in JT2Go and Teamcenter Visualization before V13.1.0.2
Published
May 17, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-695540.pdf
Summary
Siemens has released version V13.1.0.2 for JT2Go and Teamcenter Visualization to fix multiple vulnerabilities that could be triggered when the products read files in ASM and PAR file formats. If a user is tricked to opening of a malicious file with the affected products, this could lead to application crash, ...
17.05.2021
SIEMENS CERT
SSA-663999 V1.1 (Last Update: 2021-05-17): Multiple File Parsing Vulnerabilities in JT2Go and Teamcenter Visualization before V...
Title
SSA-663999 V1.1 (Last Update: 2021-05-17): Multiple File Parsing Vulnerabilities in JT2Go and Teamcenter Visualization before V13.1.0.1
Published
May 17, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf
Summary
Siemens has released version V13.1.0.1 for JT2Go and Teamcenter Visualization to fix multiple vulnerabilities that could be triggered when the products read files in different file formats (BMP, TIFF, CGM, TGA, PCT, HPG, PLT, RAS, PAR, ASM, DXF, DWG). If a user is tricked to opening of a malicious file ...
11.05.2021
US CERT
AA21-131A: DarkSide Ransomware: Best Practices for Preventing Business Disruption from Ransomware Attacks
Title
AA21-131A: DarkSide Ransomware: Best Practices for Preventing Business Disruption from Ransomware Attacks
Published
May 11, 2021, 9 p.m.
URL
https://us-cert.cisa.gov/ncas/alerts/aa21-131a
Summary
Original release date: May 11, 2021 | Last revised: May 20, 2021SummaryThis Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework, Version 9. See the ATT&CK for Enterprise for all referenced threat actor tactics and techniques. The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau ...
11.05.2021
SIEMENS CERT
SSA-983548 V1.0: Multiple SPP File Parsing Vulnerabilities in Tecnomatix Plant Simulation
Title
SSA-983548 V1.0: Multiple SPP File Parsing Vulnerabilities in Tecnomatix Plant Simulation
Published
May 11, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-983548.pdf
Summary
Siemens Tecnomatix Plant Simulation has released an update for version V16.0 that fixes multiple vulnerabilities that could be triggered when the application reads SPP files. If a user is tricked to open a malicious file using the affected application, this could lead to a crash, and potentially also to arbitrary ...
11.05.2021
SIEMENS CERT
SSA-940818 V1.0: UltraVNC Vulnerabilities in SIMATIC HMIs/WinCC Products
Title
SSA-940818 V1.0: UltraVNC Vulnerabilities in SIMATIC HMIs/WinCC Products
Published
May 11, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-940818.pdf
Summary
UltraVNC vulnerabilities in the affected products listed below could allow remote code execution, information disclosure and Denial-of-Service attacks under certain conditions. Siemens has released updates for the affected products and recommends to update to the latest versions.
11.05.2021
SIEMENS CERT
SSA-919955 V1.0: Information Disclosure Vulnerability in Mendix Database Replication Module
Title
SSA-919955 V1.0: Information Disclosure Vulnerability in Mendix Database Replication Module
Published
May 11, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-919955.pdf
Summary
The latest update of Mendix Database Replication module fixes a infomation disclosure vulnerability. Mendix has released an update for the Mendix Database Replication module and recommends to update to the latest version.
11.05.2021
SIEMENS CERT
SSA-854248 V1.0: Information Disclosure Vulnerability in Mendix Excel Importer Module
Title
SSA-854248 V1.0: Information Disclosure Vulnerability in Mendix Excel Importer Module
Published
May 11, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-854248.pdf
Summary
The latest update of Mendix Excel Importer module fixes an infomation disclosure vulnerability. Mendix has released an update for the Mendix Excel Importer module and recommends to update to the latest version.
11.05.2021
SIEMENS CERT
SSA-752103 V1.0: Telnet Authentication Vulnerability in SINAMICS Medium Voltage Products
Title
SSA-752103 V1.0: Telnet Authentication Vulnerability in SINAMICS Medium Voltage Products
Published
May 11, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-752103.pdf
Summary
SINAMICS medium voltage products, with telnet enabled on SIMATIC comfort HMI Panels, are affected by a remote access vulnerability that could allow an attacker, under certain conditions, to gain full remote access to the HMI. Note that by default telnet is disabled, but it can be enabled on request by ...
11.05.2021
SIEMENS CERT
SSA-676775 V1.0: Denial-of-Service Vulnerability in SIMATIC NET CP 343-1 Devices
Title
SSA-676775 V1.0: Denial-of-Service Vulnerability in SIMATIC NET CP 343-1 Devices
Published
May 11, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-676775.pdf
Summary
A vulnerability in SIMATIC CP343-1 devices could allow an attacker to cause a Denial-of-Service condition on TCP port 102 of the affected devices by sending specially crafted packets. Siemens recommends specific countermeasures for products where updates are not, or not yet available.

Last Updates

BOSCH PSIRT
25.04.2025
SIEMENS CERT
17.04.2025
US CERT
01.04.2025
US CERT (ICS)
08.05.2025

By Source

Archive

2025
2024
2023
2022
2021
2020
2019
2018
2017

Feeds