July 2024
18.07.2024
US CERT (ICS)
Mitsubishi Electric MELSOFT MaiLab
Title
Mitsubishi Electric MELSOFT MaiLab
Published
July 18, 2024, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-24-200-01
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.2 ATTENTION: Exploitable remotely Vendor: Mitsubishi Electric Corporation Equipment: MELSOFT MaiLab Vulnerability: Improper Verification of Cryptographic Signature 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote attacker to cause a denial-of-service condition in the target product. 3. TECHNICAL DETAILS 3.1 ...
18.07.2024
US CERT (ICS)
Subnet Solutions PowerSYSTEM Center
Title
Subnet Solutions PowerSYSTEM Center
Published
July 18, 2024, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-24-200-02
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Subnet Solutions Inc. Equipment: Subnet PowerSYSTEM Center Vulnerability: Prototype Pollution 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an authenticated attacker to elevate permissions. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of ...
16.07.2024
US CERT (ICS)
Rockwell Automation Pavilion 8
Title
Rockwell Automation Pavilion 8
Published
July 16, 2024, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-24-198-01
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: Pavilion 8 Vulnerability: Incorrect Permission Assignment for Critical Resource 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to create new users and view sensitive data. 3. TECHNICAL DETAILS 3.1 ...
11.07.2024
US CERT (ICS)
Siemens JT Open and PLM XML SDK
Title
Siemens JT Open and PLM XML SDK
Published
July 11, 2024, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-24-193-10
Summary
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).View CSAF 1. EXECUTIVE SUMMARY CVSS ...
11.07.2024
US CERT (ICS)
Siemens SIMATIC and SIMIT
Title
Siemens SIMATIC and SIMIT
Published
July 11, 2024, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-24-193-07
Summary
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).View CSAF 1. EXECUTIVE SUMMARY CVSS ...
11.07.2024
US CERT (ICS)
Siemens RUGGEDCOM APE 1808
Title
Siemens RUGGEDCOM APE 1808
Published
July 11, 2024, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-24-193-02
Summary
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).View CSAF 1. EXECUTIVE SUMMARY CVSS ...
11.07.2024
US CERT (ICS)
Siemens TIA Portal and SIMATIC STEP 7
Title
Siemens TIA Portal and SIMATIC STEP 7
Published
July 11, 2024, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-24-193-12
Summary
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).View CSAF 1. EXECUTIVE SUMMARY CVSS ...
11.07.2024
US CERT (ICS)
Siemens Remote Connect Server
Title
Siemens Remote Connect Server
Published
July 11, 2024, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-24-193-01
Summary
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).View CSAF 1. EXECUTIVE SUMMARY CVSS ...
11.07.2024
US CERT (ICS)
Siemens SCALANCE, RUGGEDCOM, SIPLUS, and SINEC
Title
Siemens SCALANCE, RUGGEDCOM, SIPLUS, and SINEC
Published
July 11, 2024, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-24-193-05
Summary
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).View CSAF 1. EXECUTIVE SUMMARY CVSS ...
11.07.2024
US CERT (ICS)
Siemens RUGGEDCOM
Title
Siemens RUGGEDCOM
Published
July 11, 2024, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-24-193-06
Summary
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).View CSAF 1. EXECUTIVE SUMMARY CVSS ...
09.07.2024
US CERT
CISA Red Team’s Operations Against a Federal Civilian Executive Branch Organization Highlights the Necessity of Defense-in-Depth
Title
CISA Red Team’s Operations Against a Federal Civilian Executive Branch Organization Highlights the Necessity of Defense-in-Depth
Published
July 9, 2024, 4:09 p.m.
URL
https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-193a
Summary
EXECUTIVE SUMMARY In early 2023, the Cybersecurity and Infrastructure Security Agency (CISA) conducted a SILENTSHIELD red team assessment against a Federal Civilian Executive Branch (FCEB) organization. During SILENTSHIELD assessments, the red team first performs a no-notice, long-term simulation of nation-state cyber operations. The team mimics the techniques, tradecraft, and behaviors ...
09.07.2024
US CERT (ICS)
Mitsubishi Electric MELIPC Series MI5122-VW
Title
Mitsubishi Electric MELIPC Series MI5122-VW
Published
July 9, 2024, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-24-191-02
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Low attack complexity Vendor: Mitsubishi Electric Equipment: MI5122-VW Vulnerability: Incorrect Default Permissions 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to tamper with, destroy, disclose, or delete information in the product, or cause a denial-of-service (DoS) condition ...
09.07.2024
US CERT (ICS)
Johnson Controls Software House C●CURE 9000
Title
Johnson Controls Software House C●CURE 9000
Published
July 9, 2024, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-24-191-05
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.7 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Johnson Controls Inc. Equipment: Software House C●CURE 9000 Vulnerability: Incorrect Default Permissions 2. RISK EVALUATION Successful exploitation of this vulnerability may allow an attacker to access credentials used for access to the application. 3. TECHNICAL DETAILS ...
09.07.2024
US CERT (ICS)
Johnson Controls Illustra Pro Gen 4
Title
Johnson Controls Illustra Pro Gen 4
Published
July 9, 2024, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-24-191-03
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.0 ATTENTION: Exploitable remotely Vendor: Johnson Controls, Inc. Equipment: Illustra Pro Gen 4 Vulnerability: Dependency on Vulnerable Third-Party Component 2. RISK EVALUATION Successful exploitation of this vulnerability could impact confidentiality and integrity of the device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Johnson Controls ...
09.07.2024
US CERT (ICS)
Delta Electronics CNCSoft-G2
Title
Delta Electronics CNCSoft-G2
Published
July 9, 2024, 2 p.m.
URL
https://www.cisa.gov/news-events/ics-advisories/icsa-24-191-01
Summary
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION: Low attack complexity Vendor: Delta Electronics Equipment: CNCSoft-G2 Vulnerabilities: Stack-based Buffer Overflow, Out-of-bounds Write, Out-of-bounds Read, Heap-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of these vulnerabilities could cause a buffer overflow condition and allow remote code execution. 3. TECHNICAL DETAILS ...
09.07.2024
SIEMENS CERT
SSA-928781 V1.0: Multiple Vulnerabilities in SINEMA Remote Connect Server before V3.2 HF1
Title
SSA-928781 V1.0: Multiple Vulnerabilities in SINEMA Remote Connect Server before V3.2 HF1
Published
July 9, 2024, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-928781.html
Summary
SINEMA Remote Connect Server before V3.2 HF1 is affected by multiple vulnerabilities. Siemens has released a new version for SINEMA Remote Connect Server and recommends to update to the latest version.
09.07.2024
SIEMENS CERT
SSA-962515 V1.1 (Last Update: 2024-07-09): Out of Bounds Read Vulnerability in Industrial Products
Title
SSA-962515 V1.1 (Last Update: 2024-07-09): Out of Bounds Read Vulnerability in Industrial Products
Published
July 9, 2024, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-962515.html
Summary
Several industrial products contain an out of bounds read vulnerability that could allow an attacker to cause a Blue Screen of Death (BSOD) crash of the underlying Windows kernel, leading to denial of service condition. Siemens has released new versions for several affected products and recommends to update to the ...
09.07.2024
SIEMENS CERT
SSA-686975 V1.4 (Last Update: 2024-07-09): IPU 2022.3 Vulnerabilities in Siemens Industrial Products using Intel CPUs
Title
SSA-686975 V1.4 (Last Update: 2024-07-09): IPU 2022.3 Vulnerabilities in Siemens Industrial Products using Intel CPUs
Published
July 9, 2024, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-686975.html
Summary
Intel has published information on vulnerabilities in Intel products in November 2022. This advisory lists the related Siemens Industrial products affected by these vulnerabilities that can be patched by applying the corresponding BIOS update (“2022.3 IPU – BIOS Advisory” Intel-SA-00688). Siemens is preparing updates and recommends specific countermeasures for products ...
09.07.2024
SIEMENS CERT
SSA-832273 V1.4 (Last Update: 2024-07-09): Multiple Vulnerabilities in Fortigate NGFW before V7.4.3 on RUGGEDCOM APE1808 devices
Title
SSA-832273 V1.4 (Last Update: 2024-07-09): Multiple Vulnerabilities in Fortigate NGFW before V7.4.3 on RUGGEDCOM APE1808 devices
Published
July 9, 2024, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-832273.html
Summary
Fortinet has published information on vulnerabilities in FORTIOS. This advisory lists the related Siemens Industrial products. Siemens has released a new version of Fortigate NGFW for RUGGEDCOM APE1808 and recommends to update to the latest version. Siemens recommends to consult and implement the workarounds provided in Fortinet’s upstream security notifications.
09.07.2024
SIEMENS CERT
SSA-883918 V1.0: Information Disclosure Vulnerability in SIMATIC WinCC
Title
SSA-883918 V1.0: Information Disclosure Vulnerability in SIMATIC WinCC
Published
July 9, 2024, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-883918.html
Summary
Multiple versions of SIMATIC WinCC and SIMATIC PCS 7 do not properly handle certain requests to their web application (WinCC WebNavigator, PCS 7 Web Serser, and PCS 7 Web Diagnostics Server), which may lead to the leak of privileged information. This could allow an unauthenticated remote attacker to retrieve information ...
09.07.2024
SIEMENS CERT
SSA-593272 V2.2 (Last Update: 2024-07-09): SegmentSmack in Interniche IP-Stack based Industrial Devices
Title
SSA-593272 V2.2 (Last Update: 2024-07-09): SegmentSmack in Interniche IP-Stack based Industrial Devices
Published
July 9, 2024, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-593272.html
Summary
A vulnerability exists in affected products that could allow remote attackers to affect the availability of the devices under certain conditions. The underlying TCP stack can be forced to make very computation expensive calls for every incoming packet which can lead to a Denial-of-Service. Siemens has released new versions for ...
09.07.2024
SIEMENS CERT
SSA-998949 V1.0: Hard-coded Default Encryption Key in Mendix Encryption Module V10.0.0 and V10.0.1
Title
SSA-998949 V1.0: Hard-coded Default Encryption Key in Mendix Encryption Module V10.0.0 and V10.0.1
Published
July 9, 2024, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-998949.html
Summary
The Mendix Encryption module versions V10.0.0 and V10.0.1 define a specific hard-coded default value for the EncryptionKey constant, which is used in projects where no individual EncryptionKey was specified. This could allow to an attacker to decrypt any encrypted project data, as the default encryption key can be considered compromised. ...
09.07.2024
SIEMENS CERT
SSA-981975 V1.2 (Last Update: 2024-07-09): Information Disclosure Vulnerability in Intel-CPUs (CVE-2022-40982) Impacting SIMATI...
Title
SSA-981975 V1.2 (Last Update: 2024-07-09): Information Disclosure Vulnerability in Intel-CPUs (CVE-2022-40982) Impacting SIMATIC IPCs
Published
July 9, 2024, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-981975.html
Summary
Several Intel-CPU based SIMATIC IPCs are affected by an information exposure vulnerability (CVE-2022-40982) in the CPU that could allow an authenticated local user to potentially read other users’ data [1]. The issue is also known as “Gather Data Sampling” (GDS) or Downfall Attacks. For details refer to the chapter “Additional ...
09.07.2024
SIEMENS CERT
SSA-825651 V1.0: Deserialization Vulnerability in SIMATIC STEP 7 (TIA Portal) before V18 Update 2
Title
SSA-825651 V1.0: Deserialization Vulnerability in SIMATIC STEP 7 (TIA Portal) before V18 Update 2
Published
July 9, 2024, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-825651.html
Summary
Affected applications do not properly restrict the .NET BinaryFormatter when deserializing user-controllable input. This could allow an attacker to cause a type confusion and execute arbitrary code within the affected application. Siemens has released a new version for SIMATIC STEP 7 (TIA Portal) V18 and recommends to update to the ...
09.07.2024
SIEMENS CERT
SSA-868282 V1.0: Multiple Vulnerabilities in SINEMA Remote Connect Client before V3.2 HF1
Title
SSA-868282 V1.0: Multiple Vulnerabilities in SINEMA Remote Connect Client before V3.2 HF1
Published
July 9, 2024, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-868282.html
Summary
SINEMA Remote Connect Server before V3.2 HF1 is affected by multiple vulnerabilities. Siemens has released a new version for SINEMA Remote Connect Client and recommends to update to the latest version.

Last Updates

BOSCH PSIRT
31.10.2024
SIEMENS CERT
22.11.2024
US CERT
08.11.2024
US CERT (ICS)
21.11.2024

By Source

Archive

2024
2023
2022
2021
2020
2019
2018
2017

Feeds