September 2021
14.09.2021
SIEMENS CERT
SSA-109294 V1.0: Scene File Parsing Vulnerability in Simcenter STAR-CCM+ Viewer
Title
SSA-109294 V1.0: Scene File Parsing Vulnerability in Simcenter STAR-CCM+ Viewer
Published
Sept. 14, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-109294.pdf
Summary
Siemens Simcenter STAR-CCM+ Viewer is affected by a vulnerability that could be triggered when the application reads scene (.sce) files. If a user is tricked to open a malicious file with the affected application, this could lead to a crash, and potentially also to arbitrary code execution or data extraction ...
14.09.2021
SIEMENS CERT
SSA-462066 V2.5 (Last Update: 2021-09-14): Vulnerability known as TCP SACK PANIC in Industrial Products
Title
SSA-462066 V2.5 (Last Update: 2021-09-14): Vulnerability known as TCP SACK PANIC in Industrial Products
Published
Sept. 14, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf
Summary
Multiple industrial products are affected by a vulnerability in the kernel known as TCP SACK PANIC. The vulnerability could allow a remote attacker to cause a denial of service condition. Siemens has released updates for several affected products and recommends to update to the new versions. Siemens is preparing further ...
14.09.2021
SIEMENS CERT
SSA-538778 V1.1 (Last Update: 2021-09-14): SmartVNC Vulnerabilities in SIMATIC HMI/WinCC Products
Title
SSA-538778 V1.1 (Last Update: 2021-09-14): SmartVNC Vulnerabilities in SIMATIC HMI/WinCC Products
Published
Sept. 14, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-538778.pdf
Summary
Multiple SmartVNC vulnerabilities in the affected products listed below could allow remote code execution and Denial-of-Service attacks under certain conditions. Siemens has released updates for the affected products and recommends to update to the latest version.
14.09.2021
SIEMENS CERT
SSA-599968 V1.2 (Last Update: 2021-09-14): Denial-of-Service Vulnerability in Profinet Devices
Title
SSA-599968 V1.2 (Last Update: 2021-09-14): Denial-of-Service Vulnerability in Profinet Devices
Published
Sept. 14, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-599968.pdf
Summary
A vulnerability in affected devices could allow an attacker to perform a denial-of-service attack if a large amount of Profinet Discovery and Configuration Protocol (DCP) reset packets is sent to the affected devices. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens ...
14.09.2021
SIEMENS CERT
SSA-661034 V1.1 (Last Update: 2021-09-14): Incorrect Permission Assignment in Multiple SIMATIC Software Products
Title
SSA-661034 V1.1 (Last Update: 2021-09-14): Incorrect Permission Assignment in Multiple SIMATIC Software Products
Published
Sept. 14, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-661034.pdf
Summary
Multiple SIMATIC software products are affected by a vulnerability that could allow an attacker to change the content of certain metafiles and subsequently manipulate parameters or behaviour of devices configured by the affected software products. Siemens has released updates for several affected products and recommends to update to the latest ...
14.09.2021
SIEMENS CERT
SSA-675303 V1.1 (Last Update: 2021-09-14): WIBU Systems CodeMeter Runtime Vulnerabilities in Siemens Products
Title
SSA-675303 V1.1 (Last Update: 2021-09-14): WIBU Systems CodeMeter Runtime Vulnerabilities in Siemens Products
Published
Sept. 14, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-675303.pdf
Summary
WIBU Systems disclosed two vulnerabilities and a new release version of CodeMeter Runtime, a product provided by WIBU Systems and used in several Siemens products for license management. The vulnerabilities are described in the section “Vulnerability Classification” below and got assigned the CVE IDs CVE-2021-20093 and CVE-2021-20094. Successful exploitation of ...
14.09.2021
SIEMENS CERT
SSA-756744 V1.1 (Last Update: 2021-09-14): OS Command Injection Vulnerability in SINEC NMS
Title
SSA-756744 V1.1 (Last Update: 2021-09-14): OS Command Injection Vulnerability in SINEC NMS
Published
Sept. 14, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-756744.pdf
Summary
The latest update for SINEC NMS fixes a vulnerability that could allow an authenticated remote attacker to execute arbitrary code on the system, with system privileges, under certain conditions. Siemens has released an update for SINEC NMS and recommends to update to the latest version.
14.09.2021
SIEMENS CERT
SSA-772220 V1.2 (Last Update: 2021-09-14): OpenSSL Vulnerabilities in Industrial Products
Title
SSA-772220 V1.2 (Last Update: 2021-09-14): OpenSSL Vulnerabilities in Industrial Products
Published
Sept. 14, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-772220.pdf
Summary
OpenSSL has published a security advisory [0] about a vulnerability in OpenSSL versions 1.1.1 < 1.1.1k, that allows an unauthenticated attacker to cause a Denial-of-Service (DoS) if a maliciously crafted renegotiation message is sent. Siemens is preparing updates and recommends countermeasures for products where updates are not, or not yet ...
14.09.2021
SIEMENS CERT
SSA-780073 V1.8 (Last Update: 2021-09-14): Denial-of-Service Vulnerability in PROFINET Devices via DCE-RPC Packets
Title
SSA-780073 V1.8 (Last Update: 2021-09-14): Denial-of-Service Vulnerability in PROFINET Devices via DCE-RPC Packets
Published
Sept. 14, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-780073.pdf
Summary
Products that include the Siemens PROFINET-IO (PNIO) stack in versMions prior V06.00 are potentially affected by a denial-of-service vulnerability when multiple legitimate diagnostic package requests are sent to the DCE-RPC interface. Siemens has released updates for several affected products and recommends to update to the new versions. Siemens is preparing ...
14.09.2021
SIEMENS CERT
SSA-789208 V1.1 (Last Update: 2021-09-14): Multiple Vulnerabilities (INFRA:HALT) in Interniche IP-Stack based Low Voltage Devices
Title
SSA-789208 V1.1 (Last Update: 2021-09-14): Multiple Vulnerabilities (INFRA:HALT) in Interniche IP-Stack based Low Voltage Devices
Published
Sept. 14, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-789208.pdf
Summary
Security researchers discovered and disclosed 14 vulnerabilities in the Interniche IP stack, also known as “INFRA:HALT” vulnerabilities [0]. This advisory describes the impact to Siemens low voltage products, which are only affected by four out of the 14 vulnerabilities. Siemens has released updates for several affected products and recommends to ...
09.09.2021
US CERT (ICS)
AVEVA PCS Portal
Title
AVEVA PCS Portal
Published
Sept. 9, 2021, 4:15 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-252-01
Summary
This advisory contains mitigations for an Uncontrolled Search Path Element vulnerability in AVEVA PCS Portal sofware.
09.09.2021
US CERT (ICS)
Delta Electronics DOPSoft 2
Title
Delta Electronics DOPSoft 2
Published
Sept. 9, 2021, 4:10 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-252-02
Summary
This advisory contains mitigations for Stack-based Buffer Overflow, Out-of-Bounds Write, and Heap-based Buffer Overflow vulnerabilities in Delta Electronics DOPSoft 2 HMI editing software.
09.09.2021
US CERT (ICS)
Mitsubishi Electric Europe B.V. smartRTU and INEA ME-RTU
Title
Mitsubishi Electric Europe B.V. smartRTU and INEA ME-RTU
Published
Sept. 9, 2021, 4:05 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-252-03
Summary
This advisory is a follow-up to a CISA product update titled ICS-ALERT-19-225-01 Mitsubishi Electric Europe B.V. smartRTU and INEA ME-RTU (Update A) published September 10, 2019, on the ICS webpage on us-cert.cisa.gov. This advisory contains mitigations for OS Command Injection, Improper Access Control, Cross-site Scripting, Use of Hard-coded Credentials, Unprotected ...
09.09.2021
US CERT (ICS)
Mitsubishi Electric Multiple Products (Update C)
Title
Mitsubishi Electric Multiple Products (Update C)
Published
Sept. 9, 2021, 4 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-20-245-01
Summary
This updated advisory is a follow-up to the advisory update titled ICSA-20-245-01 Mitsubishi Electric Multiple Products (Update B) that was published May 18, 2021, to the ICS webpage on us-cert.cisa.gov. This advisory contains mitigations for a Predictable Exact Value from Previous Values vulnerability in several Mitsubishi Electric devices.
07.09.2021
US CERT (ICS)
Hitachi ABB Power Grids System Data Manager
Title
Hitachi ABB Power Grids System Data Manager
Published
Sept. 7, 2021, 4 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-250-02
Summary
This advisory contains mitigations for a Cleartext Storage of Sensitive Information vulnerability in Hitachi ABB Power Grids System Data Manager products.
02.09.2021
US CERT (ICS)
Johnson Controls Sensormatic Electronics Illustra
Title
Johnson Controls Sensormatic Electronics Illustra
Published
Sept. 2, 2021, 4:10 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-245-01
Summary
This advisory contains mitigations for an Off-by-one Error vulnerability in Johnson Controls Sensormatic Electronics Illustra camera systems.
02.09.2021
US CERT (ICS)
JTEKT TOYOPUC Products
Title
JTEKT TOYOPUC Products
Published
Sept. 2, 2021, 4:05 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-245-02
Summary
This advisory contains mitigations for a Allocation of Resources Without Limits or Throttling vulnerability in JTEKT TOYOPUC industrial system hardware products.
August 2021
31.08.2021
US CERT
AA21-243A: Ransomware Awareness for Holidays and Weekends
Title
AA21-243A: Ransomware Awareness for Holidays and Weekends
Published
Aug. 31, 2021, 7 p.m.
URL
https://us-cert.cisa.gov/ncas/alerts/aa21-243a
Summary
Original release date: August 31, 2021 | Last revised: September 2, 2021SummaryImmediate Actions You Can Take Now to Protect Against Ransomware • Make an offline backup of your data. • Do not click on suspicious links. • If you use RDP, secure and monitor it. • Update your OS and ...
31.08.2021
US CERT (ICS)
Sensormatic Electronics KT-1
Title
Sensormatic Electronics KT-1
Published
Aug. 31, 2021, 4:05 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-243-01
Summary
This advisory contains mitigations for a Use of Unmaintained Third-party Components vulnerability in Sensormatic Electronics KT-1 Ethernet-ready single-door controller.
31.08.2021
US CERT (ICS)
Philips Patient Monitoring Devices (Update A)
Title
Philips Patient Monitoring Devices (Update A)
Published
Aug. 31, 2021, 4 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsma-20-254-01
Summary
This updated advisory is a follow-up to the original advisory titled ICSMA-20-254-01 Philips Patient Monitoring Devices that was published September 10, 2020, to the ICS webpage on us-cert.cisa.gov. This advisory contains mitigations for Improper Neutralization of Formula Elements in a CSV File, Cross-site Scripting, Improper Authentication, Improper Check for Certificate ...
26.08.2021
US CERT (ICS)
Johnson Controls Controlled Electronic Management Systems CEM Systems AC2000
Title
Johnson Controls Controlled Electronic Management Systems CEM Systems AC2000
Published
Aug. 26, 2021, 4:15 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-238-01
Summary
This advisory contains mitigation for an Improper Authorization vulnerability in Johnson Controls Controlled Electronic Management Systems CEM Systems AC2000, an enterprise access control and integrated security management system.​​​​
26.08.2021
US CERT (ICS)
Annke Network Video Recorder
Title
Annke Network Video Recorder
Published
Aug. 26, 2021, 4:10 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-238-02
Summary
This advisory contains mitigation for a Stack-based Buffer Overflow vulnerability in the Annke N48PBB Network Video Recorder.
26.08.2021
US CERT (ICS)
Delta Electronics DIAEnergie
Title
Delta Electronics DIAEnergie
Published
Aug. 26, 2021, 4:05 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-238-03
Summary
This advisory contains mitigations for Use of Password Hash with Insufficient Computational Effort, Incorrect Authorization, Unrestricted Upload of File with Dangerous Type, SQL Injection, and Cross-site Request Forgery vulnerabilities in the Delta Electronics DIAEnergie industrial energy management system.
24.08.2021
US CERT (ICS)
Hitachi ABB Power Grids TropOS
Title
Hitachi ABB Power Grids TropOS
Published
Aug. 24, 2021, 4:15 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-236-01
Summary
This advisory contains mitigations for Injection, Inadequate Encryption Strength, Missing Authentication for Critical Function, Improper Authentication, Improper Validation of Integrity Check Value, and Improper Input Validation vulnerabilities in Hitachi ABB Power Grids TropOS firmware.
19.08.2021
SIEMENS CERT
SSA-816035 V1.0: Code Execution Vulnerability in SINEMA Remote Connect Client
Title
SSA-816035 V1.0: Code Execution Vulnerability in SINEMA Remote Connect Client
Published
Aug. 19, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-816035.pdf
Summary
The latest update for SINEMA Remote Connect Client fixes a vulnerability that could allow a local attacker to escalate privileges or even allow remote code execution under certain circumstances. Siemens has released a firmware update for SINEMA Remote Connect Client and proposes mitigations if an update is not possible.

Last Updates

BOSCH PSIRT
14.08.2025
SIEMENS CERT
26.08.2025
US CERT
25.08.2025
US CERT (ICS)
04.09.2025

By Source

Archive

2025
2024
2023
2022
2021
2020
2019
2018
2017

Feeds