July 2021
13.07.2021
SIEMENS CERT
SSA-373591 V1.0: Buffer Overflow Vulnerability in RUGGEDCOM ROS Devices
Title
SSA-373591 V1.0: Buffer Overflow Vulnerability in RUGGEDCOM ROS Devices
Published
July 13, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-373591.pdf
Summary
The latest update for RUGGEDCOM ROS devices fixes a buffer overflow vulnerability in the third party component that could allow an attacker with network access to an affected device to cause a remote code execution condition. Siemens has released updates for the affected products and recommends to update to the ...
13.07.2021
SIEMENS CERT
SSA-641963 V1.0: Remote Code Execution Vulnerability in Multiple SIMATIC Software Products
Title
SSA-641963 V1.0: Remote Code Execution Vulnerability in Multiple SIMATIC Software Products
Published
July 13, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-641963.pdf
Summary
Multiple SIMATIC Software products are affected by a vulnerability that could allow an attacker to manipulate project files and remotely execute code. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not, or not ...
13.07.2021
SIEMENS CERT
SSA-324955 V1.2 (Last Update: 2021-07-13): SAD DNS Attack in Linux Based Products
Title
SSA-324955 V1.2 (Last Update: 2021-07-13): SAD DNS Attack in Linux Based Products
Published
July 13, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-324955.pdf
Summary
A vulnerability made public under the name SAD DNS affects Domain Name System resolvers due to a vulnerability in the Linux kernel when handling ICMP packets. The Siemens products which are affected are listed below. For more information please see https://www.saddns.net/. Siemens has released updates for several affected products and ...
13.07.2021
SIEMENS CERT
SSB-439005 V3.5 (Last Update: 2021-07-13): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 151...
Title
SSB-439005 V3.5 (Last Update: 2021-07-13): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP
Published
July 13, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssb-439005.pdf
Summary
13.07.2021
SIEMENS CERT
SSA-462066 V2.4 (Last Update: 2021-07-13): Vulnerability known as TCP SACK PANIC in Industrial Products
Title
SSA-462066 V2.4 (Last Update: 2021-07-13): Vulnerability known as TCP SACK PANIC in Industrial Products
Published
July 13, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf
Summary
Multiple industrial products are affected by a vulnerability in the kernel known as TCP SACK PANIC. The vulnerability could allow a remote attacker to cause a denial of service condition. Siemens has released updates for several affected products and recommends to update to the new versions. Siemens is preparing further ...
13.07.2021
SIEMENS CERT
SSA-434535 V1.0: Memory Protection Bypass Vulnerability in SINAMICS PERFECT HARMONY GH180 Drives
Title
SSA-434535 V1.0: Memory Protection Bypass Vulnerability in SINAMICS PERFECT HARMONY GH180 Drives
Published
July 13, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-434535.pdf
Summary
Several models of SINAMICS PERFECT HARMONY GH180 Drives are affected by a memory protection bypass vulnerability in the integrated S7-1500 or S7-1200 CPU that could allow an attacker to write arbitrary data and code to protected memory areas or read sensitive data to launch further attacks on the CPU. Siemens ...
13.07.2021
SIEMENS CERT
SSA-483182 V1.0: Multiple File Parsing Vulnerabilities in JT2Go and Teamcenter Visualization before V13.2
Title
SSA-483182 V1.0: Multiple File Parsing Vulnerabilities in JT2Go and Teamcenter Visualization before V13.2
Published
July 13, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf
Summary
Siemens has released version V13.2 for JT2Go and Teamcenter Visualization to fix multiple vulnerabilities that could be triggered when the products read files in different file formats (GIF, TIFF, BMP, J2K, JT, SGI, PDF, PCT, PCX, PAR and ASM ). If a user is tricked to opening of a malicious ...
13.07.2021
SIEMENS CERT
SSA-841348 V1.8 (Last Update: 2021-07-13): Multiple Vulnerabilities in the UMC Stack
Title
SSA-841348 V1.8 (Last Update: 2021-07-13): Multiple Vulnerabilities in the UMC Stack
Published
July 13, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf
Summary
The latest update for the below listed products fixes two security vulnerabilities that could allow an attacker to cause a partial Denial-of-Service on the UMC component of the affected devices under certain circumstances, and one vulnerability that could allow an attacker to locally escalate privileges from a user with administrative ...
01.07.2021
US CERT (ICS)
Sensormatic Electronics C-CURE 9000
Title
Sensormatic Electronics C-CURE 9000
Published
July 1, 2021, 4:20 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-182-02
Summary
This advisory contains mitigations for an Improper Input Validation vulnerability in Sensormatic Electronics C-CURE 9000 industrial software.
01.07.2021
US CERT (ICS)
Delta Electronics DOPSoft
Title
Delta Electronics DOPSoft
Published
July 1, 2021, 4:15 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-182-03
Summary
This advisory contains mitigations for Out-of-bounds Read vulnerabilities in Delta Electronics DOPSoft software.
01.07.2021
US CERT (ICS)
Mitsubishi Electric Air Conditioning System
Title
Mitsubishi Electric Air Conditioning System
Published
July 1, 2021, 4:10 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-182-04
Summary
This advisory contains mitigations for an Incorrect Implementation of Authentication Algorithm vulnerability in Mitsubishi Electric air conditioning systems.
01.07.2021
US CERT (ICS)
Mitsubishi Electric Air Conditioning Systems
Title
Mitsubishi Electric Air Conditioning Systems
Published
July 1, 2021, 4:05 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-182-05
Summary
This advisory contains mitigations for an Improper Restriction of XML External Entity Reference vulnerability in Mitsubishi Electric Air Conditioning Systems.
01.07.2021
US CERT (ICS)
All Bachmann M1 System Processor Modules
Title
All Bachmann M1 System Processor Modules
Published
July 1, 2021, 4 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-026-01-0
Summary
This updated advisory is a follow-up to the advisory titled ICSA-21-026-01P All Bachmann M1 System Processor Modules, posted to the HSIN ICS library on January 26, 2021. This advisory is now being released to the ICS webpage on us-cert.cisa.gov. This advisory contains mitigations for a Use of Password Hash with ...
June 2021
29.06.2021
US CERT (ICS)
Exacq Technologies exacqVision Web Service
Title
Exacq Technologies exacqVision Web Service
Published
June 29, 2021, 4:25 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-180-01
Summary
This advisory contains mitigations for a Cross-site Scripting vulnerability in Exacq Technologies exacqVision Web Service software.
29.06.2021
US CERT (ICS)
Exacq Technologies exacqVision Enterprise Manager
Title
Exacq Technologies exacqVision Enterprise Manager
Published
June 29, 2021, 4:20 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-180-02
Summary
This advisory contains mitigations for a Cross-site Scripting vulnerability in Exacq Technologies exacqVision Enterprise Manager software.
29.06.2021
US CERT (ICS)
Panasonic FPWIN Pro
Title
Panasonic FPWIN Pro
Published
June 29, 2021, 4:15 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-180-03
Summary
This advisory contains mitigations for an Improper Restriction of XML External Entity Reference vulnerability in Panasonic FPWIN Pro programming control software.
29.06.2021
US CERT (ICS)
JTEKT TOYOPUC PLC
Title
JTEKT TOYOPUC PLC
Published
June 29, 2021, 4:10 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-180-04
Summary
This advisory contains mitigations for an Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in the JTEKT TOYOPUC programmable logic controller (PLC).
22.06.2021
US CERT (ICS)
CODESYS V2 web server
Title
CODESYS V2 web server
Published
June 22, 2021, 4:10 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-173-02
Summary
This advisory contains mitigations for Stack-based Buffer Overflow, Improper Access Control, Buffer Copy without Checking Size of Input, Improperly Implemented Security Check, Out-of-bounds Write, and Out-of-bounds Read vulnerabilities in CODESYS V2 web servers.
22.06.2021
US CERT (ICS)
CODESYS Control V2 communication
Title
CODESYS Control V2 communication
Published
June 22, 2021, 4:05 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-173-03
Summary
This advisory contains mitigations for Stack-based Buffer Overflow, Heap-based Buffer Overflow, and Improper Input Validation vulnerabilities in CODESYS V2 runtime systems software
22.06.2021
US CERT (ICS)
CODESYS Control V2 Linux SysFile library
Title
CODESYS Control V2 Linux SysFile library
Published
June 22, 2021, 4 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-173-04
Summary
This advisory contains mitigations for an OS Command Injection vulnerability in CODESYS V2 Runtime Toolkit software.
17.06.2021
US CERT (ICS)
Schneider Electric Enerlin'X Com’X 510
Title
Schneider Electric Enerlin'X Com’X 510
Published
June 17, 2021, 4:20 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-168-01
Summary
This advisory contains mitigations for a Improper Privilege Management vulnerability in Schneider Electric Enerlin'X Com’X 510 energy servers.
17.06.2021
US CERT (ICS)
Softing OPC-UA C++ SDK
Title
Softing OPC-UA C++ SDK
Published
June 17, 2021, 4:15 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-168-02
Summary
This advisory contains mitigations for an Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in the Softing OPC-UA C++ Software Development Kit (SDK).
17.06.2021
US CERT (ICS)
WAGO M&M Software fdtCONTAINER (Update C)
Title
WAGO M&M Software fdtCONTAINER (Update C)
Published
June 17, 2021, 4:05 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-021-05
Summary
This updated advisory is a follow-up to the advisory update titled ICSA-21-021-05 WAGO M&M Software fdtCONTAINER (Update B) that was published February 16, 2021, to the ICS webpage on us-cert.cisa.gov. This advisory contains mitigations for a Deserialization of Untrusted Data vulnerability in the M&M (a WAGO subsidiary) fdtCONTAINER application.
17.06.2021
US CERT (ICS)
Rockwell Automation ISaGRAF5 Runtime (Update A)
Title
Rockwell Automation ISaGRAF5 Runtime (Update A)
Published
June 17, 2021, 4 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-20-280-01
Summary
This updated advisory is a follow-up to the portal-to-web advisory titled ICSA-20-280-01P Rockwell Automation ISaGRAF5 Runtime. This advisory was originally posted to the HSIN ICS library on October 6, 2020, and was then published as ICSA-20-280-01 Rockwell Automation ISaGRAF5 Runtime to the ICS webpage on us-cert.cisa.gov on June 8, 2021. ...
15.06.2021
US CERT (ICS)
ThroughTek P2P SDK
Title
ThroughTek P2P SDK
Published
June 15, 2021, 4:10 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-166-01
Summary
This advisory contains mitigations for a Cleartext Transmission of Sensitive Information vulnerability in ThroughTek P2P Software Development Kit (SDK).

Last Updates

BOSCH PSIRT
14.08.2025
SIEMENS CERT
09.09.2025
US CERT
25.08.2025
US CERT (ICS)
11.09.2025

By Source

Archive

2025
2024
2023
2022
2021
2020
2019
2018
2017

Feeds