SIEMENS CERT
01/11/2022
SICAM A8000 devices are impacted by two vulnerabilities. The first one could allow a privileged user to enable a debug port with default credentials. The second vulnerability could allow unauthenticated access to certain previously created log files. Siemens has released updates for the affected products and recommends to update to …
SIEMENS CERT
01/11/2022
Multiple vulnerabilities (also known as “NUCLEUS:13”) have been identified in the Nucleus RTOS (real-time operating system) and reported in the Siemens Security Advisory SSA-044112: https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf. PLUSCONTROL 1st Gen devices are affected by some of the vulnerabilities as documented below. Siemens Energy recommends specific countermeasures for products where updates are not …
SIEMENS CERT
01/11/2022
An information disclosure vulnerability in SIPROTEC 5 products could allow an unauthenticated attacker to read device information. Only devices with the hardware variants CP050, CP100 and CP300 are affected. The DIGSI engineering tool can be used to identify the hardware version of your devices. Siemens has released updates for the …
SIEMENS CERT
01/11/2022
SICAM PQ Analyzer uses an unquoted registry entry and is thus vulnerable to an unquoted search path vulnerability. Siemens has released an update for the SICAM PQ Analyzer and recommends to update to the latest version.
SIEMENS CERT
01/05/2022
On 2021-12-09, a vulnerability in Apache Log4j (a logging tool used in many Java-based applications) was disclosed, that could allow remote unauthenticated attackers to execute code on vulnerable systems. The vulnerability is tracked as CVE-2021-44228 and is also known as “Log4Shell”. On 2021-12-14 an additional denial of service vulnerability (CVE-2021-45046) …
SIEMENS CERT
12/28/2021
Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) contain a vulnerability (CVE-2021-44832) that could allow an attacker with permission to modify the logging configuration file to execute arbitrary code, when the JDBC Appender is used [1]. This advisory informs about the impact of CVE-2021-44832 to …
SIEMENS CERT
12/28/2021
On 2021-12-09, a vulnerability in Apache Log4j (a logging tool used in many Java-based applications) was disclosed, that could allow remote unauthenticated attackers to execute code on vulnerable systems. The vulnerability is tracked as CVE-2021-44228 and is also known as “Log4Shell”. On 2021-12-14 an additional denial of service vulnerability (CVE-2021-45046) …
SIEMENS CERT
12/27/2021
On 2021-12-09, a vulnerability in Apache Log4j (a logging tool used in many Java-based applications) was disclosed, that could allow remote unauthenticated attackers to execute code on vulnerable systems. The vulnerability is tracked as CVE-2021-44228 and is also known as “Log4Shell”. On 2021-12-14 an additional denial of service vulnerability (CVE-2021-45046) …