Bulletins | CERT@VDE

Siemens Mendix Studio Pro

Title

Siemens Mendix Studio Pro

Published

Nov. 16, 2023, 1 p.m.

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-23-320-11

Summary

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY ...

Siemens Mendix Runtime

Title

Siemens Mendix Runtime

Published

Nov. 16, 2023, 1 p.m.

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-23-320-04

Summary

https://www.cisa.gov/news-events/ics-advisories/icsa-23-320-01

Red Lion Sixnet RTUs

Title

Red Lion Sixnet RTUs

Published

Nov. 16, 2023, 1 p.m.

URL

Summary

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Red Lion Equipment: Sixnet RTU Vulnerabilities: Authentication Bypass using an Alternative Path or Channel, Exposed Dangerous Method or Function 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an unauthenticated attacker to execute commands with ...

Siemens SCALANCE Family Products

Title

Siemens SCALANCE Family Products

Published

Nov. 16, 2023, 1 p.m.

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-23-320-08

Summary

Siemens SIMATIC PCS neo

Title

Siemens SIMATIC PCS neo

Published

Nov. 16, 2023, 1 p.m.

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-23-320-06

Summary

Siemens OPC UA Modeling Editor (SiOME)

Title

Siemens OPC UA Modeling Editor (SiOME)

Published

Nov. 16, 2023, 1 p.m.

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-23-320-07

Summary

Siemens RUGGEDCOM APE1808 Devices

Title

Siemens RUGGEDCOM APE1808 Devices

Published

Nov. 16, 2023, 1 p.m.

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-23-320-14

Summary

15.11.2023

US CERT

Scattered Spider

Title

Scattered Spider

Published

Nov. 15, 2023, 3:55 p.m.

URL

https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-320a

Summary

SUMMARY The Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint Cybersecurity Advisory (CSA) in response to recent activity by Scattered Spider threat actors against the commercial facilities sectors and subsectors. This advisory provides tactics, techniques, and procedures (TTPs) obtained through FBI investigations ...

#StopRansomware: Rhysida Ransomware

US CERT

Title

#StopRansomware: Rhysida Ransomware

Published

Nov. 14, 2023, 5:45 p.m.

URL

https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-319a

Summary

SUMMARY Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders detailing various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect ...

Rockwell Automation SIS Workstation and ISaGRAF Workbench

Title

Rockwell Automation SIS Workstation and ISaGRAF Workbench

Published

Nov. 14, 2023, 1 p.m.

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-23-318-02

Summary

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Rockwell Automation Equipment: SIS Workstation and ISaGRAF Workbench Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow unprivileged local users to overwrite files replacing them with malicious programs. 3. TECHNICAL DETAILS 3.1 ...

AVEVA Operations Control Logger

Title

AVEVA Operations Control Logger

Published

Nov. 14, 2023, 1 p.m.

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-23-318-01

Summary

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: AVEVA Equipment: Operations Control Logger Vulnerabilities: Execution with Unnecessary Privileges, External Control of File Name or Path 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow privilege escalation or denial of service. 3. TECHNICAL DETAILS 3.1 ...

SSA-794697 V1.4 (Last Update: 2023-11-14): Vulnerabilities in the Linux Kernel of the SIMATIC S7-1500 TM MFP V1.0

Title

SSA-794697 V1.4 (Last Update: 2023-11-14): Vulnerabilities in the Linux Kernel of the SIMATIC S7-1500 TM MFP V1.0

Published

Nov. 14, 2023, 1 a.m.

URL

https://cert-portal.siemens.com/productcert/html/ssa-794697.html

Summary

Multiple vulnerabilities have been identified in the Linux Kernel of the SIMATIC S7-1500 TM MFP V1.0. Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available.

SSA-840800 V1.4 (Last Update: 2023-11-14): Code Injection Vulnerability in RUGGEDCOM ROS

Title

SSA-840800 V1.4 (Last Update: 2023-11-14): Code Injection Vulnerability in RUGGEDCOM ROS

Published

Nov. 14, 2023, 1 a.m.

URL

https://cert-portal.siemens.com/productcert/html/ssa-840800.html

Summary

RUGGEDCOM ROS-based devices are vulnerable to a web-based code injection attack. To execute this attack, it is necessary to access the system via the Command Line Interface (CLI). Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products ...

SSA-764417 V1.8 (Last Update: 2023-11-14): Weak Encryption Vulnerability in RUGGEDCOM ROS Devices

Title

SSA-764417 V1.8 (Last Update: 2023-11-14): Weak Encryption Vulnerability in RUGGEDCOM ROS Devices

Published

Nov. 14, 2023, 1 a.m.

URL

https://cert-portal.siemens.com/productcert/html/ssa-764417.html

Summary

The SSH server on RUGGEDCOM ROS devices is configured to offer weak ciphers by default. This could allow an unauthorized attacker in a man-in-the-middle position to read and modify any data passed over the connection between legitimate clients and the affected device. Siemens has released updates for the affected products ...

SSA-099606 V1.0: Multiple Vulnerabilities in SIMATIC MV500 before V3.3.5

Title

SSA-099606 V1.0: Multiple Vulnerabilities in SIMATIC MV500 before V3.3.5

Published

Nov. 14, 2023, 1 a.m.

URL

https://cert-portal.siemens.com/productcert/html/ssa-099606.html

Summary

SIMATIC MV500 before V3.3.5 is affected by multiple vulnerabilities. Siemens has released an update for SIMATIC MV500 and recommends to update to the latest version.

SSA-887122 V1.0: X_T File Parsing Vulnerabilities in Simcenter Femap

Title

SSA-887122 V1.0: X_T File Parsing Vulnerabilities in Simcenter Femap

Published

Nov. 14, 2023, 1 a.m.

URL

https://cert-portal.siemens.com/productcert/html/ssa-887122.html

Summary

Simcenter Femap is affected by out of bounds write vulnerabilities that could be triggered when the application reads files in X_T format. If a user is tricked to open a malicious file with the affected applications, an attacker could leverage the vulnerability to perform remote code execution in the context ...

SSA-787941 V1.4 (Last Update: 2023-11-14): Denial of Service Vulnerability in RUGGEDCOM ROS devices

Title

SSA-787941 V1.4 (Last Update: 2023-11-14): Denial of Service Vulnerability in RUGGEDCOM ROS devices

Published

Nov. 14, 2023, 1 a.m.

URL

https://cert-portal.siemens.com/productcert/html/ssa-787941.html

Summary

RUGGEDCOM ROS-based devices are vulnerable to a denial of service attack (Slowloris). By sending partial HTTP requests nonstop, with none completed, the affected web servers will be waiting for the completion of each request, occupying all available HTTP connections. The web server recovers by itself once the attack ends. Siemens ...

SSA-908185 V1.1 (Last Update: 2023-11-14): Mirror Port Isolation Vulnerability in RUGGEDCOM ROS Devices

Title

SSA-908185 V1.1 (Last Update: 2023-11-14): Mirror Port Isolation Vulnerability in RUGGEDCOM ROS Devices

Published

Nov. 14, 2023, 1 a.m.

URL

https://cert-portal.siemens.com/productcert/html/ssa-908185.html

Summary

A vulnerability was identified in RUGGEDCOM ROS devices with mirror port enabled, that could allow an attacker to inject information into the network via the mirror port. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends ...

SSA-831302 V1.2 (Last Update: 2023-11-14): Vulnerabilities in the BIOS of the SIMATIC S7-1500 TM MFP V1.0

Title

SSA-831302 V1.2 (Last Update: 2023-11-14): Vulnerabilities in the BIOS of the SIMATIC S7-1500 TM MFP V1.0

Published

Nov. 14, 2023, 1 a.m.

URL

https://cert-portal.siemens.com/productcert/html/ssa-831302.html

Summary

Multiple vulnerabilities have been identified in the BIOS of the SIMATIC S7-1500 TM MFP V1.0. Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available.

SSB-439005 V5.7 (Last Update: 2023-11-14): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 151...

Title

SSB-439005 V5.7 (Last Update: 2023-11-14): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP

Published

Nov. 14, 2023, 1 a.m.

URL

https://cert-portal.siemens.com/productcert/html/ssb-439005.html

Summary

SSA-625850 V1.0: Multiple WIBU Systems CodeMeter Vulnerabilities Affecting the Desigo CC Product Family

Title

SSA-625850 V1.0: Multiple WIBU Systems CodeMeter Vulnerabilities Affecting the Desigo CC Product Family

Published

Nov. 14, 2023, 1 a.m.

URL

https://cert-portal.siemens.com/productcert/html/ssa-625850.html

Summary

Versions V5.0 through V7 of the Desigo CC product family (Desigo CC, Desigo CC Compact, Desigo CC Connect, Cerberus DMS) are affected by multiple vulnerabilities in the underlying third-party component WIBU Systems CodeMeter Runtime. Successful exploitation of these vulnerabilities could allow remote attackers to execute arbitrary code on the Desigo ...

SSA-456933 V1.0: Multiple Vulnerabilities in SIMATIC PCS neo before V4.1

Title

SSA-456933 V1.0: Multiple Vulnerabilities in SIMATIC PCS neo before V4.1

Published

Nov. 14, 2023, 1 a.m.

URL

https://cert-portal.siemens.com/productcert/html/ssa-456933.html

Summary

SIMATIC PCS neo before V4.1 is affected by multiple vulnerabilities. Siemens has released a new version for SIMATIC PCS neo and recommends to update to the latest version.

SSA-699386 V1.0: Multiple Vulnerabilities in SCALANCE XB-200 / XC-200 / XP-200 / XF-200BA / XR-300WG Family before V4.5

Title

SSA-699386 V1.0: Multiple Vulnerabilities in SCALANCE XB-200 / XC-200 / XP-200 / XF-200BA / XR-300WG Family before V4.5

Published

Nov. 14, 2023, 1 a.m.

URL

https://cert-portal.siemens.com/productcert/html/ssa-699386.html

Summary

SCALANCE XB-200/XC-200/XP-200/XF-200BA/XR-300WG Family before V4.5 is affected by multiple vulnerabilities. Siemens has released updates for the affected products and recommends to update to the latest versions.

SSA-363107 V1.4 (Last Update: 2023-11-14): An Improper Initialization Vulnerability Affects SIMATIC WinCC Kiosk Mode

Title

SSA-363107 V1.4 (Last Update: 2023-11-14): An Improper Initialization Vulnerability Affects SIMATIC WinCC Kiosk Mode

Published

Nov. 14, 2023, 1 a.m.

URL

https://cert-portal.siemens.com/productcert/html/ssa-363107.html

Summary

A vulnerability was found in SIMATIC WinCC that could allow authenticated attackers to escape the Kiosk Mode. Siemens has released updates for the affected products and recommends to update to the latest versions.