February 2022
Title
SSA-455843 V1.7 (Last Update: 2022-02-17): WIBU Systems CodeMeter Runtime Vulnerabilities in Siemens Products
Published
Feb. 17, 2022, 1 a.m.
Summary
CISA and WIBU Systems disclosed six vulnerabilities in different versions of CodeMeter Runtime, a product provided by WIBU Systems and used in several Siemens products for license management. The vulnerabilities are described in the section “Vulnerability Classification” below and got assigned the CVE IDs CVE-2020-14509, CVE-2020-14513, CVE-2020-14515, CVE-2020-14517, CVE-2020-14519, and ...
Title
SSA-949188 V1.0: File Parsing Vulnerabilities in Simcenter Femap before V2022.1.1
Published
Feb. 17, 2022, 1 a.m.
Summary
Siemens Simcenter Femap versions before V2022.1.1 are affected by vulnerabilities that could be triggered when the application reads files in .NEU or .BDF format. If a user is tricked to open a malicious file with the affected application, an attacker could leverage the vulnerability to leak information or potentially perform ...
Title
SSA-772220 V1.7 (Last Update: 2022-02-17): OpenSSL Vulnerabilities in Industrial Products
Published
Feb. 17, 2022, 1 a.m.
Summary
OpenSSL has published a security advisory [0] about a vulnerability in OpenSSL versions 1.1.1 < 1.1.1k, that allows an unauthenticated attacker to cause a Denial-of-Service (DoS) if a maliciously crafted renegotiation message is sent. Siemens has released updates for several affected products and recommends to update to the latest versions. ...
Title
SSA-244969 V1.1 (Last Update: 2022-02-17): OpenSSL Vulnerability in Industrial Products
Published
Feb. 17, 2022, 1 a.m.
Summary
OpenSSL has published a security advisory [0] about a vulnerability in OpenSSL versions 1.1.1 < 1.1.1l and 1.0.2 < 1.0.2za that allows an attacker to cause a denial of service (DoS) or to disclose private memory content. Siemens has released updates for several affected products and recommends to update to ...
Title
AA22-047A: Russian State-Sponsored Cyber Actors Target Cleared Defense Contractor Networks to Obtain Sensitive U.S. Defense Information and Technology
Published
Feb. 16, 2022, 4 p.m.
Summary
Original release date: February 16, 2022SummaryActions to Help Protect Against Russian State-Sponsored Malicious Cyber Activity: • Enforce multifactor authentication. • Enforce strong, unique passwords. • Enable M365 Unified Audit Logs. • Implement endpoint detection and response tools. From at least January 2020, through February 2022, the Federal Bureau of Investigation ...
Title
Siemens Solid Edge, JT2Go, and Teamcenter Visualization
Published
Feb. 11, 2022, 4:55 a.m.
Summary
This advisory contains mitigations for Improper Restriction of Operations within the Bounds of a Memory Buffer, Out-of-bounds Write, Heap-based Buffer Overflow, and Out-of-bounds Read vulnerabilities in Siemens Solid Edge, JT2Go, and Teamcenter Visualization software products.
Title
Siemens SIMATIC Industrial Products
Published
Feb. 10, 2022, 5:25 p.m.
Summary
This advisory contains mitigations for Operation on a Resource after Expiration or Release, and Missing Release of Memory after Effective Lifetime vulnerabilities in Siemens Industrial Products using the SIMATIC firmware platform.
Title
Siemens SIMATIC WinCC and PCS
Published
Feb. 10, 2022, 5:20 p.m.
Summary
This advisory contains mitigations for a Exposure of Sensitive Information to an Unauthorized Actor, Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in Siemens SIMATIC WinCC and PCS industrial automation products.
Title
SINEMA Remote Connect Server
Published
Feb. 10, 2022, 5:10 p.m.
Summary
This advisory contains mitigations for an Open Redirect vulnerability in the SINEMA Remote Connect Server, a management platform for remote networks.
Title
SICAM TOOLBOX II
Published
Feb. 10, 2022, 5:05 p.m.
Summary
This advisory contains mitigations for a Use of Hard-coded Credentials vulnerability in the Siemens SICAM TOOLBOX II software platform.
Title
Siemens Spectrum Power 4
Published
Feb. 10, 2022, 5 p.m.
Summary
This advisory contains mitigations for a Cross-site scripting vulnerability in Siemens Spectrum Power 4 communications and data modeling software.
Title
Siemens COMOS Web (Update A)
Published
Feb. 10, 2022, 4:50 p.m.
Summary
This updated advisory is a follow-up to the original advisory titled ICSA-22-013-05 Siemens COMOS Web that was published January 13, 2022, to the ICS webpage on www.cisa.gov/uscert. This advisory contains mitigations for Basic XSS, Relative Path Traversal, SQL Injection, and Cross-site Request Forgery vulnerabilities in the Siemens COMOS Web unified ...
Title
Siemens Healthineers syngo fastView (Update A)
Published
Feb. 10, 2022, 4:45 p.m.
Summary
This updated advisory is a follow-up to the original advisory titled ICSA-21-350-16 Siemens Healthineers syngo fastView that was published December 16, 2021, to the ICS webpage on www.cisa.gov/uscert. This advisory contains mitigation for an Out-of-bounds Write vulnerability in the Siemens Healthineers syngo fastView software for digital imaging and communications.
Title
Siemens SIMATIC WinCC (Update A)
Published
Feb. 10, 2022, 4:40 p.m.
Summary
This updated advisory is a follow-up to the original advisory titled ICSA-21-315-03 Siemens SIMATIC WinCC that was published November 11, 2021, to the ICS webpage on www.cisa.gov/uscert. This advisory contains mitigations for a Path Traversal, and Insertion of Sensitive Information into Log File vulnerabilities in Siemens SIMATIC WinCC, a SCADA ...
Title
Siemens LOGO! CMR and SIMATIC RTU 3000 (Update A)
Published
Feb. 10, 2022, 4:35 p.m.
Summary
This updated advisory is a follow-up to the original advisory titled ICSA-21-257-13 Siemens LOGO! CMR and SIMATIC RTU 3000 that was published September 14, 2021, on the ICS webpage on www.cisa.gov/uscert. This advisory contains mitigations for a Use of Insufficiently Random Values vulnerability in Siemens LOGO! CMR controllers and SIMATIC ...
Title
AA22-040A: 2021 Trends Show Increased Globalized Threat of Ransomware
Published
Feb. 9, 2022, 3 p.m.
Summary
Original release date: February 9, 2022SummaryImmediate Actions You Can Take Now to Protect Against Ransomware: • Update your operating system and software. • Implement user training and phishing exercises to raise awareness about the risk of suspicious links and attachments. • If you use Remote Desktop Protocol (RDP), secure and ...
Title
Mitsubishi Electric FA Engineering Software Products (Update D)
Published
Feb. 8, 2022, 4:05 p.m.
Summary
This updated advisory is a follow-up to the advisory update titled ICSA-21-049-02 Mitsubishi Electric FA Engineering Software Products (Update C) that was published November 16, 2021, to the ICS webpage on www.cisa.gov/uscert.This advisory contains mitigations for Heap-based Buffer Overflow, and Improper Handling of Length Parameter Inconsistency vulnerabilities in Mitsubishi Electric ...
Title
Mitsubishi Electric Factory Automation Engineering Products (Update F)
Published
Feb. 8, 2022, 4 p.m.
Summary
This updated advisory is a follow-up to the advisory update titled ICSA-20-212-04 Mitsubishi Electric Factory Automation Engineering Products (Update E) that was published November 18, 2021, to the ICS webpage on www.cisa.gov/uscert. This advisory contains mitigations for an Unquoted Search Path or Element vulnerability in Mitsubishi Electric Factory Automation Engineering ...
Title
SSA-244969 V1.0: OpenSSL Vulnerability in Industrial Products
Published
Feb. 8, 2022, 1 a.m.
Summary
OpenSSL has published a security advisory [0] about a vulnerability in OpenSSL versions 1.1.1 < 1.1.1l and 1.0.2 < 1.0.2za that allows an attacker to cause a denial of service (DoS) or to disclose private memory content. Siemens has released updates for several affected products and recommends to update to ...
Title
SSA-995338 V1.1 (Last Update: 2022-02-08): Multiple Vulnerabilities in COMOS Web
Published
Feb. 8, 2022, 1 a.m.
Summary
Multiple vulnerabilities were identified in the web components of COMOS that could allow an attacker to conduct code injections, store data in undesired locations, execute arbitrary SQL statements, and run cross-site request forgery attacks. Siemens has released updates for several affected products and recommends to update to the latest versions. ...
Title
SSA-978220 V1.5 (Last Update: 2022-02-08): Denial of Service Vulnerability over SNMP in Multiple Industrial Products
Published
Feb. 8, 2022, 1 a.m.
Summary
Several industrial products are affected by a vulnerability that could allow remote attackers to conduct a denial of service attack by sending specially crafted packets to port 161/udp (SNMP). Siemens has released updates for several affected products and recommends to update to the new versions. Siemens is preparing further updates ...
Title
SSA-913875 V1.2 (Last Update: 2022-02-08): Frame Aggregation and Fragmentation Vulnerabilities in 802.11
Published
Feb. 8, 2022, 1 a.m.
Summary
Twelve vulnerabilities in the implementation of frame aggregation and fragmentation of the 802.11 standard, under the name of FragAttacks, have been published. Successful exploitation of these vulnerabilities could allow an attacker within Wi-Fi range to forge encrypted frames, which could result in sensitive data disclosure and possibly traffic manipulation. The ...
Title
SSA-840188 V1.1 (Last Update: 2022-02-08): Multiple Vulnerabilities in SIMATIC WinCC Affecting Other SIMATIC Software Products
Published
Feb. 8, 2022, 1 a.m.
Summary
Multiple vulnerabilities were found in SIMATIC WinCC that ultimately could allow local or remote attackers to escalate privileges and read, write or delete critical files. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures ...
Title
SSA-780073 V2.0 (Last Update: 2022-02-08): Denial of Service Vulnerability in PROFINET Devices via DCE-RPC Packets
Published
Feb. 8, 2022, 1 a.m.
Summary
Products that include the Siemens PROFINET-IO (PNIO) stack in versions prior V06.00 are potentially affected by a denial of service vulnerability when multiple legitimate diagnostic package requests are sent to the DCE-RPC interface. Siemens has released updates for several affected products and recommends to update to the new versions. Siemens ...
Title
SSA-772220 V1.6 (Last Update: 2022-02-08): OpenSSL Vulnerabilities in Industrial Products
Published
Feb. 8, 2022, 1 a.m.
Summary
OpenSSL has published a security advisory [0] about a vulnerability in OpenSSL versions 1.1.1 < 1.1.1k, that allows an unauthenticated attacker to cause a Denial-of-Service (DoS) if a maliciously crafted renegotiation message is sent. Siemens has released updates for several affected products and recommends to update to the latest versions. ...

Last Updates

BOSCH PSIRT
31.10.2024
SIEMENS CERT
22.11.2024
US CERT
08.11.2024
US CERT (ICS)
21.11.2024

By Source

Archive

2024
2023
2022
2021
2020
2019
2018
2017

Feeds