August 2022
11.08.2022
US CERT (ICS)
Siemens SICAM A8000 Web Server Module
Title
Siemens SICAM A8000 Web Server Module
Published
Aug. 11, 2022, 4:46 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-223-05
Summary
This advisory contains mitigations for an Improper Access Control vulnerability in versions of SICAM A8000 Web Server Module products.
11.08.2022
US CERT (ICS)
Siemens SICAM TOOLBOX II
Title
Siemens SICAM TOOLBOX II
Published
Aug. 11, 2022, 4:44 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-223-06
Summary
This advisory contains mitigations for a Use of Hard-coded Credentials vulnerability in versions of SICAM TOOLBOX II, a control and monitoring system.
11.08.2022
US CERT (ICS)
Siemens SIMATIC S7-400 (Update A)
Title
Siemens SIMATIC S7-400 (Update A)
Published
Aug. 11, 2022, 4:40 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-104-12
Summary
This updated advisory is a follow-up to the advisory update titled ICSA-21-104-12 Siemens SIMATIC S7-400 that was published April 14, 2022, to the ICS webpage on www.cisa.gov/ics. This advisory contains mitigations for an Uncontrolled Resource Consumption vulnerability in the Siemens SIMATIC S7-400.
11.08.2022
US CERT (ICS)
Siemens Industrial Products Intel CPUs (Update E)
Title
Siemens Industrial Products Intel CPUs (Update E)
Published
Aug. 11, 2022, 4:38 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-222-05
Summary
This updated advisory is a follow-up to the advisory update titled ICSA-21-222-05 Siemens Industrial Products Intel CPU (Update D) that was published July 14, 2022, to the ICS webpage on www.cisa.gov/ics. This advisory contains mitigations for a Missing Encryption of Sensitive Data vulnerability in versions of Siemens Industrial Products Intel ...
11.08.2022
US CERT (ICS)
Siemens Industrial Products LLDP (Update C)
Title
Siemens Industrial Products LLDP (Update C)
Published
Aug. 11, 2022, 4:36 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-194-07
Summary
This updated advisory is a follow-up to the original advisory titled ICSA-21-194-07 Siemens Industrial Products LLDP (Update B) that was published August 10, 2021, on the ICS webpage on cisa.gov/ics. This advisory contains mitigations for Classic Buffer Overflow and Uncontrolled Resource Consumption vulnerabilities in versions of Siemens Industrial Products (LLDP).
11.08.2022
BOSCH PSIRT
SafeLogic Designer vulnerabilities
Title
SafeLogic Designer vulnerabilities
Published
Aug. 11, 2022, 2 a.m.
URL
https://psirt.bosch.com/security-advisories/bosch-sa-463993.html
Summary

BOSCH-SA-463993: The SafeLogic Designer from Bosch Rexroth contains technology from SICK AG. The manufacturer has published a security bulletin regarding a vulnerability in the .NET framework. \[1\]A vulnerability in a .NET framework class used by SafeLogic Designer allows an attacker to craft malicious project files. Opening/importing such a malicious project ...

09.08.2022
US CERT (ICS)
Mitsubishi Electric GT SoftGOT2000
Title
Mitsubishi Electric GT SoftGOT2000
Published
Aug. 9, 2022, 4:15 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-221-01
Summary
This advisory contains mitigations for Infinite Loop and OS Command Injection vulnerabilities in versions of Mitsubishi Electric GT SoftGOT2000 software.
09.08.2022
US CERT (ICS)
Emerson ControlWave
Title
Emerson ControlWave
Published
Aug. 9, 2022, 4:10 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-221-02
Summary
This advisory contains mitigations for an Insufficient Verification of Data Authenticity vulnerabilities in Emerson ControlWave products, a programmable controller.
09.08.2022
US CERT (ICS)
Emerson OpenBSI
Title
Emerson OpenBSI
Published
Aug. 9, 2022, 4:05 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-22-221-03
Summary
This advisory contains mitigations for Use of Broken or Risky Cryptographic Algorithm and Use of Hard-coded Cryptographic Key vulnerabilities in Emerson OpenBSI, a set of network communication services.
09.08.2022
SIEMENS CERT
SSA-629512 V1.6 (Last Update: 2022-08-09): Local Privilege Escalation Vulnerability in TIA Portal
Title
SSA-629512 V1.6 (Last Update: 2022-08-09): Local Privilege Escalation Vulnerability in TIA Portal
Published
Aug. 9, 2022, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-629512.pdf
Summary
The latest updates for TIA Portal fix a vulnerability that could allow a local attacker to execute arbitrary code with SYSTEM privileges. Update: The previously provided fixes only correctly set the permissions on English Windows versions. Siemens has released updates for several affected products and recommends to update to the ...
09.08.2022
SIEMENS CERT
SSA-517377 V1.1 (Last Update: 2022-08-09): Multiple Vulnerabilities in the SRCS VPN Feature in SIMATIC CP Devices
Title
SSA-517377 V1.1 (Last Update: 2022-08-09): Multiple Vulnerabilities in the SRCS VPN Feature in SIMATIC CP Devices
Published
Aug. 9, 2022, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-517377.pdf
Summary
The below referenced devices contain multiple vulnerabilities that could be exploited when the SINEMA Remote Connect Server (SRCS) VPN feature is used. The feature is not activated by default. The most severe could allow an attacker to execute arbitrary code with elevated privileges under certain circumstances. Siemens has released an ...
09.08.2022
SIEMENS CERT
SSA-580125 V1.1 (Last Update: 2022-08-09): Multiple Vulnerabilities in SIMATIC eaSie
Title
SSA-580125 V1.1 (Last Update: 2022-08-09): Multiple Vulnerabilities in SIMATIC eaSie
Published
Aug. 9, 2022, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-580125.pdf
Summary
SIMATIC eaSie contains multiple vulnerabilities that could allow an attacker to send arbitrary messages to the underlying message passing framework of the affected system or crash the attached application. Siemens has released an update for the SIMATIC eaSie Core Package and recommends to update to the latest version.
09.08.2022
SIEMENS CERT
SSA-580693 V1.3 (Last Update: 2022-08-09): WIBU Systems CodeMeter Runtime Denial-of-Service Vulnerability in Siemens Products
Title
SSA-580693 V1.3 (Last Update: 2022-08-09): WIBU Systems CodeMeter Runtime Denial-of-Service Vulnerability in Siemens Products
Published
Aug. 9, 2022, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-580693.pdf
Summary
WIBU Systems published information about a denial-of-service vulnerability and an associated fix release version of CodeMeter Runtime, a product provided by WIBU Systems and used in several Siemens products for license management. The vulnerability is described in the section “Vulnerability Classification” below and got assigned the CVE ID CVE-2021-41057. Successful ...
09.08.2022
SIEMENS CERT
SSA-772220 V2.1 (Last Update: 2022-08-09): OpenSSL Vulnerabilities in Industrial Products
Title
SSA-772220 V2.1 (Last Update: 2022-08-09): OpenSSL Vulnerabilities in Industrial Products
Published
Aug. 9, 2022, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-772220.pdf
Summary
OpenSSL has published a security advisory [0] about a vulnerability in OpenSSL versions 1.1.1 < 1.1.1k, that allows an unauthenticated attacker to cause a Denial-of-Service (DoS) if a maliciously crafted renegotiation message is sent . Siemens has released updates for several affected products and recommends to update to the latest ...
09.08.2022
SIEMENS CERT
SSB-439005 V4.6 (Last Update: 2022-08-09): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 151...
Title
SSB-439005 V4.6 (Last Update: 2022-08-09): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP
Published
Aug. 9, 2022, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssb-439005.pdf
Summary
09.08.2022
SIEMENS CERT
SSA-480230 V2.4 (Last Update: 2022-08-09): Denial of Service Vulnerability in Webserver of Industrial Products
Title
SSA-480230 V2.4 (Last Update: 2022-08-09): Denial of Service Vulnerability in Webserver of Industrial Products
Published
Aug. 9, 2022, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-480230.pdf
Summary
A vulnerability in the affected devices could allow an unauthorized attacker with network access to the webserver of an affected device to perform a denial of service attack. Siemens has released updates for several affected products and recommends to update to the new versions. Siemens is preparing further updates and ...
09.08.2022
SIEMENS CERT
SSA-243317 V1.1 (Last Update: 2022-08-09): File Parsing Vulnerability in Simcenter Femap and Parasolid
Title
SSA-243317 V1.1 (Last Update: 2022-08-09): File Parsing Vulnerability in Simcenter Femap and Parasolid
Published
Aug. 9, 2022, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-243317.pdf
Summary
Simcenter Femap and Parasolid are affected by an out of bounds read vulnerability that could be triggered when the application reads files in NEU format. If a user is tricked to open a malicious file with the affected applications, an attacker could leverage the vulnerability to perform remote code execution ...
09.08.2022
SIEMENS CERT
SSA-710008 V1.0: Multiple Web Vulnerabilities in SCALANCE Products
Title
SSA-710008 V1.0: Multiple Web Vulnerabilities in SCALANCE Products
Published
Aug. 9, 2022, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-710008.pdf
Summary
SCALANCE devices contain multiple vulnerabilities in MSPS based product lines that could allow authenticated remote attackers to execute custom code or create a XSS situation, as well as unauthenticated remote attackers to create a denial of service condition. Siemens has released updates for several affected products and recommends to update ...
09.08.2022
SIEMENS CERT
SSA-789162 V1.2 (Last Update: 2022-08-09): Vulnerabilities in Teamcenter
Title
SSA-789162 V1.2 (Last Update: 2022-08-09): Vulnerabilities in Teamcenter
Published
Aug. 9, 2022, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-789162.pdf
Summary
Teamcenter is affected by XML External Entity Injection (XXE, CVE-2022-29801) and a stack based buffer overflow vulnerability (CVE-2022-24290). XXE impacts only Teamcenter versions before V13.1. Siemens has released updates for the affected products and recommends to update to the latest versions.
09.08.2022
SIEMENS CERT
SSA-669737 V1.2 (Last Update: 2022-08-09): Improper Access Control Vulnerability in SICAM TOOLBOX II
Title
SSA-669737 V1.2 (Last Update: 2022-08-09): Improper Access Control Vulnerability in SICAM TOOLBOX II
Published
Aug. 9, 2022, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-669737.pdf
Summary
SICAM TOOLBOX II contains a vulnerability that could allow an attacker access through a circumventable access control. Siemens recommends countermeasures for products where updates are not, or not yet available.
09.08.2022
SIEMENS CERT
SSA-306654 V1.3 (Last Update: 2022-08-09): Insyde BIOS Vulnerabilities in Siemens Industrial Products
Title
SSA-306654 V1.3 (Last Update: 2022-08-09): Insyde BIOS Vulnerabilities in Siemens Industrial Products
Published
Aug. 9, 2022, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf
Summary
Insyde has published information on vulnerabilities in Insyde BIOS in February 2022. This advisory lists the Siemens Industrial products affected by these vulnerabilities. Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available.
09.08.2022
SIEMENS CERT
SSA-764417 V1.4 (Last Update: 2022-08-09): Weak Encryption Vulnerability in RUGGEDCOM ROS Devices
Title
SSA-764417 V1.4 (Last Update: 2022-08-09): Weak Encryption Vulnerability in RUGGEDCOM ROS Devices
Published
Aug. 9, 2022, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-764417.pdf
Summary
The SSH server on RUGGEDCOM ROS devices is configured to offer weak ciphers by default. This could allow an unauthorized attacker in a man-in-the-middle position to read and modify any data passed over the connection between legitimate clients and the affected device. Siemens recommends specific countermeasures for products where updates ...
09.08.2022
SIEMENS CERT
SSA-473245 V2.3 (Last Update: 2022-08-09): Denial-of-Service Vulnerability in Profinet Devices
Title
SSA-473245 V2.3 (Last Update: 2022-08-09): Denial-of-Service Vulnerability in Profinet Devices
Published
Aug. 9, 2022, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-473245.pdf
Summary
A vulnerability in affected devices could allow an attacker to perform a denial-of-service attack if a large amount of specially crafted UDP packets are sent to the device. Siemens has released updates for several affected products, and recommends that customers update to the new version. Siemens is preparing further updates ...
09.08.2022
SIEMENS CERT
SSA-592007 V1.8 (Last Update: 2022-08-09): Denial-of-Service Vulnerability in Industrial Products
Title
SSA-592007 V1.8 (Last Update: 2022-08-09): Denial-of-Service Vulnerability in Industrial Products
Published
Aug. 9, 2022, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-592007.pdf
Summary
Several industrial controllers are affected by a security vulnerability that could allow an attacker to cause a Denial-of-Service condition via PROFINET DCP network packets under certain circumstances. Precondition for this scenario is a direct OSI Layer 2 access to the affected products. PROFIBUS interfaces are not affected. Siemens has released ...
09.08.2022
SIEMENS CERT
SSA-732250 V1.2 (Last Update: 2022-08-09): Libcurl Vulnerabilities in Industrial Devices
Title
SSA-732250 V1.2 (Last Update: 2022-08-09): Libcurl Vulnerabilities in Industrial Devices
Published
Aug. 9, 2022, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-732250.pdf
Summary
Vulnerabilities in third-party component cURL could allow an attacker to interfere with the affected products in various ways. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends countermeasures for products where updates are not, or not yet available.

Last Updates

BOSCH PSIRT
10.06.2025
SIEMENS CERT
21.07.2025
US CERT
29.07.2025
US CERT (ICS)
31.07.2025

By Source

Archive

2025
2024
2023
2022
2021
2020
2019
2018
2017

Feeds