May 2021
11.05.2021
SIEMENS CERT
SSA-676775 V1.0: Denial-of-Service Vulnerability in SIMATIC NET CP 343-1 Devices
Title
SSA-676775 V1.0: Denial-of-Service Vulnerability in SIMATIC NET CP 343-1 Devices
Published
May 11, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-676775.pdf
Summary
A vulnerability in SIMATIC CP343-1 devices could allow an attacker to cause a Denial-of-Service condition on TCP port 102 of the affected devices by sending specially crafted packets. Siemens recommends specific countermeasures for products where updates are not, or not yet available.
11.05.2021
SIEMENS CERT
SSA-594364 V1.0: Denial-of-Service Vulnerability in SNMP Implementation of WinCC Runtime
Title
SSA-594364 V1.0: Denial-of-Service Vulnerability in SNMP Implementation of WinCC Runtime
Published
May 11, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-594364.pdf
Summary
A denial-of-service vulnerability in WinCC Runtime could allow an unauthenticated attacker with network access to cause a denial-of-service condition in the SNMP service by sending crafted SNMP packets to port 161/udp. Siemens has released updates for the affected products and recommends to update to the latest versions.
11.05.2021
SIEMENS CERT
SSA-538778 V1.0: SmartVNC Vulnerabilities in SIMATIC HMI/WinCC Products
Title
SSA-538778 V1.0: SmartVNC Vulnerabilities in SIMATIC HMI/WinCC Products
Published
May 11, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-538778.pdf
Summary
Multiple SmartVNC vulnerabilities in the affected products listed below could allow remote code execution and Denial-of-Service attacks under certain conditions. Siemens has released updates for the affected products and recommends to update to the latest version.
11.05.2021
SIEMENS CERT
SSA-501073 V1.0: Vulnerabilities in Controllers CPU 1518 MFP using Intel CPUs (November 2020)
Title
SSA-501073 V1.0: Vulnerabilities in Controllers CPU 1518 MFP using Intel CPUs (November 2020)
Published
May 11, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-501073.pdf
Summary
Intel has published information on vulnerabilities in Intel products in November 2020. This advisory lists the Siemens Controllers that are affected by these vulnerabilities. In this advisory we take a representative CVE from each advisory: “Intel CSME, SPS, TXE, AMT and DAL Advisory” Intel-SA-00391 is represented by CVE-2020-8744 “BIOS Advisory” ...
11.05.2021
SIEMENS CERT
SSA-324955 V1.0: SAD DNS Attack in Linux Based Products
Title
SSA-324955 V1.0: SAD DNS Attack in Linux Based Products
Published
May 11, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-324955.pdf
Summary
A vulnerability made public under the name SAD DNS affects Domain Name System resolvers due to a vulnerability in the Linux kernel when handling ICMP packets. The Siemens products which are affected are listed below. For more information please see https://www.saddns.net/. Siemens has released updates for several affected products and ...
11.05.2021
SIEMENS CERT
SSA-286838 V1.0: Multiple Vulnerabilities in SINAMICS Medium Voltage Products
Title
SSA-286838 V1.0: Multiple Vulnerabilities in SINAMICS Medium Voltage Products
Published
May 11, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf
Summary
SINAMICS medium voltage products, with Sm@rtServer enabled on SIMATIC comfort HMI Panels, are affected by multiple vulnerabilities that could allow an attacker, under certain conditions, to gain full remote access to the HMI. Note that by default Sm@rtServer is disabled, but it can be enabled on request by the system ...
11.05.2021
SIEMENS CERT
SSA-919955 V1.0: Information Disclosure Vulnerability in Mendix Database Replication Module
Title
SSA-919955 V1.0: Information Disclosure Vulnerability in Mendix Database Replication Module
Published
May 11, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-919955.pdf
Summary
The latest update of Mendix Database Replication module fixes a infomation disclosure vulnerability. Mendix has released an update for the Mendix Database Replication module and recommends to update to the latest version.
11.05.2021
SIEMENS CERT
SSA-854248 V1.0: Information Disclosure Vulnerability in Mendix Excel Importer Module
Title
SSA-854248 V1.0: Information Disclosure Vulnerability in Mendix Excel Importer Module
Published
May 11, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-854248.pdf
Summary
The latest update of Mendix Excel Importer module fixes an infomation disclosure vulnerability. Mendix has released an update for the Mendix Excel Importer module and recommends to update to the latest version.
11.05.2021
SIEMENS CERT
SSA-752103 V1.0: Telnet Authentication Vulnerability in SINAMICS Medium Voltage Products
Title
SSA-752103 V1.0: Telnet Authentication Vulnerability in SINAMICS Medium Voltage Products
Published
May 11, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-752103.pdf
Summary
SINAMICS medium voltage products, with telnet enabled on SIMATIC comfort HMI Panels, are affected by a remote access vulnerability that could allow an attacker, under certain conditions, to gain full remote access to the HMI. Note that by default telnet is disabled, but it can be enabled on request by ...
April 2021
30.04.2021
BOSCH PSIRT
FTP Backdoor for Rexroth Fieldbus Couplers S20 and Inline
Title
FTP Backdoor for Rexroth Fieldbus Couplers S20 and Inline
Published
April 30, 2021, 2 a.m.
URL
https://psirt.bosch.com/security-advisories/bosch-sa-428397.html
Summary

BOSCH-SA-428397: On some Fieldbus Couplers, there is a hidden, password-protected FTP area for the root directory.

30.04.2021
BOSCH PSIRT
ctrlX CORE - IDE App affected by OpenSSL and Python Vulnerabilities
Title
ctrlX CORE - IDE App affected by OpenSSL and Python Vulnerabilities
Published
April 30, 2021, 2 a.m.
URL
https://psirt.bosch.com/security-advisories/bosch-sa-017743.html
Summary

BOSCH-SA-017743: Multiple vulnerabilities affecting OpenSSL Versions previous to 1.1.1k and Python 0 through 3.9.1, have been reported. Affected versions are included in the ctrlX CORE - IDE App. In order to successfully exploit these vulnerabilities, an attacker requires access to the network or system. Two vulnerabilities (CVE-2021-3177 and CVE-2021-27619) are ...

26.04.2021
US CERT
AA21-116A: Russian Foreign Intelligence Service (SVR) Cyber Operations: Trends and Best Practices for Network Defenders
Title
AA21-116A: Russian Foreign Intelligence Service (SVR) Cyber Operations: Trends and Best Practices for Network Defenders
Published
April 26, 2021, 5 p.m.
URL
https://us-cert.cisa.gov/ncas/alerts/aa21-116a
Summary
Original release date: April 26, 2021SummaryThe Federal Bureau of Investigation (FBI), Department of Homeland Security (DHS), and Cybersecurity and Infrastructure Security Agency (CISA) assess Russian Foreign Intelligence Service (SVR) cyber actors—also known as Advanced Persistent Threat 29 (APT 29), the Dukes, CozyBear, and Yttrium—will continue to seek intelligence from U.S. ...
23.04.2021
BOSCH PSIRT
ctrlX Multiple Vulnerabilities
Title
ctrlX Multiple Vulnerabilities
Published
April 23, 2021, 2 a.m.
URL
https://psirt.bosch.com/security-advisories/bosch-sa-918106.html
Summary

Multiple vulnerabilities in operating system libraries and the Linux kernel have been reported which in a worst case scenario could allow an attacker to compromise the system by provoking a crash or the execution of malicious code. The affected functions are not used directly by any Rexroth software component and ...

20.04.2021
US CERT
AA21-110A: Exploitation of Pulse Connect Secure Vulnerabilities
Title
AA21-110A: Exploitation of Pulse Connect Secure Vulnerabilities
Published
April 20, 2021, 5:03 p.m.
URL
https://us-cert.cisa.gov/ncas/alerts/aa21-110a
Summary
Original release date: April 20, 2021 | Last revised: May 28, 2021SummaryThe Cybersecurity and Infrastructure Security Agency (CISA) is aware of compromises affecting a number of U.S. government agencies, critical infrastructure entities, and other private sector organizations by a cyber threat actor—or actors—beginning in June 2020 or earlier related to ...
14.04.2021
SIEMENS CERT
SSA-875726 V1.0: Privilege Escalation Vulnerability in Mendix
Title
SSA-875726 V1.0: Privilege Escalation Vulnerability in Mendix
Published
April 14, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-875726.pdf
Summary
The latest updates for Mendix fix a vulnerability in Mendix Applications that could allow malicious authorized users to escalate their privileges. Mendix has released an update for Mendix and recommends to update to the latest version.
13.04.2021
SIEMENS CERT
SSA-844761 V1.1 (Last Update: 2021-04-13): Multiple Vulnerabilities in SiNVR/SiVMS Video Server
Title
SSA-844761 V1.1 (Last Update: 2021-04-13): Multiple Vulnerabilities in SiNVR/SiVMS Video Server
Published
April 13, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf
Summary
The Video Server application in SiNVR/SiVMS solutions contains five vulnerabilities involving information disclosure (CVE-2019-19291, CVE-2019-19299), path traversal (CVE-2019-19296, CVE-2019-19297), and denial-of-service (CVE-2019-19298). PKE has released an update of the application that fixes the reported vulnerabilities, except for CVE-2019-19298 and CVE-2019-19299. This update is not available under the former Siemens OEM ...
13.04.2021
SIEMENS CERT
SSA-979775 V1.1 (Last Update: 2021-04-13): Stack Overflow Vulnerability in SCALANCE and RUGGEDCOM Devices
Title
SSA-979775 V1.1 (Last Update: 2021-04-13): Stack Overflow Vulnerability in SCALANCE and RUGGEDCOM Devices
Published
April 13, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-979775.pdf
Summary
Several firmware versions of the SCALANCE and RUGGEDCOM devices listed below are affected by a vulnerability in the passive listening feature that could allow an attacker to cause a reboot or, under specific circumstances, attain remote code execution of the affected devices. Siemens has released updates for the affected products ...
13.04.2021
SIEMENS CERT
SSA-978220 V1.4 (Last Update: 2021-04-13): Denial-of-Service Vulnerability over SNMP in Multiple Industrial Products
Title
SSA-978220 V1.4 (Last Update: 2021-04-13): Denial-of-Service Vulnerability over SNMP in Multiple Industrial Products
Published
April 13, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-978220.pdf
Summary
Several industrial products are affected by a vulnerability that could allow remote attackers to conduct a Denial-of-Service (DoS) attack by sending specially crafted packets to port 161/udp (SNMP). Siemens has released updates for several affected products and recommends to update to the new versions. Siemens is preparing further updates and ...
13.04.2021
SIEMENS CERT
SSA-951513 V1.2 (Last Update: 2021-04-13): Clickjacking Vulnerability in SCALANCE S, SCALANCE X-300, X-200IRT, and X-200 Switch...
Title
SSA-951513 V1.2 (Last Update: 2021-04-13): Clickjacking Vulnerability in SCALANCE S, SCALANCE X-300, X-200IRT, and X-200 Switch Families
Published
April 13, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-951513.pdf
Summary
Several SCALANCE X switches contain a vulnerability that could allow an attacker to perform administrative actions if the victim is tricked into clicking on a website controlled by the attacker. The attack only works if the victim has an authenticated session on the administrative interface of the switch. Siemens has ...
13.04.2021
SIEMENS CERT
SSA-841348 V1.7 (Last Update: 2021-04-13): Multiple Vulnerabilities in the UMC Stack
Title
SSA-841348 V1.7 (Last Update: 2021-04-13): Multiple Vulnerabilities in the UMC Stack
Published
April 13, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf
Summary
The latest update for the below listed products fixes two security vulnerabilities that could allow an attacker to cause a partial Denial-of-Service on the UMC component of the affected devices under certain circumstances, and one vulnerability that could allow an attacker to locally escalate privileges from a user with administrative ...
13.04.2021
SIEMENS CERT
SSA-715184 V1.1 (Last Update: 2021-04-13): Multiple File Parsing Vulnerabilities in Solid Edge
Title
SSA-715184 V1.1 (Last Update: 2021-04-13): Multiple File Parsing Vulnerabilities in Solid Edge
Published
April 13, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-715184.pdf
Summary
Siemens has released new versions for Solid Edge to fix multiple vulnerabilities that could be triggered when the application reads files in different file formats (PAR, DFT, XML extensions). If a user is tricked to open a malicious file with the affected application, this could lead to a crash, and ...
13.04.2021
SIEMENS CERT
SSA-689942 V1.3 (Last Update: 2021-04-13): Denial-of-Service and DLL Hijacking Vulnerabilities in Multiple SIMATIC Software Pro...
Title
SSA-689942 V1.3 (Last Update: 2021-04-13): Denial-of-Service and DLL Hijacking Vulnerabilities in Multiple SIMATIC Software Products
Published
April 13, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-689942.pdf
Summary
Multiple SIMATIC Software products are affected by two vulnerabilities that could allow an attacker to manipulate project files that may lead to Remote Code Execution or Denial-of-Service attacks. Siemens has released updates to some of the affected products and recommends that customers update to the latest version. Siemens is preparing ...
13.04.2021
SIEMENS CERT
SSA-646763 V1.2 (Last Update: 2021-04-13): DNSpooq - Dnsmasq Vulnerabilities in SCALANCE and RUGGEDCOM Devices
Title
SSA-646763 V1.2 (Last Update: 2021-04-13): DNSpooq - Dnsmasq Vulnerabilities in SCALANCE and RUGGEDCOM Devices
Published
April 13, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-646763.pdf
Summary
Security researchers discovered and disclosed seven vulnerabilities in the open-source DNS component “dnsmasq”, also known as “DNSpooq” vulnerabilities (CVE-2020-25681 through CVE-2020-25687). Three vulnerabilities (CVE-2020-25684 through CVE-2020-25686) affect the validation of DNS responses and impact several SCALANCE and RUGGEDCOM devices as listed below. Siemens has released updates for several affected products ...
13.04.2021
SIEMENS CERT
SSA-591405 V1.2 (Last Update: 2021-04-13): Web Vulnerabilities in SCALANCE S-600 Family
Title
SSA-591405 V1.2 (Last Update: 2021-04-13): Web Vulnerabilities in SCALANCE S-600 Family
Published
April 13, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-591405.pdf
Summary
The firmware for SCALANCE S-600 family devices contains multiple web vulnerabilities. The vulnerabilities could allow an remote attacker to conduct Denial-of-Service attacks or perform Cross-Site Scripting attacks. Siemens has released updates for the affected products and recommends to update to the latest versions, or to upgrade to a successor product.
13.04.2021
SIEMENS CERT
SSA-541017 V1.3 (Last Update: 2021-04-13): Embedded TCP/IP Stack Vulnerabilities (AMNESIA:33) in SIRIUS 3RW5 Modbus TCP and SEN...
Title
SSA-541017 V1.3 (Last Update: 2021-04-13): Embedded TCP/IP Stack Vulnerabilities (AMNESIA:33) in SIRIUS 3RW5 Modbus TCP and SENTRON PAC / 3VA Devices
Published
April 13, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-541017.pdf
Summary
Security researchers discovered and disclosed 33 vulnerabilities in several open-source TCP/IP stacks for embedded devices, also known as “AMNESIA:33” vulnerabilities. This advisory describes the impact of one of these vulnerabilities (CVE-2020-13988) to Siemens products. Siemens has released updates for the affected products and recommends to update to the latest versions. ...

Last Updates

BOSCH PSIRT
21.08.2024
SIEMENS CERT
12.09.2024
US CERT
19.09.2024
US CERT (ICS)
19.09.2024

By Source

Archive

2024
2023
2022
2021
2020
2019
2018
2017

Feeds