• 1
  • 2 (current)
  • 3
Thursday, 16.12.2021
Title
Wibu-Systems CodeMeter Runtime
Published
Dec. 16, 2021, 4:48 p.m.
Summary
This advisory contains mitigations for an Improper Privilege Management vulnerability in the Wibu-Systems CodeMeter Runtime server.
Title
Mitsubishi Electric GX Works2
Published
Dec. 16, 2021, 4:46 p.m.
Summary
This advisory contains mitigations for an Improper Handling of Length Parameter Inconsistency vulnerability in #Mitsubishi Electric's GX Works2 engineering software.
Title
Mitsubishi Electric FA Engineering Software
Published
Dec. 16, 2021, 4:44 p.m.
Summary
This advisory contains mitigations for Out-of-bounds Read, and Integer Underflow vulnerabilities in Mitsubishi Electric's FA Engineering Software engineering software.
Title
Siemens Capital VSTAR
Published
Dec. 16, 2021, 4:42 p.m.
Summary
This advisory contains mitigations for a several vulnerabilities in Siemens Capital VSTAR software platform products using Nucleus NET, the networking stack of Nucleus RTOS (real-time operating system).
Title
Siemens POWER METER SICAM Q100
Published
Dec. 16, 2021, 4:40 p.m.
Summary
This advisory contains mitigations for a Stack-based Buffer Overflow vulnerability in the Siemens POWER METER SICAM Q100 power monitoring device.
Title
Siemens JTTK and JT Utilities
Published
Dec. 16, 2021, 4:38 p.m.
Summary
This advisory contains mitigations for Out-of-bounds Write, Use after Free, Out-of-bounds Read vulnerability in in the Siemens JTTK programming interface, and JT Utilities series of command line utilities.
Title
SSA-714170 V1.0: Apache Log4j Vulnerabilities (Log4Shell, CVE-2021-44228, CVE-2021-45046) - Impact to SPPA-T3000
Published
Dec. 16, 2021, 1 a.m.
Summary
On 2021-12-09, a vulnerability in Apache Log4j (a logging tool used in many Java-based applications) was disclosed, that could allow remote unauthenticated attackers to execute code on vulnerable systems. The vulnerability is tracked as CVE-2021-44228 and is also known as “Log4Shell”. On 2021-12-14 an additional denial of service vulnerability (CVE-2021-45046) ...
Title
SSA-661247 V1.2 (Last Update: 2021-12-16): Apache Log4j Vulnerabilities (Log4Shell, CVE-2021-44228, CVE-2021-45046) - Impact to Siemens Products
Published
Dec. 16, 2021, 1 a.m.
Summary
On 2021-12-09, a vulnerability in Apache Log4j (a logging tool used in many Java-based applications) was disclosed, that could allow remote unauthenticated attackers to execute code on vulnerable systems. The vulnerability is tracked as CVE-2021-44228 and is also known as “Log4Shell”. On 2021-12-14 an additional denial of service vulnerability (CVE-2021-45046) ...
Wednesday, 15.12.2021
Title
SSA-661247 V1.1 (Last Update: 2021-12-15): Apache Log4j Vulnerabilities (Log4Shell, CVE-2021-44228, CVE-2021-45046) - Impact to Siemens Products
Published
Dec. 15, 2021, 1 a.m.
Summary
On 2021-12-09, a vulnerability in Apache Log4j (a logging tool used in many Java-based applications) was disclosed, that could allow remote unauthenticated attackers to execute code on vulnerable systems. The vulnerability is tracked as CVE-2021-44228 and is also known as “Log4Shell”. On 2021-12-14 an additional denial of service vulnerability (CVE-2021-45046) ...
Tuesday, 14.12.2021
Title
Schneider Electric Rack PDU
Published
Dec. 14, 2021, 4:05 p.m.
Summary
This advisory contains mitigations for a Cross-site Scripting vulnerability in Schneider Electric Rack Power Distribution Unit (PDU).
Title
Hillrom Medical Device Management (Update A)
Published
Dec. 14, 2021, 4 p.m.
Summary
This updated advisory is a follow-up to the original advisory titled ICSA-21-152-01 Hillrom Medical Device Management that was published June 1, 2021, to the ICS webpage at www.cisa.gov/uscert. This advisory contains mitigations for a Out-of-Bounds Write, an d Out-of-Bounds Read vulnerabilities in Hillrom Welch Allyn medical device management tools.
Title
SSA-629512 V1.3 (Last Update: 2021-12-14): Local Privilege Escalation Vulnerability in TIA Portal
Published
Dec. 14, 2021, 1 a.m.
Summary
The latest updates for TIA Portal fix a vulnerability that could allow a local attacker to execute arbitrary code with SYSTEM privileges. Update: The previously provided fixes only correctly set the permissions on English Windows versions. Siemens is preparing updates and recommends specific countermeasures for products where updates are not, ...
Title
SSA-133772 V1.0: Zip Path Traversal Vulnerability in Teamcenter Active Workspace
Published
Dec. 14, 2021, 1 a.m.
Summary
A zip path traversal vulnerability in Teamcenter Active Workspace could allow an attacker to achieve remote code execution. Siemens has released updates for the affected products and recommends to update to the latest versions.
Title
SSA-160202 V1.0: Multiple Access Control Vulnerabilities in SiPass Integrated
Published
Dec. 14, 2021, 1 a.m.
Summary
SiPass integrated contains multiple vulnerabilities that could allow an unauthenticated remote attacker to access or modify several internal application resources. Siemens has released a tool, “SiPass integrated Component Manager”, to remediate the vulnerabilities on all maintained and supported versions of SiPass integrated and recommends to apply this tool.
Title
SSA-161331 V1.0: Scene File Parsing Vulnerability in Simcenter STAR-CCM+ Viewer before V2021.3.1
Published
Dec. 14, 2021, 1 a.m.
Summary
Siemens Simcenter STAR-CCM+ Viewer is affected by a vulnerability that could be triggered when the application reads scene (.sce) files. If a user is tricked to open a malicious file with the affected application, this could lead to a crash, and potentially also to arbitrary code execution or data extraction ...
Title
SSA-199605 V1.0: Arbitrary File Download Vulnerability in SIMATIC eaSie PCS 7 Skill Package
Published
Dec. 14, 2021, 1 a.m.
Summary
SIMATIC eaSie PCS 7 Skill Package contains a path traversal vulnerability that could allow an authenticated remote attacker to read arbitrary files for the application server. Siemens has released an update for the SIMATIC eaSie PCS 7 Skill Package and recommends to update to the latest version.
Title
SSA-352143 V1.0: Multiple File Parsing Vulnerabilities in JTTK before V11.0.3.0 and JT Utilities before V13.0.3.0
Published
Dec. 14, 2021, 1 a.m.
Summary
JT Open Toolkit (JTTK) before V11.0.3.0 contains multiple vulnerabilities that could be triggered when the affected product reads a maliciously crafted JT file. These vulnerabilities also affects JT Utilities before V13.0.3.0. If a user is tricked to open a malicious file with any of the affected products, this could lead ...
Title
SSA-390195 V1.0: LibVNC Vulnerabilities in SIMATIC ITC Products
Published
Dec. 14, 2021, 1 a.m.
Summary
Multiple LibVNC vulnerabilities in the affected products listed below could allow remote code execution, information disclosure and Denial-of-Service attacks under certain conditions. Siemens has released updates for the affected products and recommends to update to the latest versions.
Title
SSA-396621 V1.0: Multiple File Parsing Vulnerabilities in JTTK before V10.8.1.1 and JT Utilities before V12.8.1.1
Published
Dec. 14, 2021, 1 a.m.
Summary
JT Open Toolkit (JTTK) before V10.8.1.1 contains multiple vulnerabilities that could be triggered when it reads a maliciously crafted JT file. These vulnerabilities also affects JT Utilities before V12.8.1.1. If a user is tricked to open a malicious file with any of the affected products, this could lead the application ...
Title
SSA-400332 V1.0: Insufficient Design IP Protection in IEEE 1735 Recommended Practice - Impact to Questa and ModelSim
Published
Dec. 14, 2021, 1 a.m.
Summary
Recent security research identifies weaknesses in the IEEE 1735 recommended practice for encryption of Design IP, which could allow a sophisticated attacker access to unencrypted Design IP data in IEEE 1735-compliant products. This advisory addresses the specific details for the affected Siemens software products: Questa and ModelSim simulators. Siemens is ...
Title
SSA-463116 V1.0: Multiple Access Control Vulnerabilities in Siveillance Identity before V1.6.284.0
Published
Dec. 14, 2021, 1 a.m.
Summary
Siveillance Identity contains multiple vulnerabilities that could allow an unauthenticated remote attacker to access or modify several internal application resources. Siemens has released updates for the affected products and recommends to update to the latest versions.
Title
SSA-496292 V1.0: Remote Code Execution Vulnerability in POWER METER SICAM Q100
Published
Dec. 14, 2021, 1 a.m.
Summary
POWER METER SICAM Q100 contains a vulnerability that could allow an attacker to remotely execute code. Siemens has released updates for the affected products and recommends to update to the latest versions.
Title
SSA-523250 V1.0: Improper Certificate Validation Vulnerability in SINUMERIK Edge
Published
Dec. 14, 2021, 1 a.m.
Summary
A vulnerability was found in SINUMERIK Edge that could allow an attacker to spoof a trusted entity by interfering in the communication path between the client and the intended server. Siemens has released an update for the SINUMERIK Edge and recommends to update to the latest version.
Title
SSA-595101 V1.0: Multiple File Parsing Vulnerabilities in JT2Go and Teamcenter Visualization before V13.2.0.5
Published
Dec. 14, 2021, 1 a.m.
Summary
Siemens has released version V13.2.0.5 for JT2Go and Teamcenter Visualization to fix multiple vulnerabilities that could be triggered when the products read maliciously crafted files in different file formats (PDF, JT, TIFF, CGM and TIF). If a user is tricked to open a malicious file with any of the affected ...
Title
SSA-620288 V1.0: Multiple Vulnerabilities (NUCLEUS:13) in CAPITAL VSTAR
Published
Dec. 14, 2021, 1 a.m.
Summary
Multiple vulnerabilities (also known as “NUCLEUS:13”) have be identified in the Nucleus RTOS (real-time operating system) and reported in the Siemens Security Advisory SSA-044112: https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf. CAPITAL VSTAR uses an affected version of the Nucleus software and inherently contains several of these vulnerabilities. Siemens recommends specific countermeasures for products where updates ...
  • 1
  • 2 (current)
  • 3

Last Updates

BOSCH PSIRT
06.12.2024
SIEMENS CERT
26.11.2024
US CERT
08.11.2024
US CERT (ICS)
05.12.2024

By Source

Archive

2024
2023
2022
2021
2020
2019
2018
2017

Feeds