• 1
  • 2 (current)
  • 3
  • 4
Tuesday, 21.06.2022
Title
SSA-111512 V1.0: Client-side Authentication in SIMATIC WinCC OA
Published
June 21, 2022, 2 a.m.
Summary
SIMATIC WinCC OA implements client-side only authentication, when neither server-side authentication (SSA) nor Kerberos authentication is enabled. In this configuration, attackers could impersonate other users or exploit the client-server protocol without being authenticated. Siemens recommends to enable server-side authentication (SSA) or Kerberos authentication for all WinCC OA projects, as documented ...
Friday, 17.06.2022
Title
Hillrom Medical Device Management
Published
June 17, 2022, 5:08 a.m.
Summary
This advisory contains mitigations for Use of Hard-coded Password, and Improper Access Control vulnerability in Welch Allyn resting electrocardiograph devices. Hillrom Medical. Welch Allyn, and ELI are registered trademarks of Baxter International, Inc., or its subsidiaries.
Title
AutomationDirect C-More EA9 HMI
Published
June 17, 2022, 5:06 a.m.
Summary
This advisory contains mitigations for Uncontrolled Search Path Element, Cleartext Transmission of Sensitive Information vulnerabilities in AutomationDirect C-More EA9 human-machine interface products.
Thursday, 16.06.2022
Title
AutomationDirect DirectLOGIC with Serial Communication
Published
June 16, 2022, 5:04 p.m.
Summary
This advisory contains mitigations for a Cleartext Transmission of Sensitive Information vulnerability in DirectLOGIC programmable controllers with serial communication.
Title
AutomationDirect DirectLOGIC with Ethernet
Published
June 16, 2022, 5:02 p.m.
Summary
This advisory contains mitigations for Uncontrolled Resource Consumption, and Cleartext Transmission of Sensitive Information vulnerabilities in AutomationDirect DirectLOGIC programmable logic Ethernet controllers.
Title
Siemens Mendix SAML Module
Published
June 16, 2022, 5 p.m.
Summary
This advisory contains mitigations for Improper Restriction of XML External Entity Reference, and Cross-site Scripting vulnerabilities in the Siemens Mendix SAML Module.
Title
Siemens Apache HTTP Server
Published
June 16, 2022, 4:56 p.m.
Summary
This advisory contains mitigations for NULL Pointer Dereference, Out-of-bounds Write, and Server-side Request Forgery (SSRF) vulnerabilities in the Siemens Apache HTTP Server.
Title
Siemens SICAM GridEdge
Published
June 16, 2022, 4:52 p.m.
Summary
This advisory contains mitigations for Missing Authentication for Critical Function, and Resource Leak vulnerabilities in the Siemens SICAM GridEdge Essential ARM.
Title
Siemens SCALANCE LPE9403 Third-Party Vulnerabilities
Published
June 16, 2022, 4:50 p.m.
Summary
This advisory contains mitigations for vulnerabilities in the Siemens SCALANCE LPE9403, a processing power extension for the SCALANCE family of products.
Title
Siemens SCALANCE XM-400 and XR-500
Published
June 16, 2022, 4:48 p.m.
Summary
This advisory contains mitigations for an Improper Validation of Integrity Check Value vulnerability in the Siemens SCALANCE XM-400 and XR-500 industrial switches.
Title
Siemens Xpedition Designer
Published
June 16, 2022, 4:46 p.m.
Summary
This advisory contains mitigations for an Incorrect Permission Assignment for Critical Resource vulnerability in the Siemens Xpedition Designer PCB design flow products.
Title
Siemens Spectrum Power Systems
Published
June 16, 2022, 4:44 p.m.
Summary
This advisory contains mitigations for a Use of Hard-coded Credentials vulnerability in the Siemens Spectrum Power data modelling and monitoring system.
Title
Siemens OpenSSL Affected Industrial Products
Published
June 16, 2022, 4:40 p.m.
Summary
This advisory contains mitigations for an Infinite Loop vulnerability in the Siemens OpenSSL Affected Industrial Products.
Tuesday, 14.06.2022
Title
Johnson Controls Metasys ADS ADX OAS Servers
Published
June 14, 2022, 4:10 p.m.
Summary
This advisory contains mitigations for Unverified Password Change, and Cross-site Scripting vulnerabilities in the Johnson Controls Metasys ADS ADX OAS Servers.
Title
Meridian Cooperative Meridian
Published
June 14, 2022, 4:05 p.m.
Summary
This advisory contains mitigations for an Improper Access Control vulnerability in Meridian utility software.
Title
Mitsubishi Electric MELSEC-Q/L and MELSEC iQ-R
Published
June 14, 2022, 4 p.m.
Summary
This advisory contains mitigations for an Improper Input Validation vulnerability in the Mitsubishi Electric MELSEC-Q/L Series and MELSEC iQ-R Series Interface Modules.
Title
SSA-148078 V1.1 (Last Update: 2022-06-14): Multiple Vulnerabilities in APOGEE/TALON Field Panels
Published
June 14, 2022, 2 a.m.
Summary
Multiple vulnerabilities in the APOGEE PXC and TALON TC series of products could allow unauthenticated attackers to download sensitive information through the integrated webserver. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends countermeasures for products where updates are not, or ...
Title
SSA-145224 V1.0: Vulnerability in OSPF Packet Handling of SCALANCE XM-400 and XR-500 Devices
Published
June 14, 2022, 2 a.m.
Summary
SCALANCE XM-400 and XR-500 devices contain a vulnerability in the OSPF protocol implementation that could allow an unauthenticated remote attacker to cause interruptions in the network. Siemens has released updates for the affected products and recommends to update to the latest versions.
Title
SSA-102233 V2.0 (Last Update: 2022-06-14): SegmentSmack in VxWorks-based Industrial Devices
Published
June 14, 2022, 2 a.m.
Summary
The products listed below contain a vulnerability that could allow remote attackers to affect the availability of the devices under certain conditions. The underlying TCP stack can be forced to make very computation expensive calls for every incoming packet which can lead to a Denial-of-Service. Siemens has released an update ...
Title
SSA-222547 V1.0: Third-Party Component Vulnerabilities in SCALANCE LPE9403 before V2.0
Published
June 14, 2022, 2 a.m.
Summary
Multiple vulnerabilities in the third-party components CivetWeb, Docker, Linux Kernel and systemd could allow an attacker to impact SCALANCE LPE9403 confidentiality, integrity and availability. Siemens has released an update for the SCALANCE LPE9403 and recommends to update to the latest version.
Title
SSA-988345 V1.0: Local Privilege Escalation Vulnerability in Xpedition Designer
Published
June 14, 2022, 2 a.m.
Summary
A vulnerability in Xpedition Designer could allow an attacker with an unprivileged account to override or modify the service executable and subsequently gain elevated privileges. Siemens has released an update for the Xpedition Designer and recommends to update to the latest version.
Title
SSA-693555 V1.0: Memory Corruption Vulnerability in EN100 Ethernet Module
Published
June 14, 2022, 2 a.m.
Summary
EN100 Ethernet module is affected by memory corruption vulnerability (CVE-2022-30937). Siemens has released an update for the EN100 Ethernet module IEC 61850 variant and recommends to update to the latest version. Siemens recommends specific countermeasures for products where updates are not, or not yet available.
Title
SSA-978220 V1.7 (Last Update: 2022-06-14): Denial of Service Vulnerability over SNMP in Multiple Industrial Products
Published
June 14, 2022, 2 a.m.
Summary
Several industrial products are affected by a vulnerability that could allow remote attackers to conduct a denial of service attack by sending specially crafted packets to port 161/udp (SNMP). Siemens has released updates for several affected products and recommends to update to the new versions. Siemens is preparing further updates ...
Title
SSA-941426 V1.2 (Last Update: 2022-06-14): Multiple LLDP Vulnerabilities in Industrial Products
Published
June 14, 2022, 2 a.m.
Summary
There are multiple vulnerabilities in an underlying Link Layer Discovery Protocol (LLDP) third party library. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.
Title
SSA-911567 V1.0: Missing HTTP headers in SINEMA Remote Connect Server before V3.0 SP2
Published
June 14, 2022, 2 a.m.
Summary
SINEMA Remote Connect Server is missing HTTP security headers on the web server. This could aid attackers by making the servers more prone to clickjacking, channel downgrade attacks and other similar client-based attack vectors. Siemens has released an update for the SINEMA Remote Connect Server and recommends to update to ...
  • 1
  • 2 (current)
  • 3
  • 4

Last Updates

BOSCH PSIRT
02.10.2024
SIEMENS CERT
12.09.2024
US CERT
19.09.2024
US CERT (ICS)
03.10.2024

By Source

Archive

2024
2023
2022
2021
2020
2019
2018
2017

Feeds