Bulletins | CERT@VDE

SSA-280834 V1.0: Improper OpenVPN Credential Validation Vulnerability in SCALANCE M-800 and SC-600 Families

Title

SSA-280834 V1.0: Improper OpenVPN Credential Validation Vulnerability in SCALANCE M-800 and SC-600 Families

Published

March 11, 2025, 1 a.m.

URL

https://cert-portal.siemens.com/productcert/html/ssa-280834.html

Summary

SCALANCE M-800 and SC-600 families are affected by improper input validation in the OpenVPN authentication. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends specific countermeasures for products where fixes are not, or not ...

SSA-265688 V1.4 (Last Update: 2025-03-11): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 TM MFP ...

Title

SSA-265688 V1.4 (Last Update: 2025-03-11): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 TM MFP V1.1

Published

March 11, 2025, 1 a.m.

URL

https://cert-portal.siemens.com/productcert/html/ssa-265688.html

Summary

Multiple vulnerabilities have been identified in the additional GNU/Linux subsystem of the SIMATIC S7-1500 TM MFP V1.1. Siemens is preparing fix versions and recommends specific countermeasures for products where fixes are not, or not yet available.

SSA-248289 V1.3 (Last Update: 2025-03-11): Denial of Service Vulnerabilities in the IPv6 Stack of Nucleus RTOS

Title

SSA-248289 V1.3 (Last Update: 2025-03-11): Denial of Service Vulnerabilities in the IPv6 Stack of Nucleus RTOS

Published

March 11, 2025, 1 a.m.

URL

https://cert-portal.siemens.com/productcert/html/ssa-248289.html

Summary

The IPv6 stack of the networking component (Nucleus NET) in Nucleus Real-Time Operating System (RTOS) contains two vulnerabilities when processing IPv6 headers which could allow an attacker to cause a denial of service condition. Siemens has released new versions for several affected products and recommends to update to the latest ...

SSA-216014 V1.0: Vulnerabilities in EFI variable of SIMATIC IPCs, SIMATIC Tablet PCs, and SIMATIC Field PGs

Title

SSA-216014 V1.0: Vulnerabilities in EFI variable of SIMATIC IPCs, SIMATIC Tablet PCs, and SIMATIC Field PGs

Published

March 11, 2025, 1 a.m.

URL

https://cert-portal.siemens.com/productcert/html/ssa-216014.html

Summary

Multiple vulnerabilities has been identified in Siemens SIMATIC IPCs, SIMATIC Tablet PCs, and SIMATIC Field PGs that can allow an authenticated attacker to alter the secure boot and password configurations. Siemens has released new versions of BIOS for several affected products and recommends to update to the latest versions. Siemens ...

Tuesday, 04.03.2025

Hitachi Energy UNEM/ECST

Title

Hitachi Energy UNEM/ECST

Published

March 4, 2025, 1 p.m.

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-25-063-05

Summary

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.8 ATTENTION: Low Attack Complexity Vendor: Hitachi Energy Equipment: XMC20, ECST, UNEM Vulnerability: Improper Validation of Certificate with Host Mismatch 2. RISK EVALUATION Successful exploitation of this vulnerability could allow attackers to intercept or falsify data exchanges between the client and the server. ...

https://www.cisa.gov/news-events/ics-advisories/icsa-25-063-04

Hitachi Energy XMC20

Title

Hitachi Energy XMC20

Published

March 4, 2025, 1 p.m.

URL

Summary

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: XMC20 Vulnerability: Relative Path Traversal 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to access files or directories outside the authorized scope. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Hitachi ...

https://www.cisa.gov/news-events/ics-advisories/icsa-25-063-07

GMOD Apollo

Title

GMOD Apollo

Published

March 4, 2025, 1 p.m.

URL

Summary

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: GMOD Equipment: Apollo Vulnerabilities: Incorrect Privilege Assignment, Relative Path Traversal, Missing Authentication for Critical Function, Generation of Error Message Containing Sensitive Information 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to escalate ...

Edimax IC-7100 IP Camera

Title

Edimax IC-7100 IP Camera

Published

March 4, 2025, 1 p.m.

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-25-063-08

Summary

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: Edimax Equipment: IC-7100 IP Camera Vulnerability: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to send ...

Hitachi Energy MACH PS700

Title

Hitachi Energy MACH PS700

Published

March 4, 2025, 1 p.m.

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-25-063-03

Summary

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.7 ATTENTION: Vendor: Hitachi Energy Equipment: MACH PS700 Vulnerability: Uncontrolled Search Path Element 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to escalate privileges and gain control over the software. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Hitachi Energy reports ...