SIEMENS CERT
08/09/2022
A vulnerability was identified in the web server module used in the SICAM A8000 CP-8000, CP-8021 and CP-8022 devices’ protocol firmwares. AGPMT0 (AGP Master) DNPiT1 (DNP3 TCP/IP Server) DNPiT2 (DNP3 TCP/IP Client) DNPMT0 (DNP3 Master seriell) DNPST0 (DNP3 Slave seriell) ET83 (61850 Ed.1) ET85 (61850 Ed.2) MBCiT0 (MODBUS TCP/IP Client) …
SIEMENS CERT
08/09/2022
Two vulnerabilities have been identified in the SIMATIC S7-400 CPU family that could allow an attacker to cause a denial of service condition. In order to exploit the vulnerabilities, an attacker must have access to the affected devices on port 102/tcp via Ethernet, PROFIBUS or Multi Point Interfaces (MPI). Siemens …
SIEMENS CERT
07/12/2022
SSA-220589 V1.1 (Last Update: 2022-07-12): Hard Coded Default Credential Vulnerability in Teamcenter
Siemens has released updates for Teamcenter that fixes a security vulnerability related to unsecure storage of user credentials. This vulnerability affects Java EE Server Manager HTML Adaptor. This service is not installed by default and currently also obsoleted. Siemens has released updates for the affected products and recommends to update …
SIEMENS CERT
07/12/2022
Siemens has released updates for Opcenter Quality to fix an authentication bypass vulnerability. This could allow unauthenticated access to the application or cause denial of service condition for existing users. The issue is based on rich client modules using IbsGailWrapper-interface. After issuing the record the authentication bypass vulnerability could take …
SIEMENS CERT
07/12/2022
An improper access control vulnerability in Mendix applications was discovered. In case of access to an active user session, the vulnerability could allow to change that user’s password bypassing password validations within a Mendix application. Siemens has released updates for the affected products and recommends to update to the latest …
SIEMENS CERT
07/12/2022
Several models of SINAMICS PERFECT HARMONY GH180 Drives are affected by a DHCP client vulnerability (CVE-2021-29998) in the integrated SCALANCE X206-1 device. The vulnerability could allow an attacker to cause a heap-based buffer overflow on that device and use it to get access to the drive’s internal network. The list …
SIEMENS CERT
07/12/2022
EN100 Ethernet module is affected by memory corruption vulnerability (CVE-2022-30938). Siemens has released an update for the EN100 Ethernet module IEC 61850 variant and recommends to update to the latest version. Siemens recommends specific countermeasures for products where updates are not, or not yet available.
SIEMENS CERT
07/12/2022
RUGGEDCOM ROS-based devices are vulnerable to a web-based code injection attack. To execute this attack, it is necessary to access the system via the console. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are …