Bulletins

SIEMENS CERT
05/10/2022

SSA-840188 V1.4 (Last Update: 2022-05-10): Multiple Vulnerabilities in SIMATIC WinCC Affecting Other SIMATIC Software Products

Multiple vulnerabilities were found in SIMATIC WinCC that ultimately could allow local or remote attackers to escalate privileges and read, write or delete critical files. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures …
SIEMENS CERT
05/10/2022

SSA-914168 V1.2 (Last Update: 2022-05-10): Multiple Vulnerabilities in SIMATIC WinCC Affecting Other SIMATIC Software Products

Multiple vulnerabilities were found in SIMATIC WinCC that ultimately could allow attackers to retrieve and brute force password hashes and access other systems. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products …
SIEMENS CERT
05/10/2022

SSA-560465 V1.2 (Last Update: 2022-05-10): DHCP Client Vulnerability in VxWorks-based Industrial Products

Various industry products are affected by a DHCP client vulnerability in Wind River VxWorks, that could allow an attacker to cause a heap-based buffer overflow. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are …
SIEMENS CERT
05/10/2022

SSA-772220 V1.9 (Last Update: 2022-05-10): OpenSSL Vulnerabilities in Industrial Products

OpenSSL has published a security advisory [0] about a vulnerability in OpenSSL versions 1.1.1 < 1.1.1k, that allows an unauthenticated attacker to cause a Denial-of-Service (DoS) if a maliciously crafted renegotiation message is sent . Siemens has released updates for several affected products and recommends to update to the latest …
SIEMENS CERT
05/10/2022

SSB-439005 V4.3 (Last Update: 2022-05-10): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP

SIEMENS CERT
05/10/2022

SSA-162616 V1.0: File Parsing Vulnerabilities in Simcenter Femap before V2022.2

Siemens Simcenter Femap versions before V2022.2 are affected by an out of bounds write vulnerability that could be triggered when the application reads files in .NEU format. If a user is tricked to open a malicious file with the affected application, an attacker could leverage the vulnerability to perform remote …
SIEMENS CERT
05/10/2022

SSA-165073 V1.0: Multiple Vulnerabilities in the Webinterface of SICAM P850 and SICAM P855 Devices

Multiple vulnerabilities were identified in the webserver of SICAM P850 and SICAM P855 devices. These include unauthenticated access to web-interface functionality, missing HTTPS or impersonation as well as cross-site scripting related vulnerabilities. Siemens has released updates for the affected products and recommends to update to the latest versions.
SIEMENS CERT
05/10/2022

SSA-285795 V1.0: Denial of Service in OPC-UA in Industrial Products

Vulnerability in the underlying third party component OPC UA ANSIC Stack (also called Legacy C-Stack) affects several industrial products. The vulnerability could cause a crash of the component that includes the vulnerable part of the stack. Siemens has released updates for several affected products and recommends to update to the …