Bulletins

SIEMENS CERT
11/09/2021

SSA-312271 V1.9 (Last Update: 2021-11-09): Unquoted Search Path Vulnerabilities in Windows-based Industrial Software Applications

Several industrial products as listed below contain a local privilege escalation vulnerabilities that could allow authorized local users with administrative privileges to execute custom code with SYSTEM level privileges. Siemens has released updates for the affected products and recommends to update to the latest versions.
SIEMENS CERT
11/09/2021

SSA-772220 V1.3 (Last Update: 2021-11-09): OpenSSL Vulnerabilities in Industrial Products

OpenSSL has published a security advisory [0] about a vulnerability in OpenSSL versions 1.1.1 < 1.1.1k, that allows an unauthenticated attacker to cause a Denial-of-Service (DoS) if a maliciously crafted renegotiation message is sent. Siemens has released updates for several affected products and recommends to update to the latest versions. …
SIEMENS CERT
11/09/2021

SSA-705111 V1.1 (Last Update: 2021-11-09): Multiple Vulnerabilities (NAME:WRECK) in the DNS Module of Nucleus RTOS

Security researchers discovered and disclosed 9 vulnerabilities in several DNS implementations, also known as “NAME:WRECK” vulnerabilities. The vulnerabilities described in this advisory are from this set. The DNS client of affected products contains multiple vulnerabilities related to the handling of DNS responses and requests. The most severe could allow an …
SIEMENS CERT
11/09/2021

SSA-675303 V1.2 (Last Update: 2021-11-09): WIBU Systems CodeMeter Runtime Vulnerabilities in Siemens Products

WIBU Systems published information about two vulnerabilities and an associated fix release version of CodeMeter Runtime, a product provided by WIBU Systems and used in several Siemens products for license management. The vulnerabilities are described in the section “Vulnerability Classification” below and got assigned the CVE IDs CVE-2021-20093 and CVE-2021-20094. …
SIEMENS CERT
11/09/2021

SSB-439005 V3.9 (Last Update: 2021-11-09): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP

SIEMENS CERT
11/09/2021

SSA-362164 V1.1 (Last Update: 2021-11-09): Predictable Initial Sequence Numbers in the TCP/IP Stack of Nucleus RTOS

The networking component (Nucleus NET) in Nucleus Real-Time Operating System (RTOS) use Initial Sequence Numbers for TCP-Sessions that are predictable. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not available.
SIEMENS CERT
11/09/2021

SSA-324955 V1.6 (Last Update: 2021-11-09): SAD DNS Attack in Linux Based Products

A vulnerability made public under the name SAD DNS affects Domain Name System resolvers due to a vulnerability in the Linux kernel when handling ICMP packets. The Siemens products which are affected are listed below. For more information please see https://www.saddns.net/. Siemens has released updates for several affected products and …
SIEMENS CERT
11/09/2021

SSA-248289 V1.1 (Last Update: 2021-11-09): Denial of Service Vulnerabilities in the IPv6 Stack of Nucleus RTOS

The IPv6 stack of the networking component (Nucleus NET) in Nucleus Real-Time Operating System (RTOS) contains two vulnerabilities when processing IPv6 headers which could allow an attacker to cause a denial of service condition. Siemens has released updates for several affected products and recommends to update to the latest versions. …