SIEMENS CERT
12/14/2021
SiPass integrated contains multiple vulnerabilities that could allow an unauthenticated remote attacker to access or modify several internal application resources. Siemens has released a tool, “SiPass integrated Component Manager”, to remediate the vulnerabilities on all maintained and supported versions of SiPass integrated and recommends to apply this tool.
SIEMENS CERT
12/14/2021
A zip path traversal vulnerability in Teamcenter Active Workspace could allow an attacker to achieve remote code execution. Siemens has released updates for the affected products and recommends to update to the latest versions.
SIEMENS CERT
12/14/2021
A vulnerability made public under the name SAD DNS affects Domain Name System resolvers due to a vulnerability in the Linux kernel when handling ICMP packets. The Siemens products which are affected are listed below. For more information please see https://www.saddns.net/. Siemens has released updates for several affected products and …
SIEMENS CERT
12/14/2021
Multiple vulnerabilities (also known as “NUCLEUS:13”) have be identified in the Nucleus RTOS (real-time operating system) and reported in the Siemens Security Advisory SSA-044112: https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf. CAPITAL VSTAR uses an affected version of the Nucleus software and inherently contains several of these vulnerabilities. Siemens recommends specific countermeasures for products where updates …
SIEMENS CERT
12/14/2021
Siemens has released version V13.2.0.5 for JT2Go and Teamcenter Visualization to fix multiple vulnerabilities that could be triggered when the products read maliciously crafted files in different file formats (PDF, JT, TIFF, CGM and TIF). If a user is tricked to open a malicious file with any of the affected …
SIEMENS CERT
12/14/2021
A vulnerability was found in SINUMERIK Edge that could allow an attacker to spoof a trusted entity by interfering in the communication path between the client and the intended server. Siemens has released an update for the SINUMERIK Edge and recommends to update to the latest version.
SIEMENS CERT
12/14/2021
SSA-549234 V1.1 (Last Update: 2021-12-14): Denial-of-Service Vulnerability in SIMATIC NET CP Modules
A denial of service vulnerability was identified in different types of Communication Processors. An attacker could exploit this vulnerability causing the device to become un-operational until the device is restarted. Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available.
SIEMENS CERT
12/14/2021
WIBU Systems published information about a denial-of-service vulnerability and an associated fix release version of CodeMeter Runtime, a product provided by WIBU Systems and used in several Siemens products for license management. The vulnerability is described in the section “Vulnerability Classification” below and got assigned the CVE ID CVE-2021-41057. Successful …