April 2023
11.04.2023
SIEMENS CERT
SSA-349422 V1.9 (Last Update: 2023-04-11): Denial of Service Vulnerability in Industrial Real-Time (IRT) Devices
Title
SSA-349422 V1.9 (Last Update: 2023-04-11): Denial of Service Vulnerability in Industrial Real-Time (IRT) Devices
Published
April 11, 2023, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-349422.html
Summary
A vulnerability in the affected products could allow an unauthorized attacker with network access to perform a denial-of-service attack resulting in loss of real-time synchronization. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are ...
11.04.2023
SIEMENS CERT
SSA-712929 V1.9 (Last Update: 2023-04-11): Denial of Service Vulnerability in OpenSSL (CVE-2022-0778) Affecting Industrial Prod...
Title
SSA-712929 V1.9 (Last Update: 2023-04-11): Denial of Service Vulnerability in OpenSSL (CVE-2022-0778) Affecting Industrial Products
Published
April 11, 2023, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-712929.html
Summary
A vulnerability in the openSSL component (CVE-2022-0778, [0]) could allow an attacker to create a denial of service condition by providing specially crafted elliptic curve certificates to products that use a vulnerable version of openSSL. Siemens has released updates for several affected products and recommends to update to the latest ...
11.04.2023
SIEMENS CERT
SSA-710008 V1.3 (Last Update: 2023-04-11): Multiple Web Vulnerabilities in SCALANCE Products
Title
SSA-710008 V1.3 (Last Update: 2023-04-11): Multiple Web Vulnerabilities in SCALANCE Products
Published
April 11, 2023, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-710008.html
Summary
SCALANCE devices contain multiple vulnerabilities in MSPS based product lines that could allow authenticated remote attackers to execute custom code or create a XSS situation, as well as unauthenticated remote attackers to create a denial of service condition. Siemens has released updates for several affected products and recommends to update ...
11.04.2023
SIEMENS CERT
SSA-792594 V1.1 (Last Update: 2023-04-11): Host Header Injection Vulnerability in Polarion ALM
Title
SSA-792594 V1.1 (Last Update: 2023-04-11): Host Header Injection Vulnerability in Polarion ALM
Published
April 11, 2023, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-792594.html
Summary
Polarion ALM contains a misconfiguration in its default Apache HTTP Server configuration that could allow an attacker to perform host header injection attacks. Siemens has released an update for Polarion ALM and recommends to update to the latest version.
11.04.2023
SIEMENS CERT
SSA-813746 V1.0: BadAlloc Vulnerabilities in SCALANCE X-200, X-200IRT, and X-300 Switch Families
Title
SSA-813746 V1.0: BadAlloc Vulnerabilities in SCALANCE X-200, X-200IRT, and X-300 Switch Families
Published
April 11, 2023, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-813746.html
Summary
Siemens has released a new firmware version for SCALANCE X-200 and X-200 IRT switches that address Bad Alloc vulnerabilities in the underlying operating system and recommends to update to the latest versions. Siemens recommends countermeasures for products where updates are not, or not yet available.
11.04.2023
SIEMENS CERT
SSA-787941 V1.2 (Last Update: 2023-04-11): Denial of Service Vulnerability in RUGGEDCOM ROS V4
Title
SSA-787941 V1.2 (Last Update: 2023-04-11): Denial of Service Vulnerability in RUGGEDCOM ROS V4
Published
April 11, 2023, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-787941.html
Summary
RUGGEDCOM ROS-based V4 devices are vulnerable to a denial of service attack (Slowloris). By sending partial HTTP requests nonstop, with none completed, the affected web servers will be waiting for the completion of each request, occupying all available HTTP connections. The web server recovers by itself once the attack ends. ...
11.04.2023
SIEMENS CERT
SSA-700053 V1.2 (Last Update: 2023-04-11): Multiple File Parsing Vulnerabilities in Teamcenter Visualization and JT2Go
Title
SSA-700053 V1.2 (Last Update: 2023-04-11): Multiple File Parsing Vulnerabilities in Teamcenter Visualization and JT2Go
Published
April 11, 2023, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-700053.html
Summary
Siemens Teamcenter Visualization and JT2Go are affected by multiple file parsing vulnerabilities that could be triggered when the application reads a malicious file in CGM or RAS format. If a user is tricked to open a malicious file with the affected products, this could lead the application to crash or ...
11.04.2023
SIEMENS CERT
SSA-699404 V1.0: Observable Response Discrepancy in Mendix Forgot Password Module
Title
SSA-699404 V1.0: Observable Response Discrepancy in Mendix Forgot Password Module
Published
April 11, 2023, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-699404.html
Summary
The Mendix Forgot Password module contains an observable response discrepancy issue that could allow an attacker to retrieve sensitive information. Siemens has released updates for the affected products and recommends to update to the latest versions.
11.04.2023
SIEMENS CERT
SSA-780073 V2.3 (Last Update: 2023-04-11): Denial of Service Vulnerability in PROFINET Devices via DCE-RPC Packets
Title
SSA-780073 V2.3 (Last Update: 2023-04-11): Denial of Service Vulnerability in PROFINET Devices via DCE-RPC Packets
Published
April 11, 2023, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-780073.html
Summary
Products that include the Siemens PROFINET-IO (PNIO) stack in versions prior V06.00 are potentially affected by a denial of service vulnerability when multiple legitimate diagnostic package requests are sent to the DCE-RPC interface. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens ...
11.04.2023
SIEMENS CERT
SSA-256353 V1.4 (Last Update: 2023-04-11): Third-Party Component Vulnerabilities in RUGGEDCOM ROS
Title
SSA-256353 V1.4 (Last Update: 2023-04-11): Third-Party Component Vulnerabilities in RUGGEDCOM ROS
Published
April 11, 2023, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-256353.html
Summary
Multiple vulnerabilities affect various third-party components of the RUGGEDCOM Operating System (ROS). If exploited, an attacker could cause a denial-of-service, act as a man-in-the-middle or retrieval of sensitive information or gain privileged functions. Siemens has released updates for the affected products and recommends to update to the latest versions.
11.04.2023
SIEMENS CERT
SSA-322980 V1.0: Denial of Service Vulnerability in SIPROTEC 5 Devices
Title
SSA-322980 V1.0: Denial of Service Vulnerability in SIPROTEC 5 Devices
Published
April 11, 2023, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-322980.html
Summary
SIPROTEC 5 devices contain a null pointer dereference vulnerability in the web service. This could allow an attacker to send unauthenticated maliciously crafted http request that could cause denial of service condition of the device. Siemens has released updates for several affected products and recommends to update to the latest ...
March 2023
14.03.2023
SIEMENS CERT
SSA-203374 V1.0: Multiple OpenSSL Vulnerabilities in SCALANCE W1750D Devices
Title
SSA-203374 V1.0: Multiple OpenSSL Vulnerabilities in SCALANCE W1750D Devices
Published
March 14, 2023, 1 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-203374.html
Summary
The SCALANCE W1750D device contains multiple vulnerabilities in the integrated OpenSSL component that could allow an attacker to read memory contents, decrypt RSA-encrypted messages or create a denial of service condition. Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available.
14.03.2023
SIEMENS CERT
SSA-726834 V1.0: Denial of Service Vulnerability in the RADIUS Client of SIPROTEC 5 Devices
Title
SSA-726834 V1.0: Denial of Service Vulnerability in the RADIUS Client of SIPROTEC 5 Devices
Published
March 14, 2023, 1 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-726834.html
Summary
The RADIUS client implementation of the VxWorks platform in SIPROTEC 5 devices contains a denial of service vulnerability that could be triggered when a specially crafted packet is sent by a RADIUS server. Siemens has released updates for the affected products and recommends to update to the latest versions.
14.03.2023
SIEMENS CERT
SSA-712929 V1.8 (Last Update: 2023-03-14): Denial of Service Vulnerability in OpenSSL (CVE-2022-0778) Affecting Industrial Prod...
Title
SSA-712929 V1.8 (Last Update: 2023-03-14): Denial of Service Vulnerability in OpenSSL (CVE-2022-0778) Affecting Industrial Products
Published
March 14, 2023, 1 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-712929.html
Summary
A vulnerability in the openSSL component (CVE-2022-0778, [0]) could allow an attacker to create a denial of service condition by providing specially crafted elliptic curve certificates to products that use a vulnerable version of openSSL. Siemens has released updates for several affected products and recommends to update to the latest ...
14.03.2023
SIEMENS CERT
SSA-244969 V1.9 (Last Update: 2023-03-14): OpenSSL Vulnerability in Industrial Products
Title
SSA-244969 V1.9 (Last Update: 2023-03-14): OpenSSL Vulnerability in Industrial Products
Published
March 14, 2023, 1 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-244969.html
Summary
OpenSSL has published a security advisory [0] about a vulnerability in OpenSSL versions 1.1.1 < 1.1.1l and 1.0.2 < 1.0.2za that allows an attacker to cause a denial of service (DoS) or to disclose private memory content. Siemens has released updates for several affected products and recommends to update to ...
14.03.2023
SIEMENS CERT
SSA-250085 V1.2 (Last Update: 2023-03-14): Multiple Vulnerabilities in SINEC NMS and SINEMA Server
Title
SSA-250085 V1.2 (Last Update: 2023-03-14): Multiple Vulnerabilities in SINEC NMS and SINEMA Server
Published
March 14, 2023, 1 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-250085.html
Summary
SINEC NMS and SINEMA Server V14 contains multiple vulnerabilities that could allow an attacker to execute arbitrary code on the system, arbitrary commands on the local database or achieve privilege escalation. Siemens has released an update for SINEC NMS to fix CVE-2022-24281 and recommends to update to the latest version. ...
14.03.2023
SIEMENS CERT
SSA-256353 V1.3 (Last Update: 2023-03-14): Third-Party Component Vulnerabilities in RUGGEDCOM ROS
Title
SSA-256353 V1.3 (Last Update: 2023-03-14): Third-Party Component Vulnerabilities in RUGGEDCOM ROS
Published
March 14, 2023, 1 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-256353.html
Summary
Multiple vulnerabilities affect various third-party components of the RUGGEDCOM Operating System (ROS). If exploited, an attacker could cause a denial-of-service, act as a man-in-the-middle or retrieval of sensitive information or gain privileged functions. Siemens has released updates for the affected products and recommends to update to the latest versions.
14.03.2023
SIEMENS CERT
SSA-223771 V1.2 (Last Update: 2023-03-14): SISCO Stack Vulnerability in SIPROTEC 5 Devices
Title
SSA-223771 V1.2 (Last Update: 2023-03-14): SISCO Stack Vulnerability in SIPROTEC 5 Devices
Published
March 14, 2023, 1 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-223771.html
Summary
A vulnerability in the third party component SISCO MMS-EASE could allow attackers to cause a denial of service condition with SIPROTEC 5 devices. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products ...
14.03.2023
SIEMENS CERT
SSA-772220 V2.2 (Last Update: 2023-03-14): OpenSSL Vulnerabilities in Industrial Products
Title
SSA-772220 V2.2 (Last Update: 2023-03-14): OpenSSL Vulnerabilities in Industrial Products
Published
March 14, 2023, 1 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-772220.html
Summary
OpenSSL has published a security advisory [0] about a vulnerability in OpenSSL versions 1.1.1 < 1.1.1k, that allows an unauthenticated attacker to cause a Denial-of-Service (DoS) if a maliciously crafted renegotiation message is sent. Siemens has released updates for several affected products and recommends to update to the latest versions. ...
14.03.2023
SIEMENS CERT
SSA-320629 V1.0: Security Vulnerabilities Fixed in RUGGEDCOM CROSSBOW V5.3
Title
SSA-320629 V1.0: Security Vulnerabilities Fixed in RUGGEDCOM CROSSBOW V5.3
Published
March 14, 2023, 1 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-320629.html
Summary
RUGGEDCOM CROSSBOW before V5.3 contains two vulnerabilities that could allow authenticated remote attackers to access data they are not authorized for, or execute arbitrary database queries via an SQL injection attack. Siemens has released an update for RUGGEDCOM CROSSBOW and recommends to update to the latest version.
14.03.2023
SIEMENS CERT
SSA-697140 V1.2 (Last Update: 2023-03-14): Denial of Service Vulnerability in the TCP Event Service of SCALANCE and RUGGEDCOM P...
Title
SSA-697140 V1.2 (Last Update: 2023-03-14): Denial of Service Vulnerability in the TCP Event Service of SCALANCE and RUGGEDCOM Products
Published
March 14, 2023, 1 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-697140.html
Summary
The products listed below contain a denial of service vulnerability in the TCP event interface that could allow an unauthenticated remote attacker to render the device unusable. Siemens has released updates for the affected products and recommends to update to the latest versions.
14.03.2023
SIEMENS CERT
SSA-700053 V1.1 (Last Update: 2023-03-14): Multiple File Parsing Vulnerabilities in Teamcenter Visualization and JT2Go
Title
SSA-700053 V1.1 (Last Update: 2023-03-14): Multiple File Parsing Vulnerabilities in Teamcenter Visualization and JT2Go
Published
March 14, 2023, 1 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-700053.html
Summary
Siemens Teamcenter Visualization and JT2Go are affected by multiple file parsing vulnerabilities that could be triggered when the application reads a malicious file in CGM or RAS format. If a user is tricked to open a malicious file with the affected products, this could lead the application to crash or ...
14.03.2023
SIEMENS CERT
SSA-260625 V1.0: Security Vulnerabilities Fixed in RUGGEDCOM CROSSBOW V5.2
Title
SSA-260625 V1.0: Security Vulnerabilities Fixed in RUGGEDCOM CROSSBOW V5.2
Published
March 14, 2023, 1 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-260625.html
Summary
RUGGEDCOM CROSSBOW V5.2 fixes two vulnerabilities that could allow authenticated remote attackers to perform unauthorized actions (CVE-2023-27309) or escalate privileges (CVE-2023-27310). Siemens has released an update for RUGGEDCOM CROSSBOW and recommends to update to the latest version.
14.03.2023
SIEMENS CERT
SSA-764417 V1.7 (Last Update: 2023-03-14): Weak Encryption Vulnerability in RUGGEDCOM ROS Devices
Title
SSA-764417 V1.7 (Last Update: 2023-03-14): Weak Encryption Vulnerability in RUGGEDCOM ROS Devices
Published
March 14, 2023, 1 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-764417.html
Summary
The SSH server on RUGGEDCOM ROS devices is configured to offer weak ciphers by default. This could allow an unauthorized attacker in a man-in-the-middle position to read and modify any data passed over the connection between legitimate clients and the affected device. Siemens has released updates for the affected products ...
14.03.2023
SIEMENS CERT
SSA-847261 V1.1 (Last Update: 2023-03-14): Multiple SPP File Parsing Vulnerabilities in Tecnomatix Plant Simulation
Title
SSA-847261 V1.1 (Last Update: 2023-03-14): Multiple SPP File Parsing Vulnerabilities in Tecnomatix Plant Simulation
Published
March 14, 2023, 1 a.m.
URL
https://cert-portal.siemens.com/productcert/html/ssa-847261.html
Summary
Siemens Tecnomatix Plant Simulation has released an update, 2201 Update 6, that fixes multiple vulnerabilities that could be triggered when the application reads SPP files. If a user is tricked to open a malicious file using the affected application, this could lead to a crash, and potentially also to arbitrary ...

Last Updates

BOSCH PSIRT
21.08.2024
SIEMENS CERT
12.09.2024
US CERT
19.09.2024
US CERT (ICS)
19.09.2024

By Source

Archive

2024
2023
2022
2021
2020
2019
2018
2017

Feeds