March 2023
February 2023
Title
SSA-321292 V1.4 (Last Update: 2023-03-14): Denial of Service in the OPC Foundation Local Discovery Server (LDS) in Industrial Products
Published
March 14, 2023, 1 a.m.
Summary
A vulnerability has been identified in the OPC Foundation Local Discovery Server (LDS) [0] of several industrial products. The vulnerability could cause a denial of service condition on the service or the device. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens ...
Title
SSA-482757 V1.2 (Last Update: 2023-03-14): Missing Immutable Root of Trust in S7-1500 CPU devices
Published
March 14, 2023, 1 a.m.
Summary
Affected models of the S7-1500 CPU product family do not contain an Immutable Root of Trust in Hardware. With this the integrity of the code executed on the device can not be validated during load-time. An attacker with physical access to the device could use this to replace the boot ...
Title
SSA-476715 V1.1 (Last Update: 2023-03-14): Two Vulnerabilities in Automation License Manager
Published
March 14, 2023, 1 a.m.
Summary
Siemens Automation License Manager contains two vulnerabilities which, when combined, could allow an attacker to modify and rename license files, extract licenses and overwrite arbitrary files on the target system potentially leading to privilege escalation and remote code execution. The affected functionality is not available for remote attackers in the ...
Title
SSB-439005 V5.1 (Last Update: 2023-03-14): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP
Published
March 14, 2023, 1 a.m.
Summary
Title
SSA-491245 V1.1 (Last Update: 2023-03-14): Multiple File Parsing Vulnerabilities in Solid Edge
Published
March 14, 2023, 1 a.m.
Summary
Solid Edge is affected by multiple memory corruption vulnerabilities that could be triggered when the application reads specially crafted files in various formats such as X_B, DWG, DXF, STL, STP, SLDPRT and PAR format. If a user is tricked to open a malicious file with the affected applications, an attacker ...
Title
SSA-419740 V1.0: Multiple Third-Party Component Vulnerabilities in RUGGEDCOM and SCALANCE Products before V7.2
Published
March 14, 2023, 1 a.m.
Summary
Multiple third-party component vulnerabilities were reported for the Busybox applet, the Linux Kernel, OpenSSL, OpenVPN and various other components used by the RUGGEDCOM and SCALANCE products. The vulnerabilities range from improper neutralization of special elements to improper handling of commands under certain circumstances, that could lead to code injection and ...
Title
SSA-223771 V1.2 (Last Update: 2023-03-14): SISCO Stack Vulnerability in SIPROTEC 5 Devices
Published
March 14, 2023, 1 a.m.
Summary
A vulnerability in the third party component SISCO MMS-EASE could allow attackers to cause a denial of service condition with SIPROTEC 5 devices. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products ...
Title
SSA-697140 V1.2 (Last Update: 2023-03-14): Denial of Service Vulnerability in the TCP Event Service of SCALANCE and RUGGEDCOM Products
Published
March 14, 2023, 1 a.m.
Summary
The products listed below contain a denial of service vulnerability in the TCP event interface that could allow an unauthenticated remote attacker to render the device unusable. Siemens has released updates for the affected products and recommends to update to the latest versions.
Title
SSA-565386 V1.0: Third-Party Component Vulnerabilities in SCALANCE W-700 IEEE 802.11ax devices before V2.0
Published
March 14, 2023, 1 a.m.
Summary
Multiple vulnerabilities affecting various third-party components of SCALANCE W-700 IEEE 802.11ax devices before V2.0 could allow an attacker to cause a denial of service condition, disclose sensitive data or violate the system integrity. Siemens has released an update for SCALANCE W-700 IEEE 802.11ax and recommends to update to the latest ...
Title
SSA-552702 V1.4 (Last Update: 2023-03-14): Privilege Escalation Vulnerability in the Web Interface of SCALANCE and RUGGEDCOM Products
Published
March 14, 2023, 1 a.m.
Summary
The products listed below do not properly authorize the change password function of the web interface. This could allow low privileged users to escalate their privileges. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific ...
Title
SSA-700053 V1.1 (Last Update: 2023-03-14): Multiple File Parsing Vulnerabilities in Teamcenter Visualization and JT2Go
Published
March 14, 2023, 1 a.m.
Summary
Siemens Teamcenter Visualization and JT2Go are affected by multiple file parsing vulnerabilities that could be triggered when the application reads a malicious file in CGM or RAS format. If a user is tricked to open a malicious file with the affected products, this could lead the application to crash or ...
Title
SSA-764417 V1.7 (Last Update: 2023-03-14): Weak Encryption Vulnerability in RUGGEDCOM ROS Devices
Published
March 14, 2023, 1 a.m.
Summary
The SSH server on RUGGEDCOM ROS devices is configured to offer weak ciphers by default. This could allow an unauthorized attacker in a man-in-the-middle position to read and modify any data passed over the connection between legitimate clients and the affected device. Siemens has released updates for the affected products ...
Title
SSA-726834 V1.0: Denial of Service Vulnerability in the RADIUS Client of SIPROTEC 5 Devices
Published
March 14, 2023, 1 a.m.
Summary
The RADIUS client implementation of the VxWorks platform in SIPROTEC 5 devices contains a denial of service vulnerability that could be triggered when a specially crafted packet is sent by a RADIUS server. Siemens has released updates for the affected products and recommends to update to the latest versions.
Title
SSA-712929 V1.8 (Last Update: 2023-03-14): Denial of Service Vulnerability in OpenSSL (CVE-2022-0778) Affecting Industrial Products
Published
March 14, 2023, 1 a.m.
Summary
A vulnerability in the openSSL component (CVE-2022-0778, [0]) could allow an attacker to create a denial of service condition by providing specially crafted elliptic curve certificates to products that use a vulnerable version of openSSL. Siemens has released updates for several affected products and recommends to update to the latest ...
Title
SSA-539476 V1.4 (Last Update: 2023-03-14): Siemens SIMATIC NET CP, SINEMA and SCALANCE Products Affected by Vulnerabilities in Third-Party Component strongSwan
Published
March 14, 2023, 1 a.m.
Summary
Vulnerabilities in the third-party component strongSwan could allow an attacker to cause a denial of service (DoS) condition in affected devices by exploiting integer overflow bugs. Siemens has released updates for the affected products and recommends to update to the latest versions.
Title
SSA-847261 V1.1 (Last Update: 2023-03-14): Multiple SPP File Parsing Vulnerabilities in Tecnomatix Plant Simulation
Published
March 14, 2023, 1 a.m.
Summary
Siemens Tecnomatix Plant Simulation has released an update, 2201 Update 6, that fixes multiple vulnerabilities that could be triggered when the application reads SPP files. If a user is tricked to open a malicious file using the affected application, this could lead to a crash, and potentially also to arbitrary ...
Title
SSA-840800 V1.2 (Last Update: 2023-03-14): Code Injection Vulnerability in RUGGEDCOM ROS
Published
March 14, 2023, 1 a.m.
Summary
RUGGEDCOM ROS-based devices are vulnerable to a web-based code injection attack. To execute this attack, it is necessary to access the system via the Command Line Interface (CLI). Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products ...
Title
SSA-787941 V1.1 (Last Update: 2023-03-14): Denial of Service Vulnerability in RUGGEDCOM ROS V4
Published
March 14, 2023, 1 a.m.
Summary
RUGGEDCOM ROS-based V4 devices are vulnerable to a denial of service attack (Slowloris). By sending partial HTTP requests nonstop, with none completed, the affected web servers will be waiting for the completion of each request, occupying all available HTTP connections. The web server recovers by itself once the attack ends. ...
Title
SSA-517377 V1.2 (Last Update: 2023-03-14): Multiple Vulnerabilities in the SRCS VPN Feature in SIMATIC CP Devices
Published
March 14, 2023, 1 a.m.
Summary
The below referenced devices contain multiple vulnerabilities that could be exploited when the SINEMA Remote Connect Server (SRCS) VPN feature is used. The feature is not activated by default. The most severe could allow an attacker to execute arbitrary code with elevated privileges under certain circumstances. Siemens has released updates ...
Title
SSA-851884 V1.0: Authentication Bypass Vulnerability in Mendix SAML Module
Published
March 14, 2023, 1 a.m.
Summary
The Mendix SAML module insufficiently verifies the SAML assertions. This could allow unauthenticated remote attackers to bypass authentication and get access to the application. Mendix has provided fix releases for the Mendix SAML module and recommends to update to the latest version.
Title
SSA-941426 V1.4 (Last Update: 2023-03-14): Multiple LLDP Vulnerabilities in Industrial Products
Published
March 14, 2023, 1 a.m.
Summary
There are multiple vulnerabilities in an underlying Link Layer Discovery Protocol (LLDP) third party library. Siemens has released updates for the affected products and recommends to update to the latest versions.
Title
SSA-772220 V2.2 (Last Update: 2023-03-14): OpenSSL Vulnerabilities in Industrial Products
Published
March 14, 2023, 1 a.m.
Summary
OpenSSL has published a security advisory [0] about a vulnerability in OpenSSL versions 1.1.1 < 1.1.1k, that allows an unauthenticated attacker to cause a Denial-of-Service (DoS) if a maliciously crafted renegotiation message is sent. Siemens has released updates for several affected products and recommends to update to the latest versions. ...
Title
SSA-658793 V1.0: Command Injection Vulnerability in SiPass integrated AC5102 / ACC-G2 and ACC-AP
Published
Feb. 14, 2023, 1 a.m.
Summary
SiPass integrated ACC (Advanced Central Controller) devices improperly sanitize user input on the telnet command line interface. This could allow an authenticated user to escalate privileges by injecting arbitrary commands that are executed with root privileges. Siemens has released updates for the affected products and recommends to update to the ...
Title
SSA-640968 V1.0: Untrusted Search Path Vulnerability in TIA Project-Server formerly known as TIA Multiuser Server
Published
Feb. 14, 2023, 1 a.m.
Summary
TIA Project-Server formerly known as TIA Multiuser Server contains an untrusted search path vulnerability that could allow an attacker to escalate privileges, when tricking a legitimate user to start the service from an attacker controlled path. Siemens has released updates for several affected products and recommends to update to the ...
Title
SSA-568428 V1.1 (Last Update: 2023-02-14): Weak Key Protection Vulnerability in SINUMERIK ONE and SINUMERIK MC
Published
Feb. 14, 2023, 1 a.m.
Summary
SINUMERIK ONE and SINUMERIK MC products are affected by a weak key protection vulnerability in the integrated S7-1500 CPU. The weak key protection vulnerability in the integrated S7-1500 CPU is documented in more detail in SSA-568427 [1]. Siemens has released updates for the affected products and recommends to update to ...
Last Updates
BOSCH PSIRT
25.04.2025
SIEMENS CERT
17.04.2025
US CERT
01.04.2025
US CERT (ICS)
01.05.2025
By Source
- BOSCH PSIRT (88)
- SIEMENS CERT (1991)
- US CERT (175)
- US CERT (ICS) (1828)
Archive
2025
2024
- December (57)
- November (53)
- October (66)
- September (69)
- August (59)
- July (63)
- June (53)
- May (64)
- April (41)
- March (45)
- February (45)
- January (41)
2023
- December (57)
- November (58)
- October (46)
- September (51)
- August (62)
- July (49)
- June (49)
- May (52)
- April (67)
- March (67)
- February (71)
- January (60)
2022
- December (65)
- November (46)
- October (61)
- September (55)
- August (88)
- July (61)
- June (91)
- May (58)
- April (83)
- March (72)
- February (70)
- January (37)
2021
- December (73)
- November (46)
- October (49)
- September (73)
- August (33)
- July (33)
- June (30)
- May (30)
- April (37)
- March (46)
- February (42)
- January (27)
2020
- December (32)
- November (19)
- October (30)
- September (33)
- August (26)
- July (51)
- June (51)
- May (26)
- April (39)
- March (45)
- February (106)
- January (35)
2019
- December (33)
- November (14)
- October (37)
- September (34)
- August (26)
- July (28)
- June (22)
- May (37)
- April (28)
- March (19)
- February (36)
- January (37)
2018
- December (36)
- November (36)
- October (34)
- September (22)
- August (26)
- July (18)
- June (26)
- May (42)
- April (31)
- March (37)
- February (24)
- January (10)