September 2021
14.09.2021
SIEMENS CERT
SSA-676336 V1.0: OpenSSH Vulnerabilities in SCALANCE X-200 and X-300/X408 Switches
Title
SSA-676336 V1.0: OpenSSH Vulnerabilities in SCALANCE X-200 and X-300/X408 Switches
Published
Sept. 14, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-676336.pdf
Summary
The latest update of the SCALANCE X-200 and X-300/X408 switches families fixes multiple OpenSSH vulnerabilities. The most severe of these vulnerabilities could allow a denial of service condition. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and ...
14.09.2021
SIEMENS CERT
SSA-535997 V1.0: Cleartext Storage of Sensitive Information in Multiple SIMATIC Products
Title
SSA-535997 V1.0: Cleartext Storage of Sensitive Information in Multiple SIMATIC Products
Published
Sept. 14, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-535997.pdf
Summary
A cleartext vulnerability was found in the SIMATIC communication processors CP 1543-1 and CP 1545-1 that could allow an attacker to read sensitive information. Siemens has released an update for the SIMATIC CP 1543-1 (incl. SIPLUS variants) and recommends to update to the latest version. Siemens is preparing further updates ...
14.09.2021
SIEMENS CERT
SSA-535380 V1.0: Command Injection Vulnerability in Siveillance OIS Affecting Several Building Management Systems
Title
SSA-535380 V1.0: Command Injection Vulnerability in Siveillance OIS Affecting Several Building Management Systems
Published
Sept. 14, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-535380.pdf
Summary
The Siveillance Open Interface Services (OIS) application used for integration of different subsystems to several Siemens building management systems contains a command injection vulnerability that could allow a remote unauthenticated attacker to execute code on the affected system with root privileges. Siemens has released patches and updates for Siveillance OIS ...
14.09.2021
SIEMENS CERT
SSA-500748 V1.0: Denial-of-Service Vulnerabilities in SIPROTEC 5 Devices
Title
SSA-500748 V1.0: Denial-of-Service Vulnerabilities in SIPROTEC 5 Devices
Published
Sept. 14, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-500748.pdf
Summary
The latest update for SIPROTEC 5 family devices fixes a vulnerability in the web interface which could allow unauthorized users to cause a Denial-of-Service situation by sending maliciously crafted web requests. Siemens has released an update for the SIPROTEC 5 and recommends to update to the latest version.
14.09.2021
SIEMENS CERT
SSA-453715 V1.0: Deserialization Vulnerability in CCOM Communication Component of Desigo CC Family
Title
SSA-453715 V1.0: Deserialization Vulnerability in CCOM Communication Component of Desigo CC Family
Published
Sept. 14, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-453715.pdf
Summary
Desigo CC, Desigo CC Compact and Cerberus DMS that use CCOM communication component hosted in IIS contain a deserialisation vulnerability that could allow an unauthenticated attacker to perform remote code execution. Only those systems that use Windows App and/or IE XBAP Web Client are affected. Regular installed clients and the ...
14.09.2021
SIEMENS CERT
SSA-413407 V1.0: Path Traversal Vulnerability in Teamcenter Active Workspace
Title
SSA-413407 V1.0: Path Traversal Vulnerability in Teamcenter Active Workspace
Published
Sept. 14, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-413407.pdf
Summary
Teamcenter Active Workspace contains a path traversal vulnerability that could lead to access control violations. Siemens has released updates for the affected products and recommends to update to the latest versions.
14.09.2021
SIEMENS CERT
SSA-334944 V1.0: Vulnerability in SINEMA Remote Connect Server
Title
SSA-334944 V1.0: Vulnerability in SINEMA Remote Connect Server
Published
Sept. 14, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-334944.pdf
Summary
Multiple vulnerabilities in SINEMA Remote Connect Server could allow an unauthorized remote attacker to retrieve or manipulate sensitive information from the affected software. In addition, the attacker could also cause a Denial-of-Service condition in devices controlled by the affected software. Siemens has released an update for the SINEMA Remote Connect ...
14.09.2021
SIEMENS CERT
SSA-330339 V1.0: Web Vulnerabilities in SINEC NMS
Title
SSA-330339 V1.0: Web Vulnerabilities in SINEC NMS
Published
Sept. 14, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-330339.pdf
Summary
A recent update for SINEC NMS fixed multiple vulnerabilities. The most severe of these vulnerabilities could allow an attacker to manipulate the SINEC NMS configuration by tricking an admin to click on a malicious link. Siemens has released an update for SINEC NMS and recommends to update to the latest ...
14.09.2021
SIEMENS CERT
SSA-316383 V1.0: NumberJack Vulnerability in LOGO! CMR family and SIMATIC RTU 3000 family
Title
SSA-316383 V1.0: NumberJack Vulnerability in LOGO! CMR family and SIMATIC RTU 3000 family
Published
Sept. 14, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-316383.pdf
Summary
A vulnerability has been identified in the underlying TCP/IP stack of LOGO! CMR family and SIMATIC RTU 3000 family devices. It could allow an attacker with network access to the LAN interface of an affected device to hijack an ongoing connection or spoof a new one. The WAN interface, however, ...
14.09.2021
SIEMENS CERT
SSA-288459 V1.0: Heap Overflow Vulnerability in RFID terminals
Title
SSA-288459 V1.0: Heap Overflow Vulnerability in RFID terminals
Published
Sept. 14, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-288459.pdf
Summary
A heap overflow vulnerability in dhclient of the affected products, which has been published alongside other vulnerabilities as part of NAME:WRECK could allow an attacker to potentially remotely execute code. Siemens recommends specific countermeasures for products.
14.09.2021
SIEMENS CERT
SSA-208530 V1.0: File parsing vulnerabilities in IFC adapter in NX
Title
SSA-208530 V1.0: File parsing vulnerabilities in IFC adapter in NX
Published
Sept. 14, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-208530.pdf
Summary
Siemens NX is affected by two vulnerabilities that could be triggered when the application reads ifc files. If a user is tricked to open a malicious file with the affected application, this could lead to an access violation, and potentially also to arbitrary code execution on the target host system. ...
14.09.2021
SIEMENS CERT
SSA-150692 V1.0: Multiple Vulnerabilities in RUGGEDCOM ROX
Title
SSA-150692 V1.0: Multiple Vulnerabilities in RUGGEDCOM ROX
Published
Sept. 14, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-150692.pdf
Summary
Multiple vulnerabilities in RUGGEDCOM ROX devices have been detected, ranging from command injection to filesystem traversal. An attacker could exploit these to gain root access to the affected devices. Siemens has released updates for the affected products and recommends to update to the latest versions.
14.09.2021
SIEMENS CERT
SSA-109294 V1.0: Scene File Parsing Vulnerability in Simcenter STAR-CCM+ Viewer
Title
SSA-109294 V1.0: Scene File Parsing Vulnerability in Simcenter STAR-CCM+ Viewer
Published
Sept. 14, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-109294.pdf
Summary
Siemens Simcenter STAR-CCM+ Viewer is affected by a vulnerability that could be triggered when the application reads scene (.sce) files. If a user is tricked to open a malicious file with the affected application, this could lead to a crash, and potentially also to arbitrary code execution or data extraction ...
14.09.2021
SIEMENS CERT
SSA-938030 V1.1 (Last Update: 2021-09-14): DGN and PAR File Parsing Vulnerabilities in JT2Go and Teamcenter Visualization befor...
Title
SSA-938030 V1.1 (Last Update: 2021-09-14): DGN and PAR File Parsing Vulnerabilities in JT2Go and Teamcenter Visualization before V13.2.0.2
Published
Sept. 14, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-938030.pdf
Summary
Siemens has released version V13.2.0.2 for JT2Go and Teamcenter Visualization to fix three vulnerabilities that could be triggered while parsing DGN or PAR files. If a user is tricked to open a malicious file with the affected products, this could lead the application to crash or potential arbitrary code execution. ...
14.09.2021
SIEMENS CERT
SSA-936080 V1.2 (Last Update: 2021-09-14): Multiple Vulnerabilities in Third-Party Component libcurl
Title
SSA-936080 V1.2 (Last Update: 2021-09-14): Multiple Vulnerabilities in Third-Party Component libcurl
Published
Sept. 14, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-936080.pdf
Summary
SIMATIC CM 1542-1, SCALANCE SC600 family and SIMATIC CP 343-1 Advanced devices are vulnerable to a vulnerability in the third party component libcurl that could allow an attacker to cause a Denial-of-Service condition on the affected devices. Siemens has released updates for several affected products and recommends to update to ...
14.09.2021
SIEMENS CERT
SSA-865327 V1.1 (Last Update: 2021-09-14): Incorrect Authorization Vulnerability in Industrial Products
Title
SSA-865327 V1.1 (Last Update: 2021-09-14): Incorrect Authorization Vulnerability in Industrial Products
Published
Sept. 14, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-865327.pdf
Summary
The latest updates for the below mentioned products fix a vulnerability that allows an unauthenticated attacker to read PLC variables from affected devices without proper authentication under certain circumstances. Siemens has released updates for some of the affected products, is working on updates for the remaining affected products and recommends ...
14.09.2021
SIEMENS CERT
SSA-830194 V1.1 (Last Update: 2021-09-14): Missing Authentication Vulnerability in S7-1200 Devices
Title
SSA-830194 V1.1 (Last Update: 2021-09-14): Missing Authentication Vulnerability in S7-1200 Devices
Published
Sept. 14, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-830194.pdf
Summary
SIMATIC S7-1200 PLC, version V4.5.0 fails to authenticate against configured passwords when the affected device was provisioned using TIA Portal V13. This could allow an attacker using TIA Portal V13 or later versions to bypass authentication and download arbitrary programs to the PLC. Siemens has released an update for SIMATIC ...
14.09.2021
SIEMENS CERT
SSA-789208 V1.1 (Last Update: 2021-09-14): Multiple Vulnerabilities (INFRA:HALT) in Interniche IP-Stack based Low Voltage Devices
Title
SSA-789208 V1.1 (Last Update: 2021-09-14): Multiple Vulnerabilities (INFRA:HALT) in Interniche IP-Stack based Low Voltage Devices
Published
Sept. 14, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-789208.pdf
Summary
Security researchers discovered and disclosed 14 vulnerabilities in the Interniche IP stack, also known as “INFRA:HALT” vulnerabilities [0]. This advisory describes the impact to Siemens low voltage products, which are only affected by four out of the 14 vulnerabilities. Siemens has released updates for several affected products and recommends to ...
14.09.2021
SIEMENS CERT
SSA-780073 V1.8 (Last Update: 2021-09-14): Denial-of-Service Vulnerability in PROFINET Devices via DCE-RPC Packets
Title
SSA-780073 V1.8 (Last Update: 2021-09-14): Denial-of-Service Vulnerability in PROFINET Devices via DCE-RPC Packets
Published
Sept. 14, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-780073.pdf
Summary
Products that include the Siemens PROFINET-IO (PNIO) stack in versMions prior V06.00 are potentially affected by a denial-of-service vulnerability when multiple legitimate diagnostic package requests are sent to the DCE-RPC interface. Siemens has released updates for several affected products and recommends to update to the new versions. Siemens is preparing ...
14.09.2021
SIEMENS CERT
SSA-772220 V1.2 (Last Update: 2021-09-14): OpenSSL Vulnerabilities in Industrial Products
Title
SSA-772220 V1.2 (Last Update: 2021-09-14): OpenSSL Vulnerabilities in Industrial Products
Published
Sept. 14, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-772220.pdf
Summary
OpenSSL has published a security advisory [0] about a vulnerability in OpenSSL versions 1.1.1 < 1.1.1k, that allows an unauthenticated attacker to cause a Denial-of-Service (DoS) if a maliciously crafted renegotiation message is sent. Siemens is preparing updates and recommends countermeasures for products where updates are not, or not yet ...
14.09.2021
SIEMENS CERT
SSA-756744 V1.1 (Last Update: 2021-09-14): OS Command Injection Vulnerability in SINEC NMS
Title
SSA-756744 V1.1 (Last Update: 2021-09-14): OS Command Injection Vulnerability in SINEC NMS
Published
Sept. 14, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-756744.pdf
Summary
The latest update for SINEC NMS fixes a vulnerability that could allow an authenticated remote attacker to execute arbitrary code on the system, with system privileges, under certain conditions. Siemens has released an update for SINEC NMS and recommends to update to the latest version.
14.09.2021
SIEMENS CERT
SSA-675303 V1.1 (Last Update: 2021-09-14): WIBU Systems CodeMeter Runtime Vulnerabilities in Siemens Products
Title
SSA-675303 V1.1 (Last Update: 2021-09-14): WIBU Systems CodeMeter Runtime Vulnerabilities in Siemens Products
Published
Sept. 14, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-675303.pdf
Summary
WIBU Systems disclosed two vulnerabilities and a new release version of CodeMeter Runtime, a product provided by WIBU Systems and used in several Siemens products for license management. The vulnerabilities are described in the section “Vulnerability Classification” below and got assigned the CVE IDs CVE-2021-20093 and CVE-2021-20094. Successful exploitation of ...
14.09.2021
SIEMENS CERT
SSA-661034 V1.1 (Last Update: 2021-09-14): Incorrect Permission Assignment in Multiple SIMATIC Software Products
Title
SSA-661034 V1.1 (Last Update: 2021-09-14): Incorrect Permission Assignment in Multiple SIMATIC Software Products
Published
Sept. 14, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-661034.pdf
Summary
Multiple SIMATIC software products are affected by a vulnerability that could allow an attacker to change the content of certain metafiles and subsequently manipulate parameters or behaviour of devices configured by the affected software products. Siemens has released updates for several affected products and recommends to update to the latest ...
14.09.2021
SIEMENS CERT
SSA-599968 V1.2 (Last Update: 2021-09-14): Denial-of-Service Vulnerability in Profinet Devices
Title
SSA-599968 V1.2 (Last Update: 2021-09-14): Denial-of-Service Vulnerability in Profinet Devices
Published
Sept. 14, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-599968.pdf
Summary
A vulnerability in affected devices could allow an attacker to perform a denial-of-service attack if a large amount of Profinet Discovery and Configuration Protocol (DCP) reset packets is sent to the affected devices. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens ...
14.09.2021
SIEMENS CERT
SSA-538778 V1.1 (Last Update: 2021-09-14): SmartVNC Vulnerabilities in SIMATIC HMI/WinCC Products
Title
SSA-538778 V1.1 (Last Update: 2021-09-14): SmartVNC Vulnerabilities in SIMATIC HMI/WinCC Products
Published
Sept. 14, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-538778.pdf
Summary
Multiple SmartVNC vulnerabilities in the affected products listed below could allow remote code execution and Denial-of-Service attacks under certain conditions. Siemens has released updates for the affected products and recommends to update to the latest version.

Last Updates

BOSCH PSIRT
31.10.2024
SIEMENS CERT
22.11.2024
US CERT
08.11.2024
US CERT (ICS)
21.11.2024

By Source

Archive

2024
2023
2022
2021
2020
2019
2018
2017

Feeds