September 2021
14.09.2021
SIEMENS CERT
SSA-462066 V2.5 (Last Update: 2021-09-14): Vulnerability known as TCP SACK PANIC in Industrial Products
Title
SSA-462066 V2.5 (Last Update: 2021-09-14): Vulnerability known as TCP SACK PANIC in Industrial Products
Published
Sept. 14, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf
Summary
Multiple industrial products are affected by a vulnerability in the kernel known as TCP SACK PANIC. The vulnerability could allow a remote attacker to cause a denial of service condition. Siemens has released updates for several affected products and recommends to update to the new versions. Siemens is preparing further ...
14.09.2021
SIEMENS CERT
SSB-439005 V3.7 (Last Update: 2021-09-14): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 151...
Title
SSB-439005 V3.7 (Last Update: 2021-09-14): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP
Published
Sept. 14, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssb-439005.pdf
Summary
14.09.2021
SIEMENS CERT
SSA-434536 V1.1 (Last Update: 2021-09-14): Memory Protection Bypass Vulnerability in SINUMERIK ONE and SINUMERIK MC
Title
SSA-434536 V1.1 (Last Update: 2021-09-14): Memory Protection Bypass Vulnerability in SINUMERIK ONE and SINUMERIK MC
Published
Sept. 14, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-434536.pdf
Summary
SINUMERIK ONE and SINUMERIK MC products are affected by a memory protection bypass vulnerability in the integrated S7-1500 CPU that could allow an attacker to write arbitrary data and code to protected memory areas or read sensitive data to launch further attacks on the CPU. Siemens has released updates for ...
14.09.2021
SIEMENS CERT
SSA-434535 V1.1 (Last Update: 2021-09-14): Memory Protection Bypass Vulnerability in SINAMICS PERFECT HARMONY GH180 Drives
Title
SSA-434535 V1.1 (Last Update: 2021-09-14): Memory Protection Bypass Vulnerability in SINAMICS PERFECT HARMONY GH180 Drives
Published
Sept. 14, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-434535.pdf
Summary
Several models of SINAMICS PERFECT HARMONY GH180 Drives are affected by a memory protection bypass vulnerability in the integrated S7-1500 or S7-1200 CPU that could allow an attacker to write arbitrary data and code to protected memory areas or read sensitive data to launch further attacks on the CPU. Siemens ...
14.09.2021
SIEMENS CERT
SSA-434534 V1.1 (Last Update: 2021-09-14): Memory Protection Bypass Vulnerability in SIMATIC S7-1200 and S7-1500 CPU Families
Title
SSA-434534 V1.1 (Last Update: 2021-09-14): Memory Protection Bypass Vulnerability in SIMATIC S7-1200 and S7-1500 CPU Families
Published
Sept. 14, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-434534.pdf
Summary
SIMATIC S7-1200 and S7-1500 CPU products contain a memory protection bypass vulnerability that could allow an attacker to write arbitrary data and code to protected memory areas or read sensitive data to launch further attacks. Siemens has released updates for several affected products and strongly recommends to update to the ...
14.09.2021
SIEMENS CERT
SSA-428051 V1.1 (Last Update: 2021-09-14): Privilege Escalation Vulnerability in TIA Administrator
Title
SSA-428051 V1.1 (Last Update: 2021-09-14): Privilege Escalation Vulnerability in TIA Administrator
Published
Sept. 14, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-428051.pdf
Summary
The latest update for TIA Administrator, installed together with TIA Portal and PCS neo, fixes a privilege escalation vulnerability that could allow local users to escalate privileges and execute code as local SYSTEM user. Siemens has released updates for the affected products and recommends to update to the latest versions.
14.09.2021
SIEMENS CERT
SSA-324955 V1.4 (Last Update: 2021-09-14): SAD DNS Attack in Linux Based Products
Title
SSA-324955 V1.4 (Last Update: 2021-09-14): SAD DNS Attack in Linux Based Products
Published
Sept. 14, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-324955.pdf
Summary
A vulnerability made public under the name SAD DNS affects Domain Name System resolvers due to a vulnerability in the Linux kernel when handling ICMP packets. The Siemens products which are affected are listed below. For more information please see https://www.saddns.net/. Siemens has released updates for several affected products and ...
14.09.2021
SIEMENS CERT
SSA-312271 V1.8 (Last Update: 2021-09-14): Unquoted Search Path Vulnerabilities in Windows-based Industrial Software Applications
Title
SSA-312271 V1.8 (Last Update: 2021-09-14): Unquoted Search Path Vulnerabilities in Windows-based Industrial Software Applications
Published
Sept. 14, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-312271.pdf
Summary
Several industrial products as listed below contain a local privilege escalation vulnerabilities that could allow authorized local users with administrative privileges to execute custom code with SYSTEM level privileges. Siemens has released updates for the affected products and recommends to update to the latest versions.
14.09.2021
SIEMENS CERT
SSA-274900 V1.2 (Last Update: 2021-09-14): Use of hardcoded key in Scalance X devices under certain conditions
Title
SSA-274900 V1.2 (Last Update: 2021-09-14): Use of hardcoded key in Scalance X devices under certain conditions
Published
Sept. 14, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-274900.pdf
Summary
Scalance X devices might not generate a unique random key after factory reset, and use a private key shipped with the firmware Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where ...
August 2021
19.08.2021
SIEMENS CERT
SSA-816035 V1.0: Code Execution Vulnerability in SINEMA Remote Connect Client
Title
SSA-816035 V1.0: Code Execution Vulnerability in SINEMA Remote Connect Client
Published
Aug. 19, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-816035.pdf
Summary
The latest update for SINEMA Remote Connect Client fixes a vulnerability that could allow a local attacker to escalate privileges or even allow remote code execution under certain circumstances. Siemens has released a firmware update for SINEMA Remote Connect Client and proposes mitigations if an update is not possible.
10.08.2021
SIEMENS CERT
SSA-553445 V1.0: DNS "Name:Wreck" Vulnerabilities in Multiple Siemens Energy AGT and SGT solutions
Title
SSA-553445 V1.0: DNS "Name:Wreck" Vulnerabilities in Multiple Siemens Energy AGT and SGT solutions
Published
Aug. 10, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-553445.pdf
Summary
One of the DNS-related vulnerabilities that were reported as “Name:Wreck” may affect the following Siemens Energy products: Industrial Gas Turbines SGT-100, SGT-200, SGT-300 and SGT-400 with Allen Bradley control systems Aeroderivative Gas Turbines SGT-A20, SGT-A35 and SGT-A65 with FT125 control systems
10.08.2021
SIEMENS CERT
SSA-679335 V1.0: Multiple Vulnerabilities in Embedded FTP Server of SIMATIC NET CP Modules
Title
SSA-679335 V1.0: Multiple Vulnerabilities in Embedded FTP Server of SIMATIC NET CP Modules
Published
Aug. 10, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-679335.pdf
Summary
SIMATIC CP 1543-1 and CP 1545-1 devices are affected by multiple vulnerabilities in ProFTPD, a third party component, that could allow a remote attacker to access sensitive information and execute arbitrary code. Siemens has released an update for SIMATIC NET CP 1543-1 and recommends to update to the latest version. ...
10.08.2021
SIEMENS CERT
SSA-756744 V1.0: OS Command Injection Vulnerability in SINEC NMS
Title
SSA-756744 V1.0: OS Command Injection Vulnerability in SINEC NMS
Published
Aug. 10, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-756744.pdf
Summary
The latest update for SINEC NMS fixes a vulnerability that could allow an authenticated remote attacker to execute arbitrary code on the system, with system privileges, under certain conditions. Siemens has released an update for SINEC NMS and recommends to update to the latest version.
10.08.2021
SIEMENS CERT
SSA-818688 V1.0: Multiple Vulnerabilities in Solid Edge before SE2021MP7
Title
SSA-818688 V1.0: Multiple Vulnerabilities in Solid Edge before SE2021MP7
Published
Aug. 10, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-818688.pdf
Summary
Siemens has released a new version for Solid Edge that fixes three vulnerabilities - an XML external entity (XXE) injection, and two file parsing issues which could be triggered when the application reads OBJ files. If a user is tricked to opening a malicious file using the affected application this ...
10.08.2021
SIEMENS CERT
SSA-830194 V1.0: Missing Authentication Vulnerability in S7-1200 Devices
Title
SSA-830194 V1.0: Missing Authentication Vulnerability in S7-1200 Devices
Published
Aug. 10, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-830194.pdf
Summary
SIMATIC S7-1200 PLC, version V4.5.0 fails to authenticate against configured passwords when the affected device was provisioned using TIA Portal V13. This could allow an attacker using TIA Portal V17 or later versions to bypass authentication and download arbitrary programs to the PLC. Siemens has released an update for SIMATIC ...
10.08.2021
SIEMENS CERT
SSA-865327 V1.0: Incorrect Authorization Vulnerability in Industrial Products
Title
SSA-865327 V1.0: Incorrect Authorization Vulnerability in Industrial Products
Published
Aug. 10, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-865327.pdf
Summary
The latest updates for the below mentioned products fix a vulnerability that allows an unauthenticated attacker to read PLC variables from affected devices without proper authentication under certain circumstances. Siemens has released updates for some of the affected products, is working on updates for the remaining affected products and recommends ...
10.08.2021
SIEMENS CERT
SSA-938030 V1.0: DGN and PAR File Parsing Vulnerabilities in JT2Go and Teamcenter Visualization before V13.2.0.2
Title
SSA-938030 V1.0: DGN and PAR File Parsing Vulnerabilities in JT2Go and Teamcenter Visualization before V13.2.0.2
Published
Aug. 10, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-938030.pdf
Summary
Siemens has released version V13.2.0.2 for JT2Go and Teamcenter Visualization to fix three vulnerabilities that could be triggered while parsing DGN or PAR files. If a user is tricked to open a malicious file with the affected products, this could lead the application to crash or potential arbitrary code execution. ...
10.08.2021
SIEMENS CERT
SSA-286838 V1.1 (Last Update: 2021-08-10): Multiple Vulnerabilities in SINAMICS Medium Voltage Products
Title
SSA-286838 V1.1 (Last Update: 2021-08-10): Multiple Vulnerabilities in SINAMICS Medium Voltage Products
Published
Aug. 10, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf
Summary
SINAMICS medium voltage products, with Sm@rtServer enabled on SIMATIC comfort HMI Panels, are affected by multiple vulnerabilities that could allow an attacker, under certain conditions, to gain full remote access to the HMI. Note that by default Sm@rtServer is disabled, but it can be enabled by the system integrator on ...
10.08.2021
SIEMENS CERT
SSA-324955 V1.3 (Last Update: 2021-08-10): SAD DNS Attack in Linux Based Products
Title
SSA-324955 V1.3 (Last Update: 2021-08-10): SAD DNS Attack in Linux Based Products
Published
Aug. 10, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-324955.pdf
Summary
A vulnerability made public under the name SAD DNS affects Domain Name System resolvers due to a vulnerability in the Linux kernel when handling ICMP packets. The Siemens products which are affected are listed below. For more information please see https://www.saddns.net/. Siemens has released updates for several affected products and ...
10.08.2021
SIEMENS CERT
SSA-844761 V1.2 (Last Update: 2021-08-10): Multiple Vulnerabilities in SiNVR/SiVMS Video Server
Title
SSA-844761 V1.2 (Last Update: 2021-08-10): Multiple Vulnerabilities in SiNVR/SiVMS Video Server
Published
Aug. 10, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf
Summary
The Video Server application in SiNVR/SiVMS solutions contains five vulnerabilities involving information disclosure (CVE-2019-19291, CVE-2019-19299), path traversal (CVE-2019-19296, CVE-2019-19297), and denial-of-service (CVE-2019-19298). PKE has released updates of the application that fixes the reported vulnerabilities, except for CVE-2019-19299. This update is not available under the former Siemens OEM brand name SiNVR. ...
10.08.2021
SIEMENS CERT
SSA-941426 V1.1 (Last Update: 2021-08-10): Multiple LLDP Vulnerabilities in Industrial Products
Title
SSA-941426 V1.1 (Last Update: 2021-08-10): Multiple LLDP Vulnerabilities in Industrial Products
Published
Aug. 10, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-941426.pdf
Summary
There are multiple vulnerabilities in an underlying Link Layer Discovery Protocol (LLDP) third party library. Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available.
10.08.2021
SIEMENS CERT
SSB-439005 V3.6 (Last Update: 2021-08-10): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 151...
Title
SSB-439005 V3.6 (Last Update: 2021-08-10): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP
Published
Aug. 10, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssb-439005.pdf
Summary
10.08.2021
SIEMENS CERT
SSA-492828 V1.1 (Last Update: 2021-08-10): Denial-of-Service Vulnerability in SIMATIC S7-300 CPUs and SINUMERIK Controller
Title
SSA-492828 V1.1 (Last Update: 2021-08-10): Denial-of-Service Vulnerability in SIMATIC S7-300 CPUs and SINUMERIK Controller
Published
Aug. 10, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-492828.pdf
Summary
A vulnerability in S7-300 might allow an attacker to cause a Denial-of-Service condition on port 102 of the affected devices by sending specially crafted packets. Siemens is preparing updates and recommends specific countermeasures until fixes are available.
10.08.2021
SIEMENS CERT
SSA-541018 V1.2 (Last Update: 2021-08-10): Embedded TCP/IP Stack Vulnerabilities (AMNESIA:33) in SENTRON PAC / 3VA Devices (Par...
Title
SSA-541018 V1.2 (Last Update: 2021-08-10): Embedded TCP/IP Stack Vulnerabilities (AMNESIA:33) in SENTRON PAC / 3VA Devices (Part 2)
Published
Aug. 10, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-541018.pdf
Summary
Security researchers discovered and disclosed 33 vulnerabilities in several open-source TCP/IP stacks for embedded devices, also known as “AMNESIA:33” vulnerabilities. This advisory describes the impact of two of these vulnerabilities (CVE-2020-13987, CVE-2020-17437) to Siemens products. Siemens has released updates for several affected products and recommends to update to the latest ...
10.08.2021
SIEMENS CERT
SSA-599968 V1.1 (Last Update: 2021-08-10): Denial-of-Service Vulnerability in Profinet Devices
Title
SSA-599968 V1.1 (Last Update: 2021-08-10): Denial-of-Service Vulnerability in Profinet Devices
Published
Aug. 10, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-599968.pdf
Summary
A vulnerability in affected devices could allow an attacker to perform a denial-of-service attack if a large amount of Profinet Discovery and Configuration Protocol (DCP) reset packets is sent to the affected devices. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens ...

Last Updates

BOSCH PSIRT
31.10.2024
SIEMENS CERT
22.11.2024
US CERT
08.11.2024
US CERT (ICS)
21.11.2024

By Source

Archive

2024
2023
2022
2021
2020
2019
2018
2017

Feeds