August 2024
Title
SSA-698820 V1.1 (Last Update: 2024-08-13): Multiple Vulnerabilities in Fortigate NGFW on RUGGEDCOM APE1808 Devices
Published
Aug. 13, 2024, 2 a.m.
Summary
Fortinet has published information on vulnerabilities in FORTIOS. This advisory lists the related Siemens Industrial products. Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available. Siemens recommends to consult and implement the workarounds provided in Fortinet’s upstream security notifications.
Title
SSA-686975 V1.5 (Last Update: 2024-08-13): IPU 2022.3 Vulnerabilities in Siemens Industrial Products using Intel CPUs
Published
Aug. 13, 2024, 2 a.m.
Summary
Intel has published information on vulnerabilities in Intel products in November 2022. This advisory lists the related Siemens Industrial products affected by these vulnerabilities that can be patched by applying the corresponding BIOS update (“2022.3 IPU – BIOS Advisory” Intel-SA-00688). Siemens is preparing updates and recommends specific countermeasures for products ...
Title
SSA-659443 V1.0: Local Code Execution Vulnerabilities in COMOS Before V10.5
Published
Aug. 13, 2024, 2 a.m.
Summary
COMOS before V10.5 is affected by two local code execution vulnerabilities in the integrated Open Design Alliance Drawings SDK. Siemens has released a new version for COMOS and recommends to update to the latest version.
Title
SSA-417547 V1.0: Multiple Vulnerabilities in INTRALOG WMS Before V4
Published
Aug. 13, 2024, 2 a.m.
Summary
INTRALOG WMS before V4 is affected by vulnerabilities in the SQL Client-Server communication and in the .NET framework. Successful exploitation could allow an unauthenticated attacker located in the INTRALOG WMS network to decrypt and modify client-server communication, or potentially execute arbitrary code on the application servers. Siemens has released a ...
Title
SSA-640968 V1.2 (Last Update: 2024-08-13): Untrusted Search Path Vulnerability in TIA Project-Server formerly known as TIA Multiuser Server
Published
Aug. 13, 2024, 2 a.m.
Summary
TIA Project-Server formerly known as TIA Multiuser Server contains an untrusted search path vulnerability that could allow an attacker to escalate privileges, when tricking a legitimate user to start the service from an attacker controlled path. Siemens has released updates for several affected products and recommends to update to the ...
Title
SSA-625850 V1.1 (Last Update: 2024-08-13): Multiple WIBU Systems CodeMeter Vulnerabilities Affecting the Desigo CC Product Family and SENTRON powermanager
Published
Aug. 13, 2024, 2 a.m.
Summary
Versions V5.0 through V7 of the Desigo CC product family (Desigo CC, Desigo CC Compact, Desigo CC Connect, Cerberus DMS), as well as the Desigo CC-based SENTRON powermanager, are affected by multiple vulnerabilities in the underlying third-party component WIBU Systems CodeMeter Runtime. Successful exploitation of these vulnerabilities could allow remote ...
Title
SSA-822518 V1.1 (Last Update: 2024-08-13): Multiple Vulnerabilities in Palo Alto Networks Virtual NGFW Before V11.0.1 on RUGGEDCOM APE1808 Devices
Published
Aug. 13, 2024, 2 a.m.
Summary
Palo Alto Networks has published [1] information on vulnerabilities in PAN-OS. This advisory lists the related Siemens Industrial products affected by these vulnerabilities. Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available. Customers are advised to consult and implement the workarounds ...
Title
SSA-813746 V1.1 (Last Update: 2024-08-13): BadAlloc Vulnerabilities in SCALANCE X-200, X-200IRT, and X-300 Switch Families
Published
Aug. 13, 2024, 2 a.m.
Summary
Siemens has released a new firmware version for SCALANCE X-200 and X-200 IRT switches that address Bad Alloc vulnerabilities in the underlying operating system and recommends to update to the latest versions. Siemens recommends countermeasures for products where updates are not, or not yet available.
Title
SSA-981975 V1.3 (Last Update: 2024-08-13): Information Disclosure Vulnerability in Intel-CPUs (CVE-2022-40982) Impacting SIMATIC IPCs
Published
Aug. 13, 2024, 2 a.m.
Summary
Several Intel-CPU based SIMATIC IPCs are affected by an information exposure vulnerability (CVE-2022-40982) in the CPU that could allow an authenticated local user to potentially read other users’ data [1]. The issue is also known as “Gather Data Sampling” (GDS) or Downfall Attacks. For details refer to the chapter “Additional ...
Title
SSA-921449 V1.0: Plaintext Storage of a Password Vulnerability in LOGO! V8.3 BM Devices
Published
Aug. 13, 2024, 2 a.m.
Summary
LOGO! V8.3 BM (incl. SIPLUS variants) devices contain a plaintext storage of a password vulnerability. This could allow an attacker with phyiscal access to an affected device to extract user-set passwords from an embedded storage IC. Siemens has released new hardware versions with the LOGO! V8.4 BM product family for ...
Title
SSA-716317 V1.0: Multiple Vulnerability in SINEC Traffic Analyzer Before V2.0
Published
Aug. 13, 2024, 2 a.m.
Summary
SINEC Traffic Analyzer before V2.0 is affected by multiple vulnerabilities. Siemens has released a new version for SINEC Traffic Analyzer and recommends to update to the latest version.
Title
SSA-784301 V1.0: Multiple Vulnerabilities in SINEC NMS Before V3.0
Published
Aug. 13, 2024, 2 a.m.
Summary
SINEC NMS before V3.0 is affected by multiple vulnerabilities. Siemens has released a new version for SINEC NMS and recommends to update to the latest version.
Title
SSA-856475 V1.0: X_T File Parsing Vulnerabilities in Teamcenter Visualization and JT2Go
Published
Aug. 13, 2024, 2 a.m.
Summary
Teamcenter Visualization and JT2Go are affected by out of bounds read and null pointer dereference vulnerabilities that could be triggered when the application reads files in X_T format. If a user is tricked to open a malicious file with the affected applications, an attacker could leverage the vulnerability to perform ...
Title
SSA-087301 V1.0: Multiple Vulnerabilities in SCALANCE M-800 Family Before V8.1
Published
Aug. 13, 2024, 2 a.m.
Summary
SCALANCE M-800 family before V8.1 is affected by multiple vulnerabilities. Siemens has released new versions for the affected products and recommends to update to the latest versions.
Title
SSA-068047 V1.1 (Last Update: 2024-08-13): Multiple Vulnerabilities in SCALANCE M-800 Family Before V7.2.2
Published
Aug. 13, 2024, 2 a.m.
Summary
SCALANCE M-800 family before V7.2.2 is affected by multiple vulnerabilities. Siemens has released new versions for the affected products and recommends to update to the latest versions.
Title
SSA-364175 V1.1 (Last Update: 2024-08-13): Multiple Vulnerabilities in Palo Alto Networks Virtual NGFW on RUGGEDCOM APE1808 Devices
Published
Aug. 13, 2024, 2 a.m.
Summary
Palo Alto Networks has published [1] information on vulnerabilities in PAN-OS. This advisory lists the related Siemens Industrial products affected by these vulnerabilities. Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available. Customers are advised to consult and implement the workarounds ...
Title
SSA-357412 V1.0: PRT File Parsing Vulnerability in NX Before V2406.3000
Published
Aug. 13, 2024, 2 a.m.
Summary
NX (incl. NX student versions) before V2406.3000 contains an out-of-bounds read vulnerability that could be triggered when the application reads PRT files. If a user is tricked to open a malicious file using the affected application, this could lead to a crash, and potentially also to arbitrary code execution on ...
Title
SSA-407785 V1.3 (Last Update: 2024-08-13): Multiple X_T File Parsing Vulnerabilities in Parasolid and Teamcenter Visualization
Published
Aug. 13, 2024, 2 a.m.
Summary
Parasolid and Teamcenter Visualization are affected by memory corruption vulnerabilities that could be triggered when the application reads files in X_T format. If a user is tricked to open a malicious file with the affected applications, an attacker could leverage the vulnerability to perform remote code execution or denial of ...
Title
SSA-398330 V1.8 (Last Update: 2024-08-13): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
Published
Aug. 13, 2024, 2 a.m.
Summary
Multiple vulnerabilities have been identified in the additional GNU/Linux subsystem of the firmware version V3.1 for the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP (incl. SIPLUS variant). These GNU/Linux vulnerabilities have been externally identified. Siemens is preparing fix versions and recommends specific countermeasures for products where fixes are not, or not ...
Title
SSA-180704 V1.1 (Last Update: 2024-08-13): Multiple Vulnerabilities in SCALANCE M-800 Family Before V8.0
Published
Aug. 13, 2024, 2 a.m.
Summary
SCALANCE M-800 family before V8.0 is affected by multiple vulnerabilities. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens recommends countermeasures for products where fixes are not, or not yet available.
Title
SSA-999588 V1.4 (Last Update: 2024-08-13): Multiple Vulnerabilities in User Management Component (UMC) Before V2.11.2
Published
Aug. 13, 2024, 2 a.m.
Summary
Siemens User Management Component (UMC) before V2.11.2 is affected by multiple vulnerabilities where the most severe could lead to a restart of the UMC server. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where fixes ...
Title
SSA-771940 V1.1 (Last Update: 2024-08-13): X_T File Parsing Vulnerabilities in Teamcenter Visualization and JT2Go
Published
Aug. 13, 2024, 2 a.m.
Summary
Teamcenter Visualization and JT2Go are affected by out of bounds read, stack exhaustion and null pointer dereference vulnerabilities that could be triggered when the application reads files in X_T format. If a user is tricked to open a malicious file with the affected applications, an attacker could leverage the vulnerability ...
Title
SSA-720392 V1.0: Multiple Vulnerabilities in Third-Party Components in Location Intelligence Before V4.4
Published
Aug. 13, 2024, 2 a.m.
Summary
Location Intelligence before V4.4 is affected by multiple vulnerabilities that could allow an attacker in an on-path position to read and modify data passed over the connection between legitimate clients and the affected product or brute force user passwords. Siemens has released a new version for Location Intelligence family and ...
Title
SSA-116924 V1.2 (Last Update: 2024-08-13): Path Traversal Vulnerability in TIA Portal
Published
Aug. 13, 2024, 2 a.m.
Summary
TIA Portal contains a path traversal vulnerability that could allow the creation or overwrite of arbitrary files in the engineering system. If the user is tricked to open a malicious PC system configuration file, an attacker could exploit this vulnerability to achieve arbitrary code execution. Siemens has released new versions ...
Title
SSA-857368 V1.0: Multiple Vulnerabilities in Omnivise T3000
Published
Aug. 2, 2024, 2 a.m.
Summary
Omnivise T3000 contains multiple vulnerabilities that could allow an attacker to escalate privileges. Siemens Energy has released patches for several affected products and recommends to apply the patches. Siemens Energy is preparing further fixes for versions still under maintenance and recommends countermeasures for products where fixes are not, or not ...

Last Updates

BOSCH PSIRT
31.10.2024
SIEMENS CERT
18.11.2024
US CERT
08.11.2024
US CERT (ICS)
14.11.2024

By Source

Archive

2024
2023
2022
2021
2020
2019
2018
2017

Feeds