December 2020
08.12.2020
SIEMENS CERT
SSA-616472 V1.7 (Last Update: 2020-12-08): ZombieLoad and Microarchitectural Data Sampling Vulnerabilities in Industrial Products
Title
SSA-616472 V1.7 (Last Update: 2020-12-08): ZombieLoad and Microarchitectural Data Sampling Vulnerabilities in Industrial Products
Published
Dec. 8, 2020, 1 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-616472.pdf
Summary
Security researchers published information on vulnerabilities known as ZombieLoad and Microarchitectural Data Sampling (MDS). These vulnerabilities affect many modern processors from different vendors to a varying degree. Several Siemens Industrial Products contain processors that are affected by the vulnerabilities.
08.12.2020
SIEMENS CERT
SSA-542525 V1.2 (Last Update: 2020-12-08): Authentication Vulnerabilities in SIMATIC HMI Products
Title
SSA-542525 V1.2 (Last Update: 2020-12-08): Authentication Vulnerabilities in SIMATIC HMI Products
Published
Dec. 8, 2020, 1 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-542525.pdf
Summary
SIMATIC HMI Products are affected by two vulnerabilities that could allow a remote attacker to discover user passwords and obtain access to the Sm@rt Server via a brute-force attack. Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available.
08.12.2020
SIEMENS CERT
SSA-534763 V1.2 (Last Update: 2020-12-08): Special Register Buffer Data Sampling (SRBDS) aka Crosstalk in Industrial Products
Title
SSA-534763 V1.2 (Last Update: 2020-12-08): Special Register Buffer Data Sampling (SRBDS) aka Crosstalk in Industrial Products
Published
Dec. 8, 2020, 1 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-534763.pdf
Summary
Security researchers published information on a vulnerability known as Crosstalk (INTEL-SA-00320). This vulnerability affects modern Intel processors to a varying degree. Several Siemens Industrial Products contain processors that are affected by the vulnerability. Siemens is preparing updates and recommends specific countermeasures until fixes are available.
08.12.2020
SIEMENS CERT
SSA-480230 V2.1 (Last Update: 2020-12-08): Denial-of-Service in Webserver of Industrial Products
Title
SSA-480230 V2.1 (Last Update: 2020-12-08): Denial-of-Service in Webserver of Industrial Products
Published
Dec. 8, 2020, 1 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-480230.pdf
Summary
A vulnerability in the affected devices could allow an unauthorized attacker with network access to the webserver of an affected device to perform a denial-of-service attack. Siemens has released updates for several affected products and recommends to update to the new versions. Siemens is preparing further updates and recommends specific ...
08.12.2020
SIEMENS CERT
SSA-462066 V2.1 (Last Update: 2020-12-08): Vulnerability known as TCP SACK PANIC in Industrial Products
Title
SSA-462066 V2.1 (Last Update: 2020-12-08): Vulnerability known as TCP SACK PANIC in Industrial Products
Published
Dec. 8, 2020, 1 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf
Summary
Multiple industrial products are affected by a vulnerability in the kernel known as TCP SACK PANIC. The vulnerability could allow a remote attacker to cause a denial of service condition. Siemens has released updates for several affected products and recommends to update to the new versions. Siemens is preparing further ...
08.12.2020
SIEMENS CERT
SSB-439005 V3.0 (Last Update: 2020-12-08): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 151...
Title
SSB-439005 V3.0 (Last Update: 2020-12-08): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP
Published
Dec. 8, 2020, 1 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssb-439005.pdf
Summary
08.12.2020
SIEMENS CERT
SSA-381684 V1.3 (Last Update: 2020-12-08): Improper Password Protection during Authentication in SIMATIC S7-300 and S7-400 CPUs...
Title
SSA-381684 V1.3 (Last Update: 2020-12-08): Improper Password Protection during Authentication in SIMATIC S7-300 and S7-400 CPUs and Derived Products
Published
Dec. 8, 2020, 1 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-381684.pdf
Summary
A vulnerability has been identified in SIMATIC S7-300 and S7-400 CPU families and derived products, which could result in credential disclosure. Siemens recommends countermeasures as there are currently no fixes available.
08.12.2020
SIEMENS CERT
SSA-312271 V1.4 (Last Update: 2020-12-08): Unquoted Search Path Vulnerabilities in Windows-based Industrial Software Applications
Title
SSA-312271 V1.4 (Last Update: 2020-12-08): Unquoted Search Path Vulnerabilities in Windows-based Industrial Software Applications
Published
Dec. 8, 2020, 1 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-312271.pdf
Summary
The latest update for affected products fix local privilege escalation vulnerabilities that could allow authorized local users with administrative privileges to execute custom code with SYSTEM level privileges. Siemens has released updates for some of the affected products, and is working on further updates. For the remaining affected products, Siemens ...
08.12.2020
SIEMENS CERT
SSA-181018 V1.6 (Last Update: 2020-12-08): Heap Overflow Vulnerability in SCALANCE X switches, RUGGEDCOM Win, RFID 181EIP, and ...
Title
SSA-181018 V1.6 (Last Update: 2020-12-08): Heap Overflow Vulnerability in SCALANCE X switches, RUGGEDCOM Win, RFID 181EIP, and SIMATIC RF182C
Published
Dec. 8, 2020, 1 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-181018.pdf
Summary
SCALANCE X switches, RUGGEDCOM Win, RFID 181EIP, and SIMATIC RF182C are affected by a vulnerability that could allow an unprivileged attacker located in the same local network segment (OSI Layer 2) to gain system privileges by sending a specially crafted DHCP response to a client’s DHCP request. Siemens has released ...
November 2020
10.11.2020
SIEMENS CERT
SSA-455843 (Last Update: 2020-11-10): WIBU Systems CodeMeter Runtime Vulnerabilities in Siemens and Siemens Energy Products
Title
SSA-455843 (Last Update: 2020-11-10): WIBU Systems CodeMeter Runtime Vulnerabilities in Siemens and Siemens Energy Products
Published
Nov. 10, 2020, 1 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-455843.pdf
Summary
CISA and WIBU Systems disclosed six vulnerabilities in different versions of CodeMeter Runtime, a product provided by WIBU Systems and used in several Siemens and Siemens Energy products for license management. The vulnerabilities are described in the section “Vulnerability Classification” below and got assigned the CVE IDs CVE-2020-14509, CVE-2020-14513, CVE-2020-14515, ...
10.11.2020
SIEMENS CERT
SSA-841348 (Last Update: 2020-11-10): Multiple Vulnerabilities in the UMC Stack
Title
SSA-841348 (Last Update: 2020-11-10): Multiple Vulnerabilities in the UMC Stack
Published
Nov. 10, 2020, 1 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf
Summary
The latest update for the below listed products fixes two security vulnerabilities that could allow an attacker to cause a partial Denial-of-Service on the UMC component of the affected devices under certain circumstances, and one vulnerability that could allow an attacker to locally escalate privileges from a user with administrative ...
10.11.2020
SIEMENS CERT
SSB-439005 (Last Update: 2020-11-10): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-...
Title
SSB-439005 (Last Update: 2020-11-10): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP
Published
Nov. 10, 2020, 1 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssb-439005.pdf
Summary
10.11.2020
SIEMENS CERT
SSA-431802 (Last Update: 2020-11-10): Multiple Vulnerabilities in SCALANCE W1750D
Title
SSA-431802 (Last Update: 2020-11-10): Multiple Vulnerabilities in SCALANCE W1750D
Published
Nov. 10, 2020, 1 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-431802.pdf
Summary
Siemens SCALANCE W1750D is a brandlabled device. Aruba has released a related security advisory (ARUBA-PSA-2016-004) [0] disclosing vulnerabilities in its Aruba Instant product line. The advisory contains multiple related vulnerabilities that are summarized in CVE-2016-2031. This advisory is a reminder to customers that the PAPI protocol is not a secure ...
10.11.2020
SIEMENS CERT
SSA-492828 (Last Update: 2020-11-10): Denial-of-Service Vulnerability in SIMATIC S7-300 CPUs and SINUMERIK Controller
Title
SSA-492828 (Last Update: 2020-11-10): Denial-of-Service Vulnerability in SIMATIC S7-300 CPUs and SINUMERIK Controller
Published
Nov. 10, 2020, 1 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-492828.pdf
Summary
A vulnerability in S7-300 might allow an attacker to cause a Denial-of-Service condition on port 102 of the affected devices by sending specially crafted packets. Siemens is preparing updates and recommends specific countermeasures until fixes are available.
10.11.2020
SIEMENS CERT
SSA-381684 (Last Update: 2020-11-10): Improper Password Protection during Authentication in SIMATIC S7-300 and S7-400 CPUs and ...
Title
SSA-381684 (Last Update: 2020-11-10): Improper Password Protection during Authentication in SIMATIC S7-300 and S7-400 CPUs and Derived Products
Published
Nov. 10, 2020, 1 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-381684.pdf
Summary
A vulnerability has been identified in SIMATIC S7-300 and S7-400 CPU families and derived products, which could result in credential disclosure. Siemens recommends countermeasures as there are currently no fixes available.
October 2020
13.10.2020
SIEMENS CERT
SSA-398519 (Last Update: 2020-10-13): Vulnerabilities in Intel CPUs (November 2019)
Title
SSA-398519 (Last Update: 2020-10-13): Vulnerabilities in Intel CPUs (November 2019)
Published
Oct. 13, 2020, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-398519.pdf
Summary
Intel has published information on vulnerabilities in Intel products in November 2019. In this advisory Siemens only explicitly mentions the vulnerabilities from the “Intel® CPU Security Advisory” and one vulnerability from “Intel® CSME, Intel® SPS, Intel® TXE, Intel® AMT, Intel® PTT and Intel® DAL Advisory” and lists the Siemens IPC ...
13.10.2020
SIEMENS CERT
SSA-381684 (Last Update: 2020-10-13): Improper Password Protection during Authentication in SIMATIC S7-300 and S7-400 CPUs and ...
Title
SSA-381684 (Last Update: 2020-10-13): Improper Password Protection during Authentication in SIMATIC S7-300 and S7-400 CPUs and Derived Products
Published
Oct. 13, 2020, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-381684.pdf
Summary
A vulnerability has been identified in SIMATIC S7-300 and S7-400 CPU families and derived products, which could result in credential disclosure. Siemens recommends countermeasures as there are currently no fixes available.
13.10.2020
SIEMENS CERT
SSB-439005 (Last Update: 2020-10-13): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-...
Title
SSB-439005 (Last Update: 2020-10-13): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP
Published
Oct. 13, 2020, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssb-439005.pdf
Summary
13.10.2020
SIEMENS CERT
SSA-384879 (Last Update: 2020-10-13): Authentication Bypass Vulnerability in SIPORT MP
Title
SSA-384879 (Last Update: 2020-10-13): Authentication Bypass Vulnerability in SIPORT MP
Published
Oct. 13, 2020, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-384879.pdf
Summary
SIPORT MP version 3.2.1 fixes an authentication bypass vulnerability which could enable an attacker to impersonate other users of the system and perform administrative actions. Siemens recommends to apply the update.
13.10.2020
SIEMENS CERT
SSA-455843 (Last Update: 2020-10-13): WIBU Systems CodeMeter Runtime Vulnerabilities in Siemens and Siemens Energy Products
Title
SSA-455843 (Last Update: 2020-10-13): WIBU Systems CodeMeter Runtime Vulnerabilities in Siemens and Siemens Energy Products
Published
Oct. 13, 2020, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-455843.pdf
Summary
CISA and WIBU Systems disclosed six vulnerabilities in different versions of CodeMeter Runtime, a product provided by WIBU Systems and used in several Siemens and Siemens Energy products for license management. The vulnerabilities are described in the section “Vulnerability Classification” below and got assigned the CVE IDs CVE-2020-14509, CVE-2020-14513, CVE-2020-14515, ...
13.10.2020
SIEMENS CERT
SSA-462066 (Last Update: 2020-10-13): Vulnerability known as TCP SACK PANIC in Industrial Products
Title
SSA-462066 (Last Update: 2020-10-13): Vulnerability known as TCP SACK PANIC in Industrial Products
Published
Oct. 13, 2020, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf
Summary
Multiple industrial products are affected by a vulnerability in the kernel known as TCP SACK PANIC. The vulnerability could allow a remote attacker to cause a denial of service condition. Siemens has released updates for several affected products and recommends to update to the new versions. Siemens is preparing further ...
13.10.2020
SIEMENS CERT
SSA-534763 (Last Update: 2020-10-13): Special Register Buffer Data Sampling (SRBDS) aka Crosstalk in Industrial Products
Title
SSA-534763 (Last Update: 2020-10-13): Special Register Buffer Data Sampling (SRBDS) aka Crosstalk in Industrial Products
Published
Oct. 13, 2020, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-534763.pdf
Summary
Security researchers published information on a vulnerability known as Crosstalk (INTEL-SA-00320). This vulnerability affects modern Intel processors to a varying degree. Several Siemens Industrial Products contain processors that are affected by the vulnerability. Siemens is preparing updates and recommends specific countermeasures until fixes are available.
13.10.2020
SIEMENS CERT
SSA-226339 (Last Update: 2020-10-13): Multiple Web Application Vulnerabilities in Desigo Insight
Title
SSA-226339 (Last Update: 2020-10-13): Multiple Web Application Vulnerabilities in Desigo Insight
Published
Oct. 13, 2020, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-226339.pdf
Summary
The latest hotfix for Desigo Insight fixes three vulnerabilities that have been identified in the web server, including SQL injection (CVE-2020-15792), clickjacking (CVE-2020-15793), and full path disclosure (CVE-2020-15794). Siemens recommends updating to the latest version of Desigo Insight and to apply the hotfix.
13.10.2020
SIEMENS CERT
SSA-689071 (Last Update: 2020-10-13): DNSMasq Vulnerabilities in SCALANCE W1750D, SCALANCE M-800 / S615 and RUGGEDCOM RM1224
Title
SSA-689071 (Last Update: 2020-10-13): DNSMasq Vulnerabilities in SCALANCE W1750D, SCALANCE M-800 / S615 and RUGGEDCOM RM1224
Published
Oct. 13, 2020, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-689071.pdf
Summary
Multiple vulnerabilities have been identified in SCALANCE W1750D, SCALANCE M-800 / S615 and RUGGEDCOM RM1224 devices. The highest scored vulnerability could allow a remote attacker to crash the DNS service or execute arbitrary code. The attacker must be able to craft malicious DNS responses and inject them into the network ...
September 2020
08.09.2020
SIEMENS CERT
SSA-251935 (Last Update: 2020-09-08): Multiple Privilege Escalation Vulnerabilities in SIMATIC RTLS Locating Manager
Title
SSA-251935 (Last Update: 2020-09-08): Multiple Privilege Escalation Vulnerabilities in SIMATIC RTLS Locating Manager
Published
Sept. 8, 2020, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-251935.pdf
Summary
The latest update for SIMATIC RTLS Locating Manager fixes various vulnerabilities that could allow a low-privileged local user to escalate privileges. Siemens recommends to apply the update of the SIMATIC RTLS Locating Manager.

Last Updates

BOSCH PSIRT
21.08.2024
SIEMENS CERT
12.09.2024
US CERT
19.09.2024
US CERT (ICS)
19.09.2024

By Source

Archive

2024
2023
2022
2021
2020
2019
2018
2017

Feeds