December 2021
23.12.2021
SIEMENS CERT
SSA-661247 V1.9 (Last Update: 2021-12-23): Apache Log4j Vulnerabilities (Log4Shell, CVE-2021-44228, CVE-2021-45046) - Impact to...
Title
SSA-661247 V1.9 (Last Update: 2021-12-23): Apache Log4j Vulnerabilities (Log4Shell, CVE-2021-44228, CVE-2021-45046) - Impact to Siemens Products
Published
Dec. 23, 2021, 1 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf
Summary
On 2021-12-09, a vulnerability in Apache Log4j (a logging tool used in many Java-based applications) was disclosed, that could allow remote unauthenticated attackers to execute code on vulnerable systems. The vulnerability is tracked as CVE-2021-44228 and is also known as “Log4Shell”. On 2021-12-14 an additional denial of service vulnerability (CVE-2021-45046) ...
23.12.2021
SIEMENS CERT
SSA-479842 V1.1 (Last Update: 2021-12-23): Apache Log4j Vulnerabilities - Impact to Siemens Energy Sensformer / Sensgear (Platf...
Title
SSA-479842 V1.1 (Last Update: 2021-12-23): Apache Log4j Vulnerabilities - Impact to Siemens Energy Sensformer / Sensgear (Platform, Basic and Advanced)
Published
Dec. 23, 2021, 1 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf
Summary
On 2021-12-09, a vulnerability in Apache Log4j (a logging tool used in many Java-based applications) was disclosed, that could allow remote unauthenticated attackers to execute code on vulnerable systems. The vulnerability is tracked as CVE-2021-44228 and is also known as “Log4Shell”. On 2021-12-14 an additional denial of service vulnerability (CVE-2021-45046) ...
22.12.2021
SIEMENS CERT
SSA-661247 V1.8 (Last Update: 2021-12-22): Apache Log4j Vulnerabilities (Log4Shell, CVE-2021-44228, CVE-2021-45046) - Impact to...
Title
SSA-661247 V1.8 (Last Update: 2021-12-22): Apache Log4j Vulnerabilities (Log4Shell, CVE-2021-44228, CVE-2021-45046) - Impact to Siemens Products
Published
Dec. 22, 2021, 1 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf
Summary
On 2021-12-09, a vulnerability in Apache Log4j (a logging tool used in many Java-based applications) was disclosed, that could allow remote unauthenticated attackers to execute code on vulnerable systems. The vulnerability is tracked as CVE-2021-44228 and is also known as “Log4Shell”. On 2021-12-14 an additional denial of service vulnerability (CVE-2021-45046) ...
21.12.2021
SIEMENS CERT
SSA-661247 V1.7 (Last Update: 2021-12-21): Apache Log4j Vulnerabilities (Log4Shell, CVE-2021-44228, CVE-2021-45046) - Impact to...
Title
SSA-661247 V1.7 (Last Update: 2021-12-21): Apache Log4j Vulnerabilities (Log4Shell, CVE-2021-44228, CVE-2021-45046) - Impact to Siemens Products
Published
Dec. 21, 2021, 1 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf
Summary
On 2021-12-09, a vulnerability in Apache Log4j (a logging tool used in many Java-based applications) was disclosed, that could allow remote unauthenticated attackers to execute code on vulnerable systems. The vulnerability is tracked as CVE-2021-44228 and is also known as “Log4Shell”. On 2021-12-14 an additional denial of service vulnerability (CVE-2021-45046) ...
21.12.2021
SIEMENS CERT
SSA-479842 V1.0: Apache Log4j Vulnerabilities - Impact to Siemens Energy Sensformer (Platform, Basic and Advanced)
Title
SSA-479842 V1.0: Apache Log4j Vulnerabilities - Impact to Siemens Energy Sensformer (Platform, Basic and Advanced)
Published
Dec. 21, 2021, 1 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf
Summary
On 2021-12-09, a vulnerability in Apache Log4j (a logging tool used in many Java-based applications) was disclosed, that could allow remote unauthenticated attackers to execute code on vulnerable systems. The vulnerability is tracked as CVE-2021-44228 and is also known as “Log4Shell”. On 2021-12-14 an additional denial of service vulnerability (CVE-2021-45046) ...
20.12.2021
SIEMENS CERT
SSA-661247 V1.6 (Last Update: 2021-12-20): Apache Log4j Vulnerabilities (Log4Shell, CVE-2021-44228, CVE-2021-45046) - Impact to...
Title
SSA-661247 V1.6 (Last Update: 2021-12-20): Apache Log4j Vulnerabilities (Log4Shell, CVE-2021-44228, CVE-2021-45046) - Impact to Siemens Products
Published
Dec. 20, 2021, 1 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf
Summary
On 2021-12-09, a vulnerability in Apache Log4j (a logging tool used in many Java-based applications) was disclosed, that could allow remote unauthenticated attackers to execute code on vulnerable systems. The vulnerability is tracked as CVE-2021-44228 and is also known as “Log4Shell”. On 2021-12-14 an additional denial of service vulnerability (CVE-2021-45046) ...
20.12.2021
SIEMENS CERT
SSA-397453 V1.0: Apache Log4j Vulnerabilities (Log4Shell, CVE-2021-44228, CVE-2021-45046) - Impact to Siemens Energy TraceAlert...
Title
SSA-397453 V1.0: Apache Log4j Vulnerabilities (Log4Shell, CVE-2021-44228, CVE-2021-45046) - Impact to Siemens Energy TraceAlertServerPLUS
Published
Dec. 20, 2021, 1 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf
Summary
On 2021-12-09, a vulnerability in Apache Log4j (a logging library used in many Java-based applications) was disclosed, that could allow remote unauthenticated attackers to execute code on vulnerable systems. The vulnerability is tracked as CVE-2021-44228 and is also known as “Log4Shell”. On 2021-12-14 an additional denial of service vulnerability (CVE-2021-45046) ...
19.12.2021
SIEMENS CERT
SSA-661247 V1.5 (Last Update: 2021-12-19): Apache Log4j Vulnerabilities (Log4Shell, CVE-2021-44228, CVE-2021-45046) - Impact to...
Title
SSA-661247 V1.5 (Last Update: 2021-12-19): Apache Log4j Vulnerabilities (Log4Shell, CVE-2021-44228, CVE-2021-45046) - Impact to Siemens Products
Published
Dec. 19, 2021, 1 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf
Summary
On 2021-12-09, a vulnerability in Apache Log4j (a logging tool used in many Java-based applications) was disclosed, that could allow remote unauthenticated attackers to execute code on vulnerable systems. The vulnerability is tracked as CVE-2021-44228 and is also known as “Log4Shell”. On 2021-12-14 an additional denial of service vulnerability (CVE-2021-45046) ...
19.12.2021
SIEMENS CERT
SSA-501673 V1.0: Apache Log4j Denial of Service Vulnerability (CVE-2021-45105) - Impact to Siemens Products
Title
SSA-501673 V1.0: Apache Log4j Denial of Service Vulnerability (CVE-2021-45105) - Impact to Siemens Products
Published
Dec. 19, 2021, 1 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf
Summary
Apache Log4j2 versions 2.0-alpha1 through 2.16.0 contain a vulnerability (CVE-2021-45105) that could allow attackers to cause a denial of service condition in affected applications [1]. This advisory informs about the impact of CVE-2021-45105 to Siemens products and the corresponding remediation and mitigation measures. The vulnerability is different from the JNDI ...
18.12.2021
SIEMENS CERT
SSA-661247 V1.4 (Last Update: 2021-12-18): Apache Log4j Vulnerabilities (Log4Shell, CVE-2021-44228, CVE-2021-45046) - Impact to...
Title
SSA-661247 V1.4 (Last Update: 2021-12-18): Apache Log4j Vulnerabilities (Log4Shell, CVE-2021-44228, CVE-2021-45046) - Impact to Siemens Products
Published
Dec. 18, 2021, 1 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf
Summary
On 2021-12-09, a vulnerability in Apache Log4j (a logging tool used in many Java-based applications) was disclosed, that could allow remote unauthenticated attackers to execute code on vulnerable systems. The vulnerability is tracked as CVE-2021-44228 and is also known as “Log4Shell”. On 2021-12-14 an additional denial of service vulnerability (CVE-2021-45046) ...
17.12.2021
SIEMENS CERT
SSA-661247 V1.3 (Last Update: 2021-12-17): Apache Log4j Vulnerabilities (Log4Shell, CVE-2021-44228, CVE-2021-45046) - Impact to...
Title
SSA-661247 V1.3 (Last Update: 2021-12-17): Apache Log4j Vulnerabilities (Log4Shell, CVE-2021-44228, CVE-2021-45046) - Impact to Siemens Products
Published
Dec. 17, 2021, 1 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf
Summary
On 2021-12-09, a vulnerability in Apache Log4j (a logging tool used in many Java-based applications) was disclosed, that could allow remote unauthenticated attackers to execute code on vulnerable systems. The vulnerability is tracked as CVE-2021-44228 and is also known as “Log4Shell”. On 2021-12-14 an additional denial of service vulnerability (CVE-2021-45046) ...
16.12.2021
SIEMENS CERT
SSA-714170 V1.0: Apache Log4j Vulnerabilities (Log4Shell, CVE-2021-44228, CVE-2021-45046) - Impact to SPPA-T3000
Title
SSA-714170 V1.0: Apache Log4j Vulnerabilities (Log4Shell, CVE-2021-44228, CVE-2021-45046) - Impact to SPPA-T3000
Published
Dec. 16, 2021, 1 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf
Summary
On 2021-12-09, a vulnerability in Apache Log4j (a logging tool used in many Java-based applications) was disclosed, that could allow remote unauthenticated attackers to execute code on vulnerable systems. The vulnerability is tracked as CVE-2021-44228 and is also known as “Log4Shell”. On 2021-12-14 an additional denial of service vulnerability (CVE-2021-45046) ...
16.12.2021
SIEMENS CERT
SSA-661247 V1.2 (Last Update: 2021-12-16): Apache Log4j Vulnerabilities (Log4Shell, CVE-2021-44228, CVE-2021-45046) - Impact to...
Title
SSA-661247 V1.2 (Last Update: 2021-12-16): Apache Log4j Vulnerabilities (Log4Shell, CVE-2021-44228, CVE-2021-45046) - Impact to Siemens Products
Published
Dec. 16, 2021, 1 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf
Summary
On 2021-12-09, a vulnerability in Apache Log4j (a logging tool used in many Java-based applications) was disclosed, that could allow remote unauthenticated attackers to execute code on vulnerable systems. The vulnerability is tracked as CVE-2021-44228 and is also known as “Log4Shell”. On 2021-12-14 an additional denial of service vulnerability (CVE-2021-45046) ...
15.12.2021
SIEMENS CERT
SSA-661247 V1.1 (Last Update: 2021-12-15): Apache Log4j Vulnerabilities (Log4Shell, CVE-2021-44228, CVE-2021-45046) - Impact to...
Title
SSA-661247 V1.1 (Last Update: 2021-12-15): Apache Log4j Vulnerabilities (Log4Shell, CVE-2021-44228, CVE-2021-45046) - Impact to Siemens Products
Published
Dec. 15, 2021, 1 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf
Summary
On 2021-12-09, a vulnerability in Apache Log4j (a logging tool used in many Java-based applications) was disclosed, that could allow remote unauthenticated attackers to execute code on vulnerable systems. The vulnerability is tracked as CVE-2021-44228 and is also known as “Log4Shell”. On 2021-12-14 an additional denial of service vulnerability (CVE-2021-45046) ...
14.12.2021
SIEMENS CERT
SSA-390195 V1.0: LibVNC Vulnerabilities in SIMATIC ITC Products
Title
SSA-390195 V1.0: LibVNC Vulnerabilities in SIMATIC ITC Products
Published
Dec. 14, 2021, 1 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf
Summary
Multiple LibVNC vulnerabilities in the affected products listed below could allow remote code execution, information disclosure and Denial-of-Service attacks under certain conditions. Siemens has released updates for the affected products and recommends to update to the latest versions.
14.12.2021
SIEMENS CERT
SSA-160202 V1.0: Multiple Access Control Vulnerabilities in SiPass Integrated
Title
SSA-160202 V1.0: Multiple Access Control Vulnerabilities in SiPass Integrated
Published
Dec. 14, 2021, 1 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-160202.pdf
Summary
SiPass integrated contains multiple vulnerabilities that could allow an unauthenticated remote attacker to access or modify several internal application resources. Siemens has released a tool, “SiPass integrated Component Manager”, to remediate the vulnerabilities on all maintained and supported versions of SiPass integrated and recommends to apply this tool.
14.12.2021
SIEMENS CERT
SSA-133772 V1.0: Zip Path Traversal Vulnerability in Teamcenter Active Workspace
Title
SSA-133772 V1.0: Zip Path Traversal Vulnerability in Teamcenter Active Workspace
Published
Dec. 14, 2021, 1 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-133772.pdf
Summary
A zip path traversal vulnerability in Teamcenter Active Workspace could allow an attacker to achieve remote code execution. Siemens has released updates for the affected products and recommends to update to the latest versions.
14.12.2021
SIEMENS CERT
SSA-352143 V1.0: Multiple File Parsing Vulnerabilities in JTTK before V11.0.3.0 and JT Utilities before V13.0.3.0
Title
SSA-352143 V1.0: Multiple File Parsing Vulnerabilities in JTTK before V11.0.3.0 and JT Utilities before V13.0.3.0
Published
Dec. 14, 2021, 1 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-352143.pdf
Summary
JT Open Toolkit (JTTK) before V11.0.3.0 contains multiple vulnerabilities that could be triggered when the affected product reads a maliciously crafted JT file. These vulnerabilities also affects JT Utilities before V13.0.3.0. If a user is tricked to open a malicious file with any of the affected products, this could lead ...
14.12.2021
SIEMENS CERT
SSA-199605 V1.0: Arbitrary File Download Vulnerability in SIMATIC eaSie PCS 7 Skill Package
Title
SSA-199605 V1.0: Arbitrary File Download Vulnerability in SIMATIC eaSie PCS 7 Skill Package
Published
Dec. 14, 2021, 1 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-199605.pdf
Summary
SIMATIC eaSie PCS 7 Skill Package contains a path traversal vulnerability that could allow an authenticated remote attacker to read arbitrary files for the application server. Siemens has released an update for the SIMATIC eaSie PCS 7 Skill Package and recommends to update to the latest version.
14.12.2021
SIEMENS CERT
SSA-396621 V1.0: Multiple File Parsing Vulnerabilities in JTTK before V10.8.1.1 and JT Utilities before V12.8.1.1
Title
SSA-396621 V1.0: Multiple File Parsing Vulnerabilities in JTTK before V10.8.1.1 and JT Utilities before V12.8.1.1
Published
Dec. 14, 2021, 1 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-396621.pdf
Summary
JT Open Toolkit (JTTK) before V10.8.1.1 contains multiple vulnerabilities that could be triggered when it reads a maliciously crafted JT file. These vulnerabilities also affects JT Utilities before V12.8.1.1. If a user is tricked to open a malicious file with any of the affected products, this could lead the application ...
14.12.2021
SIEMENS CERT
SSA-161331 V1.0: Scene File Parsing Vulnerability in Simcenter STAR-CCM+ Viewer before V2021.3.1
Title
SSA-161331 V1.0: Scene File Parsing Vulnerability in Simcenter STAR-CCM+ Viewer before V2021.3.1
Published
Dec. 14, 2021, 1 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-161331.pdf
Summary
Siemens Simcenter STAR-CCM+ Viewer is affected by a vulnerability that could be triggered when the application reads scene (.sce) files. If a user is tricked to open a malicious file with the affected application, this could lead to a crash, and potentially also to arbitrary code execution or data extraction ...
14.12.2021
SIEMENS CERT
SSA-772220 V1.4 (Last Update: 2021-12-14): OpenSSL Vulnerabilities in Industrial Products
Title
SSA-772220 V1.4 (Last Update: 2021-12-14): OpenSSL Vulnerabilities in Industrial Products
Published
Dec. 14, 2021, 1 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-772220.pdf
Summary
OpenSSL has published a security advisory [0] about a vulnerability in OpenSSL versions 1.1.1 < 1.1.1k, that allows an unauthenticated attacker to cause a Denial-of-Service (DoS) if a maliciously crafted renegotiation message is sent. Siemens has released updates for several affected products and recommends to update to the latest versions. ...
14.12.2021
SIEMENS CERT
SSA-629512 V1.3 (Last Update: 2021-12-14): Local Privilege Escalation Vulnerability in TIA Portal
Title
SSA-629512 V1.3 (Last Update: 2021-12-14): Local Privilege Escalation Vulnerability in TIA Portal
Published
Dec. 14, 2021, 1 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-629512.pdf
Summary
The latest updates for TIA Portal fix a vulnerability that could allow a local attacker to execute arbitrary code with SYSTEM privileges. Update: The previously provided fixes only correctly set the permissions on English Windows versions. Siemens is preparing updates and recommends specific countermeasures for products where updates are not, ...
14.12.2021
SIEMENS CERT
SSA-580693 V1.1 (Last Update: 2021-12-14): WIBU Systems CodeMeter Runtime Denial-of-Service Vulnerability in Siemens Products
Title
SSA-580693 V1.1 (Last Update: 2021-12-14): WIBU Systems CodeMeter Runtime Denial-of-Service Vulnerability in Siemens Products
Published
Dec. 14, 2021, 1 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-580693.pdf
Summary
WIBU Systems published information about a denial-of-service vulnerability and an associated fix release version of CodeMeter Runtime, a product provided by WIBU Systems and used in several Siemens products for license management. The vulnerability is described in the section “Vulnerability Classification” below and got assigned the CVE ID CVE-2021-41057. Successful ...
14.12.2021
SIEMENS CERT
SSA-549234 V1.1 (Last Update: 2021-12-14): Denial-of-Service Vulnerability in SIMATIC NET CP Modules
Title
SSA-549234 V1.1 (Last Update: 2021-12-14): Denial-of-Service Vulnerability in SIMATIC NET CP Modules
Published
Dec. 14, 2021, 1 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-549234.pdf
Summary
A denial of service vulnerability was identified in different types of Communication Processors. An attacker could exploit this vulnerability causing the device to become un-operational until the device is restarted. Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available.

Last Updates

BOSCH PSIRT
14.08.2025
SIEMENS CERT
26.08.2025
US CERT
25.08.2025
US CERT (ICS)
28.08.2025

By Source

Archive

2025
2024
2023
2022
2021
2020
2019
2018
2017

Feeds