August 2021
10.08.2021
SIEMENS CERT
SSA-365397 V1.0: Multiple File Parsing Vulnerabilities in JT2Go and Teamcenter Visualization before V13.2.0.1
Title
SSA-365397 V1.0: Multiple File Parsing Vulnerabilities in JT2Go and Teamcenter Visualization before V13.2.0.1
Published
Aug. 10, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-365397.pdf
Summary
Siemens has released version V13.2.0.1 for JT2Go and Teamcenter Visualization to fix multiple vulnerabilities that could be triggered when the products read files in different file formats (CGM, DGN, DXF, and DWG). If a user is tricked to open a malicious file with the affected products, this could lead the ...
10.08.2021
SIEMENS CERT
SSA-553445 V1.0: DNS "Name:Wreck" Vulnerabilities in Multiple Siemens Energy AGT and SGT solutions
Title
SSA-553445 V1.0: DNS "Name:Wreck" Vulnerabilities in Multiple Siemens Energy AGT and SGT solutions
Published
Aug. 10, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-553445.pdf
Summary
One of the DNS-related vulnerabilities that were reported as “Name:Wreck” may affect the following Siemens Energy products: Industrial Gas Turbines SGT-100, SGT-200, SGT-300 and SGT-400 with Allen Bradley control systems Aeroderivative Gas Turbines SGT-A20, SGT-A35 and SGT-A65 with FT125 control systems
10.08.2021
SIEMENS CERT
SSA-679335 V1.0: Multiple Vulnerabilities in Embedded FTP Server of SIMATIC NET CP Modules
Title
SSA-679335 V1.0: Multiple Vulnerabilities in Embedded FTP Server of SIMATIC NET CP Modules
Published
Aug. 10, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-679335.pdf
Summary
SIMATIC CP 1543-1 and CP 1545-1 devices are affected by multiple vulnerabilities in ProFTPD, a third party component, that could allow a remote attacker to access sensitive information and execute arbitrary code. Siemens has released an update for SIMATIC NET CP 1543-1 and recommends to update to the latest version. ...
10.08.2021
SIEMENS CERT
SSA-756744 V1.0: OS Command Injection Vulnerability in SINEC NMS
Title
SSA-756744 V1.0: OS Command Injection Vulnerability in SINEC NMS
Published
Aug. 10, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-756744.pdf
Summary
The latest update for SINEC NMS fixes a vulnerability that could allow an authenticated remote attacker to execute arbitrary code on the system, with system privileges, under certain conditions. Siemens has released an update for SINEC NMS and recommends to update to the latest version.
10.08.2021
SIEMENS CERT
SSA-941426 V1.1 (Last Update: 2021-08-10): Multiple LLDP Vulnerabilities in Industrial Products
Title
SSA-941426 V1.1 (Last Update: 2021-08-10): Multiple LLDP Vulnerabilities in Industrial Products
Published
Aug. 10, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-941426.pdf
Summary
There are multiple vulnerabilities in an underlying Link Layer Discovery Protocol (LLDP) third party library. Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available.
10.08.2021
SIEMENS CERT
SSA-818688 V1.0: Multiple Vulnerabilities in Solid Edge before SE2021MP7
Title
SSA-818688 V1.0: Multiple Vulnerabilities in Solid Edge before SE2021MP7
Published
Aug. 10, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-818688.pdf
Summary
Siemens has released a new version for Solid Edge that fixes three vulnerabilities - an XML external entity (XXE) injection, and two file parsing issues which could be triggered when the application reads OBJ files. If a user is tricked to opening a malicious file using the affected application this ...
10.08.2021
SIEMENS CERT
SSA-830194 V1.0: Missing Authentication Vulnerability in S7-1200 Devices
Title
SSA-830194 V1.0: Missing Authentication Vulnerability in S7-1200 Devices
Published
Aug. 10, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-830194.pdf
Summary
SIMATIC S7-1200 PLC, version V4.5.0 fails to authenticate against configured passwords when the affected device was provisioned using TIA Portal V13. This could allow an attacker using TIA Portal V17 or later versions to bypass authentication and download arbitrary programs to the PLC. Siemens has released an update for SIMATIC ...
10.08.2021
SIEMENS CERT
SSA-865327 V1.0: Incorrect Authorization Vulnerability in Industrial Products
Title
SSA-865327 V1.0: Incorrect Authorization Vulnerability in Industrial Products
Published
Aug. 10, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-865327.pdf
Summary
The latest updates for the below mentioned products fix a vulnerability that allows an unauthenticated attacker to read PLC variables from affected devices without proper authentication under certain circumstances. Siemens has released updates for some of the affected products, is working on updates for the remaining affected products and recommends ...
10.08.2021
SIEMENS CERT
SSA-938030 V1.0: DGN and PAR File Parsing Vulnerabilities in JT2Go and Teamcenter Visualization before V13.2.0.2
Title
SSA-938030 V1.0: DGN and PAR File Parsing Vulnerabilities in JT2Go and Teamcenter Visualization before V13.2.0.2
Published
Aug. 10, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-938030.pdf
Summary
Siemens has released version V13.2.0.2 for JT2Go and Teamcenter Visualization to fix three vulnerabilities that could be triggered while parsing DGN or PAR files. If a user is tricked to open a malicious file with the affected products, this could lead the application to crash or potential arbitrary code execution. ...
10.08.2021
SIEMENS CERT
SSA-286838 V1.1 (Last Update: 2021-08-10): Multiple Vulnerabilities in SINAMICS Medium Voltage Products
Title
SSA-286838 V1.1 (Last Update: 2021-08-10): Multiple Vulnerabilities in SINAMICS Medium Voltage Products
Published
Aug. 10, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf
Summary
SINAMICS medium voltage products, with Sm@rtServer enabled on SIMATIC comfort HMI Panels, are affected by multiple vulnerabilities that could allow an attacker, under certain conditions, to gain full remote access to the HMI. Note that by default Sm@rtServer is disabled, but it can be enabled by the system integrator on ...
10.08.2021
SIEMENS CERT
SSA-324955 V1.3 (Last Update: 2021-08-10): SAD DNS Attack in Linux Based Products
Title
SSA-324955 V1.3 (Last Update: 2021-08-10): SAD DNS Attack in Linux Based Products
Published
Aug. 10, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-324955.pdf
Summary
A vulnerability made public under the name SAD DNS affects Domain Name System resolvers due to a vulnerability in the Linux kernel when handling ICMP packets. The Siemens products which are affected are listed below. For more information please see https://www.saddns.net/. Siemens has released updates for several affected products and ...
10.08.2021
SIEMENS CERT
SSB-439005 V3.6 (Last Update: 2021-08-10): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 151...
Title
SSB-439005 V3.6 (Last Update: 2021-08-10): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP
Published
Aug. 10, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssb-439005.pdf
Summary
10.08.2021
SIEMENS CERT
SSA-158827 V1.0: Denial-of-Service Vulnerability in Automation License Manager
Title
SSA-158827 V1.0: Denial-of-Service Vulnerability in Automation License Manager
Published
Aug. 10, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-158827.pdf
Summary
A vulnerability was identified in the Automation License Manager software that could be triggered by sending specially crafted packets to port 4410/tcp of an affected system. This could cause a denial-of-service preventing legitimate users from using the system. Siemens has released an update for the Automation License Manager 6 and ...
10.08.2021
SIEMENS CERT
SSA-492828 V1.1 (Last Update: 2021-08-10): Denial-of-Service Vulnerability in SIMATIC S7-300 CPUs and SINUMERIK Controller
Title
SSA-492828 V1.1 (Last Update: 2021-08-10): Denial-of-Service Vulnerability in SIMATIC S7-300 CPUs and SINUMERIK Controller
Published
Aug. 10, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-492828.pdf
Summary
A vulnerability in S7-300 might allow an attacker to cause a Denial-of-Service condition on port 102 of the affected devices by sending specially crafted packets. Siemens is preparing updates and recommends specific countermeasures until fixes are available.
04.08.2021
SIEMENS CERT
SSA-789208 V1.0: Multiple Vulnerabilities (INFRA:HALT) in Interniche IP-Stack based Low Voltage Devices
Title
SSA-789208 V1.0: Multiple Vulnerabilities (INFRA:HALT) in Interniche IP-Stack based Low Voltage Devices
Published
Aug. 4, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-789208.pdf
Summary
Security researchers discovered and disclosed 14 vulnerabilities in the Interniche IP stack, also known as “INFRA:HALT” vulnerabilities [0]. This advisory describes the impact to Siemens low voltage products, which are only affected by four out of the 14 vulnerabilities. Siemens has released updates for the affected products and recommends to ...
July 2021
13.07.2021
SIEMENS CERT
SSA-622535 V1.0: Multiple Vulnerabilities in Teamcenter Active Workspace
Title
SSA-622535 V1.0: Multiple Vulnerabilities in Teamcenter Active Workspace
Published
July 13, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-622535.pdf
Summary
Multiple vulnerabilities affecting Teamcenter Active Workspace could lead to sensitive information disclosure and reflected cross site scripting. Siemens has released updates for the affected products and recommends to update to the latest versions.
13.07.2021
SIEMENS CERT
SSA-209268 V1.0: Multiple JT File Parsing Vulnerabilities in JT Utilities before V13.0.2.0
Title
SSA-209268 V1.0: Multiple JT File Parsing Vulnerabilities in JT Utilities before V13.0.2.0
Published
July 13, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-209268.pdf
Summary
Siemens has released version V13.0.2.0 for JT Utilities to fix multiple vulnerabilities that could be triggered when reading JT files. Siemens recommends to update to the latest version, which contains solutions to all the vulnerabilities listed in this advisory. Standing recommendation is to avoid opening of untrusted files from unknown ...
13.07.2021
SIEMENS CERT
SSA-352521 V1.0: Access Check Bypass Vulnerability in Mendix
Title
SSA-352521 V1.0: Access Check Bypass Vulnerability in Mendix
Published
July 13, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-352521.pdf
Summary
An incorrect authorization check in Mendix applications could allow an attacker to bypass write permissions to attributes of objects under certain circumstances. Mendix has released an update for Mendix and recommends to update to the latest version.
13.07.2021
SIEMENS CERT
SSA-373591 V1.0: Buffer Overflow Vulnerability in RUGGEDCOM ROS Devices
Title
SSA-373591 V1.0: Buffer Overflow Vulnerability in RUGGEDCOM ROS Devices
Published
July 13, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-373591.pdf
Summary
The latest update for RUGGEDCOM ROS devices fixes a buffer overflow vulnerability in the third party component that could allow an attacker with network access to an affected device to cause a remote code execution condition. Siemens has released updates for the affected products and recommends to update to the ...
13.07.2021
SIEMENS CERT
SSA-434535 V1.0: Memory Protection Bypass Vulnerability in SINAMICS PERFECT HARMONY GH180 Drives
Title
SSA-434535 V1.0: Memory Protection Bypass Vulnerability in SINAMICS PERFECT HARMONY GH180 Drives
Published
July 13, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-434535.pdf
Summary
Several models of SINAMICS PERFECT HARMONY GH180 Drives are affected by a memory protection bypass vulnerability in the integrated S7-1500 or S7-1200 CPU that could allow an attacker to write arbitrary data and code to protected memory areas or read sensitive data to launch further attacks on the CPU. Siemens ...
13.07.2021
SIEMENS CERT
SSA-448291 V1.0: Denial-of-Service Vulnerability in ARP Protocol of RWG Universal Controllers
Title
SSA-448291 V1.0: Denial-of-Service Vulnerability in ARP Protocol of RWG Universal Controllers
Published
July 13, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-448291.pdf
Summary
A Denial-of-Service vulnerability was found affecting the ARP protocol on RWG Universal Controller devices. Siemens has released updates for the affected products and recommends to update to the latest versions.
13.07.2021
SIEMENS CERT
SSA-483182 V1.0: Multiple File Parsing Vulnerabilities in JT2Go and Teamcenter Visualization before V13.2
Title
SSA-483182 V1.0: Multiple File Parsing Vulnerabilities in JT2Go and Teamcenter Visualization before V13.2
Published
July 13, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf
Summary
Siemens has released version V13.2 for JT2Go and Teamcenter Visualization to fix multiple vulnerabilities that could be triggered when the products read files in different file formats (GIF, TIFF, BMP, J2K, JT, SGI, PDF, PCT, PCX, PAR and ASM ). If a user is tricked to opening of a malicious ...
13.07.2021
SIEMENS CERT
SSA-560465 V1.0: DHCP Client Vulnerability in VxWorks-based Industrial Products
Title
SSA-560465 V1.0: DHCP Client Vulnerability in VxWorks-based Industrial Products
Published
July 13, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-560465.pdf
Summary
Various industry products are affected by a DHCP client vulnerability in Wind River VxWorks, that could allow an attacker to cause a heap-based buffer overflow. Siemens recommends specific countermeasures for products where updates are not, or not yet available.
13.07.2021
SIEMENS CERT
SSA-599968 V1.0: Denial-of-Service Vulnerability in Profinet Devices
Title
SSA-599968 V1.0: Denial-of-Service Vulnerability in Profinet Devices
Published
July 13, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-599968.pdf
Summary
A vulnerability in affected devices could allow an attacker to perform a denial-of-service attack if a large amount of Profinet Discovery and Configuration Protocol (DCP) reset packets is sent to the affected devices. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens ...
13.07.2021
SIEMENS CERT
SSA-173615 V1.0: Multiple PAR and ASM File Parsing Vulnerabilities in Solid Edge
Title
SSA-173615 V1.0: Multiple PAR and ASM File Parsing Vulnerabilities in Solid Edge
Published
July 13, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-173615.pdf
Summary
Siemens has released version SE2021MP5 for Solid Edge to fix multiple heap based buffer overflow vulnerabilities that could be triggered when the application read files in PAR or ASM file formats. If a user is tricked to open a malicious file with the affected application, this could lead to a ...

Last Updates

BOSCH PSIRT
25.04.2025
SIEMENS CERT
23.05.2025
US CERT
20.05.2025
US CERT (ICS)
05.06.2025

By Source

Archive

2025
2024
2023
2022
2021
2020
2019
2018
2017

Feeds