SIEMENS CERT
04/12/2022
The latest update of the SCALANCE X-200 and X-300/X408 switches families fixes multiple OpenSSH vulnerabilities. The most severe of these vulnerabilities could allow a denial of service condition. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and …
SIEMENS CERT
04/12/2022
An attacker could achieve privilege escalation on the web server of certain devices configured by SIMATIC STEP 7 (TIA Portal) due to incorrect handling of the webserver’s user management configuration during downloading. This only affects the S7-1200 and S7-1500 CPUs’ (incl. related ET200 CPUs and SIPLUS variants) web server, when …
SIEMENS CERT
04/12/2022
There is an insecure cryptographic vulnerability for the affected RUGGEDCOM devices. If an attacker were to exploit this, they could gain privileged functions. Siemens recommends specific countermeasures for products where updates are not, or not yet available.
SIEMENS CERT
04/12/2022
OpenSSL has published a security advisory [0] about a vulnerability in OpenSSL versions 1.1.1 < 1.1.1k, that allows an unauthenticated attacker to cause a Denial-of-Service (DoS) if a maliciously crafted renegotiation message is sent . Siemens has released updates for several affected products and recommends to update to the latest …
SIEMENS CERT
04/12/2022
Products that include the Siemens PROFINET-IO (PNIO) stack in versions prior V06.00 are potentially affected by a denial of service vulnerability when multiple legitimate diagnostic package requests are sent to the DCE-RPC interface. Siemens has released updates for several affected products and recommends to update to the new versions. Siemens …
SIEMENS CERT
04/12/2022
The latest updates for SIMATIC RF products fix a vulnerability that could allow an unauthorized attacker to crash the OPC UA service of the affected devices. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific …
SIEMENS CERT
04/12/2022
A vulnerability exists in affected products that could allow remote attackers to affect the availability of the devices under certain conditions. The underlying TCP stack can be forced to make very computation expensive calls for every incoming packet which can lead to a Denial-of-Service.
SIEMENS CERT
04/12/2022
On 2021-12-09, a vulnerability in Apache Log4j (a logging tool used in many Java-based applications) was disclosed, that could allow remote unauthenticated attackers to execute code on vulnerable systems. The vulnerability is tracked as CVE-2021-44228 and is also known as “Log4Shell”. On 2021-12-14 an additional denial of service vulnerability (CVE-2021-45046) …