Bulletins

SIEMENS CERT
07/13/2021

SSA-209268 V1.0: Multiple JT File Parsing Vulnerabilities in JT Utilities before V13.0.2.0

Siemens has released version V13.0.2.0 for JT Utilities to fix multiple vulnerabilities that could be triggered when reading JT files. Siemens recommends to update to the latest version, which contains solutions to all the vulnerabilities listed in this advisory. Standing recommendation is to avoid opening of untrusted files from unknown …
SIEMENS CERT
07/13/2021

SSA-622535 V1.0: Multiple Vulnerabilities in Teamcenter Active Workspace

Multiple vulnerabilities affecting Teamcenter Active Workspace could lead to sensitive information disclosure and reflected cross site scripting. Siemens has released updates for the affected products and recommends to update to the latest versions.
SIEMENS CERT
07/13/2021

SSA-173615 V1.0: Multiple PAR and ASM File Parsing Vulnerabilities in Solid Edge

Siemens has released version SE2021MP5 for Solid Edge to fix multiple heap based buffer overflow vulnerabilities that could be triggered when the application read files in PAR or ASM file formats. If a user is tricked to open a malicious file with the affected application, this could lead to a …
SIEMENS CERT
07/13/2021

SSA-841348 V1.8 (Last Update: 2021-07-13): Multiple Vulnerabilities in the UMC Stack

The latest update for the below listed products fixes two security vulnerabilities that could allow an attacker to cause a partial Denial-of-Service on the UMC component of the affected devices under certain circumstances, and one vulnerability that could allow an attacker to locally escalate privileges from a user with administrative …
SIEMENS CERT
07/13/2021

SSA-462066 V2.4 (Last Update: 2021-07-13): Vulnerability known as TCP SACK PANIC in Industrial Products

Multiple industrial products are affected by a vulnerability in the kernel known as TCP SACK PANIC. The vulnerability could allow a remote attacker to cause a denial of service condition. Siemens has released updates for several affected products and recommends to update to the new versions. Siemens is preparing further …
SIEMENS CERT
07/13/2021

SSB-439005 V3.5 (Last Update: 2021-07-13): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP

SIEMENS CERT
07/13/2021

SSA-324955 V1.2 (Last Update: 2021-07-13): SAD DNS Attack in Linux Based Products

A vulnerability made public under the name SAD DNS affects Domain Name System resolvers due to a vulnerability in the Linux kernel when handling ICMP packets. The Siemens products which are affected are listed below. For more information please see https://www.saddns.net/. Siemens has released updates for several affected products and …
SIEMENS CERT
07/13/2021

SSA-434535 V1.0: Memory Protection Bypass Vulnerability in SINAMICS PERFECT HARMONY GH180 Drives

Several models of SINAMICS PERFECT HARMONY GH180 Drives are affected by a memory protection bypass vulnerability in the integrated S7-1500 or S7-1200 CPU that could allow an attacker to write arbitrary data and code to protected memory areas or read sensitive data to launch further attacks on the CPU. Siemens …