Bulletins

SIEMENS CERT
08/10/2021

SSA-324955 V1.3 (Last Update: 2021-08-10): SAD DNS Attack in Linux Based Products

A vulnerability made public under the name SAD DNS affects Domain Name System resolvers due to a vulnerability in the Linux kernel when handling ICMP packets. The Siemens products which are affected are listed below. For more information please see https://www.saddns.net/. Siemens has released updates for several affected products and …
SIEMENS CERT
08/10/2021

SSB-439005 V3.6 (Last Update: 2021-08-10): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP

SIEMENS CERT
08/10/2021

SSA-492828 V1.1 (Last Update: 2021-08-10): Denial-of-Service Vulnerability in SIMATIC S7-300 CPUs and SINUMERIK Controller

A vulnerability in S7-300 might allow an attacker to cause a Denial-of-Service condition on port 102 of the affected devices by sending specially crafted packets. Siemens is preparing updates and recommends specific countermeasures until fixes are available.
SIEMENS CERT
08/10/2021

SSA-844761 V1.2 (Last Update: 2021-08-10): Multiple Vulnerabilities in SiNVR/SiVMS Video Server

The Video Server application in SiNVR/SiVMS solutions contains five vulnerabilities involving information disclosure (CVE-2019-19291, CVE-2019-19299), path traversal (CVE-2019-19296, CVE-2019-19297), and denial-of-service (CVE-2019-19298). PKE has released updates of the application that fixes the reported vulnerabilities, except for CVE-2019-19299. This update is not available under the former Siemens OEM brand name SiNVR. …
SIEMENS CERT
08/10/2021

SSA-541018 V1.2 (Last Update: 2021-08-10): Embedded TCP/IP Stack Vulnerabilities (AMNESIA:33) in SENTRON PAC / 3VA Devices (Part 2)

Security researchers discovered and disclosed 33 vulnerabilities in several open-source TCP/IP stacks for embedded devices, also known as “AMNESIA:33” vulnerabilities. This advisory describes the impact of two of these vulnerabilities (CVE-2020-13987, CVE-2020-17437) to Siemens products. Siemens has released updates for several affected products and recommends to update to the latest …
SIEMENS CERT
08/04/2021

SSA-789208 V1.0: Multiple Vulnerabilities (INFRA:HALT) in Interniche IP-Stack based Low Voltage Devices

Security researchers discovered and disclosed 14 vulnerabilities in the Interniche IP stack, also known as “INFRA:HALT” vulnerabilities [0]. This advisory describes the impact to Siemens low voltage products, which are only affected by four out of the 14 vulnerabilities. Siemens has released updates for the affected products and recommends to …
SIEMENS CERT
07/13/2021

SSA-675303 V1.0: WIBU Systems CodeMeter Runtime Vulnerabilities in Siemens Products

WIBU Systems disclosed two vulnerabilities and a new release version of CodeMeter Runtime, a product provided by WIBU Systems and used in several Siemens products for license management. The vulnerabilities are described in the section “Vulnerability Classification” below and got assigned the CVE IDs CVE-2021-20093 and CVE-2021-20094. Successful exploitation of …
SIEMENS CERT
07/13/2021

SSA-173615 V1.0: Multiple PAR and ASM File Parsing Vulnerabilities in Solid Edge

Siemens has released version SE2021MP5 for Solid Edge to fix multiple heap based buffer overflow vulnerabilities that could be triggered when the application read files in PAR or ASM file formats. If a user is tricked to open a malicious file with the affected application, this could lead to a …