Bulletins

SIEMENS CERT
09/14/2021

SSA-324955 V1.4 (Last Update: 2021-09-14): SAD DNS Attack in Linux Based Products

A vulnerability made public under the name SAD DNS affects Domain Name System resolvers due to a vulnerability in the Linux kernel when handling ICMP packets. The Siemens products which are affected are listed below. For more information please see https://www.saddns.net/. Siemens has released updates for several affected products and …
SIEMENS CERT
09/14/2021

SSA-312271 V1.8 (Last Update: 2021-09-14): Unquoted Search Path Vulnerabilities in Windows-based Industrial Software Applications

Several industrial products as listed below contain a local privilege escalation vulnerabilities that could allow authorized local users with administrative privileges to execute custom code with SYSTEM level privileges. Siemens has released updates for the affected products and recommends to update to the latest versions.
SIEMENS CERT
09/14/2021

SSA-987403 V1.0: Multiple Vulnerabilities in Teamcenter

Teamcenter is affected by three vulnerabilities namely incorrect privilege assignment, Insecure Direct Object Reference (IDOR) and XML External Entity Injection (XXE). Siemens has released updates for the affected products and recommends to update to the latest versions.
SIEMENS CERT
09/14/2021

SSA-944498 V1.0: Buffer Overflow Vulnerability in Web Server of APOGEE and TALON Automation Devices

A buffer overflow vulnerability in the integrated web server of multiple APOGEE and TALON automation devices could allow a remote attacker to execute arbitrary code on the devices with root privileges. Affected devices include the APOGEE MBC/MEC/PXC P2 Ethernet devices with Power Open Processors (PPC), APOGEE PXC BACnet devices, and …
SIEMENS CERT
09/14/2021

SSA-847986 V1.0: Denial-of-Service Vulnerabilities in SIPROTEC 5 relays

The latest update for SIPROTEC 5 relays fixes two vulnerabilities that could allow a remote attacker to cause a denial-of-service or potentially trigger a remote code execution under certain circumstances. Siemens has released an update for SIPROTEC 5 relays and recommends to update to the latest version.
SIEMENS CERT
09/14/2021

SSA-413407 V1.0: Path Traversal Vulnerability in Teamcenter Active Workspace

Teamcenter Active Workspace contains a path traversal vulnerability that could lead to access control violations. Siemens has released updates for the affected products and recommends to update to the latest versions.
SIEMENS CERT
09/14/2021

SSB-439005 V3.7 (Last Update: 2021-09-14): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP

SIEMENS CERT
09/14/2021

SSA-274900 V1.2 (Last Update: 2021-09-14): Use of hardcoded key in Scalance X devices under certain conditions

Scalance X devices might not generate a unique random key after factory reset, and use a private key shipped with the firmware Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where …