Bulletins | CERT@VDE

SSA-319319 V1.0: Denial of Service Vulnerability in TIA Administrator

Titel

SSA-319319 V1.0: Denial of Service Vulnerability in TIA Administrator

Veröffentlicht

11. Juni 2024 02:00

URL

https://cert-portal.siemens.com/productcert/html/ssa-319319.html

Text

TIA Administrator creates temporary download files in a directory with insecure permissions. This could allow any authenticated attacker on Windows to disrupt the update process. Siemens has released a new version for TIA Administrator and recommends to update to the latest version.

SSA-398330 V1.6 (Last Update: 2024-06-11): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 151...

Titel

SSA-398330 V1.6 (Last Update: 2024-06-11): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1

Veröffentlicht

11. Juni 2024 02:00

URL

https://cert-portal.siemens.com/productcert/html/ssa-398330.html

Text

Multiple vulnerabilities have been identified in the additional GNU/Linux subsystem of the firmware version V3.1 for the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP (incl. SIPLUS variant). These GNU/Linux vulnerabilities have been externally identified. Siemens is preparing fix versions and recommends specific countermeasures for products where fixes are not, or not ...

SSA-337522 V1.0: Multiple Vulnerabilities in TIM 1531 IRC before V2.4.8

Titel

SSA-337522 V1.0: Multiple Vulnerabilities in TIM 1531 IRC before V2.4.8

Veröffentlicht

11. Juni 2024 02:00

URL

https://cert-portal.siemens.com/productcert/html/ssa-337522.html

Text

Siemens has released new versions for the affected products and recommends to update to the latest versions.

SSA-196737 V1.0: Multiple Vulnerabilities in SINEC Traffic Analyzer before V1.2

Titel

SSA-196737 V1.0: Multiple Vulnerabilities in SINEC Traffic Analyzer before V1.2

Veröffentlicht

11. Juni 2024 02:00

URL

https://cert-portal.siemens.com/productcert/html/ssa-196737.html

Text

SINEC Traffic Analyzer before V1.2 is affected by multiple vulnerabilities. Siemens has released a new version for SINEC Traffic Analyzer and recommends to update to the latest version.

SSA-900277 V1.0: MODEL File Parsing Vulnerability in Tecnomatix Plant Simulation before V2302.0012 and V2024.0001

Titel

SSA-900277 V1.0: MODEL File Parsing Vulnerability in Tecnomatix Plant Simulation before V2302.0012 and V2024.0001

Veröffentlicht

11. Juni 2024 02:00

URL

https://cert-portal.siemens.com/productcert/html/ssa-900277.html

Text

Tecnomatix Plant Simulation contains a type confusion vulnerability that could be triggered when the application reads MODEL files. If a user is tricked to open a malicious file using the affected application, this could lead to a crash, and potentially also to arbitrary code execution on the target host system. ...

SSA-879734 V1.0: Multiple Vulnerabilities in SCALANCE XM-400/XR-500 before V6.6.1

Titel

SSA-879734 V1.0: Multiple Vulnerabilities in SCALANCE XM-400/XR-500 before V6.6.1

Veröffentlicht

11. Juni 2024 02:00

URL

https://cert-portal.siemens.com/productcert/html/ssa-879734.html

Text

Siemens has released new versions for the affected products and recommends to update to the latest versions.

SSA-238730 V1.0: Out-of-Bounds Write Vulnerabilities in SITOP UPS1600 before V2.5.4

Titel

SSA-238730 V1.0: Out-of-Bounds Write Vulnerabilities in SITOP UPS1600 before V2.5.4

Veröffentlicht

11. Juni 2024 02:00

URL

https://cert-portal.siemens.com/productcert/html/ssa-238730.html

Text

Multiple out-of-bounds vulnerabilities in third-party components are affecting SITOP UPS1600 before V2.5.4. Attackers could exploit these vulnerabilities and cause limited impact in the affected systems. Siemens has released new versions for the affected products and recommends to update to the latest versions.

SSA-871704 V1.1 (Last Update: 2024-06-11): Multiple Vulnerabilities in SICAM Products

Titel

SSA-871704 V1.1 (Last Update: 2024-06-11): Multiple Vulnerabilities in SICAM Products

Veröffentlicht

11. Juni 2024 02:00

URL

https://cert-portal.siemens.com/productcert/html/ssa-871704.html

Text

Multiple SICAM products are affected by vulnerabilities that could lead to privilege escalation, remote code execution or information loss namely: SICAM A8000 device firmwares CPC80 for CP-8000/CP-8021/CP-8022 CPCI85 and OPUPI0 for CP-8031/CP-8050 SICAM EGS firmware CPCI85 and OPUPI0 SICAM 8 Software Solution SICORE Siemens has released new versions for the ...

SSA-407785 V1.2 (Last Update: 2024-06-11): Multiple X_T File Parsing Vulnerabilities in Parasolid and Teamcenter Visualization

Titel

SSA-407785 V1.2 (Last Update: 2024-06-11): Multiple X_T File Parsing Vulnerabilities in Parasolid and Teamcenter Visualization

Veröffentlicht

11. Juni 2024 02:00

URL

https://cert-portal.siemens.com/productcert/html/ssa-407785.html

Text

Parasolid and Teamcenter Visualization are affected by memory corruption vulnerabilities that could be triggered when the application reads files in X_T format. If a user is tricked to open a malicious file with the affected applications, an attacker could leverage the vulnerability to perform remote code execution or denial of ...

SSA-481506 V1.0: Information Disclosure Vulnerability in SIMATIC S7-200 SMART Devices

Titel

SSA-481506 V1.0: Information Disclosure Vulnerability in SIMATIC S7-200 SMART Devices

Veröffentlicht

11. Juni 2024 02:00

URL

https://cert-portal.siemens.com/productcert/html/ssa-481506.html

Text

SIMATIC S7-200 SMART devices contain an information disclosure vulnerability which leaves the system susceptible to a family of attacks which rely on the use of predictable IP ID sequence numbers as their base method of attack and eventually could allow an attacker to create a denial of service condition. Siemens ...

SSA-599968 V1.6 (Last Update: 2024-06-11): Denial-of-Service Vulnerability in Profinet Devices

Titel

SSA-599968 V1.6 (Last Update: 2024-06-11): Denial-of-Service Vulnerability in Profinet Devices

Veröffentlicht

11. Juni 2024 02:00

URL

https://cert-portal.siemens.com/productcert/html/ssa-599968.html

Text

A vulnerability in affected devices could allow an attacker to perform a denial-of-service attack if a large amount of Profinet Discovery and Configuration Protocol (DCP) reset packets is sent to the affected devices. Siemens has released new versions for several affected products and recommends to update to the latest versions. ...

SSA-771940 V1.0: X_T File Parsing Vulnerabilities in Teamcenter Visualization and JT2Go

Titel

SSA-771940 V1.0: X_T File Parsing Vulnerabilities in Teamcenter Visualization and JT2Go

Veröffentlicht

11. Juni 2024 02:00

URL

https://cert-portal.siemens.com/productcert/html/ssa-771940.html

Text

Teamcenter Visualization and JT2Go is affected by out of bounds read, stack exhaustion and null pointer dereference vulnerabilities that could be triggered when the application reads files in X_T format. If a user is tricked to open a malicious file with the affected applications, an attacker could leverage the vulnerability ...

06.06.2024

Johnson Controls Software House iStar Pro Door Controller

Titel

Johnson Controls Software House iStar Pro Door Controller

Veröffentlicht

6. Juni 2024 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-24-158-04

Text

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Johnson Controls Inc. Equipment: Software House iStar Pro Door Controller, ICU Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability may allow an attacker to perform a machine-in-the-middle attack to inject ...

06.06.2024

https://www.cisa.gov/news-events/ics-advisories/icsa-24-158-02

Emerson Ovation

Titel

Emerson Ovation

Veröffentlicht

6. Juni 2024 14:00

URL

Text

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Emerson Equipment: Ovation Vulnerabilities: Missing Authentication for Critical Function, Insufficient Verification of Data Authenticity CISA is aware of a public report, known as "OT:ICEFALL", detailing vulnerabilities found in multiple operational technology (OT) vendors. CISA is issuing ...

06.06.2024

Emerson PACSystem and Fanuc

Titel

Emerson PACSystem and Fanuc

Veröffentlicht

6. Juni 2024 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-24-158-01

Text

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.6 ATTENTION: Low attack complexity Vendor: Emerson Equipment: PACSystem, Fanuc Vulnerabilities: Cleartext Transmission of Sensitive Information, Insufficient Verification of Data Authenticity Insufficiently Protected Credentials, Download of Code Without Integrity Check CISA is aware of a public report, known as "OT:ICEFALL", detailing vulnerabilities found ...

04.06.2024

Uniview NVR301-04S2-P4

Titel

Uniview NVR301-04S2-P4

Veröffentlicht

4. Juni 2024 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-24-156-01

Text

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 4.8 ATTENTION: Exploitable remotely/low attack complexity/public exploits available Vendor: Uniview Equipment: NVR301-04S2-P4 Vulnerability: Cross-site Scripting 2. RISK EVALUATION An attacker could send a user a URL that if clicked on could execute malicious JavaScript in their browser. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ...

Mai 2024

https://www.cisa.gov/news-events/ics-advisories/icsa-24-151-04

Westermo EDW-100

Titel

Westermo EDW-100

Veröffentlicht

30. Mai 2024 14:00

URL

Text

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Westermo Equipment: EDW-100 Vulnerabilities: Use of Hard-coded Password, Insufficiently Protected Credentials 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to access the device using hardcoded credentials and download cleartext username and passwords. ...

https://www.cisa.gov/news-events/ics-advisories/icsa-24-151-03

Inosoft VisiWin

Titel

Inosoft VisiWin

Veröffentlicht

30. Mai 2024 14:00

URL

Text

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Low attack complexity/public exploits are available Vendor: Inosoft Equipment: VisiWin Vulnerability: Incorrect Default Permissions 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to gain SYSTEM privileges. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Inosoft products are ...

https://www.cisa.gov/news-events/ics-advisories/icsa-24-151-01

LenelS2 NetBox

Titel

LenelS2 NetBox

Veröffentlicht

30. Mai 2024 14:00

URL

Text

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: LenelS2 Equipment: NetBox Vulnerabilities: Use of Hard-coded Password, OS Command Injection, Argument Injection 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to bypass authentication and execute malicious commands with elevated permissions 3. ...

Fuji Electric Monitouch V-SFT

Titel

Fuji Electric Monitouch V-SFT

Veröffentlicht

30. Mai 2024 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-24-151-02

Text

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Low attack complexity Vendor: Fuji Electric Equipment: Monitouch V-SFT Vulnerabilities: Out-of-Bounds Write, Stack-Based Buffer Overflow 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of ...

Fuji Electric Monitouch V-SFT (Update A)

Titel

Fuji Electric Monitouch V-SFT (Update A)

Veröffentlicht

30. Mai 2024 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-24-151-02

Text

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Low attack complexity Vendor: Fuji Electric Equipment: Monitouch V-SFT Vulnerabilities: Out-of-Bounds Write, Stack-Based Buffer Overflow, Type Confusion 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following ...

28.05.2024

Campbell Scientific CSI Web Server

Titel

Campbell Scientific CSI Web Server

Veröffentlicht

28. Mai 2024 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-24-149-01

Text

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Campbell Scientific Equipment: CSI Web Server Vulnerabilities: Path Traversal, Weak Encoding for Password 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to download files and decode stored passwords. 3. TECHNICAL DETAILS 3.1 ...

28.05.2024

BOSCH PSIRT

TI Bluetooth stack can fail to generate a resolvable Random Private Address (RPA) leading to DoS for already bonded peer devices

Titel

TI Bluetooth stack can fail to generate a resolvable Random Private Address (RPA) leading to DoS for already bonded peer devices

Veröffentlicht

28. Mai 2024 02:00

URL

https://psirt.bosch.com/security-advisories/bosch-sa-466062.html

Text

BOSCH-SA-466062: When running Defensics test case #SMP legacy 1001 with loop mode on DUT configured as resolvable private address, after a while, the device will end up generating unresolvable random private address causing Denial of Service for already bonded peer devices. The potential vulnerability can impact Bluetooth® Low Energy devices ...

23.05.2024

AutomationDirect Productivity PLCs

Titel

AutomationDirect Productivity PLCs

Veröffentlicht

23. Mai 2024 14:00

URL

https://www.cisa.gov/news-events/ics-advisories/icsa-24-144-01

Text

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: AutomationDirect Equipment: Productivity PLCs Vulnerabilities: Buffer Access with Incorrect Length Value, Out-of-bounds Write, Stack-based Buffer Overflow, Improper Access Control, Active Debug Code, Insufficient Verification of Data Authenticity 2. RISK EVALUATION Successful exploitation of these vulnerabilities could ...

16.05.2024