September 2021
14.09.2021
SIEMENS CERT
SSA-780073 V1.8 (Last Update: 2021-09-14): Denial-of-Service Vulnerability in PROFINET Devices via DCE-RPC Packets
Titel
SSA-780073 V1.8 (Last Update: 2021-09-14): Denial-of-Service Vulnerability in PROFINET Devices via DCE-RPC Packets
Veröffentlicht
14. September 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-780073.pdf
Text
Products that include the Siemens PROFINET-IO (PNIO) stack in versMions prior V06.00 are potentially affected by a denial-of-service vulnerability when multiple legitimate diagnostic package requests are sent to the DCE-RPC interface. Siemens has released updates for several affected products and recommends to update to the new versions. Siemens is preparing ...
14.09.2021
SIEMENS CERT
SSA-789208 V1.1 (Last Update: 2021-09-14): Multiple Vulnerabilities (INFRA:HALT) in Interniche IP-Stack based Low Voltage Devices
Titel
SSA-789208 V1.1 (Last Update: 2021-09-14): Multiple Vulnerabilities (INFRA:HALT) in Interniche IP-Stack based Low Voltage Devices
Veröffentlicht
14. September 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-789208.pdf
Text
Security researchers discovered and disclosed 14 vulnerabilities in the Interniche IP stack, also known as “INFRA:HALT” vulnerabilities [0]. This advisory describes the impact to Siemens low voltage products, which are only affected by four out of the 14 vulnerabilities. Siemens has released updates for several affected products and recommends to ...
14.09.2021
SIEMENS CERT
SSA-830194 V1.1 (Last Update: 2021-09-14): Missing Authentication Vulnerability in S7-1200 Devices
Titel
SSA-830194 V1.1 (Last Update: 2021-09-14): Missing Authentication Vulnerability in S7-1200 Devices
Veröffentlicht
14. September 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-830194.pdf
Text
SIMATIC S7-1200 PLC, version V4.5.0 fails to authenticate against configured passwords when the affected device was provisioned using TIA Portal V13. This could allow an attacker using TIA Portal V13 or later versions to bypass authentication and download arbitrary programs to the PLC. Siemens has released an update for SIMATIC ...
14.09.2021
SIEMENS CERT
SSA-865327 V1.1 (Last Update: 2021-09-14): Incorrect Authorization Vulnerability in Industrial Products
Titel
SSA-865327 V1.1 (Last Update: 2021-09-14): Incorrect Authorization Vulnerability in Industrial Products
Veröffentlicht
14. September 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-865327.pdf
Text
The latest updates for the below mentioned products fix a vulnerability that allows an unauthenticated attacker to read PLC variables from affected devices without proper authentication under certain circumstances. Siemens has released updates for some of the affected products, is working on updates for the remaining affected products and recommends ...
14.09.2021
SIEMENS CERT
SSA-100232 V1.3 (Last Update: 2021-09-14): Denial-of-Service vulnerability in SCALANCE X Switches
Titel
SSA-100232 V1.3 (Last Update: 2021-09-14): Denial-of-Service vulnerability in SCALANCE X Switches
Veröffentlicht
14. September 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-100232.pdf
Text
A vulnerability in several SCALANCE X devices could allow an unauthenticated attacker with network access to an affected device to perform a denial-of-service. Siemens has released an update for SCALANCE X-200IRT and recommends to update to the latest version. Siemens recommends specific countermeasures for products where updates are not, or ...
14.09.2021
SIEMENS CERT
SSA-599968 V1.2 (Last Update: 2021-09-14): Denial-of-Service Vulnerability in Profinet Devices
Titel
SSA-599968 V1.2 (Last Update: 2021-09-14): Denial-of-Service Vulnerability in Profinet Devices
Veröffentlicht
14. September 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-599968.pdf
Text
A vulnerability in affected devices could allow an attacker to perform a denial-of-service attack if a large amount of Profinet Discovery and Configuration Protocol (DCP) reset packets is sent to the affected devices. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens ...
14.09.2021
SIEMENS CERT
SSA-538778 V1.1 (Last Update: 2021-09-14): SmartVNC Vulnerabilities in SIMATIC HMI/WinCC Products
Titel
SSA-538778 V1.1 (Last Update: 2021-09-14): SmartVNC Vulnerabilities in SIMATIC HMI/WinCC Products
Veröffentlicht
14. September 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-538778.pdf
Text
Multiple SmartVNC vulnerabilities in the affected products listed below could allow remote code execution and Denial-of-Service attacks under certain conditions. Siemens has released updates for the affected products and recommends to update to the latest version.
14.09.2021
SIEMENS CERT
SSA-462066 V2.5 (Last Update: 2021-09-14): Vulnerability known as TCP SACK PANIC in Industrial Products
Titel
SSA-462066 V2.5 (Last Update: 2021-09-14): Vulnerability known as TCP SACK PANIC in Industrial Products
Veröffentlicht
14. September 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf
Text
Multiple industrial products are affected by a vulnerability in the kernel known as TCP SACK PANIC. The vulnerability could allow a remote attacker to cause a denial of service condition. Siemens has released updates for several affected products and recommends to update to the new versions. Siemens is preparing further ...
14.09.2021
SIEMENS CERT
SSA-675303 V1.1 (Last Update: 2021-09-14): WIBU Systems CodeMeter Runtime Vulnerabilities in Siemens Products
Titel
SSA-675303 V1.1 (Last Update: 2021-09-14): WIBU Systems CodeMeter Runtime Vulnerabilities in Siemens Products
Veröffentlicht
14. September 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-675303.pdf
Text
WIBU Systems disclosed two vulnerabilities and a new release version of CodeMeter Runtime, a product provided by WIBU Systems and used in several Siemens products for license management. The vulnerabilities are described in the section “Vulnerability Classification” below and got assigned the CVE IDs CVE-2021-20093 and CVE-2021-20094. Successful exploitation of ...
14.09.2021
SIEMENS CERT
SSB-439005 V3.7 (Last Update: 2021-09-14): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 151...
Titel
SSB-439005 V3.7 (Last Update: 2021-09-14): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP
Veröffentlicht
14. September 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssb-439005.pdf
Text
14.09.2021
SIEMENS CERT
SSA-434536 V1.1 (Last Update: 2021-09-14): Memory Protection Bypass Vulnerability in SINUMERIK ONE and SINUMERIK MC
Titel
SSA-434536 V1.1 (Last Update: 2021-09-14): Memory Protection Bypass Vulnerability in SINUMERIK ONE and SINUMERIK MC
Veröffentlicht
14. September 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-434536.pdf
Text
SINUMERIK ONE and SINUMERIK MC products are affected by a memory protection bypass vulnerability in the integrated S7-1500 CPU that could allow an attacker to write arbitrary data and code to protected memory areas or read sensitive data to launch further attacks on the CPU. Siemens has released updates for ...
14.09.2021
SIEMENS CERT
SSA-936080 V1.2 (Last Update: 2021-09-14): Multiple Vulnerabilities in Third-Party Component libcurl
Titel
SSA-936080 V1.2 (Last Update: 2021-09-14): Multiple Vulnerabilities in Third-Party Component libcurl
Veröffentlicht
14. September 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-936080.pdf
Text
SIMATIC CM 1542-1, SCALANCE SC600 family and SIMATIC CP 343-1 Advanced devices are vulnerable to a vulnerability in the third party component libcurl that could allow an attacker to cause a Denial-of-Service condition on the affected devices. Siemens has released updates for several affected products and recommends to update to ...
14.09.2021
SIEMENS CERT
SSA-938030 V1.1 (Last Update: 2021-09-14): DGN and PAR File Parsing Vulnerabilities in JT2Go and Teamcenter Visualization befor...
Titel
SSA-938030 V1.1 (Last Update: 2021-09-14): DGN and PAR File Parsing Vulnerabilities in JT2Go and Teamcenter Visualization before V13.2.0.2
Veröffentlicht
14. September 2021 02:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-938030.pdf
Text
Siemens has released version V13.2.0.2 for JT2Go and Teamcenter Visualization to fix three vulnerabilities that could be triggered while parsing DGN or PAR files. If a user is tricked to open a malicious file with the affected products, this could lead the application to crash or potential arbitrary code execution. ...
09.09.2021
US CERT (ICS)
AVEVA PCS Portal
Titel
AVEVA PCS Portal
Veröffentlicht
9. September 2021 16:15
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-252-01
Text
This advisory contains mitigations for an Uncontrolled Search Path Element vulnerability in AVEVA PCS Portal sofware.
09.09.2021
US CERT (ICS)
Delta Electronics DOPSoft 2
Titel
Delta Electronics DOPSoft 2
Veröffentlicht
9. September 2021 16:10
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-252-02
Text
This advisory contains mitigations for Stack-based Buffer Overflow, Out-of-Bounds Write, and Heap-based Buffer Overflow vulnerabilities in Delta Electronics DOPSoft 2 HMI editing software.
09.09.2021
US CERT (ICS)
Mitsubishi Electric Europe B.V. smartRTU and INEA ME-RTU
Titel
Mitsubishi Electric Europe B.V. smartRTU and INEA ME-RTU
Veröffentlicht
9. September 2021 16:05
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-252-03
Text
This advisory is a follow-up to a CISA product update titled ICS-ALERT-19-225-01 Mitsubishi Electric Europe B.V. smartRTU and INEA ME-RTU (Update A) published September 10, 2019, on the ICS webpage on us-cert.cisa.gov. This advisory contains mitigations for OS Command Injection, Improper Access Control, Cross-site Scripting, Use of Hard-coded Credentials, Unprotected ...
09.09.2021
US CERT (ICS)
Mitsubishi Electric Multiple Products (Update C)
Titel
Mitsubishi Electric Multiple Products (Update C)
Veröffentlicht
9. September 2021 16:00
URL
https://us-cert.cisa.gov/ics/advisories/icsa-20-245-01
Text
This updated advisory is a follow-up to the advisory update titled ICSA-20-245-01 Mitsubishi Electric Multiple Products (Update B) that was published May 18, 2021, to the ICS webpage on us-cert.cisa.gov. This advisory contains mitigations for a Predictable Exact Value from Previous Values vulnerability in several Mitsubishi Electric devices.
07.09.2021
US CERT (ICS)
Hitachi ABB Power Grids System Data Manager
Titel
Hitachi ABB Power Grids System Data Manager
Veröffentlicht
7. September 2021 16:00
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-250-02
Text
This advisory contains mitigations for a Cleartext Storage of Sensitive Information vulnerability in Hitachi ABB Power Grids System Data Manager products.
02.09.2021
US CERT (ICS)
Johnson Controls Sensormatic Electronics Illustra
Titel
Johnson Controls Sensormatic Electronics Illustra
Veröffentlicht
2. September 2021 16:10
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-245-01
Text
This advisory contains mitigations for an Off-by-one Error vulnerability in Johnson Controls Sensormatic Electronics Illustra camera systems.
02.09.2021
US CERT (ICS)
JTEKT TOYOPUC Products
Titel
JTEKT TOYOPUC Products
Veröffentlicht
2. September 2021 16:05
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-245-02
Text
This advisory contains mitigations for a Allocation of Resources Without Limits or Throttling vulnerability in JTEKT TOYOPUC industrial system hardware products.
August 2021
31.08.2021
US CERT
AA21-243A: Ransomware Awareness for Holidays and Weekends
Titel
AA21-243A: Ransomware Awareness for Holidays and Weekends
Veröffentlicht
31. August 2021 19:00
URL
https://us-cert.cisa.gov/ncas/alerts/aa21-243a
Text
Original release date: August 31, 2021 | Last revised: September 2, 2021SummaryImmediate Actions You Can Take Now to Protect Against Ransomware • Make an offline backup of your data. • Do not click on suspicious links. • If you use RDP, secure and monitor it. • Update your OS and ...
31.08.2021
US CERT (ICS)
Sensormatic Electronics KT-1
Titel
Sensormatic Electronics KT-1
Veröffentlicht
31. August 2021 16:05
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-243-01
Text
This advisory contains mitigations for a Use of Unmaintained Third-party Components vulnerability in Sensormatic Electronics KT-1 Ethernet-ready single-door controller.
31.08.2021
US CERT (ICS)
Philips Patient Monitoring Devices (Update A)
Titel
Philips Patient Monitoring Devices (Update A)
Veröffentlicht
31. August 2021 16:00
URL
https://us-cert.cisa.gov/ics/advisories/icsma-20-254-01
Text
This updated advisory is a follow-up to the original advisory titled ICSMA-20-254-01 Philips Patient Monitoring Devices that was published September 10, 2020, to the ICS webpage on us-cert.cisa.gov. This advisory contains mitigations for Improper Neutralization of Formula Elements in a CSV File, Cross-site Scripting, Improper Authentication, Improper Check for Certificate ...
26.08.2021
US CERT (ICS)
Johnson Controls Controlled Electronic Management Systems CEM Systems AC2000
Titel
Johnson Controls Controlled Electronic Management Systems CEM Systems AC2000
Veröffentlicht
26. August 2021 16:15
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-238-01
Text
This advisory contains mitigation for an Improper Authorization vulnerability in Johnson Controls Controlled Electronic Management Systems CEM Systems AC2000, an enterprise access control and integrated security management system.​​​​
26.08.2021
US CERT (ICS)
Annke Network Video Recorder
Titel
Annke Network Video Recorder
Veröffentlicht
26. August 2021 16:10
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-238-02
Text
This advisory contains mitigation for a Stack-based Buffer Overflow vulnerability in the Annke N48PBB Network Video Recorder.

Letzte Updates

BOSCH PSIRT
15.05.2024
SIEMENS CERT
14.05.2024
US CERT
10.05.2024
US CERT (ICS)
16.05.2024

Nach Quelle

Archiv

2024
2023
2022
2021
2020
2019
2018
2017

Feeds