• 1
  • 2 (current)
Dienstag, 10.08.2021
Titel
SSA-365397 V1.0: Multiple File Parsing Vulnerabilities in JT2Go and Teamcenter Visualization before V13.2.0.1
Veröffentlicht
10. August 2021 02:00
Text
Siemens has released version V13.2.0.1 for JT2Go and Teamcenter Visualization to fix multiple vulnerabilities that could be triggered when the products read files in different file formats (CGM, DGN, DXF, and DWG). If a user is tricked to open a malicious file with the affected products, this could lead the ...
Titel
SSA-553445 V1.0: DNS "Name:Wreck" Vulnerabilities in Multiple Siemens Energy AGT and SGT solutions
Veröffentlicht
10. August 2021 02:00
Text
One of the DNS-related vulnerabilities that were reported as “Name:Wreck” may affect the following Siemens Energy products: Industrial Gas Turbines SGT-100, SGT-200, SGT-300 and SGT-400 with Allen Bradley control systems Aeroderivative Gas Turbines SGT-A20, SGT-A35 and SGT-A65 with FT125 control systems
Titel
SSA-679335 V1.0: Multiple Vulnerabilities in Embedded FTP Server of SIMATIC NET CP Modules
Veröffentlicht
10. August 2021 02:00
Text
SIMATIC CP 1543-1 and CP 1545-1 devices are affected by multiple vulnerabilities in ProFTPD, a third party component, that could allow a remote attacker to access sensitive information and execute arbitrary code. Siemens has released an update for SIMATIC NET CP 1543-1 and recommends to update to the latest version. ...
Titel
SSA-756744 V1.0: OS Command Injection Vulnerability in SINEC NMS
Veröffentlicht
10. August 2021 02:00
Text
The latest update for SINEC NMS fixes a vulnerability that could allow an authenticated remote attacker to execute arbitrary code on the system, with system privileges, under certain conditions. Siemens has released an update for SINEC NMS and recommends to update to the latest version.
Titel
SSA-818688 V1.0: Multiple Vulnerabilities in Solid Edge before SE2021MP7
Veröffentlicht
10. August 2021 02:00
Text
Siemens has released a new version for Solid Edge that fixes three vulnerabilities - an XML external entity (XXE) injection, and two file parsing issues which could be triggered when the application reads OBJ files. If a user is tricked to opening a malicious file using the affected application this ...
Titel
SSA-865327 V1.0: Incorrect Authorization Vulnerability in Industrial Products
Veröffentlicht
10. August 2021 02:00
Text
The latest updates for the below mentioned products fix a vulnerability that allows an unauthenticated attacker to read PLC variables from affected devices without proper authentication under certain circumstances. Siemens has released updates for some of the affected products, is working on updates for the remaining affected products and recommends ...
Mittwoch, 04.08.2021
Titel
SSA-789208 V1.0: Multiple Vulnerabilities (INFRA:HALT) in Interniche IP-Stack based Low Voltage Devices
Veröffentlicht
4. August 2021 02:00
Text
Security researchers discovered and disclosed 14 vulnerabilities in the Interniche IP stack, also known as “INFRA:HALT” vulnerabilities [0]. This advisory describes the impact to Siemens low voltage products, which are only affected by four out of the 14 vulnerabilities. Siemens has released updates for the affected products and recommends to ...
Titel
Cross Site Request Forgery (CSRF) vulnerability in Bosch IP cameras
Veröffentlicht
4. August 2021 02:00
Text

BOSCH-SA-033305-BT: The possibility to conduct a CSRF (Cross Site Request Forgery) attack was discovered in a Penetration Test from Kaspersky ICS CERT during a certification effort from Bosch. Bosch rates this vulnerability with CVSSv3.1 base scores of 7.5 (High), where the actual rating depends on the final rating specific to ...

  • 1
  • 2 (current)

Letzte Updates

BOSCH PSIRT
20.03.2024
CODESYS
28.06.2023
SIEMENS CERT
26.03.2024
US CERT
26.02.2024
US CERT (ICS)
26.03.2024

Nach Quelle

Archiv

2024
2023
2022
2021
2020
2019
2018
2017

Feeds