Dezember 2023
Titel
SSA-983300 V1.1 (Last Update: 2023-12-12): Vulnerabilities in LOGO! Soft Comfort
Veröffentlicht
12. Dezember 2023 01:00
Text
Two vulnerabilities have been identified in the LOGO! Soft Comfort software. These could allow an attacker to take over a system with the affected software installed. Siemens has released an update for LOGO! Soft Comfort and recommends to update to the latest version.
Titel
SSA-955858 V1.1 (Last Update: 2023-12-12): Multiple Vulnerabilities in LOGO! 8 BM Devices
Veröffentlicht
12. Dezember 2023 01:00
Text
LOGO! 8 BM (incl. SIPLUS variants) contains multiple web-related vulnerabilities. These could allow an attacker to execute code remotely, put the device into a denial of service state or retrieve parts of the memory. The vulnerabilities are related to the hardware of the product. Siemens has released new hardware versions ...
Titel
SSA-999588 V1.0: Multiple Vulnerabilities in User Management Component (UMC) before V2.11.2
Veröffentlicht
12. Dezember 2023 01:00
Text
Siemens User Management Component (UMC) before V2.11.2 is affected by multiple vulnerabilities where the most severe could lead to a restart of the UMC server. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures ...
Titel
SSA-068047 V1.0: Multiple Vulnerabilities in SCALANCE M-800/S615 Family before V7.2.2
Veröffentlicht
12. Dezember 2023 01:00
Text
SCALANCE M-800/S615 Family before V7.2.2 is affected by multiple vulnerabilities. Siemens has released updates for the affected products and recommends to update to the latest versions.
Titel
SSA-042050 V1.1 (Last Update: 2023-12-12): Know-How Protection Mechanism Failure in TIA Portal
Veröffentlicht
12. Dezember 2023 01:00
Text
The know-how protection feature in Totally Integrated Automation Portal (TIA Portal) does not properly update the encryption of existing program blocks when a project file is updated. This could allow attackers with access to the project file to recover previous - yet unprotected - versions of the project without the ...
Titel
SSA-240541 V1.2 (Last Update: 2023-12-12): WIBU Systems CodeMeter Heap Buffer Overflow Vulnerability in Industrial Products
Veröffentlicht
12. Dezember 2023 01:00
Text
WIBU Systems published information about a heap buffer overflow vulnerability and associated fix releases of CodeMeter Runtime, a product provided by WIBU Systems and used in several Siemens industrial products for license management. The vulnerability is described in the section “Vulnerability Classification” below and got assigned the CVE ID CVE-2023-3935. ...
Titel
SSA-180704 V1.0: Multiple Vulnerabilities in SCALANCE M-800/S615 Family before V8.0
Veröffentlicht
12. Dezember 2023 01:00
Text
SCALANCE M-800/S615 Family before V8.0 is affected by multiple vulnerabilities. Siemens has released a new version for SCALANCE M-800 / S615 and recommends to update to the latest version. Siemens recommends countermeasures for products where fixes are not, or not yet available.
Titel
SSA-264814 V1.3 (Last Update: 2023-12-12): Timing Based Side Channel Vulnerability in the OpenSSL RSA Decryption in SIMATIC Products
Veröffentlicht
12. Dezember 2023 01:00
Text
Several SIMATIC products are affected by a timing based side channel vulnerability in the OpenSSL RSA Decryption (CVE-2023-4304), as disclosed on 2023-02-07 at https://www.openssl.org/news/secadv/20230207.txt. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for ...
Titel
SSA-256353 V1.5 (Last Update: 2023-12-12): Third-Party Component Vulnerabilities in RUGGEDCOM ROS
Veröffentlicht
12. Dezember 2023 01:00
Text
Multiple vulnerabilities affect various third-party components of the RUGGEDCOM Operating System (ROS). If exploited, an attacker could cause a denial-of-service, act as a man-in-the-middle or retrieval of sensitive information or gain privileged functions. Siemens has released updates for the affected products and recommends to update to the latest versions.
Titel
SSA-118850 V1.0: Denial of Service Vulnerability in the OPC UA Implementation in SINUMERIK ONE and SINUMERIK MC
Veröffentlicht
12. Dezember 2023 01:00
Text
SINUMERIK ONE and SINUMERIK MC products are affected by a denial of service vulnerability in the OPC UA implementation of the integrated S7-1500 CPU. The vulnerability in the integrated S7-1500 CPU is documented in more detail in SSA-711309 [1]. Siemens has released updates for the affected products and recommends to ...
Titel
SSA-264815 V1.2 (Last Update: 2023-12-12): Type Confusion Vulnerability in OpenSSL X.400 Address Processing in SIMATIC Products
Veröffentlicht
12. Dezember 2023 01:00
Text
Several SIMATIC products are affected by a type confusion vulnerability relating to OpenSSL X.400 address processing (CVE-2023-0286), as disclosed disclosed on 2023-02-07 at https://www.openssl.org/news/secadv/20230207.txt. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for ...
Titel
SSA-077170 V1.0: Multiple Vulnerabilities in SINEC INS before V1.0 SP2 Update 2
Veröffentlicht
12. Dezember 2023 01:00
Text
SINEC INS before V1.0 SP2 Update 2 is affected by multiple vulnerabilities. Siemens has released an update for SINEC INS and recommends to update to the latest version.
Titel
SSA-892915 V1.0: Multiple Denial of Service Vulnerabilities in the Webserver of Industrial Products
Veröffentlicht
12. Dezember 2023 01:00
Text
Multiple vulnerabilities in the affected products could allow an unauthorized attacker with network access to the webserver to perform a denial of service attack. Siemens has released a new version for SINAMICS S120 (incl. SIPLUS variants) and recommends to update to the latest version. Siemens recommends specific countermeasures for products ...
Titel
SSA-280603 V1.0: Denial of Service Vulnerability in SINUMERIK ONE and SINUMERIK MC
Veröffentlicht
12. Dezember 2023 01:00
Text
A vulnerability has been identified in the integrated S7-1500 CPU of SINUMERIK ONE and SINUMERIK MC products that could allow an attacker to cause a denial of service condition. In order to exploit the vulnerability, an attacker must have access to the affected devices on port 102/tcp. Siemens is preparing ...
November 2023
Titel
SSA-478780 V1.0: Multiple WRL File Parsing Vulnerabilities in Tecnomatix Plant Simulation
Veröffentlicht
14. November 2023 01:00
Text
Siemens Tecnomatix Plant Simulation contains multiple file parsing vulnerabilities that could be triggered when the application reads files in WRL format. If a user is tricked to open a malicious file with any of the affected products, this could lead the application to crash or potentially lead to arbitrary code ...
Titel
SSA-617233 V1.0: Urgent/11 TCP/IP Stack Vulnerabilities in SIPROTEC 4 7SJ66 Devices
Veröffentlicht
14. November 2023 01:00
Text
SIPROTEC 4 7SJ66 devices are affected by multiple security vulnerabilities due to the underlying Wind River VxWorks network stack. This stack is affected by nine of the eleven vulnerabilities that are also known as “URGENT/11”. The vulnerabilities could allow an attacker to execute a variety of exploits for the purpose ...
Titel
SSA-647455 V1.1 (Last Update: 2023-11-14): Multiple Vulnerabilities in Nozomi Guardian/CMC before 22.6.2 on RUGGEDCOM APE1808 devices
Veröffentlicht
14. November 2023 01:00
Text
Nozomi Networks has published information on vulnerabilities in Nozomi Guardian/CMC before V22.6.2. This advisory lists the related Siemens Industrial products affected by these vulnerabilities. Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available. Customers are advised to consult and implement the ...
Titel
SSA-457702 V1.0: Wi-Fi Encryption Bypass Vulnerabilities in SCALANCE W700 Product Family
Veröffentlicht
14. November 2023 01:00
Text
The SCALANCE W700 devices are affected by Wi-Fi encryption bypass vulnerabilities (“Framing Frames”) that could allow an attacker to disclose sensitive information or to steal the victims session. CVE-2022-47522 is divided into 3 different scenarios which are described in the section “Additional Information”. Siemens recommends specific countermeasures for products where ...
Titel
SSA-625850 V1.0: Multiple WIBU Systems CodeMeter Vulnerabilities Affecting the Desigo CC Product Family
Veröffentlicht
14. November 2023 01:00
Text
Versions V5.0 through V7 of the Desigo CC product family (Desigo CC, Desigo CC Compact, Desigo CC Connect, Cerberus DMS) are affected by multiple vulnerabilities in the underlying third-party component WIBU Systems CodeMeter Runtime. Successful exploitation of these vulnerabilities could allow remote attackers to execute arbitrary code on the Desigo ...
Titel
SSA-764417 V1.8 (Last Update: 2023-11-14): Weak Encryption Vulnerability in RUGGEDCOM ROS Devices
Veröffentlicht
14. November 2023 01:00
Text
The SSH server on RUGGEDCOM ROS devices is configured to offer weak ciphers by default. This could allow an unauthorized attacker in a man-in-the-middle position to read and modify any data passed over the connection between legitimate clients and the affected device. Siemens has released updates for the affected products ...
Titel
SSA-711309 V1.2 (Last Update: 2023-11-14): Denial of Service Vulnerability in the OPC UA Implementations of SIMATIC Products
Veröffentlicht
14. November 2023 01:00
Text
The OPC UA implementations (ANSI C and C++) as used in several SIMATIC products contain a denial of service vulnerability that could allow an unauthenticated remote attacker to create a denial of service condition by sending a specially crafted certificate. Siemens has released updates for several affected products and recommends ...
Titel
SSA-691715 V1.3 (Last Update: 2023-11-14): Vulnerability in OPC Foundation Local Discovery Server Affecting Siemens Products
Veröffentlicht
14. November 2023 01:00
Text
A vulnerability was identified in OPC Foundation Local Discovery Server which also affects Siemens products that could allow an attacker to escalate privileges under certain circumstances. Siemens has released an update for SIMATIC WinCC and recommends to update to the latest version. Siemens is preparing further updates and recommends specific ...
Titel
SSA-456933 V1.0: Multiple Vulnerabilities in SIMATIC PCS neo before V4.1
Veröffentlicht
14. November 2023 01:00
Text
SIMATIC PCS neo before V4.1 is affected by multiple vulnerabilities. Siemens has released a new version for SIMATIC PCS neo and recommends to update to the latest version.
Titel
SSA-831302 V1.2 (Last Update: 2023-11-14): Vulnerabilities in the BIOS of the SIMATIC S7-1500 TM MFP V1.0
Veröffentlicht
14. November 2023 01:00
Text
Multiple vulnerabilities have been identified in the BIOS of the SIMATIC S7-1500 TM MFP V1.0. Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available.
Titel
SSA-794697 V1.4 (Last Update: 2023-11-14): Vulnerabilities in the Linux Kernel of the SIMATIC S7-1500 TM MFP V1.0
Veröffentlicht
14. November 2023 01:00
Text
Multiple vulnerabilities have been identified in the Linux Kernel of the SIMATIC S7-1500 TM MFP V1.0. Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available.

Letzte Updates

BOSCH PSIRT
19.07.2024
SIEMENS CERT
09.07.2024
US CERT
09.07.2024
US CERT (ICS)
18.07.2024

Nach Quelle

Archiv

2024
2023
2022
2021
2020
2019
2018
2017

Feeds