December 2021
14.12.2021
SIEMENS CERT
SSA-549234 V1.1 (Last Update: 2021-12-14): Denial-of-Service Vulnerability in SIMATIC NET CP Modules
Title
SSA-549234 V1.1 (Last Update: 2021-12-14): Denial-of-Service Vulnerability in SIMATIC NET CP Modules
Published
Dec. 14, 2021, 1 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-549234.pdf
Summary
A denial of service vulnerability was identified in different types of Communication Processors. An attacker could exploit this vulnerability causing the device to become un-operational until the device is restarted. Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available.
14.12.2021
SIEMENS CERT
SSA-324955 V1.7 (Last Update: 2021-12-14): SAD DNS Attack in Linux Based Products
Title
SSA-324955 V1.7 (Last Update: 2021-12-14): SAD DNS Attack in Linux Based Products
Published
Dec. 14, 2021, 1 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-324955.pdf
Summary
A vulnerability made public under the name SAD DNS affects Domain Name System resolvers due to a vulnerability in the Linux kernel when handling ICMP packets. The Siemens products which are affected are listed below. For more information please see https://www.saddns.net/. Siemens has released updates for several affected products and ...
14.12.2021
SIEMENS CERT
SSA-114589 V1.1 (Last Update: 2021-12-14): Multiple Vulnerabilities in Nucleus RTOS based APOGEE, TALON and Desigo PXC/PXM Prod...
Title
SSA-114589 V1.1 (Last Update: 2021-12-14): Multiple Vulnerabilities in Nucleus RTOS based APOGEE, TALON and Desigo PXC/PXM Products
Published
Dec. 14, 2021, 1 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf
Summary
Multiple vulnerabilities (also known as “NUCLEUS:13”) have be identified in the Nucleus RTOS (real-time operating system) and reported in the Siemens Security Advisory SSA-044112: https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf. The products listed below use affected versions of the Nucleus software and inherently contain these vulnerabilities. Siemens is preparing updates and recommends specific countermeasures for ...
14.12.2021
SIEMENS CERT
SSA-133772 V1.0: Zip Path Traversal Vulnerability in Teamcenter Active Workspace
Title
SSA-133772 V1.0: Zip Path Traversal Vulnerability in Teamcenter Active Workspace
Published
Dec. 14, 2021, 1 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-133772.pdf
Summary
A zip path traversal vulnerability in Teamcenter Active Workspace could allow an attacker to achieve remote code execution. Siemens has released updates for the affected products and recommends to update to the latest versions.
14.12.2021
SIEMENS CERT
SSA-160202 V1.0: Multiple Access Control Vulnerabilities in SiPass Integrated
Title
SSA-160202 V1.0: Multiple Access Control Vulnerabilities in SiPass Integrated
Published
Dec. 14, 2021, 1 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-160202.pdf
Summary
SiPass integrated contains multiple vulnerabilities that could allow an unauthenticated remote attacker to access or modify several internal application resources. Siemens has released a tool, “SiPass integrated Component Manager”, to remediate the vulnerabilities on all maintained and supported versions of SiPass integrated and recommends to apply this tool.
14.12.2021
SIEMENS CERT
SSA-161331 V1.0: Scene File Parsing Vulnerability in Simcenter STAR-CCM+ Viewer before V2021.3.1
Title
SSA-161331 V1.0: Scene File Parsing Vulnerability in Simcenter STAR-CCM+ Viewer before V2021.3.1
Published
Dec. 14, 2021, 1 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-161331.pdf
Summary
Siemens Simcenter STAR-CCM+ Viewer is affected by a vulnerability that could be triggered when the application reads scene (.sce) files. If a user is tricked to open a malicious file with the affected application, this could lead to a crash, and potentially also to arbitrary code execution or data extraction ...
14.12.2021
SIEMENS CERT
SSA-199605 V1.0: Arbitrary File Download Vulnerability in SIMATIC eaSie PCS 7 Skill Package
Title
SSA-199605 V1.0: Arbitrary File Download Vulnerability in SIMATIC eaSie PCS 7 Skill Package
Published
Dec. 14, 2021, 1 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-199605.pdf
Summary
SIMATIC eaSie PCS 7 Skill Package contains a path traversal vulnerability that could allow an authenticated remote attacker to read arbitrary files for the application server. Siemens has released an update for the SIMATIC eaSie PCS 7 Skill Package and recommends to update to the latest version.
14.12.2021
SIEMENS CERT
SSA-352143 V1.0: Multiple File Parsing Vulnerabilities in JTTK before V11.0.3.0 and JT Utilities before V13.0.3.0
Title
SSA-352143 V1.0: Multiple File Parsing Vulnerabilities in JTTK before V11.0.3.0 and JT Utilities before V13.0.3.0
Published
Dec. 14, 2021, 1 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-352143.pdf
Summary
JT Open Toolkit (JTTK) before V11.0.3.0 contains multiple vulnerabilities that could be triggered when the affected product reads a maliciously crafted JT file. These vulnerabilities also affects JT Utilities before V13.0.3.0. If a user is tricked to open a malicious file with any of the affected products, this could lead ...
14.12.2021
SIEMENS CERT
SSA-390195 V1.0: LibVNC Vulnerabilities in SIMATIC ITC Products
Title
SSA-390195 V1.0: LibVNC Vulnerabilities in SIMATIC ITC Products
Published
Dec. 14, 2021, 1 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf
Summary
Multiple LibVNC vulnerabilities in the affected products listed below could allow remote code execution, information disclosure and Denial-of-Service attacks under certain conditions. Siemens has released updates for the affected products and recommends to update to the latest versions.
14.12.2021
SIEMENS CERT
SSA-044112 V1.1 (Last Update: 2021-12-14): Multiple Vulnerabilities (NUCLEUS:13) in the TCP/IP Stack of Nucleus RTOS
Title
SSA-044112 V1.1 (Last Update: 2021-12-14): Multiple Vulnerabilities (NUCLEUS:13) in the TCP/IP Stack of Nucleus RTOS
Published
Dec. 14, 2021, 1 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf
Summary
The TCP/IP stack and related services (FTP, TFTP) of the networking component (Nucleus NET) in Nucleus Real-Time Operating System (RTOS) contain several vulnerabilities, also known as “NUCLEUS:13” and as documented below. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends countermeasures ...
14.12.2021
SIEMENS CERT
SSA-396621 V1.0: Multiple File Parsing Vulnerabilities in JTTK before V10.8.1.1 and JT Utilities before V12.8.1.1
Title
SSA-396621 V1.0: Multiple File Parsing Vulnerabilities in JTTK before V10.8.1.1 and JT Utilities before V12.8.1.1
Published
Dec. 14, 2021, 1 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-396621.pdf
Summary
JT Open Toolkit (JTTK) before V10.8.1.1 contains multiple vulnerabilities that could be triggered when it reads a maliciously crafted JT file. These vulnerabilities also affects JT Utilities before V12.8.1.1. If a user is tricked to open a malicious file with any of the affected products, this could lead the application ...
14.12.2021
SIEMENS CERT
SSA-400332 V1.0: Insufficient Design IP Protection in IEEE 1735 Recommended Practice - Impact to Questa and ModelSim
Title
SSA-400332 V1.0: Insufficient Design IP Protection in IEEE 1735 Recommended Practice - Impact to Questa and ModelSim
Published
Dec. 14, 2021, 1 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-400332.pdf
Summary
Recent security research identifies weaknesses in the IEEE 1735 recommended practice for encryption of Design IP, which could allow a sophisticated attacker access to unencrypted Design IP data in IEEE 1735-compliant products. This advisory addresses the specific details for the affected Siemens software products: Questa and ModelSim simulators. Siemens is ...
14.12.2021
SIEMENS CERT
SSA-463116 V1.0: Multiple Access Control Vulnerabilities in Siveillance Identity before V1.6.284.0
Title
SSA-463116 V1.0: Multiple Access Control Vulnerabilities in Siveillance Identity before V1.6.284.0
Published
Dec. 14, 2021, 1 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-463116.pdf
Summary
Siveillance Identity contains multiple vulnerabilities that could allow an unauthenticated remote attacker to access or modify several internal application resources. Siemens has released updates for the affected products and recommends to update to the latest versions.
14.12.2021
SIEMENS CERT
SSA-496292 V1.0: Remote Code Execution Vulnerability in POWER METER SICAM Q100
Title
SSA-496292 V1.0: Remote Code Execution Vulnerability in POWER METER SICAM Q100
Published
Dec. 14, 2021, 1 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-496292.pdf
Summary
POWER METER SICAM Q100 contains a vulnerability that could allow an attacker to remotely execute code. Siemens has released updates for the affected products and recommends to update to the latest versions.
14.12.2021
SIEMENS CERT
SSA-523250 V1.0: Improper Certificate Validation Vulnerability in SINUMERIK Edge
Title
SSA-523250 V1.0: Improper Certificate Validation Vulnerability in SINUMERIK Edge
Published
Dec. 14, 2021, 1 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-523250.pdf
Summary
A vulnerability was found in SINUMERIK Edge that could allow an attacker to spoof a trusted entity by interfering in the communication path between the client and the intended server. Siemens has released an update for the SINUMERIK Edge and recommends to update to the latest version.
13.12.2021
SIEMENS CERT
SSA-661247 V1.0: Apache Log4j Vulnerability (CVE-2021-44228, Log4Shell) - Impact to Siemens Products
Title
SSA-661247 V1.0: Apache Log4j Vulnerability (CVE-2021-44228, Log4Shell) - Impact to Siemens Products
Published
Dec. 13, 2021, 1 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf
Summary
On 2021-12-09, a vulnerability in Apache Log4j (a logging tool used in many Java-based applications) was disclosed, that could allow remote unauthenticated attackers to execute code on vulnerable systems. The vulnerability is tracked as CVE-2021-44228 and is also known as “Log4Shell”. Siemens is currently investigating to determine which products are ...
09.12.2021
US CERT (ICS)
Hillrom Welch Allyn Cardio Products
Title
Hillrom Welch Allyn Cardio Products
Published
Dec. 9, 2021, 4:10 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsma-21-343-01
Summary
This advisory contains mitigations for an Authentication Bypass Using an Alternate Path or Channel vulnerability in Hillrom Welch Allyn cardiology devices.
09.12.2021
US CERT (ICS)
Hitachi Energy GMS600, PWC600, and Relion
Title
Hitachi Energy GMS600, PWC600, and Relion
Published
Dec. 9, 2021, 4:05 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-343-01
Summary
This advisory contains mitigations for an Improper Access Controls vulnerability in Hitachi Energy GMS600, PWC600, and Relion circuit breaker monitoring systems.
08.12.2021
BOSCH PSIRT
Multiple Vulnerabilities in Bosch BT software products
Title
Multiple Vulnerabilities in Bosch BT software products
Published
Dec. 8, 2021, 1 a.m.
URL
https://psirt.bosch.com/security-advisories/bosch-sa-043434-bt.html
Summary

BOSCH-SA-043434-BT: A recently discovered security vulnerability allows an unauthenticated attacker to cause an application to crash (Denial of Service / DoS) and for the VRM opens the possibility to send unauthenticated commands for a short time (this vulnerability is rated critical).The VRM, DIVAR IP and BVMS with VRM are also ...

07.12.2021
US CERT (ICS)
Hitachi Energy RTU500 OpenLDAP
Title
Hitachi Energy RTU500 OpenLDAP
Published
Dec. 7, 2021, 4:10 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-341-01
Summary
This advisory contains mitigations for Type Confusion, and Reachable Assertion vulnerabilities in Hitachi Energy RTU500 OpenLDAP firmware.
07.12.2021
US CERT (ICS)
Hitachi Energy XMC20 and FOX61x
Title
Hitachi Energy XMC20 and FOX61x
Published
Dec. 7, 2021, 4:05 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-341-02
Summary
This advisory contains mitigations for Weak Password Requirements, and Missing Handler vulnerabilities in Hitachi Energy XMC20 and FOX61x multi-service network elements.
07.12.2021
US CERT (ICS)
FANUC Robot Controllers
Title
FANUC Robot Controllers
Published
Dec. 7, 2021, 4 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-243-02
Summary
This advisory is a follow-up to the original advisory titled ICSA-21-243-02P FANUC Robot Controllers that was posted to the HSIN ICS library on August 31, 2021. This advisory contains mitigations for Integer Coercion Error, and Out-of-bounds Write vulnerabilities in FANUC Robot Controllers.
02.12.2021
US CERT
AA21-336A: APT Actors Exploiting CVE-2021-44077 in Zoho ManageEngine ServiceDesk Plus
Title
AA21-336A: APT Actors Exploiting CVE-2021-44077 in Zoho ManageEngine ServiceDesk Plus
Published
Dec. 2, 2021, 7 p.m.
URL
https://us-cert.cisa.gov/ncas/alerts/aa21-336a
Summary
Original release date: December 2, 2021 | Last revised: December 6, 2021SummaryThis joint Cybersecurity Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework, Version 9. See the ATT&CK for Enterprise framework for referenced threat actor techniques and for mitigations. This joint advisory is the result of analytic ...
02.12.2021
US CERT (ICS)
Schneider Electric SESU
Title
Schneider Electric SESU
Published
Dec. 2, 2021, 4:35 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-336-01
Summary
This advisory contains mitigations for an Insufficient Entropy vulnerability in the Schneider Electric Software Update.
02.12.2021
US CERT (ICS)
Johnson Controls Entrapass
Title
Johnson Controls Entrapass
Published
Dec. 2, 2021, 4:30 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-336-02
Summary
This advisory contains mitigations for a Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Johnson Controls Entrapass security management software.

Last Updates

BOSCH PSIRT
20.03.2024
CODESYS
28.06.2023
SIEMENS CERT
19.04.2024
US CERT
17.04.2024
US CERT (ICS)
25.04.2024

By Source

Archive

2024
2023
2022
2021
2020
2019
2018
2017

Feeds