August 2021
10.08.2021
SIEMENS CERT
SSA-553445 V1.0: DNS "Name:Wreck" Vulnerabilities in Multiple Siemens Energy AGT and SGT solutions
Title
SSA-553445 V1.0: DNS "Name:Wreck" Vulnerabilities in Multiple Siemens Energy AGT and SGT solutions
Published
Aug. 10, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-553445.pdf
Summary
One of the DNS-related vulnerabilities that were reported as “Name:Wreck” may affect the following Siemens Energy products: Industrial Gas Turbines SGT-100, SGT-200, SGT-300 and SGT-400 with Allen Bradley control systems Aeroderivative Gas Turbines SGT-A20, SGT-A35 and SGT-A65 with FT125 control systems
10.08.2021
SIEMENS CERT
SSA-679335 V1.0: Multiple Vulnerabilities in Embedded FTP Server of SIMATIC NET CP Modules
Title
SSA-679335 V1.0: Multiple Vulnerabilities in Embedded FTP Server of SIMATIC NET CP Modules
Published
Aug. 10, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-679335.pdf
Summary
SIMATIC CP 1543-1 and CP 1545-1 devices are affected by multiple vulnerabilities in ProFTPD, a third party component, that could allow a remote attacker to access sensitive information and execute arbitrary code. Siemens has released an update for SIMATIC NET CP 1543-1 and recommends to update to the latest version. ...
10.08.2021
SIEMENS CERT
SSA-941426 V1.1 (Last Update: 2021-08-10): Multiple LLDP Vulnerabilities in Industrial Products
Title
SSA-941426 V1.1 (Last Update: 2021-08-10): Multiple LLDP Vulnerabilities in Industrial Products
Published
Aug. 10, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-941426.pdf
Summary
There are multiple vulnerabilities in an underlying Link Layer Discovery Protocol (LLDP) third party library. Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available.
10.08.2021
SIEMENS CERT
SSA-844761 V1.2 (Last Update: 2021-08-10): Multiple Vulnerabilities in SiNVR/SiVMS Video Server
Title
SSA-844761 V1.2 (Last Update: 2021-08-10): Multiple Vulnerabilities in SiNVR/SiVMS Video Server
Published
Aug. 10, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf
Summary
The Video Server application in SiNVR/SiVMS solutions contains five vulnerabilities involving information disclosure (CVE-2019-19291, CVE-2019-19299), path traversal (CVE-2019-19296, CVE-2019-19297), and denial-of-service (CVE-2019-19298). PKE has released updates of the application that fixes the reported vulnerabilities, except for CVE-2019-19299. This update is not available under the former Siemens OEM brand name SiNVR. ...
10.08.2021
SIEMENS CERT
SSA-772220 V1.1 (Last Update: 2021-08-10): OpenSSL Vulnerabilities in Industrial Products
Title
SSA-772220 V1.1 (Last Update: 2021-08-10): OpenSSL Vulnerabilities in Industrial Products
Published
Aug. 10, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-772220.pdf
Summary
OpenSSL has published a security advisory [0] about a vulnerability in OpenSSL versions 1.1.1 < 1.1.1k, that allows an unauthenticated attacker to cause a Denial-of-Service (DoS) if a maliciously crafted renegotiation message is sent. Siemens is preparing updates and recommends countermeasures for products where updates are not, or not yet ...
10.08.2021
SIEMENS CERT
SSA-752103 V1.1 (Last Update: 2021-08-10): Telnet Authentication Vulnerability in SINAMICS Medium Voltage Products
Title
SSA-752103 V1.1 (Last Update: 2021-08-10): Telnet Authentication Vulnerability in SINAMICS Medium Voltage Products
Published
Aug. 10, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-752103.pdf
Summary
SINAMICS medium voltage products, with telnet enabled on SIMATIC comfort HMI Panels, are affected by a remote access vulnerability that could allow an attacker, under certain conditions, to gain full remote access to the HMI. Note that by default telnet is disabled, but it can be enabled by the system ...
10.08.2021
SIEMENS CERT
SSA-756744 V1.0: OS Command Injection Vulnerability in SINEC NMS
Title
SSA-756744 V1.0: OS Command Injection Vulnerability in SINEC NMS
Published
Aug. 10, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-756744.pdf
Summary
The latest update for SINEC NMS fixes a vulnerability that could allow an authenticated remote attacker to execute arbitrary code on the system, with system privileges, under certain conditions. Siemens has released an update for SINEC NMS and recommends to update to the latest version.
10.08.2021
SIEMENS CERT
SSA-723417 V1.1 (Last Update: 2021-08-10): Multiple Vulnerabilities in SCALANCE W1750D
Title
SSA-723417 V1.1 (Last Update: 2021-08-10): Multiple Vulnerabilities in SCALANCE W1750D
Published
Aug. 10, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf
Summary
Siemens SCALANCE W1750D is a brand-labeled device. Aruba has released a related security advisory ARUBA-PSA-2021-007 disclosing vulnerabilities in its Aruba Instant product line. Siemens is preparing updates and recommends countermeasures for products where updates are not, or not yet available.
10.08.2021
SIEMENS CERT
SSA-678983 V1.2 (Last Update: 2021-08-10): Vulnerabilities in Industrial PCs and CNC devices using Intel CPUs (November 2020)
Title
SSA-678983 V1.2 (Last Update: 2021-08-10): Vulnerabilities in Industrial PCs and CNC devices using Intel CPUs (November 2020)
Published
Aug. 10, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-678983.pdf
Summary
Intel has published information on vulnerabilities in Intel products in November 2020. This advisory lists the Siemens IPC related products, that are affected by these vulnerabilities. In this advisory we take a representative CVE from each advisory: “Intel CSME, SPS, TXE, AMT and DAL Advisory” Intel-SA-00391 is represented by CVE-2020-8745 ...
10.08.2021
SIEMENS CERT
SSA-599968 V1.1 (Last Update: 2021-08-10): Denial-of-Service Vulnerability in Profinet Devices
Title
SSA-599968 V1.1 (Last Update: 2021-08-10): Denial-of-Service Vulnerability in Profinet Devices
Published
Aug. 10, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-599968.pdf
Summary
A vulnerability in affected devices could allow an attacker to perform a denial-of-service attack if a large amount of Profinet Discovery and Configuration Protocol (DCP) reset packets is sent to the affected devices. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens ...
10.08.2021
SIEMENS CERT
SSA-541018 V1.2 (Last Update: 2021-08-10): Embedded TCP/IP Stack Vulnerabilities (AMNESIA:33) in SENTRON PAC / 3VA Devices (Par...
Title
SSA-541018 V1.2 (Last Update: 2021-08-10): Embedded TCP/IP Stack Vulnerabilities (AMNESIA:33) in SENTRON PAC / 3VA Devices (Part 2)
Published
Aug. 10, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-541018.pdf
Summary
Security researchers discovered and disclosed 33 vulnerabilities in several open-source TCP/IP stacks for embedded devices, also known as “AMNESIA:33” vulnerabilities. This advisory describes the impact of two of these vulnerabilities (CVE-2020-13987, CVE-2020-17437) to Siemens products. Siemens has released updates for several affected products and recommends to update to the latest ...
10.08.2021
SIEMENS CERT
SSA-492828 V1.1 (Last Update: 2021-08-10): Denial-of-Service Vulnerability in SIMATIC S7-300 CPUs and SINUMERIK Controller
Title
SSA-492828 V1.1 (Last Update: 2021-08-10): Denial-of-Service Vulnerability in SIMATIC S7-300 CPUs and SINUMERIK Controller
Published
Aug. 10, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-492828.pdf
Summary
A vulnerability in S7-300 might allow an attacker to cause a Denial-of-Service condition on port 102 of the affected devices by sending specially crafted packets. Siemens is preparing updates and recommends specific countermeasures until fixes are available.
04.08.2021
BOSCH PSIRT
Cross Site Request Forgery (CSRF) vulnerability in Bosch IP cameras
Title
Cross Site Request Forgery (CSRF) vulnerability in Bosch IP cameras
Published
Aug. 4, 2021, 2 a.m.
URL
https://psirt.bosch.com/security-advisories/bosch-sa-033305-bt.html
Summary

BOSCH-SA-033305-BT: The possibility to conduct a CSRF (Cross Site Request Forgery) attack was discovered in a Penetration Test from Kaspersky ICS CERT during a certification effort from Bosch. Bosch rates this vulnerability with CVSSv3.1 base scores of 7.5 (High), where the actual rating depends on the final rating specific to ...

04.08.2021
SIEMENS CERT
SSA-789208 V1.0: Multiple Vulnerabilities (INFRA:HALT) in Interniche IP-Stack based Low Voltage Devices
Title
SSA-789208 V1.0: Multiple Vulnerabilities (INFRA:HALT) in Interniche IP-Stack based Low Voltage Devices
Published
Aug. 4, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-789208.pdf
Summary
Security researchers discovered and disclosed 14 vulnerabilities in the Interniche IP stack, also known as “INFRA:HALT” vulnerabilities [0]. This advisory describes the impact to Siemens low voltage products, which are only affected by four out of the 14 vulnerabilities. Siemens has released updates for the affected products and recommends to ...
July 2021
28.07.2021
US CERT
AA21-209A: Top Routinely Exploited Vulnerabilities
Title
AA21-209A: Top Routinely Exploited Vulnerabilities
Published
July 28, 2021, 2 p.m.
URL
https://us-cert.cisa.gov/ncas/alerts/aa21-209a
Summary
Original release date: July 28, 2021 | Last revised: August 20, 2021SummaryThis Joint Cybersecurity Advisory was coauthored by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Australian Cyber Security Centre (ACSC), the United Kingdom’s National Cyber Security Centre (NCSC), and the U.S. Federal Bureau of Investigation (FBI). This advisory ...
27.07.2021
CODESYS
Sicherheitsupdate: CODESYS Security Advisories 2021-09 bis 2021-14
Title
Sicherheitsupdate: CODESYS Security Advisories 2021-09 bis 2021-14
Published
July 27, 2021, 9 a.m.
URL
https://feedpress.me/link/15744/14651569/sicherheitsupdate-codesys-security-advisories-2021-09-bis-2021-14.html
Summary
Please check source url for more information.
20.07.2021
US CERT
AA21-201A: Chinese Gas Pipeline Intrusion Campaign, 2011 to 2013
Title
AA21-201A: Chinese Gas Pipeline Intrusion Campaign, 2011 to 2013
Published
July 20, 2021, 3 p.m.
URL
https://us-cert.cisa.gov/ncas/alerts/aa21-201a
Summary
Original release date: July 20, 2021 | Last revised: July 21, 2021SummaryThis Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework, Version 9. See the ATT&CK for Enterprise for all referenced threat actor tactics and techniques. Note: CISA released technical information, including indicators of compromise (IOCs), provided ...
20.07.2021
BOSCH PSIRT
Vulnerabilities in CODESYS V2 runtime systems
Title
Vulnerabilities in CODESYS V2 runtime systems
Published
July 20, 2021, 2 a.m.
URL
https://psirt.bosch.com/security-advisories/bosch-sa-670099.html
Summary

BOSCH-SA-670099: The compact systems CS351E and CS351S and the communication module KE350G with integrated PLC contain technology from CODESYS GmbH. The manufacturer CODESYS GmbH published security bulletins \[1\]\[2\] about a weakness in the protocol for the communication between the PLC runtime and clients. By exploiting these vulnerabilities, attackers can send ...

19.07.2021
US CERT
AA21-200A: Tactics, Techniques, and Procedures of Indicted APT40 Actors Associated with China’s MSS Hainan State Security Depar...
Title
AA21-200A: Tactics, Techniques, and Procedures of Indicted APT40 Actors Associated with China’s MSS Hainan State Security Department
Published
July 19, 2021, 1 p.m.
URL
https://us-cert.cisa.gov/ncas/alerts/aa21-200a
Summary
Original release date: July 19, 2021 | Last revised: July 20, 2021SummaryThis Joint Cybersecurity Advisory was written by the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) to provide information on a Chinese Advanced Persistent Threat (APT) group known in open-source reporting as APT40. This ...
19.07.2021
US CERT
AA21-200B: Chinese State-Sponsored Cyber Operations: Observed TTPs
Title
AA21-200B: Chinese State-Sponsored Cyber Operations: Observed TTPs
Published
July 19, 2021, 1 p.m.
URL
https://us-cert.cisa.gov/ncas/alerts/aa21-200b
Summary
Original release date: July 19, 2021 | Last revised: August 20, 2021SummaryThis advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework, Version 9, and MITRE D3FEND™ framework, version 0.9.2-BETA-3. See the ATT&CK for Enterprise for all referenced threat actor tactics and techniques and the D3FEND framework for ...
15.07.2021
CODESYS
Update CODESYS Security Advisory 2021-07
Title
Update CODESYS Security Advisory 2021-07
Published
July 15, 2021, 4:14 p.m.
URL
https://feedpress.me/link/15744/14620402/update-codesys-security-advisory-2021-07.html
Summary
Please check source url for more information.
13.07.2021
SIEMENS CERT
SSA-324955 V1.2 (Last Update: 2021-07-13): SAD DNS Attack in Linux Based Products
Title
SSA-324955 V1.2 (Last Update: 2021-07-13): SAD DNS Attack in Linux Based Products
Published
July 13, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-324955.pdf
Summary
A vulnerability made public under the name SAD DNS affects Domain Name System resolvers due to a vulnerability in the Linux kernel when handling ICMP packets. The Siemens products which are affected are listed below. For more information please see https://www.saddns.net/. Siemens has released updates for several affected products and ...
13.07.2021
SIEMENS CERT
SSA-209268 V1.0: Multiple JT File Parsing Vulnerabilities in JT Utilities before V13.0.2.0
Title
SSA-209268 V1.0: Multiple JT File Parsing Vulnerabilities in JT Utilities before V13.0.2.0
Published
July 13, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-209268.pdf
Summary
Siemens has released version V13.0.2.0 for JT Utilities to fix multiple vulnerabilities that could be triggered when reading JT files. Siemens recommends to update to the latest version, which contains solutions to all the vulnerabilities listed in this advisory. Standing recommendation is to avoid opening of untrusted files from unknown ...
13.07.2021
SIEMENS CERT
SSA-352521 V1.0: Access Check Bypass Vulnerability in Mendix
Title
SSA-352521 V1.0: Access Check Bypass Vulnerability in Mendix
Published
July 13, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-352521.pdf
Summary
An incorrect authorization check in Mendix applications could allow an attacker to bypass write permissions to attributes of objects under certain circumstances. Mendix has released an update for Mendix and recommends to update to the latest version.
13.07.2021
SIEMENS CERT
SSA-373591 V1.0: Buffer Overflow Vulnerability in RUGGEDCOM ROS Devices
Title
SSA-373591 V1.0: Buffer Overflow Vulnerability in RUGGEDCOM ROS Devices
Published
July 13, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-373591.pdf
Summary
The latest update for RUGGEDCOM ROS devices fixes a buffer overflow vulnerability in the third party component that could allow an attacker with network access to an affected device to cause a remote code execution condition. Siemens has released updates for the affected products and recommends to update to the ...

Last Updates

BOSCH PSIRT
20.03.2024
CODESYS
28.06.2023
SIEMENS CERT
19.04.2024
US CERT
17.04.2024
US CERT (ICS)
02.05.2024

By Source

Archive

2024
2023
2022
2021
2020
2019
2018
2017

Feeds