July 2021
13.07.2021
SIEMENS CERT
SSA-599968 V1.0: Denial-of-Service Vulnerability in Profinet Devices
Title
SSA-599968 V1.0: Denial-of-Service Vulnerability in Profinet Devices
Published
July 13, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-599968.pdf
Summary
A vulnerability in affected devices could allow an attacker to perform a denial-of-service attack if a large amount of Profinet Discovery and Configuration Protocol (DCP) reset packets is sent to the affected devices. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens ...
13.07.2021
SIEMENS CERT
SSA-622535 V1.0: Multiple Vulnerabilities in Teamcenter Active Workspace
Title
SSA-622535 V1.0: Multiple Vulnerabilities in Teamcenter Active Workspace
Published
July 13, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-622535.pdf
Summary
Multiple vulnerabilities affecting Teamcenter Active Workspace could lead to sensitive information disclosure and reflected cross site scripting. Siemens has released updates for the affected products and recommends to update to the latest versions.
13.07.2021
SIEMENS CERT
SSA-641963 V1.0: Remote Code Execution Vulnerability in Multiple SIMATIC Software Products
Title
SSA-641963 V1.0: Remote Code Execution Vulnerability in Multiple SIMATIC Software Products
Published
July 13, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-641963.pdf
Summary
Multiple SIMATIC Software products are affected by a vulnerability that could allow an attacker to manipulate project files and remotely execute code. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not, or not ...
13.07.2021
SIEMENS CERT
SSA-661034 V1.0: Incorrect Permission Assignment in Multiple SIMATIC Software Products
Title
SSA-661034 V1.0: Incorrect Permission Assignment in Multiple SIMATIC Software Products
Published
July 13, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-661034.pdf
Summary
Multiple SIMATIC software products are affected by a vulnerability that could allow an attacker to change the content of certain metafiles and subsequently manipulate parameters or behaviour of devices configured by the affected software products. Siemens has released an update for the SIMATIC STEP 7 V5.X and recommends to update ...
13.07.2021
SIEMENS CERT
SSA-675303 V1.0: WIBU Systems CodeMeter Runtime Vulnerabilities in Siemens Products
Title
SSA-675303 V1.0: WIBU Systems CodeMeter Runtime Vulnerabilities in Siemens Products
Published
July 13, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-675303.pdf
Summary
WIBU Systems disclosed two vulnerabilities and a new release version of CodeMeter Runtime, a product provided by WIBU Systems and used in several Siemens products for license management. The vulnerabilities are described in the section “Vulnerability Classification” below and got assigned the CVE IDs CVE-2021-20093 and CVE-2021-20094. Successful exploitation of ...
13.07.2021
SIEMENS CERT
SSA-203306 V1.5 (Last Update: 2021-07-13): Password Vulnerabilities in SIPROTEC 4 and SIPROTEC Compact Relay Families
Title
SSA-203306 V1.5 (Last Update: 2021-07-13): Password Vulnerabilities in SIPROTEC 4 and SIPROTEC Compact Relay Families
Published
July 13, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-203306.pdf
Summary
SIPROTEC 4 and SIPROTEC Compact devices could allow access authorization passwords to be reconstructed or overwritten via engineering mechanisms that involve DIGSI 4 and EN100 Ethernet communication modules. Siemens has released updates for several affected products, and recommends specific countermeasures for the remaining products.
13.07.2021
SIEMENS CERT
SSA-941426 V1.0: Multiple LLDP Vulnerabilities in Industrial Products
Title
SSA-941426 V1.0: Multiple LLDP Vulnerabilities in Industrial Products
Published
July 13, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-941426.pdf
Summary
There are multiple vulnerabilities in an underlying Link Layer Discovery Protocol (LLDP) third party library. Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available.
13.07.2021
SIEMENS CERT
SSA-462066 V2.4 (Last Update: 2021-07-13): Vulnerability known as TCP SACK PANIC in Industrial Products
Title
SSA-462066 V2.4 (Last Update: 2021-07-13): Vulnerability known as TCP SACK PANIC in Industrial Products
Published
July 13, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf
Summary
Multiple industrial products are affected by a vulnerability in the kernel known as TCP SACK PANIC. The vulnerability could allow a remote attacker to cause a denial of service condition. Siemens has released updates for several affected products and recommends to update to the new versions. Siemens is preparing further ...
13.07.2021
SIEMENS CERT
SSA-841348 V1.8 (Last Update: 2021-07-13): Multiple Vulnerabilities in the UMC Stack
Title
SSA-841348 V1.8 (Last Update: 2021-07-13): Multiple Vulnerabilities in the UMC Stack
Published
July 13, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf
Summary
The latest update for the below listed products fixes two security vulnerabilities that could allow an attacker to cause a partial Denial-of-Service on the UMC component of the affected devices under certain circumstances, and one vulnerability that could allow an attacker to locally escalate privileges from a user with administrative ...
13.07.2021
SIEMENS CERT
SSA-448291 V1.0: Denial-of-Service Vulnerability in ARP Protocol of RWG Universal Controllers
Title
SSA-448291 V1.0: Denial-of-Service Vulnerability in ARP Protocol of RWG Universal Controllers
Published
July 13, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-448291.pdf
Summary
A Denial-of-Service vulnerability was found affecting the ARP protocol on RWG Universal Controller devices. Siemens has released updates for the affected products and recommends to update to the latest versions.
13.07.2021
SIEMENS CERT
SSA-434536 V1.0: Memory Protection Bypass Vulnerability in SINUMERIK ONE and SINUMERIK MC
Title
SSA-434536 V1.0: Memory Protection Bypass Vulnerability in SINUMERIK ONE and SINUMERIK MC
Published
July 13, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-434536.pdf
Summary
SINUMERIK ONE and SINUMERIK MC products are affected by a memory protection bypass vulnerability in the integrated S7-1500 CPU that could allow an attacker to write arbitrary data and code to protected memory areas or read sensitive data to launch further attacks on the CPU. Siemens is preparing updates and ...
13.07.2021
SIEMENS CERT
SSA-913875 V1.0: Frame Aggregation and Fragmentation Vulnerabilities in 802.11
Title
SSA-913875 V1.0: Frame Aggregation and Fragmentation Vulnerabilities in 802.11
Published
July 13, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf
Summary
Twelve vulnerabilities in the implementation of frame aggregation and fragmentation of the 802.11 standard, under the name of FragAttacks, have been published. Successful exploitation of these vulnerabilities could allow an attacker within Wi-Fi range to forge encrypted frames, which could result in sensitive data disclosure and possibly traffic manipulation. The ...
13.07.2021
SIEMENS CERT
SSB-439005 V3.5 (Last Update: 2021-07-13): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 151...
Title
SSB-439005 V3.5 (Last Update: 2021-07-13): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP
Published
July 13, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssb-439005.pdf
Summary
13.07.2021
SIEMENS CERT
SSA-729965 V1.0: TLS Certificate Validation Vulnerability in SINUMERIK Integrate Operate Client
Title
SSA-729965 V1.0: TLS Certificate Validation Vulnerability in SINUMERIK Integrate Operate Client
Published
July 13, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-729965.pdf
Summary
The latest update for SINUMERIK Integrate Operate Client fixes a vulnerability that could allow an attacker to spoof any SSL server certificate and conduct man-in-the-middle attacks. Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available
13.07.2021
SIEMENS CERT
SSA-173615 V1.0: Multiple PAR and ASM File Parsing Vulnerabilities in Solid Edge
Title
SSA-173615 V1.0: Multiple PAR and ASM File Parsing Vulnerabilities in Solid Edge
Published
July 13, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-173615.pdf
Summary
Siemens has released version SE2021MP5 for Solid Edge to fix multiple heap based buffer overflow vulnerabilities that could be triggered when the application read files in PAR or ASM file formats. If a user is tricked to open a malicious file with the affected application, this could lead to a ...
13.07.2021
SIEMENS CERT
SSA-772220 V1.0: OpenSSL Vulnerabilities in Industrial Products
Title
SSA-772220 V1.0: OpenSSL Vulnerabilities in Industrial Products
Published
July 13, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-772220.pdf
Summary
OpenSSL has published a security advisory [0] about a vulnerability in OpenSSL versions 1.1.1 < k, that allows an unauthenticated attacker to cause a Denial-of-Service (DoS) if a a maliciously crafted renegotiation message is sent. Siemens is preparing updates and recommends countermeasures for products where updates are not, or not ...
01.07.2021
US CERT (ICS)
Sensormatic Electronics C-CURE 9000
Title
Sensormatic Electronics C-CURE 9000
Published
July 1, 2021, 4:20 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-182-02
Summary
This advisory contains mitigations for an Improper Input Validation vulnerability in Sensormatic Electronics C-CURE 9000 industrial software.
01.07.2021
US CERT (ICS)
Delta Electronics DOPSoft
Title
Delta Electronics DOPSoft
Published
July 1, 2021, 4:15 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-182-03
Summary
This advisory contains mitigations for Out-of-bounds Read vulnerabilities in Delta Electronics DOPSoft software.
01.07.2021
US CERT (ICS)
Mitsubishi Electric Air Conditioning System
Title
Mitsubishi Electric Air Conditioning System
Published
July 1, 2021, 4:10 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-182-04
Summary
This advisory contains mitigations for an Incorrect Implementation of Authentication Algorithm vulnerability in Mitsubishi Electric air conditioning systems.
01.07.2021
US CERT (ICS)
Mitsubishi Electric Air Conditioning Systems
Title
Mitsubishi Electric Air Conditioning Systems
Published
July 1, 2021, 4:05 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-182-05
Summary
This advisory contains mitigations for an Improper Restriction of XML External Entity Reference vulnerability in Mitsubishi Electric Air Conditioning Systems.
01.07.2021
US CERT (ICS)
All Bachmann M1 System Processor Modules
Title
All Bachmann M1 System Processor Modules
Published
July 1, 2021, 4 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-026-01-0
Summary
This updated advisory is a follow-up to the advisory titled ICSA-21-026-01P All Bachmann M1 System Processor Modules, posted to the HSIN ICS library on January 26, 2021. This advisory is now being released to the ICS webpage on us-cert.cisa.gov. This advisory contains mitigations for a Use of Password Hash with ...
June 2021
29.06.2021
US CERT (ICS)
Exacq Technologies exacqVision Web Service
Title
Exacq Technologies exacqVision Web Service
Published
June 29, 2021, 4:25 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-180-01
Summary
This advisory contains mitigations for a Cross-site Scripting vulnerability in Exacq Technologies exacqVision Web Service software.
29.06.2021
US CERT (ICS)
Exacq Technologies exacqVision Enterprise Manager
Title
Exacq Technologies exacqVision Enterprise Manager
Published
June 29, 2021, 4:20 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-180-02
Summary
This advisory contains mitigations for a Cross-site Scripting vulnerability in Exacq Technologies exacqVision Enterprise Manager software.
29.06.2021
US CERT (ICS)
Panasonic FPWIN Pro
Title
Panasonic FPWIN Pro
Published
June 29, 2021, 4:15 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-180-03
Summary
This advisory contains mitigations for an Improper Restriction of XML External Entity Reference vulnerability in Panasonic FPWIN Pro programming control software.
29.06.2021
US CERT (ICS)
JTEKT TOYOPUC PLC
Title
JTEKT TOYOPUC PLC
Published
June 29, 2021, 4:10 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-180-04
Summary
This advisory contains mitigations for an Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in the JTEKT TOYOPUC programmable logic controller (PLC).

Last Updates

BOSCH PSIRT
20.03.2024
CODESYS
28.06.2023
SIEMENS CERT
19.04.2024
US CERT
17.04.2024
US CERT (ICS)
25.04.2024

By Source

Archive

2024
2023
2022
2021
2020
2019
2018
2017

Feeds