May 2021
25.05.2021
SIEMENS CERT
SSA-119468 V1.0: Luxion KeyShot Vulnerabilities in Solid Edge
Title
SSA-119468 V1.0: Luxion KeyShot Vulnerabilities in Solid Edge
Published
May 25, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-119468.pdf
Summary
The Solid Edge installation package includes a specific version of the third-party product KeyShot from Luxion, which may not contain the latest security fixes provided by Luxion. Siemens recommends to update KeyShot according to the information in the Luxion Security Advisory LSA-394129.
19.05.2021
CODESYS
Update CODESYS Security Advisory 2021-01 und 2021-04
Title
Update CODESYS Security Advisory 2021-01 und 2021-04
Published
May 19, 2021, 4:43 p.m.
URL
https://feedpress.me/link/15744/14488329/update-codesys-security-advisory-2021-01-und-2021-04.html
Summary
Please check source url for more information.
19.05.2021
BOSCH PSIRT
Vulnerability in the routing protocol of the PLC runtime
Title
Vulnerability in the routing protocol of the PLC runtime
Published
May 19, 2021, 2 a.m.
URL
https://psirt.bosch.com/security-advisories/bosch-sa-350374.html
Summary

BOSCH-SA-350374: The control systems IndraMotion MTX, MLC and MLD and the ctrlX CORE PLC application contain PLC technology from Codesys GmbH. The manufacturer Codesys GmbH published a security bulletin \[1\] about a weakness in the routing protocol for the communication between the PLC runtime and clients. By exploiting the vulnerability, ...

17.05.2021
SIEMENS CERT
SSA-695540 V1.0: ASM and PAR File Parsing Vulnerabilities in JT2Go and Teamcenter Visualization before V13.1.0.2
Title
SSA-695540 V1.0: ASM and PAR File Parsing Vulnerabilities in JT2Go and Teamcenter Visualization before V13.1.0.2
Published
May 17, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-695540.pdf
Summary
Siemens has released version V13.1.0.2 for JT2Go and Teamcenter Visualization to fix multiple vulnerabilities that could be triggered when the products read files in ASM and PAR file formats. If a user is tricked to opening of a malicious file with the affected products, this could lead to application crash, ...
17.05.2021
SIEMENS CERT
SSA-622830 V1.2 (Last Update: 2021-05-17): Multiple File Parsing Vulnerabilities in JT2Go and Teamcenter Visualization before V...
Title
SSA-622830 V1.2 (Last Update: 2021-05-17): Multiple File Parsing Vulnerabilities in JT2Go and Teamcenter Visualization before V13.1.0
Published
May 17, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf
Summary
Siemens has released version V13.1.0 for JT2Go and Teamcenter Visualization to fix multiple vulnerabilities that could be triggered when the products read files in different file formats (JT, XML, CG4, CGM, PDF, RGB, SGI, TGA, PAR, PCX). If a user is tricked to opening of a malicious file with the ...
17.05.2021
SIEMENS CERT
SSA-663999 V1.1 (Last Update: 2021-05-17): Multiple File Parsing Vulnerabilities in JT2Go and Teamcenter Visualization before V...
Title
SSA-663999 V1.1 (Last Update: 2021-05-17): Multiple File Parsing Vulnerabilities in JT2Go and Teamcenter Visualization before V13.1.0.1
Published
May 17, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf
Summary
Siemens has released version V13.1.0.1 for JT2Go and Teamcenter Visualization to fix multiple vulnerabilities that could be triggered when the products read files in different file formats (BMP, TIFF, CGM, TGA, PCT, HPG, PLT, RAS, PAR, ASM, DXF, DWG). If a user is tricked to opening of a malicious file ...
11.05.2021
US CERT
AA21-131A: DarkSide Ransomware: Best Practices for Preventing Business Disruption from Ransomware Attacks
Title
AA21-131A: DarkSide Ransomware: Best Practices for Preventing Business Disruption from Ransomware Attacks
Published
May 11, 2021, 9 p.m.
URL
https://us-cert.cisa.gov/ncas/alerts/aa21-131a
Summary
Original release date: May 11, 2021 | Last revised: May 20, 2021SummaryThis Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework, Version 9. See the ATT&CK for Enterprise for all referenced threat actor tactics and techniques. The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau ...
11.05.2021
SIEMENS CERT
SSA-678983 V1.0: Vulnerabilities in Industrial PCs and CNC devices using Intel CPUs (November 2020)
Title
SSA-678983 V1.0: Vulnerabilities in Industrial PCs and CNC devices using Intel CPUs (November 2020)
Published
May 11, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-678983.pdf
Summary
Intel has published information on vulnerabilities in Intel products in November 2020. This advisory lists the Siemens IPC related products, that are affected by these vulnerabilities. In this advisory we take a representative CVE from each advisory: “Intel CSME, SPS, TXE, AMT and DAL Advisory” Intel-SA-00391 is represented by CVE-2020-8745 ...
11.05.2021
SIEMENS CERT
SSA-116379 V1.0: Denial-of-Service Vulnerability in OSPF Packet Handling of SCALANCE XM-400 and XR-500 Devices
Title
SSA-116379 V1.0: Denial-of-Service Vulnerability in OSPF Packet Handling of SCALANCE XM-400 and XR-500 Devices
Published
May 11, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-116379.pdf
Summary
SCALANCE XM-400 and XR-500 devices contain a vulnerability in the OSPF protocol implementation that could allow an unauthenticated remote attacker to create a permanent denial-of-service condition. Siemens has released updates for the affected products and recommends to update to the latest versions.
11.05.2021
SIEMENS CERT
SSA-794542 V1.1 (Last Update: 2021-05-11): Insecure Folder Permissions in SIMARIS Configuration
Title
SSA-794542 V1.1 (Last Update: 2021-05-11): Insecure Folder Permissions in SIMARIS Configuration
Published
May 11, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-794542.pdf
Summary
The installation of SIMARIS configuration causes insecure folder permissions that could allow vertical privilege escalation. Siemens has released an update for SIMARIS and recommends to update to the latest version.
11.05.2021
SIEMENS CERT
SSA-936080 V1.1 (Last Update: 2021-05-11): Multiple Vulnerabilities in Third-Party Component libcurl
Title
SSA-936080 V1.1 (Last Update: 2021-05-11): Multiple Vulnerabilities in Third-Party Component libcurl
Published
May 11, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-936080.pdf
Summary
SIMATIC NET CM 1542-1, SCALANCE SC600 family and SIMATIC NET CP 343-1 Advanced devices are vulnerable to a vulnerability in the third party component libcurl that could allow an attacker to cause a Denial-of-Service condition on the affected devices. Siemens has released an update for SCALANCE SC600. For the remaining ...
11.05.2021
SIEMENS CERT
SSA-723417 V1.0: Multiple Vulnerabilities in SCALANCE W1750D
Title
SSA-723417 V1.0: Multiple Vulnerabilities in SCALANCE W1750D
Published
May 11, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf
Summary
Siemens SCALANCE W1750D is a brand-labeled device. Aruba has released a related security advisory ARUBA-PSA-2021-007 disclosing vulnerabilities in its Aruba Instant product line. Siemens is preparing updates and recommends countermeasures for products where updates are not, or not yet available.
11.05.2021
SIEMENS CERT
SSA-646763 V1.3 (Last Update: 2021-05-11): DNSpooq - Dnsmasq Vulnerabilities in SCALANCE and RUGGEDCOM Devices
Title
SSA-646763 V1.3 (Last Update: 2021-05-11): DNSpooq - Dnsmasq Vulnerabilities in SCALANCE and RUGGEDCOM Devices
Published
May 11, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-646763.pdf
Summary
Security researchers discovered and disclosed seven vulnerabilities in the open-source DNS component “dnsmasq”, also known as “DNSpooq” vulnerabilities (CVE-2020-25681 through CVE-2020-25687). Three vulnerabilities (CVE-2020-25684 through CVE-2020-25686) affect the validation of DNS responses and impact several SCALANCE and RUGGEDCOM devices as listed below. Siemens has released updates for several affected products ...
11.05.2021
SIEMENS CERT
SSA-541018 V1.1 (Last Update: 2021-05-11): Embedded TCP/IP Stack Vulnerabilities (AMNESIA:33) in SENTRON PAC / 3VA Devices (Par...
Title
SSA-541018 V1.1 (Last Update: 2021-05-11): Embedded TCP/IP Stack Vulnerabilities (AMNESIA:33) in SENTRON PAC / 3VA Devices (Part 2)
Published
May 11, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-541018.pdf
Summary
Security researchers discovered and disclosed 33 vulnerabilities in several open-source TCP/IP stacks for embedded devices, also known as “AMNESIA:33” vulnerabilities. This advisory describes the impact of two of these vulnerabilities (CVE-2020-13987, CVE-2020-17437) to Siemens products. Siemens has released updates for several affected products and recommends to update to the latest ...
11.05.2021
SIEMENS CERT
SSA-478893 V1.1 (Last Update: 2021-05-11): TightVNC Vulnerabilities in Industrial Products (Revoked)
Title
SSA-478893 V1.1 (Last Update: 2021-05-11): TightVNC Vulnerabilities in Industrial Products (Revoked)
Published
May 11, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-478893.pdf
Summary
Multiple TightVNC (V1.x) vulnerabilities could allow remote code execution and Denial-of-Service attacks under certain conditions. Siemens has previously released this advisory containing a set of products that were considered to be affected. Through Siemens’ continuous investigation processes it was identified that all products previously advised are not affected by any ...
11.05.2021
SIEMENS CERT
SSA-462066 V2.3 (Last Update: 2021-05-11): Vulnerability known as TCP SACK PANIC in Industrial Products
Title
SSA-462066 V2.3 (Last Update: 2021-05-11): Vulnerability known as TCP SACK PANIC in Industrial Products
Published
May 11, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf
Summary
Multiple industrial products are affected by a vulnerability in the kernel known as TCP SACK PANIC. The vulnerability could allow a remote attacker to cause a denial of service condition. Siemens has released updates for several affected products and recommends to update to the new versions. Siemens is preparing further ...
11.05.2021
SIEMENS CERT
SSB-439005 V3.4 (Last Update: 2021-05-11): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 151...
Title
SSB-439005 V3.4 (Last Update: 2021-05-11): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP
Published
May 11, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssb-439005.pdf
Summary
11.05.2021
SIEMENS CERT
SSA-983548 V1.0: Multiple SPP File Parsing Vulnerabilities in Tecnomatix Plant Simulation
Title
SSA-983548 V1.0: Multiple SPP File Parsing Vulnerabilities in Tecnomatix Plant Simulation
Published
May 11, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-983548.pdf
Summary
Siemens Tecnomatix Plant Simulation has released an update for version V16.0 that fixes multiple vulnerabilities that could be triggered when the application reads SPP files. If a user is tricked to open a malicious file using the affected application, this could lead to a crash, and potentially also to arbitrary ...
11.05.2021
SIEMENS CERT
SSA-940818 V1.0: UltraVNC Vulnerabilities in SIMATIC HMIs/WinCC Products
Title
SSA-940818 V1.0: UltraVNC Vulnerabilities in SIMATIC HMIs/WinCC Products
Published
May 11, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-940818.pdf
Summary
UltraVNC vulnerabilities in the affected products listed below could allow remote code execution, information disclosure and Denial-of-Service attacks under certain conditions. Siemens has released updates for the affected products and recommends to update to the latest versions.
11.05.2021
SIEMENS CERT
SSA-919955 V1.0: Information Disclosure Vulnerability in Mendix Database Replication Module
Title
SSA-919955 V1.0: Information Disclosure Vulnerability in Mendix Database Replication Module
Published
May 11, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-919955.pdf
Summary
The latest update of Mendix Database Replication module fixes a infomation disclosure vulnerability. Mendix has released an update for the Mendix Database Replication module and recommends to update to the latest version.
11.05.2021
SIEMENS CERT
SSA-854248 V1.0: Information Disclosure Vulnerability in Mendix Excel Importer Module
Title
SSA-854248 V1.0: Information Disclosure Vulnerability in Mendix Excel Importer Module
Published
May 11, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-854248.pdf
Summary
The latest update of Mendix Excel Importer module fixes an infomation disclosure vulnerability. Mendix has released an update for the Mendix Excel Importer module and recommends to update to the latest version.
11.05.2021
SIEMENS CERT
SSA-752103 V1.0: Telnet Authentication Vulnerability in SINAMICS Medium Voltage Products
Title
SSA-752103 V1.0: Telnet Authentication Vulnerability in SINAMICS Medium Voltage Products
Published
May 11, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-752103.pdf
Summary
SINAMICS medium voltage products, with telnet enabled on SIMATIC comfort HMI Panels, are affected by a remote access vulnerability that could allow an attacker, under certain conditions, to gain full remote access to the HMI. Note that by default telnet is disabled, but it can be enabled on request by ...
11.05.2021
SIEMENS CERT
SSA-676775 V1.0: Denial-of-Service Vulnerability in SIMATIC NET CP 343-1 Devices
Title
SSA-676775 V1.0: Denial-of-Service Vulnerability in SIMATIC NET CP 343-1 Devices
Published
May 11, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-676775.pdf
Summary
A vulnerability in SIMATIC CP343-1 devices could allow an attacker to cause a Denial-of-Service condition on TCP port 102 of the affected devices by sending specially crafted packets. Siemens recommends specific countermeasures for products where updates are not, or not yet available.
11.05.2021
SIEMENS CERT
SSA-594364 V1.0: Denial-of-Service Vulnerability in SNMP Implementation of WinCC Runtime
Title
SSA-594364 V1.0: Denial-of-Service Vulnerability in SNMP Implementation of WinCC Runtime
Published
May 11, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-594364.pdf
Summary
A denial-of-service vulnerability in WinCC Runtime could allow an unauthenticated attacker with network access to cause a denial-of-service condition in the SNMP service by sending crafted SNMP packets to port 161/udp. Siemens has released updates for the affected products and recommends to update to the latest versions.
11.05.2021
SIEMENS CERT
SSA-538778 V1.0: SmartVNC Vulnerabilities in SIMATIC HMI/WinCC Products
Title
SSA-538778 V1.0: SmartVNC Vulnerabilities in SIMATIC HMI/WinCC Products
Published
May 11, 2021, 2 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-538778.pdf
Summary
Multiple SmartVNC vulnerabilities in the affected products listed below could allow remote code execution and Denial-of-Service attacks under certain conditions. Siemens has released updates for the affected products and recommends to update to the latest version.

Last Updates

BOSCH PSIRT
20.03.2024
CODESYS
28.06.2023
SIEMENS CERT
19.04.2024
US CERT
17.04.2024
US CERT (ICS)
18.04.2024

By Source

Archive

2024
2023
2022
2021
2020
2019
2018
2017

Feeds