• 1
  • 2 (current)
  • 3
Tuesday, 14.09.2021
Title
SSA-187092 V1.1 (Last Update: 2021-09-14): Several Buffer-Overflow Vulnerabilities in Web Server of SCALANCE X-200
Published
Sept. 14, 2021, 2 a.m.
Summary
Several SCALANCE X-200 switches contain buffer overflow vulnerabilities in the web server. In the most severe case an attacker could potentially remotely execute code. Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available.
Title
SSA-274900 V1.2 (Last Update: 2021-09-14): Use of hardcoded key in Scalance X devices under certain conditions
Published
Sept. 14, 2021, 2 a.m.
Summary
Scalance X devices might not generate a unique random key after factory reset, and use a private key shipped with the firmware Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where ...
Title
SSA-312271 V1.8 (Last Update: 2021-09-14): Unquoted Search Path Vulnerabilities in Windows-based Industrial Software Applications
Published
Sept. 14, 2021, 2 a.m.
Summary
Several industrial products as listed below contain a local privilege escalation vulnerabilities that could allow authorized local users with administrative privileges to execute custom code with SYSTEM level privileges. Siemens has released updates for the affected products and recommends to update to the latest versions.
Title
SSA-324955 V1.4 (Last Update: 2021-09-14): SAD DNS Attack in Linux Based Products
Published
Sept. 14, 2021, 2 a.m.
Summary
A vulnerability made public under the name SAD DNS affects Domain Name System resolvers due to a vulnerability in the Linux kernel when handling ICMP packets. The Siemens products which are affected are listed below. For more information please see https://www.saddns.net/. Siemens has released updates for several affected products and ...
Title
SSA-428051 V1.1 (Last Update: 2021-09-14): Privilege Escalation Vulnerability in TIA Administrator
Published
Sept. 14, 2021, 2 a.m.
Summary
The latest update for TIA Administrator, installed together with TIA Portal and PCS neo, fixes a privilege escalation vulnerability that could allow local users to escalate privileges and execute code as local SYSTEM user. Siemens has released updates for the affected products and recommends to update to the latest versions.
Title
SSA-434534 V1.1 (Last Update: 2021-09-14): Memory Protection Bypass Vulnerability in SIMATIC S7-1200 and S7-1500 CPU Families
Published
Sept. 14, 2021, 2 a.m.
Summary
SIMATIC S7-1200 and S7-1500 CPU products contain a memory protection bypass vulnerability that could allow an attacker to write arbitrary data and code to protected memory areas or read sensitive data to launch further attacks. Siemens has released updates for several affected products and strongly recommends to update to the ...
Title
SSA-434535 V1.1 (Last Update: 2021-09-14): Memory Protection Bypass Vulnerability in SINAMICS PERFECT HARMONY GH180 Drives
Published
Sept. 14, 2021, 2 a.m.
Summary
Several models of SINAMICS PERFECT HARMONY GH180 Drives are affected by a memory protection bypass vulnerability in the integrated S7-1500 or S7-1200 CPU that could allow an attacker to write arbitrary data and code to protected memory areas or read sensitive data to launch further attacks on the CPU. Siemens ...
Title
SSA-434536 V1.1 (Last Update: 2021-09-14): Memory Protection Bypass Vulnerability in SINUMERIK ONE and SINUMERIK MC
Published
Sept. 14, 2021, 2 a.m.
Summary
SINUMERIK ONE and SINUMERIK MC products are affected by a memory protection bypass vulnerability in the integrated S7-1500 CPU that could allow an attacker to write arbitrary data and code to protected memory areas or read sensitive data to launch further attacks on the CPU. Siemens has released updates for ...
Title
SSB-439005 V3.7 (Last Update: 2021-09-14): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP
Published
Sept. 14, 2021, 2 a.m.
Summary
Title
SSA-462066 V2.5 (Last Update: 2021-09-14): Vulnerability known as TCP SACK PANIC in Industrial Products
Published
Sept. 14, 2021, 2 a.m.
Summary
Multiple industrial products are affected by a vulnerability in the kernel known as TCP SACK PANIC. The vulnerability could allow a remote attacker to cause a denial of service condition. Siemens has released updates for several affected products and recommends to update to the new versions. Siemens is preparing further ...
Title
SSA-538778 V1.1 (Last Update: 2021-09-14): SmartVNC Vulnerabilities in SIMATIC HMI/WinCC Products
Published
Sept. 14, 2021, 2 a.m.
Summary
Multiple SmartVNC vulnerabilities in the affected products listed below could allow remote code execution and Denial-of-Service attacks under certain conditions. Siemens has released updates for the affected products and recommends to update to the latest version.
Title
SSA-599968 V1.2 (Last Update: 2021-09-14): Denial-of-Service Vulnerability in Profinet Devices
Published
Sept. 14, 2021, 2 a.m.
Summary
A vulnerability in affected devices could allow an attacker to perform a denial-of-service attack if a large amount of Profinet Discovery and Configuration Protocol (DCP) reset packets is sent to the affected devices. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens ...
Title
SSA-661034 V1.1 (Last Update: 2021-09-14): Incorrect Permission Assignment in Multiple SIMATIC Software Products
Published
Sept. 14, 2021, 2 a.m.
Summary
Multiple SIMATIC software products are affected by a vulnerability that could allow an attacker to change the content of certain metafiles and subsequently manipulate parameters or behaviour of devices configured by the affected software products. Siemens has released updates for several affected products and recommends to update to the latest ...
Title
SSA-675303 V1.1 (Last Update: 2021-09-14): WIBU Systems CodeMeter Runtime Vulnerabilities in Siemens Products
Published
Sept. 14, 2021, 2 a.m.
Summary
WIBU Systems disclosed two vulnerabilities and a new release version of CodeMeter Runtime, a product provided by WIBU Systems and used in several Siemens products for license management. The vulnerabilities are described in the section “Vulnerability Classification” below and got assigned the CVE IDs CVE-2021-20093 and CVE-2021-20094. Successful exploitation of ...
Title
SSA-756744 V1.1 (Last Update: 2021-09-14): OS Command Injection Vulnerability in SINEC NMS
Published
Sept. 14, 2021, 2 a.m.
Summary
The latest update for SINEC NMS fixes a vulnerability that could allow an authenticated remote attacker to execute arbitrary code on the system, with system privileges, under certain conditions. Siemens has released an update for SINEC NMS and recommends to update to the latest version.
Title
SSA-772220 V1.2 (Last Update: 2021-09-14): OpenSSL Vulnerabilities in Industrial Products
Published
Sept. 14, 2021, 2 a.m.
Summary
OpenSSL has published a security advisory [0] about a vulnerability in OpenSSL versions 1.1.1 < 1.1.1k, that allows an unauthenticated attacker to cause a Denial-of-Service (DoS) if a maliciously crafted renegotiation message is sent. Siemens is preparing updates and recommends countermeasures for products where updates are not, or not yet ...
Title
SSA-780073 V1.8 (Last Update: 2021-09-14): Denial-of-Service Vulnerability in PROFINET Devices via DCE-RPC Packets
Published
Sept. 14, 2021, 2 a.m.
Summary
Products that include the Siemens PROFINET-IO (PNIO) stack in versMions prior V06.00 are potentially affected by a denial-of-service vulnerability when multiple legitimate diagnostic package requests are sent to the DCE-RPC interface. Siemens has released updates for several affected products and recommends to update to the new versions. Siemens is preparing ...
Title
SSA-789208 V1.1 (Last Update: 2021-09-14): Multiple Vulnerabilities (INFRA:HALT) in Interniche IP-Stack based Low Voltage Devices
Published
Sept. 14, 2021, 2 a.m.
Summary
Security researchers discovered and disclosed 14 vulnerabilities in the Interniche IP stack, also known as “INFRA:HALT” vulnerabilities [0]. This advisory describes the impact to Siemens low voltage products, which are only affected by four out of the 14 vulnerabilities. Siemens has released updates for several affected products and recommends to ...
Title
SSA-830194 V1.1 (Last Update: 2021-09-14): Missing Authentication Vulnerability in S7-1200 Devices
Published
Sept. 14, 2021, 2 a.m.
Summary
SIMATIC S7-1200 PLC, version V4.5.0 fails to authenticate against configured passwords when the affected device was provisioned using TIA Portal V13. This could allow an attacker using TIA Portal V13 or later versions to bypass authentication and download arbitrary programs to the PLC. Siemens has released an update for SIMATIC ...
Title
SSA-865327 V1.1 (Last Update: 2021-09-14): Incorrect Authorization Vulnerability in Industrial Products
Published
Sept. 14, 2021, 2 a.m.
Summary
The latest updates for the below mentioned products fix a vulnerability that allows an unauthenticated attacker to read PLC variables from affected devices without proper authentication under certain circumstances. Siemens has released updates for some of the affected products, is working on updates for the remaining affected products and recommends ...
Title
SSA-936080 V1.2 (Last Update: 2021-09-14): Multiple Vulnerabilities in Third-Party Component libcurl
Published
Sept. 14, 2021, 2 a.m.
Summary
SIMATIC CM 1542-1, SCALANCE SC600 family and SIMATIC CP 343-1 Advanced devices are vulnerable to a vulnerability in the third party component libcurl that could allow an attacker to cause a Denial-of-Service condition on the affected devices. Siemens has released updates for several affected products and recommends to update to ...
Title
SSA-938030 V1.1 (Last Update: 2021-09-14): DGN and PAR File Parsing Vulnerabilities in JT2Go and Teamcenter Visualization before V13.2.0.2
Published
Sept. 14, 2021, 2 a.m.
Summary
Siemens has released version V13.2.0.2 for JT2Go and Teamcenter Visualization to fix three vulnerabilities that could be triggered while parsing DGN or PAR files. If a user is tricked to open a malicious file with the affected products, this could lead the application to crash or potential arbitrary code execution. ...
Title
SSA-109294 V1.0: Scene File Parsing Vulnerability in Simcenter STAR-CCM+ Viewer
Published
Sept. 14, 2021, 2 a.m.
Summary
Siemens Simcenter STAR-CCM+ Viewer is affected by a vulnerability that could be triggered when the application reads scene (.sce) files. If a user is tricked to open a malicious file with the affected application, this could lead to a crash, and potentially also to arbitrary code execution or data extraction ...
Title
SSA-150692 V1.0: Multiple Vulnerabilities in RUGGEDCOM ROX
Published
Sept. 14, 2021, 2 a.m.
Summary
Multiple vulnerabilities in RUGGEDCOM ROX devices have been detected, ranging from command injection to filesystem traversal. An attacker could exploit these to gain root access to the affected devices. Siemens has released updates for the affected products and recommends to update to the latest versions.
Title
SSA-208530 V1.0: File parsing vulnerabilities in IFC adapter in NX
Published
Sept. 14, 2021, 2 a.m.
Summary
Siemens NX is affected by two vulnerabilities that could be triggered when the application reads ifc files. If a user is tricked to open a malicious file with the affected application, this could lead to an access violation, and potentially also to arbitrary code execution on the target host system. ...
  • 1
  • 2 (current)
  • 3

Last Updates

BOSCH PSIRT
19.07.2024
SIEMENS CERT
09.07.2024
US CERT
09.07.2024
US CERT (ICS)
18.07.2024

By Source

Archive

2024
2023
2022
2021
2020
2019
2018
2017

Feeds