Publication Date: |
|
Last Update: |
|
Current Version: | V1.1 |
CVSS v3.1 Base Score: | 7.8 |
Affected Product and Versions | Remediation |
---|---|
All versions |
Currently no fix is available
|
Siemens has identified the following specific workarounds and mitigations that customers can apply to reduce the risk:
Please follow the General Security Recommendations.
As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals. Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity
This chapter describes all vulnerabilities (CVE-IDs) addressed in this security advisory. Wherever applicable, it also documents the product-specific impact of the individual vulnerabilities.
In the Linux kernel, the following vulnerability has been resolved: Squashfs: check the inode number is not the invalid value of zero
CVSS v3.1 Base Score | 7.1 |
CVSS v3.1 Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H |
CWE | CWE-125: Out-of-bounds Read |
CVSS v3.1 Base Score | 5.5 |
CVSS v3.1 Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
CWE | CWE-415: Double Free |
CVSS v3.1 Base Score | 7.8 |
CVSS v3.1 Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
CWE | CWE-416: Use After Free |
CVSS v3.1 Base Score | 5.5 |
CVSS v3.1 Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
CWE | CWE-476: NULL Pointer Dereference |
CVSS v3.1 Base Score | 5.5 |
CVSS v3.1 Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
CWE | CWE-805: Buffer Access with Incorrect Length Value |
CVSS v3.1 Base Score | 7.8 |
CVSS v3.1 Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
CWE | CWE-457: Use of Uninitialized Variable |
CVSS v3.1 Base Score | 4.7 |
CVSS v3.1 Vector | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H |
CWE | CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') |
CVSS v3.1 Base Score | 5.5 |
CVSS v3.1 Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
CWE | CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') |
CVSS v3.1 Base Score | 5.5 |
CVSS v3.1 Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
CWE | CWE-476: NULL Pointer Dereference |
CVSS v3.1 Base Score | 5.5 |
CVSS v3.1 Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
CWE | CWE-20: Improper Input Validation |
In the Linux kernel, the following vulnerability has been resolved: sched: sch_cake: add bounds checks to host bulk flow fairness counts
CVSS v3.1 Base Score | 7.1 |
CVSS v3.1 Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H |
CWE | CWE-125: Out-of-bounds Read |
CVSS v3.1 Base Score | 4.7 |
CVSS v3.1 Vector | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H |
CWE | CWE-20: Improper Input Validation |
CVSS v3.1 Base Score | 5.5 |
CVSS v3.1 Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
CWE | CWE-20: Improper Input Validation |
CVSS v3.1 Base Score | 7.0 |
CVSS v3.1 Vector | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
CWE | CWE-416: Use After Free |
CVSS v3.1 Base Score | 5.5 |
CVSS v3.1 Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
CWE | CWE-20: Improper Input Validation |
CVSS v3.1 Base Score | 4.4 |
CVSS v3.1 Vector | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
CWE | CWE-476: NULL Pointer Dereference |
CVSS v3.1 Base Score | 5.5 |
CVSS v3.1 Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
CWE | CWE-20: Improper Input Validation |
CVSS v3.1 Base Score | 5.5 |
CVSS v3.1 Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
CWE | CWE-20: Improper Input Validation |
V1.0 (2025-03-11): | Publication Date |
V1.1 (2025-04-08): | Added CVE-2025-21826, CVE-2025-21806, CVE-2025-21776, CVE-2025-21762, CVE-2025-21703, CVE-2025-21678, CVE-2025-21653, CVE-2025-21647, CVE-2024-58005, CVE-2024-57981, CVE-2024-57940, CVE-2024-53124, CVE-2024-26982 |