https://cert-portal.siemens.com/productcert/rss/advisories_building_technology_products.atomSiemens ProductCERT Security Advisories2024-03-12T00:00:00+00:00Siemens ProductCERTproductcert@siemens.comSiemens ProductCERTSiemens Security Advisorieshttps://cert-portal.siemens.com/productcert/html/ssa-225840.htmlSSA-225840 V1.0: Vulnerabilities in the Network Communication Stack in Sinteso EN and Cerberus PRO EN Fire Protection Systems2024-03-12T00:00:00+00:00<p>Several products used in Sinteso EN and Cerberus PRO EN Fire Protection Systems contain buffer overflow vulnerabilities in the network communication stack. Successful exploitation of the vulnerabilities could allow an unauthenticated attacker, who gained access to the fire protection system network, to execute arbitrary code on the affected products (CVE-2024-22039) or create a denial of service condition (CVE-2024-22040, CVE-2024-22041).</p>
<p>Product-specific impact of the individual vulnerabilities is documented in the chapter “Vulnerability Description”.</p>
<p>Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends countermeasures for products where fixes are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/html/ssa-145196.htmlSSA-145196 V1.0: Authorization Bypass Vulnerability in Siveillance Control2024-03-12T00:00:00+00:00<p>Siveillance Control does not properly check the list of access groups that are assigned to an individual user. This could enable a locally logged on user to gain write privileges for objects where they only have read privileges.</p>
<p>Siemens has released a new version for Siveillance Control and recommends to update to the latest version.</p>
https://cert-portal.siemens.com/productcert/html/ssa-844761.htmlSSA-844761 V1.3 (Last Update: 2024-01-09): Multiple Vulnerabilities in SiNVR/SiVMS Video Server2024-01-09T00:00:00+00:00<p>The Video Server application in SiNVR/SiVMS solutions contains five vulnerabilities involving information disclosure (CVE-2019-19291, CVE-2019-19299), path traversal (CVE-2019-19296, CVE-2019-19297), and denial-of-service (CVE-2019-19298).</p>
<p>PKE has released updates of the application that fixes the reported vulnerabilities, except for CVE-2019-19299. This update is not available under the former Siemens OEM brand name SiNVR. For details contact PKE (<a href="https://pke.at/" class="uri">https://pke.at/</a>).</p>
https://cert-portal.siemens.com/productcert/html/ssa-761844.htmlSSA-761844 V1.1 (Last Update: 2024-01-09): Multiple Vulnerabilities in Control Center Server (CCS)2024-01-09T00:00:00+00:00<p>The advisory informs about multiple vulnerabilities in the Central Control Server (CCS) application, as initially reported in SSA-761617 (<a href="https://cert-portal.siemens.com/productcert/html/ssa-761617.html" class="uri">https://cert-portal.siemens.com/productcert/html/ssa-761617.html</a>) on 2019-12-10 and SSA-844761 (<a href="https://cert-portal.siemens.com/productcert/html/ssa-844761.html" class="uri">https://cert-portal.siemens.com/productcert/html/ssa-844761.html</a>) on 2020-03-10.</p>
<p>The vulnerabilities involve authentication bypass (CVE-2019-18337, CVE-2019-18341), path traversal (CVE-2019-18338, CVE-2019-19290), information disclosure (CVE-2019-13947, CVE-2019-18340, CVE-2019-19291), privilege escalation (CVE-2019-18342), SQL injection (CVE-2019-19292), cross-site scripting (CVE-2019-19293, CVE-2019-19294), and insufficient logging (CVE-2019-19295).</p>
<p>PKE has released an update for CCS that fixes the reported vulnerabilities, except for CVE-2019-18340. For details contact PKE (<a href="https://pke.at/" class="uri">https://pke.at/</a>).</p>
<p>Siemens recommends to update to the latest version and recommends specific countermeasures to mitigate the vulnerabilities.</p>
https://cert-portal.siemens.com/productcert/html/ssa-761617.htmlSSA-761617 V1.2 (Last Update: 2024-01-09): Authentication Bypass and Information Disclosure Vulnerabilities in SiNVR/SiVMS Video Server2024-01-09T00:00:00+00:00<p>The Video Server application in SiNVR/SiVMS solutions contains two vulnerabilities involving authentication bypass (CVE-2019-18339) and information disclosure (CVE-2019-18340).</p>
<p>PKE has released an update of the application that fixes CVE-2019-18339. This update is not available under the former Siemens OEM brand name SiNVR. For details contact PKE (<a href="https://pke.at/" class="uri">https://pke.at/</a>).</p>
<p>Siemens recommends specific countermeasures to mitigate the vulnerabilities.</p>
https://cert-portal.siemens.com/productcert/html/ssa-625850.htmlSSA-625850 V1.0: Multiple WIBU Systems CodeMeter Vulnerabilities Affecting the Desigo CC Product Family2023-11-14T00:00:00+00:00<p>Versions V5.0 through V7 of the Desigo CC product family (Desigo CC, Desigo CC Compact, Desigo CC Connect, Cerberus DMS) are affected by multiple vulnerabilities in the underlying third-party component WIBU Systems CodeMeter Runtime. Successful exploitation of these vulnerabilities could allow remote attackers to execute arbitrary code on the Desigo CC server, or create a denial of service condition. While all verison lines V5.0, V5.1 and V6 are affected by all listed vulnerabilities, V7 is only affected by CVE-2023-3935.</p>
<p>Siemens has released a patch to update the CodeMeter Runtime component and recommends to apply the patch on affected systems.</p>
https://cert-portal.siemens.com/productcert/html/ssa-180579.htmlSSA-180579 V1.1 (Last Update: 2023-08-08): Privilege Management Vulnerability and Multiple Nucleus RTOS Vulnerabilities in APOGEE/TALON Field Panels before V3.5.5/V2.8.202023-08-08T00:00:00+00:00<p>APOGEE PXC / TALON TC field panels (BACnet before V3.5.5 and P2 Ethernet before V2.8.20) contain multiple vulnerabilities:</p>
<ul>
<li>CVE-2022-45937: A privilege management vulnerability that could allow low privilege authenticated attackers to gain high privilege access.</li>
<li>CVE-2020-28388: Predictable Initial Sequence Numbers in the TCP/IP Stack of Nucleus RTOS (real-time operating system) used by the affected products.</li>
<li>Several vulnerabilities in the DNS (domain name service) implementation of Nucleus RTOS.</li>
</ul>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/html/ssa-924149.htmlSSA-924149 V1.0: Stack Overflow Vulnerability in SiPass Integrated before V2.90.3.82023-07-11T00:00:00+00:00<p>SiPass integrated versions before V2.90.3.8 contain a stack overflow vulnerability that could allow an unauthenticated remote attacker to crash the server application, creating a denial of service condition.</p>
<p>Siemens has released an update for SiPass integrated and recommends to update to the latest version.</p>
https://cert-portal.siemens.com/productcert/html/ssa-824231.htmlSSA-824231 V1.4 (Last Update: 2023-06-13): Unauthenticated Firmware Upload Vulnerability in Desigo PX Controllers2023-06-13T00:00:00+00:00<p>Several Desigo PXC/PXM devices contain a vulnerability that could allow unauthenticated remote attackers to upload malicious firmware without prior authentication.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/html/ssa-789345.htmlSSA-789345 V1.0: Code Execution Vulnerabilities in Siveillance Video Event and Management Servers2023-05-09T00:00:00+00:00<p>Both the Event Server and the Management Server components of Siveillance Video deserialize data without sufficient validations. This could allow an authenticated remote attacker to execute code on the affected system.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions. The provided cumulative hotfix releases include the fixes for both Event Server (ES) and Management Server (MS). Ensure to apply the fixes on all relevant servers in your deployment.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-658793.pdfSSA-658793 V1.0: Command Injection Vulnerability in SiPass integrated AC5102 / ACC-G2 and ACC-AP2023-02-14T00:00:00+00:00<p>SiPass integrated ACC (Advanced Central Controller) devices improperly sanitize user input on the telnet command line interface. This could allow an authenticated user to escalate privileges by injecting arbitrary commands that are executed with root privileges.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-436469.pdfSSA-436469 V1.0: TCP Vulnerability in APOGEE/TALON Field Panels2022-12-13T00:00:00+00:00<p>A TCP sequence vulnerability in the APOGEE PXC and TALON TC series of products could allow an attacker to execute a denial of service attack by sending specially crafted packets to the device.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-180579.pdfSSA-180579 V1.0: Privilege Management Vulnerability in APOGEE/TALON Field Panels2022-12-13T00:00:00+00:00<p>A privilege management vulnerability in the APOGEE PXC and TALON TC series of products could allow low privilege authenticated attackers to gain high privilege access.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-640732.pdfSSA-640732 V1.0: Authentication Bypass Vulnerability in Siveillance Video Mobile Server2022-10-21T00:00:00+00:00<p>The mobile server component of Siveillance Video 2022 R2 contains an authentication bypass vulnerability that could allow an unauthenticated remote attacker to access the application without a valid account.</p>
<p>Siemens has released a hotfix for Siveillance Video 2022 R2 and recommends to apply the hotfix on all installations of the mobile server.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-935500.pdfSSA-935500 V1.0: Denial of Service Vulnerability in FTP Server of Nucleus RTOS based APOGEE, TALON and Desigo PXC/PXM Products2022-10-11T00:00:00+00:00<p>A denial of service vulnerability has been identified in the Nucleus RTOS (real-time operating system) and reported in the Siemens Security Advisory SSA-313313: <a href="https://cert-portal.siemens.com/productcert/html/ssa-313313.html" class="uri">https://cert-portal.siemens.com/productcert/html/ssa-313313.html</a>.</p>
<p>The products listed below use affected versions of the Nucleus software and inherently contain the vulnerability.</p>
<p>Siemens recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-836027.pdfSSA-836027 V1.0: Client-side Authentication in Desigo CC and Cerberus DMS2022-10-11T00:00:00+00:00<p>Desigo CC and Cerberus DMS are based on SIMATIC WinCC OA and implement client-side only authentication for specific parts of their client-server communication. In this configuration, attackers could impersonate other users or exploit the client-server protocol without being authenticated, as documented for SIMATIC WinCC OA in SSA-111512 [1].</p>
<p>Siemens recommends specific mitigations, documented in [2], for products where fixes are not, or not yet available. Additional details regarding these mitigations can be found in the chapter Additional Information.</p>
<p>[1] <a href="https://cert-portal.siemens.com/productcert/html/ssa-111512.html" class="uri">https://cert-portal.siemens.com/productcert/html/ssa-111512.html</a><br />
[2] <a href="https://support.industry.siemens.com/cs/ww/en/view/109813389/" class="uri">https://support.industry.siemens.com/cs/ww/en/view/109813389/</a></p>
https://cert-portal.siemens.com/productcert/pdf/ssa-360783.pdfSSA-360783 V1.0: Multiple Webserver Vulnerabilities in Desigo PXM Devices2022-10-11T00:00:00+00:00<p>Desigo PXM devices contain multiple vulnerabilities in the webserver application that could allow an attacker to potentially access sensitive information, execute arbitrary commands, cause a denial of service condition, or perform remote code execution.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-662649.pdfSSA-662649 V1.1 (Last Update: 2022-06-14): Denial of Service Vulnerability in Desigo DXR and PXC Controllers2022-06-14T00:00:00+00:00<p>A vulnerability in Desigo DXR and PXC controllers has been identified that could allow an attacker to disable and reset a device to factory state using a denial of service attack.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-626968.pdfSSA-626968 V1.1 (Last Update: 2022-06-14): Multiple Webserver Vulnerabilities in Desigo PXC and DXR Devices2022-06-14T00:00:00+00:00<p>Desigo PXC3, PXC4, PXC5 and DXR2 devices contain multiple vulnerabilities in the webserver application that could allow an attacker to potentially intercept unencrypted transmission of sensitive information, cause a denial of service condition, or perform remote code execution.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-148078.pdfSSA-148078 V1.1 (Last Update: 2022-06-14): Multiple Vulnerabilities in APOGEE/TALON Field Panels2022-06-14T00:00:00+00:00<p>Multiple vulnerabilities in the APOGEE PXC and TALON TC series of products could allow unauthenticated attackers to download sensitive information through the integrated webserver.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-626968.pdfSSA-626968 V1.0: Multiple Webserver Vulnerabilities in Desigo PXC and DXR Devices2022-05-10T00:00:00+00:00<p>Desigo PXC3, PXC4, PXC5 and DXR2 devices contain multiple vulnerabilities in the webserver application that could allow an attacker to potentially intercept unencrypted transmission of sensitive information, cause a denial of service condition, or perform remote code execution.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-662649.pdfSSA-662649 V1.0: Denial of Service Vulnerability in Desigo DXR and PXC Controllers2022-05-10T00:00:00+00:00<p>A vulnerability in Desigo DXR and PXC controllers has been identified that could allow an attacker to disable and reset a device to factory state using a denial of service attack.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdfSSA-114589 V1.3 (Last Update: 2022-05-10): Multiple Vulnerabilities in Nucleus RTOS based APOGEE, TALON and Desigo PXC/PXM Products2022-05-10T00:00:00+00:00<p>Multiple vulnerabilities (also known as “NUCLEUS:13”) have been identified in the Nucleus RTOS (real-time operating system) and reported in the Siemens Security Advisory SSA-044112: <a href="https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf" class="uri">https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf</a>.</p>
<p>The products listed below use affected versions of the Nucleus software and inherently contain these vulnerabilities.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdfSSA-114589 V1.2 (Last Update: 2022-04-12): Multiple Vulnerabilities in Nucleus RTOS based APOGEE, TALON and Desigo PXC/PXM Products2022-04-12T00:00:00+00:00<p>Multiple vulnerabilities (also known as “NUCLEUS:13”) have be identified in the Nucleus RTOS (real-time operating system) and reported in the Siemens Security Advisory SSA-044112: <a href="https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf" class="uri">https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf</a>.</p>
<p>The products listed below use affected versions of the Nucleus software and inherently contain these vulnerabilities.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-223353.pdfSSA-223353 V1.0: Multiple Vulnerabilities in Nucleus RTOS based SIMOTICS CONNECT 4002022-03-08T00:00:00+00:00<p>Multiple vulnerabilities (also known as “NUCLEUS:13”) have been identified in the Nucleus RTOS (real-time operating system), originally reported in the Siemens Security Advisory SSA-044112: <a href="https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf" class="uri">https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf</a>.</p>
<p>SIMOTICS CONNECT 400 devices are affected by some of the vulnerabilities as documented below.</p>
<p>Siemens has released an update for the SIMOTICS CONNECT 400 and recommends to update to the latest version.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-252466.pdfSSA-252466 V1.0: Multiple Vulnerabilities in Climatix POL909 (AWM and AWB)2022-03-08T00:00:00+00:00<p>Multiple vulnerabilities have been identified in the Climatix POL909 (AWM and AWB) that could allow an unauthenticated attacker to hijack and redirect users to a malicious webpage, or allow an authenticated attacker to access sensitive files.</p>
<p>Siemens has released an update for the Climatix POL909 (AWM and AWB) and recommends to update to the latest version.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-703715.pdfSSA-703715 V1.1 (Last Update: 2022-03-08): Information Disclosure Vulnerability in Climatix POL909 (AWM and AWB)2022-03-08T00:00:00+00:00<p>Climatix POL909 (AWM and AWB) contains an information disclosure vulnerability that could allow a man-in-the-middle attacker to read sensitive data, such as administrator credentials, or modify data in transit.</p>
<p>Siemens has released an update for Climatix POL909 (AWM and AWB) and recommends to update to the latest version.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-160202.pdfSSA-160202 V1.0: Multiple Access Control Vulnerabilities in SiPass Integrated2021-12-14T00:00:00+00:00<p>SiPass integrated contains multiple vulnerabilities that could allow an unauthenticated remote attacker to access or modify several internal application resources.</p>
<p>Siemens has released a tool, “SiPass integrated Component Manager”, to remediate the vulnerabilities on all maintained and supported versions of SiPass integrated and recommends to apply this tool.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-463116.pdfSSA-463116 V1.0: Multiple Access Control Vulnerabilities in Siveillance Identity before V1.6.284.02021-12-14T00:00:00+00:00<p>Siveillance Identity contains multiple vulnerabilities that could allow an unauthenticated remote attacker to access or modify several internal application resources.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdfSSA-114589 V1.1 (Last Update: 2021-12-14): Multiple Vulnerabilities in Nucleus RTOS based APOGEE, TALON and Desigo PXC/PXM Products2021-12-14T00:00:00+00:00<p>Multiple vulnerabilities (also known as “NUCLEUS:13”) have be identified in the Nucleus RTOS (real-time operating system) and reported in the Siemens Security Advisory SSA-044112: <a href="https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf" class="uri">https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf</a>.</p>
<p>The products listed below use affected versions of the Nucleus software and inherently contain these vulnerabilities.</p>
<p>Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdfSSA-114589 V1.0: Multiple Vulnerabilities in Nucleus RTOS based APOGEE and TALON Products2021-11-09T00:00:00+00:00<p>Multiple vulnerabilities (also known as “NUCLEUS:13”) have be identified in the Nucleus RTOS (real-time operating system) and reported in the Siemens Security Advisory SSA-044112: <a href="https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf" class="uri">https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf</a>.</p>
<p>The products listed below use affected versions of the Nucleus software and inherently contain these vulnerabilities.</p>
<p>Siemens recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-703715.pdfSSA-703715 V1.0: Information Disclosure Vulnerability in Climatix POL909 (AWM)2021-11-09T00:00:00+00:00<p>Climatix POL909 (AWM module) contains an information disclosure vulnerability could allow an attacker in a man-in-the-middle position to read sensitive data, such as administrator credentials, or modify data in transit.</p>
<p>Siemens has released an update for Climatix POL909 (AWM module) and recommends to update to the latest version.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-755517.pdfSSA-755517 V1.0: Path Traversal Vulnerability in Siveillance Video DLNA Server2021-11-09T00:00:00+00:00<p>Siemens has released hotfixes for Siveillance Video DLNA Server, which fix a path traversal vulnerability that could allow an authenticated remote attacker to access sensitive information on the DLNA server.</p>
<p>Siemens has released updates for the DLNA server and recommends to apply the update on all installations where DLNA server used.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-453715.pdfSSA-453715 V1.0: Deserialization Vulnerability in CCOM Communication Component of Desigo CC Family2021-09-14T00:00:00+00:00<p>Desigo CC, Desigo CC Compact and Cerberus DMS that use CCOM communication component hosted in IIS contain a deserialisation vulnerability that could allow an unauthenticated attacker to perform remote code execution. Only those systems that use Windows App and/or IE XBAP Web Client are affected. Regular installed clients and the new HTML5 Flex Clients are not impacted by this vulnerability.</p>
<p>Note that the risk of this vulnerability being exploited is particularly high for any Desigo CC system that is connected directly to the Internet. For systems not accessible directly from the Internet, an attacker would need to have access to the local network to exploit this vulnerability.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-535380.pdfSSA-535380 V1.0: Command Injection Vulnerability in Siveillance OIS Affecting Several Building Management Systems2021-09-14T00:00:00+00:00<p>The Siveillance Open Interface Services (OIS) application used for integration of different subsystems to several Siemens building management systems contains a command injection vulnerability that could allow a remote unauthenticated attacker to execute code on the affected system with root privileges.</p>
<p>Siemens has released patches and updates for Siveillance OIS to apply to the products that incorporate the OIS service, and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-944498.pdfSSA-944498 V1.0: Buffer Overflow Vulnerability in Web Server of APOGEE and TALON Automation Devices2021-09-14T00:00:00+00:00<p>A buffer overflow vulnerability in the integrated web server of multiple APOGEE and TALON automation devices could allow a remote attacker to execute arbitrary code on the devices with root privileges.</p>
<p>Affected devices include the APOGEE MBC/MEC/PXC P2 Ethernet devices with Power Open Processors (PPC), APOGEE PXC BACnet devices, and TALON TC BACnet devices.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdfSSA-844761 V1.2 (Last Update: 2021-08-10): Multiple Vulnerabilities in SiNVR/SiVMS Video Server2021-08-10T00:00:00+00:00<p>The Video Server application in SiNVR/SiVMS solutions contains five vulnerabilities involving information disclosure (CVE-2019-19291, CVE-2019-19299), path traversal (CVE-2019-19296, CVE-2019-19297), and denial-of-service (CVE-2019-19298).</p>
<p>PKE has released updates of the application that fixes the reported vulnerabilities, except for CVE-2019-19299. This update is not available under the former Siemens OEM brand name SiNVR. For details see PKE Security Advisory at <a href="https://sivms.cloud/wp-content/uploads/2021/03/sivms-cve-fixes_1.0_EN.pdf">https://sivms.cloud/wp-content/uploads/2021/03/sivms-cve-fixes_1.0_EN.pdf</a></p>
<p>Siemens recommends specific countermeasures to mitigate the vulnerabilities.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-448291.pdfSSA-448291 V1.0: Denial-of-Service Vulnerability in ARP Protocol of RWG Universal Controllers2021-07-13T00:00:00+00:00<p>A Denial-of-Service vulnerability was found affecting the ARP protocol on RWG Universal Controller devices.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-761844.pdfSSA-761844 V1.0: Multiple Vulnerabilities in Control Center Server (CCS)2021-04-13T00:00:00+00:00<p>The advisory informs about multiple vulnerabilities in the Central Control Server (CCS) application, as initially reported in <a href="https://cert-portal.siemens.com/productcert/pdf/ssa-761617.pdf">SSA-761617</a> on 2019-12-10 and <a href="https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf">SSA-844761</a> on 2020-03-10.</p>
<p>The vulnerabilities involve authentication bypass (CVE-2019-18337, CVE-2019-18341), path traversal (CVE-2019-18338, CVE-2019-19290), information disclosure (CVE-2019-13947, CVE-2019-18340, CVE-2019-19291), privilege escalation (CVE-2019-18342), SQL injection (CVE-2019-19292), cross-site scripting (CVE-2019-19293, CVE-2019-19294), and insufficient logging (CVE-2019-19295).</p>
<p>PKE has released an update for CCS that fixes the reported vulnerabilities, except for CVE-2019-18340. For details see the PKE Security Advisory at <a href="https://sivms.cloud/wp-content/uploads/2021/03/sivms-cve-fixes_1.0_EN.pdf">https://sivms.cloud/wp-content/uploads/2021/03/sivms-cve-fixes_1.0_EN.pdf</a></p>
<p>Siemens recommends to update to the latest version and recommends specific countermeasures to mitigate the vulnerabilities.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-853866.pdfSSA-853866 V1.0: User Credentials Disclosure Vulnerability in Siveillance Video Open Network Bridge (ONVIF)2021-04-13T00:00:00+00:00<p>Siemens has released hotfixes for Siveillance Video Open Network Bridge (ONVIF) which fix a security vulnerability related to unsecure storage of ONVIF user credentials. The vulnerability could allow an authenticated remote attacker to retrieve and decrypt all user credentials stored on the ONVIF server.</p>
<p>Siemens recommends to apply the hotfixes at the earliest opportunity. See also the chapter Additional Information, how to apply the hotfix.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-761617.pdfSSA-761617 V1.1 (Last Update: 2021-04-13): Authentication Bypass and Information Disclosure Vulnerabilities in SiNVR/SiVMS Video Server2021-04-13T00:00:00+00:00<p>The Video Server application in SiNVR/SiVMS solutions contains two vulnerabilities involving authentication bypass (CVE-2019-18339) and information disclosure (CVE-2019-18340).</p>
<p>PKE has released an update of the application that fixes CVE-2019-18339. This update is not available under the former Siemens OEM brand name SiNVR. For details see PKE Security Advisory at <a href="https://sivms.cloud/wp-content/uploads/2021/03/sivms-cve-fixes_1.0_EN.pdf">https://sivms.cloud/wp-content/uploads/2021/03/sivms-cve-fixes_1.0_EN.pdf</a></p>
<p>Siemens recommends specific countermeasures to mitigate the vulnerabilities.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdfSSA-844761 V1.1 (Last Update: 2021-04-13): Multiple Vulnerabilities in SiNVR/SiVMS Video Server2021-04-13T00:00:00+00:00<p>The Video Server application in SiNVR/SiVMS solutions contains five vulnerabilities involving information disclosure (CVE-2019-19291, CVE-2019-19299), path traversal (CVE-2019-19296, CVE-2019-19297), and denial-of-service (CVE-2019-19298).</p>
<p>PKE has released an update of the application that fixes the reported vulnerabilities, except for CVE-2019-19298 and CVE-2019-19299. This update is not available under the former Siemens OEM brand name SiNVR. For details see PKE Security Advisory at <a href="https://sivms.cloud/wp-content/uploads/2021/03/sivms-cve-fixes_1.0_EN.pdf">https://sivms.cloud/wp-content/uploads/2021/03/sivms-cve-fixes_1.0_EN.pdf</a></p>
<p>Siemens recommends specific countermeasures to mitigate the vulnerabilities.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-886514.pdfSSA-886514 V1.1 (Last Update: 2021-02-09): Persistent XSS Vulnerabilities in the Web Interface of Climatix POL908 and POL909 Modules2021-02-09T00:00:00+00:00<p>The Climatix BACnet/IP (POL908) and AWM (POL909) modules contain two persistent cross-site scripting (XSS) vulnerabilities in the web interface that could allow a remote attacker to execute arbitrary JavaScript code in the context of other users’ web sessions.</p>
<p>Siemens has released an update for Climatix POL909 and recommends to update to the latest version. Siemens recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-162506.pdfSSA-162506 V1.1 (Last Update: 2021-01-12): DHCP Client Vulnerability in SIMOTICS CONNECT 400, Desigo PXC/PXM, APOGEE MEC/MBC/PXC, APOGEE PXC Series, and TALON TC Series2021-01-12T00:00:00+00:00<p>SIMOTICS CONNECT 400, Desigo (Power PC-based), APOGEE MEC/MBC/PXC and TALON TC products are affected by a DHCP Client vulnerability as initially reported in <a href="https://cert-portal.siemens.com/productcert/pdf/ssa-434032.pdf">SSA-434032</a> for the Mentor Nucleus Networking Module.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-226339.pdfSSA-226339 (Last Update: 2020-10-13): Multiple Web Application Vulnerabilities in Desigo Insight2020-10-13T00:00:00+00:00<p>The latest hotfix for Desigo Insight fixes three vulnerabilities that have been identified in the web server, including SQL injection (CVE-2020-15792), clickjacking (CVE-2020-15793), and full path disclosure (CVE-2020-15794).</p>
<p>Siemens recommends updating to the latest version of Desigo Insight and to apply the hotfix.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-384879.pdfSSA-384879 (Last Update: 2020-10-13): Authentication Bypass Vulnerability in SIPORT MP2020-10-13T00:00:00+00:00<p>SIPORT MP version 3.2.1 fixes an authentication bypass vulnerability which could enable an attacker to impersonate other users of the system and perform administrative actions.</p>
<p>Siemens recommends to apply the update.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-709003.pdfSSA-709003 (Last Update: 2020-09-08): Privilege Escalation Vulnerability in License Management Utility (LMU)2020-09-08T00:00:00+00:00<p>The latest update for the License Management Utility (LMU), which is used by multiple Siemens building technology products, fixes a vulnerability that could allow local users to escalate privileges and execute code as local SYSTEM user.</p>
<p>Siemens has released an update version of LMU, recommends to install this update on all affected systems and provides specific countermeasures for yet unpatched systems.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-770698.pdfSSA-770698 (Last Update: 2020-09-08): User Information Disclosure Vulnerability in Siveillance Video Client2020-09-08T00:00:00+00:00<p>The Siveillance Video Client contains an information disclosure vulnerability that could allow an attacker to obtain valid adminstrator login names and use this information to launch further attacks.</p>
<p>Siemens recommends specific countermeasures and provides patches for released versions of the Siveillance Video Client.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-786743.pdfSSA-786743 (Last Update: 2020-08-11): Code Injection Vulnerability in Advanced Reporting for Desigo CC and Desigo CC Compact2020-08-11T00:00:00+00:00<p>The extension module Advanced Reporting for Desigo CC and Desigo CC Compact contains a code injection vulnerability, which could be exploited if the extension module is installed on the server and configured.</p>
<p>Siemens has released patches for the affected products and recommends specific countermeasures for unpatched systems.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-162506.pdfSSA-162506 (Last Update: 2020-04-14): DHCP Client Vulnerability in SIMOTICS CONNECT 400, Desigo PXC/PXM, APOGEE MEC/MBC/PXC, APOGEE PXC Series, and TALON TC Series2020-04-14T00:00:00+00:00<p>SIMOTICS CONNECT 400, Desigo (Power PC-based), APOGEE MEC/MBC/PXC and TALON TC products are affected by a DHCP Client vulnerability as initially reported in <a href="https://cert-portal.siemens.com/productcert/pdf/ssa-434032.pdf">SSA-434032</a> for the Mentor Nucleus Networking Module. Siemens has released updates for some products and is working on further updates. For the remaining affected products, Siemens recommends specific countermeasures until fixes are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-886514.pdfSSA-886514 (Last Update: 2020-04-14): Persistent XSS Vulnerabilities in the Web Interface of Climatix POL908 and POL909 Modules2020-04-14T00:00:00+00:00<p>The Climatix BACnet/IP (POL908) and AWM (POL909) modules contain two persistent cross-site scripting (XSS) vulnerabilities in the web interface that could allow a remote attacker to execute arbitrary JavaScript code in the context of other users' web sessions. Siemens recommends to update Climatix POL908 and POL909 to the latest version and recommends further countermeasures.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdfSSA-844761 (Last Update: 2020-03-10): Multiple Vulnerabilities in CCS, FTP and Streaming Services of SiNVR Video Management Solution2020-03-10T00:00:00+00:00<p>SiNVR V3 contains several vulnerabilities in the components Central Control Server (CCS), as well as in the FTP and streaming services of the Video Server. The vulnerabilities involve path traversal (CVE-2019-19290, CVE-2019-19296, CVE-2019-19297), information disclosure (CVE-2019-19291, CVE-2019-19299), SQL injection (CVE-2019-19292), cross-site scripting (CVE-2019-19293, CVE-2019-19294), insufficient logging (CVE-2019-19295), and denial-of-service (CVE-2019-19298).</p>
<p>Siemens recommends specific countermeasures until fixes are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-978558.pdfSSA-978558 (Last Update: 2020-02-11): Insufficient Logging Vulnerability in SIPORT MP2020-02-11T00:00:00+00:00<p>SIPORT MP version 3.1.4 fixes a vulnerability that allowed to create special accounts ("service users") which could enable an authenticated attacker to perform actions that are invisible to other users of the system.</p>
<p>Siemens recommends customers to apply the update. For older versions, a hotfix and a tool are available to mitigate the vulnerability.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-986695.pdfSSA-986695 (Last Update: 2020-02-11): Information Disclosure Vulnerability in the OZW Web Server2020-02-11T00:00:00+00:00<p>OZW672 and OZW772 Web Server versions < 10.00 contain a vulnerability that could allow unauthenticated users to access project files under certain conditions.</p>
<p>Siemens has released Version 10.00 that fixes the vulnerability and recommends to update all web servers.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-761617.pdfSSA-761617 (Last Update: 2019-12-10): Multiple Vulnerabilities in SiNVR Video Management Solution2019-12-10T00:00:00+00:00<p>SiNVR V3 contains seven vulnerabilities in the components Video Server and Central Control Server (CCS), involving authentication bypass (CVE-2019-18337, CVE-2019-18339, CVE-2019-18341), information disclosure (CVE-2019-13947, CVE-2019-18340), path traversal (CVE-2019-18338), and privilege escalation (CVE-2019-18342). Siemens recommends specific countermeasures until fixes are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-898181.pdfSSA-898181 (Last Update: 2019-11-12): Desigo PX Web Remote Denial of Service Vulnerability2019-11-12T00:00:00+00:00<p>The latest update for Desigo PXC devices fixes a vulnerability that could allow unauthenticated remote users to cause a denial of service condition on the PX Web interface (HTTP, port tcp/80) of a device. Devices where PX Web is not enabled are not affected by this vulnerability.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-212009.pdfSSA-212009 (Last Update: 2019-06-11): Vulnerabilities in Siveillance VMS2019-06-11T00:00:00+00:00<p>The latest update for the Siveillance VMS line fixes three security vulnerabilities that can cause remote privilege escalation. Siemens has released updates for the affected products and recommends to update affected devices as soon as possible.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-824231.pdfSSA-824231 (Last Update: 2019-03-12): Unauthenticated Firmware Upload Vulnerability in Desigo PX Controllers2019-03-12T00:00:00+00:00<p>The latest update for Desigo PXC devices fixes a vulnerability that could allow unauthenticated remote attackers to upload malicious firmware without prior authentication.</p>
<p>Siemens recommends updating to the new version.</p>
https://cert-portal.siemens.com/productcert/pdf/ssb-068644.pdfSSB-068644 (Last Update: 2018-08-17): General Customer Information for Speculative Side-Channel Vulnerabilities in Microprocessors2018-08-17T00:00:00+00:00<p>Security researchers published information on vulnerabilities known as Spectre, Meltdown, Spectre-NG, Lazy FP State Restore, Spectre V1.1, and L1 Terminal Fault/Foreshadow. These vulnerabilities affect many modern processors from different vendors to a varying degree.</p>
<p>Siemens is analyzing the impact of these vulnerabilities and of the mitigations released on its own products. If Siemens products are found to be affected, additional product-specific update information will be distributed either via the Siemens ProductCERT website or through Siemens’ customer service organizations if applicable.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-566773.pdfSSA-566773 (Last Update: 2018-06-12): Vulnerabilities in Building Technologies Products2018-06-12T00:00:00+00:00<p>The License Management System (LMS), which is used by multiple Siemens' building automation products, includes a vulnerable version of Gemalto Sentinel LDK RTE. Gemalto Sentinel LDK RTE is affected by two vulnerabilities that could allow denial-of-service and a cross-site-scripting vulnerability.</p>
<p>Siemens recommends updating the affected dongle driver.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-457058.pdfSSA-457058 (Last Update: 2018-05-23): .NET Security Vulnerability in Siveillance VMS2018-05-23T00:00:00+00:00<p>Siemens has released software updates for Siveillance VMS which fix a security vulnerability with the .NET Remoting deserialization that could allow elevation of privileges and/or causing a Denial-of-Service, if affected ports are exposed.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-468514.pdfSSA-468514 (Last Update: 2018-05-03): Improper Certificate Validation Vulnerability in Siveillance VMS Video Mobile App for Android and iOS2018-05-03T00:00:00+00:00<p>The latest update for the Siveillance VMS Video mobile app for Android and iOS fixes a security vulnerability that could allow an attacker in a privileged network position to read data from and write data to the encrypted communication channel between the app and a server. Precondition for this scenario is that an attacker is able to intercept the communication channel between the affected app and a server, and is also able to generate a certificate that results for the validation algorithm in a checksum identical to a trusted certificate.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-457058.pdfSSA-457058 (Last Update: 2018-05-03): .NET Security Vulnerability in Siveillance VMS2018-05-03T00:00:00+00:00<p>Siemens has released software updates for Siveillance VMS which fix a security vulnerability with the .NET Remoting deserialization that could allow elevation of privileges and/or causing a Denial-of-Service, if affected ports are exposed.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-727467.pdfSSA-727467 (Last Update: 2018-04-03): Vulnerabilities in Building Technologies Products2018-04-03T00:00:00+00:00<p>The License Management System (LMS), which is used by multiple Siemens' building automation products, includes a vulnerable version of Gemalto Sentinel LDK RTE. Gemalto Sentinel LDK RTE is affected by multiple vulnerabilities that could allow remote code execution.</p>
<p>Siemens recommends to update the License Management System used by these products to the newest version.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-727467.pdfSSA-727467 (Last Update: 2018-03-28): Vulnerabilities in Building Technologies Products2018-03-28T00:00:00+00:00<p>The License Management System (LMS), which is used by multiple Siemens' building automation products, includes a vulnerable version of Gemalto Sentinel LDK RTE. Gemalto Sentinel LDK RTE is affected by multiple vulnerabilities that could allow remote code execution.</p>
<p>Siemens recommends to update the License Management System used by these products to the newest version.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-824231.pdfSSA-824231 (Last Update: 2018-03-20): Unauthenticated Firmware Upload Vulnerability in Desigo PX Controllers2018-03-20T00:00:00+00:00<p>The latest update for Desigo PXC devices fixes a vulnerability that could allow unauthenticated remote attackers to upload malicious firmware without prior authentication.</p>
<p>Siemens recommends updating to the new version.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-824231.pdfSSA-824231 (Last Update: 2018-02-05): Unauthenticated Firmware Upload Vulnerability in Desigo PXC2018-02-05T00:00:00+00:00<p>The latest update for Desigo PXC devices fixes a vulnerability that could allow unauthenticated remote attackers to upload malicious firmware without prior authentication.</p>
<p>Siemens recommends updating to the new version.</p>