https://cert-portal.siemens.com/productcert/rss/advisories_industrial_products.atomSiemens ProductCERT Security Advisories2024-03-12T00:00:00+00:00Siemens ProductCERTproductcert@siemens.comSiemens ProductCERTSiemens Security Advisorieshttps://cert-portal.siemens.com/productcert/html/ssa-968170.htmlSSA-968170 V1.2 (Last Update: 2024-03-12): Remote Code Execution Vulnerability in SIMATIC STEP 7 V5.x and Derived Products2024-03-12T00:00:00+00:00<p>SIMATIC STEP 7 and PCS 7 contain a database management system that could allow remote users to use embedded functions of the database (local or in a network share) that have impact on the server.</p>
<p>An attacker with network access to the server network could leverage these embedded functions to run code in the database management system’s server (where STEP 7 or PCS 7 are running).</p>
<p>Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where fixes are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/html/ssa-943925.htmlSSA-943925 V1.1 (Last Update: 2024-03-12): Multiple Vulnerabilities in SINEC NMS before V2.0 SP12024-03-12T00:00:00+00:00<p>SINEC NMS before V2.0 SP1 is affected by multiple vulnerabilities.</p>
<p>Siemens has released an update for SINEC NMS and recommends to update to the latest version.</p>
https://cert-portal.siemens.com/productcert/html/ssa-918992.htmlSSA-918992 V1.0: Unused HTTP Service on SENTRON 3KC ATC6 Ethernet Module2024-03-12T00:00:00+00:00<p>SENTRON 3KC ATC6 Expansion Module Ethernet exposes an unused, unstable http service at port 80/tcp on the Modbus-TCP Ethernet, which could allow an attacker on the same Modbus network to create a denial of service condition that forces the device to reboot.</p>
<p>Siemens is preparing fix versions and recommends specific countermeasures for products where fixes are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/html/ssa-871717.htmlSSA-871717 V1.1 (Last Update: 2024-03-12): Multiple Vulnerabilities in Polarion ALM2024-03-12T00:00:00+00:00<p>Polarion ALM is affected by incorrect default path permissions in installation path, and improper authentication in the REST API endpoints of DOORS connector. An attacker could exploit the vulnerabilities for unauthenticated access, or privilege escalation.</p>
<p>Siemens is preparing fixes for the vulnerabilities in Polarion 2404 which is expected to be released in April 2024 and recommends countermeasures for products where fixes are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/html/ssa-832273.htmlSSA-832273 V1.0: Multiple Vulnerabilities in Fortigate NGFW on RUGGEDCOM APE1808 devices2024-03-12T00:00:00+00:00<p><a href="https://www.fortiguard.com/psirt">Fortinet has published</a> information on vulnerabilities in FORTIOS. This advisory lists the related Siemens Industrial products.</p>
<p>Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available. Siemens recommends to consult and implement the workarounds provided in Fortinet’s upstream security notifications.</p>
https://cert-portal.siemens.com/productcert/html/ssa-792319.htmlSSA-792319 V1.0: Missing Read Out Protection in SENTRON 7KM PAC3x20 Devices2024-03-12T00:00:00+00:00<p>The read out protection of the internal flash of affected devices was not properly set at the end of the manufacturing process.</p>
<p>An attacker with physical access to the device could read out the data.</p>
<p>Siemens has released new versions for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/html/ssa-770721.htmlSSA-770721 V1.0: Multiple Vulnerabilities in SIMATIC RF160B before V2.22024-03-12T00:00:00+00:00<p>SIMATIC RF160B contain multiple vulnerabilities of different types that could allow an attacker to execute arbitrary code within the context of a privileged process.</p>
<p>Siemens has released a new version for SIMATIC RF160B and recommends to update to the latest version.</p>
https://cert-portal.siemens.com/productcert/html/ssa-711309.htmlSSA-711309 V1.6 (Last Update: 2024-03-12): Denial of Service Vulnerability in the OPC UA Implementations of SIMATIC Products2024-03-12T00:00:00+00:00<p>The OPC UA implementations (ANSI C and C++) as used in several SIMATIC products contain a denial of service vulnerability that could allow an unauthenticated remote attacker to create a denial of service condition by sending a specially crafted certificate.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/html/ssa-699386.htmlSSA-699386 V1.2 (Last Update: 2024-03-12): Multiple Vulnerabilities in SCALANCE XB-200 / XC-200 / XP-200 / XF-200BA / XR-300WG Family before V4.52024-03-12T00:00:00+00:00<p>SCALANCE XB-200/XC-200/XP-200/XF-200BA/XR-300WG Family before V4.5 is affected by multiple vulnerabilities.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/html/ssa-693975.htmlSSA-693975 V1.1 (Last Update: 2024-03-12): Denial-of-Service Vulnerability in the Web Server of Industrial Products2024-03-12T00:00:00+00:00<p>A vulnerability in the affected products could allow an unauthorized attacker with network access to the webserver of an affected device to perform a denial-of-service attack.</p>
<p>Siemens has released a new version for SINAMICS S210 (6SL5…) and recommends to update to the latest version. Siemens recommends specific countermeasures for products where fixes are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/html/ssa-653855.htmlSSA-653855 V1.0: Information Disclosure vulnerability in SINEMA Remote Connect Client before V3.1 SP12024-03-12T00:00:00+00:00<p>SINEMA Remote Connect Client before V3.1 SP1 is affected by an information disclosure vulnerability.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/html/ssa-592380.htmlSSA-592380 V1.1 (Last Update: 2024-03-12): Denial of Service Vulnerability in SIMATIC S7-1500 CPUs and related products2024-03-12T00:00:00+00:00<p>A vulnerability has been identified in the SIMATIC S7-1500 CPU family and related products that could allow an attacker to cause a denial of service condition. In order to exploit the vulnerability, an attacker must have access to the affected devices on port 102/tcp.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/html/ssa-576771.htmlSSA-576771 V1.0: Multiple Vulnerabilities in SINEMA Remote Connect Server before V3.22024-03-12T00:00:00+00:00<p>SINEMA Remote Connect Server before V3.2 is affected by multiple vulnerabilities.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/html/ssa-398330.htmlSSA-398330 V1.3 (Last Update: 2024-03-12): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.12024-03-12T00:00:00+00:00<p>Multiple vulnerabilities have been identified in the additional GNU/Linux subsystem of the firmware version V3.1 for the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP (incl. SIPLUS variant).</p>
<p>These GNU/Linux vulnerabilities have been externally identified. Siemens is preparing fix versions and recommends specific countermeasures for products where fixes are not, or not yet available.</p>
<p>Note: This SSA advises vulnerabilities for firmware version V3.1 only; for versions < V3.1 refer to Siemens Security Bulletin SSB-439005 (<a href="https://cert-portal.siemens.com/productcert/html/ssb-439005.html" class="uri">https://cert-portal.siemens.com/productcert/html/ssb-439005.html</a>).</p>
https://cert-portal.siemens.com/productcert/html/ssa-382651.htmlSSA-382651 V1.0: File Parsing Vulnerability in Solid Edge before V223.0.112024-03-12T00:00:00+00:00<p>Solid Edge is affected by an out of bounds read vulnerability that could be triggered when the application reads files that contains XT parts. If a user is tricked to open a malicious file with the affected applications, an attacker could leverage the vulnerability to perform remote code execution in the context of the current process.</p>
<p>Siemens has released a new version for Solid Edge and recommends to update to the latest version.</p>
https://cert-portal.siemens.com/productcert/html/ssa-366067.htmlSSA-366067 V1.0: Multiple Vulnerabilities in Fortigate NGFW before V7.4.1 on RUGGEDCOM APE1808 devices2024-03-12T00:00:00+00:00<p><a href="https://www.fortiguard.com/psirt">Fortinet has published</a> information on vulnerabilities in FORTIOS. This advisory lists the related Siemens Industrial products.</p>
<p>Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available. Siemens recommends to consult and implement the workarounds provided in Fortinet’s upstream security notifications.</p>
https://cert-portal.siemens.com/productcert/html/ssa-353002.htmlSSA-353002 V1.0: Multiple Vulnerabilities in SCALANCE XB-200 / XC-200 / XP-200 / XF-200BA / XR-300WG Family2024-03-12T00:00:00+00:00<p>SCALANCE XB-200/XC-200/XP-200/XF-200BA/XR-300WG Family is affected by multiple vulnerabilities. CVE-2023-44318 and CVE-2023-44321 were previously published as part of SSA-699386.</p>
<p>Siemens is preparing fix versions and recommends countermeasures for products where fixes are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/html/ssa-000072.htmlSSA-000072 V1.1 (Last Update: 2024-03-12): Multiple File Parsing Vulnerabilities in Simcenter Femap2024-03-12T00:00:00+00:00<p>Simcenter Femap contains multiple file parsing vulnerabilities that could be triggered when the application reads files in Catia MODEL file formats. If a user is tricked to open a malicious file with any of the affected products, this could lead the application to crash or potentially lead to arbitrary code execution.</p>
<p>Siemens has released a new version for Simcenter Femap and recommends to update to the latest version.</p>
https://cert-portal.siemens.com/productcert/html/ssa-999588.htmlSSA-999588 V1.2 (Last Update: 2024-02-13): Multiple Vulnerabilities in User Management Component (UMC) before V2.11.22024-02-13T00:00:00+00:00<p>Siemens User Management Component (UMC) before V2.11.2 is affected by multiple vulnerabilities where the most severe could lead to a restart of the UMC server.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/html/ssa-943925.htmlSSA-943925 V1.0: Multiple Vulnerabilities in SINEC NMS before V2.0 SP12024-02-13T00:00:00+00:00<p>SINEC NMS before V2.0 SP1 is affected by multiple vulnerabilities.</p>
<p>Siemens has released an update for SINEC NMS and recommends to update to the latest version.</p>
https://cert-portal.siemens.com/productcert/html/ssa-871717.htmlSSA-871717 V1.0: Multiple Vulnerabilities in Polarion ALM2024-02-13T00:00:00+00:00<p>Polarion ALM is affected by incorrect default path permissions in installation path, and improper authentication in the REST API endpoints of DOORS connector. An attacker could exploit the vulnerabilities for unauthenticated access, or privilege escalation.</p>
<p>Siemens is preparing fix versions and recommends countermeasures for products where fixes are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/html/ssa-806742.htmlSSA-806742 V1.0: Multiple Vulnerabilities in SCALANCE XCM-/XRM-300 before V2.42024-02-13T00:00:00+00:00<p>SCALANCE XCM-/XRM-300 before V2.4 is affected by multiple vulnerabilities.</p>
<p>Siemens has released an update for SCALANCE X-300 and recommends to update to the latest version.</p>
https://cert-portal.siemens.com/productcert/html/ssa-797296.htmlSSA-797296 V1.0: XT File Parsing Vulnerability in Parasolid2024-02-13T00:00:00+00:00<p>Parasolid is affected by out of bounds read and null pointer dereference vulnerabilities that could be triggered when the application reads files in XT format. If a user is tricked to open a malicious file with the affected applications, an attacker could leverage the vulnerability to perform remote code execution in the context of the current process.</p>
<p>Siemens has released new versions for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/html/ssa-794697.htmlSSA-794697 V1.7 (Last Update: 2024-02-13): Vulnerabilities in the Linux Kernel of the SIMATIC S7-1500 TM MFP V1.02024-02-13T00:00:00+00:00<p>Multiple vulnerabilities have been identified in the Linux Kernel of the SIMATIC S7-1500 TM MFP V1.0.</p>
<p>Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/html/ssa-753746.htmlSSA-753746 V1.0: Denial of Service Vulnerabilities in SIMATIC WinCC Affecting Other SIMATIC Software Products2024-02-13T00:00:00+00:00<p>Two null point dereference vulnerabilities affect multiple SIMATIC software products. These could allow an attacker to cause a persistent denial of service condition in the RPC Server of these products.</p>
<p>Siemens has released new versions for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/html/ssa-716164.htmlSSA-716164 V1.0: Multiple Vulnerabilities in Scalance W1750D2024-02-13T00:00:00+00:00<p>The SCALANCE W1750D devices contain multiple vulnerabilities that could allow an attacker to inject commands or exploit buffer overflow vulnerabilities which could lead to sensitive information disclosure, unauthenticated denial of service or unauthenticated remote code execution.</p>
<p>Siemens is preparing fix versions and recommends specific countermeasures for products where fixes are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/html/ssa-711309.htmlSSA-711309 V1.5 (Last Update: 2024-02-13): Denial of Service Vulnerability in the OPC UA Implementations of SIMATIC Products2024-02-13T00:00:00+00:00<p>The OPC UA implementations (ANSI C and C++) as used in several SIMATIC products contain a denial of service vulnerability that could allow an unauthenticated remote attacker to create a denial of service condition by sending a specially crafted certificate.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/html/ssa-665034.htmlSSA-665034 V1.0: Vulnerability in Nozomi Guardian/CMC before 23.3.0 on RUGGEDCOM APE1808 devices2024-02-13T00:00:00+00:00<p>Nozomi Networks has published information on vulnerabilities in <a href="https://security.nozominetworks.com/">Nozomi Guardian/CMC before 23.3.0</a>. This advisory lists the related Siemens Industrial products affected by these vulnerabilities.</p>
<p>Siemens has released a new version for RUGGEDCOM APE1808 and recommends to update to the latest version. Customers are advised to consult and implement the workarounds provided in Nozomi Network’s upstream security notifications.</p>
https://cert-portal.siemens.com/productcert/html/ssa-647068.htmlSSA-647068 V1.0: Ripple20 in SIMATIC RTLS Gateways2024-02-13T00:00:00+00:00<p>SIMATIC RTLS Gateways are affected by vulnerabilities that were disclosed by JSOF research lab <a href="https://www.jsof-tech.com/ripple20/">“Ripple20”</a> for the TCP/IP stack.</p>
<p>Siemens recommends countermeasures for products where fixes are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/html/ssa-602936.htmlSSA-602936 V1.0: Multiple Vulnerabilities in SCALANCE SC-600 Family before V3.12024-02-13T00:00:00+00:00<p>SCALANCE SC-600 Family before V3.1 is affected by multiple vulnerabilities.</p>
<p>Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens recommends countermeasures for products where fixes are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/html/ssa-580228.htmlSSA-580228 V1.0: Use of Hard-Coded Credentials Vulnerability in Location Intelligence before V4.32024-02-13T00:00:00+00:00<p>Location Intelligence before V4.3 is affected by a Use of Hard-coded Credentials vulnerability that could allow an attacker to obtain full administrative access to the application.</p>
<p>Siemens has released new versions for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/html/ssa-543502.htmlSSA-543502 V1.0: Local Privilege Escalation Vulnerability in Unicam FX2024-02-13T00:00:00+00:00<p>Unicam FX contains a local privilege escalation vulnerability that could allow an attcker to gain SYSTEM privileges.</p>
<p>Unicam FX has reached end of software maintanence. Further information on recommendations for successor product can be found in section ‘Additional Information’.</p>
https://cert-portal.siemens.com/productcert/html/ssa-516818.htmlSSA-516818 V1.0: TCP Sequence Number Validation Vulnerability in the TCP/IP Stack of CP343-1 Devices2024-02-13T00:00:00+00:00<p>Affected products incorrectly validate TCP sequence numbers. This could allow an unauthenticated remote attacker to create a denial of service condition by injecting spoofed TCP RST packets.</p>
<p>Siemens recommends countermeasures for products where fixes are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/html/ssb-439005.htmlSSB-439005 V5.9 (Last Update: 2024-02-13): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP < V3.12024-02-13T00:00:00+00:00https://cert-portal.siemens.com/productcert/html/ssa-434032.htmlSSA-434032 V1.1 (Last Update: 2024-02-13): Input Validation Vulnerability in the DHCP Client of Nucleus RTOS2024-02-13T00:00:00+00:00<p>The DHCP implementation of the networking component (Nucleus NET) in Nucleus Real-Time Operating System (RTOS) contains a vulnerability that could allow an attacker to change the IP address of an affected device to an invalid value.</p>
<p>Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends specific countermeasures for products where fixes are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/html/ssa-398330.htmlSSA-398330 V1.2 (Last Update: 2024-02-13): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.12024-02-13T00:00:00+00:00<p>Multiple vulnerabilities have been identified in the additional GNU/Linux subsystem of the firmware version V3.1 for the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP (incl. SIPLUS variant).</p>
<p>These GNU/Linux vulnerabilities have been externally identified. Siemens is preparing fix versions and recommends specific countermeasures for products where fixes are not, or not yet available.</p>
<p>Note: This SSA advises vulnerabilities for firmware version V3.1 only; for versions < V3.1 refer to Siemens Security Bulletin SSB-439005 (<a href="https://cert-portal.siemens.com/productcert/html/ssb-439005.html" class="uri">https://cert-portal.siemens.com/productcert/html/ssb-439005.html</a>).</p>
https://cert-portal.siemens.com/productcert/html/ssa-309571.htmlSSA-309571 V2.0 (Last Update: 2024-02-13): IPU 2021.1 Vulnerabilities in Siemens Industrial Products using Intel CPUs (June 2021)2024-02-13T00:00:00+00:00<p>Intel has published information on vulnerabilities in Intel products in <a href="https://blogs.intel.com/technology/2021/06/intel-security-advisories-for-june-2021/">June 2021</a>. This advisory lists the related Siemens Industrial products affected by these vulnerabilities that can be patched by applying the corresponding BIOS update.</p>
<p>In this advisory we summarize:</p>
<ul>
<li><p>“2021.1 IPU – Intel® CSME, SPS and LMS Advisory” Intel-SA-00459,</p></li>
<li><p>“2021.1 IPU – BIOS Advisory” Intel-SA-00463,</p></li>
<li><p>“2021.1 IPU – Intel® Processor Advisory” Intel-SA-00464, and</p></li>
<li><p>“2021.1 IPU - Intel Atom® Processor Advisory” Intel-SA-00465.</p></li>
</ul>
<p>Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where fixes are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/html/ssa-248289.htmlSSA-248289 V1.2 (Last Update: 2024-02-13): Denial of Service Vulnerabilities in the IPv6 Stack of Nucleus RTOS2024-02-13T00:00:00+00:00<p>The IPv6 stack of the networking component (Nucleus NET) in Nucleus Real-Time Operating System (RTOS) contains two vulnerabilities when processing IPv6 headers which could allow an attacker to cause a denial of service condition.</p>
<p>Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends countermeasures for products where fixes are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/html/ssa-108696.htmlSSA-108696 V1.0: Multiple Vulnerabilities in SIDIS Prime before V4.0.4002024-02-13T00:00:00+00:00<p>SIDIS Prime before V4.0.400 is affected by multiple vulnerabilities in the components OPC UA and OpenSSL, that could allow an unauthenticated attacker with access to the network where SIDIS Prime is installed to reuse OPC UA client credentials, create a denial of service condition of the SIDIS Prime OPC UA client, or create a denial of service condition of the SIDIS Prime TLS service.</p>
<p>Siemens has released a new version of SIDIS Prime and recommends to update to the latest version.</p>
https://cert-portal.siemens.com/productcert/html/ssa-017796.htmlSSA-017796 V1.0: Multiple File Parsing Vulnerabilities in Tecnomatix Plant Simulation2024-02-13T00:00:00+00:00<p>Siemens Tecnomatix Plant Simulation contains multiple file parsing vulnerabilities that could be triggered when the application reads files in WRL, PSOBJ or SPP file formats. If a user is tricked to open a malicious file with any of the affected products, this could lead the application to crash or potentially lead to arbitrary code execution.</p>
<p>Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where fixes are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/html/ssa-000072.htmlSSA-000072 V1.0: Multiple File Parsing Vulnerabilities in Simcenter Femap2024-02-13T00:00:00+00:00<p>Simcenter Femap contains multiple file parsing vulnerabilities that could be triggered when the application reads files in Catia MODEL file formats. If a user is tricked to open a malicious file with any of the affected products, this could lead the application to crash or potentially lead to arbitrary code execution.</p>
<p>Siemens has released a new version for Simcenter Femap and recommends to update to the latest version.</p>
https://cert-portal.siemens.com/productcert/html/ssa-999588.htmlSSA-999588 V1.1 (Last Update: 2024-01-09): Multiple Vulnerabilities in User Management Component (UMC) before V2.11.22024-01-09T00:00:00+00:00<p>Siemens User Management Component (UMC) before V2.11.2 is affected by multiple vulnerabilities where the most severe could lead to a restart of the UMC server.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/html/ssa-794697.htmlSSA-794697 V1.6 (Last Update: 2024-01-09): Vulnerabilities in the Linux Kernel of the SIMATIC S7-1500 TM MFP V1.02024-01-09T00:00:00+00:00<p>Multiple vulnerabilities have been identified in the Linux Kernel of the SIMATIC S7-1500 TM MFP V1.0.</p>
<p>Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/html/ssa-794653.htmlSSA-794653 V1.0: Multiple File Parsing Vulnerabilities in Teamcenter Visualization and JT2Go2024-01-09T00:00:00+00:00<p>Siemens Teamcenter Visualization and JT2Go are affected by multiple file parsing vulnerabilities that could be triggered when the application reads malicious CGM files. If a user is tricked to open a malicious CGM file with the affected products, this could lead the application to crash or potentially lead to arbitrary code execution.</p>
<p>Siemens has released new versions for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/html/ssa-777015.htmlSSA-777015 V1.0: Multiple Vulnerabilities in SIMATIC CN 4100 before V2.72024-01-09T00:00:00+00:00<p>SIMATIC CN 4100 is vulnerable to authorization bypass through user-controlled key, use of default credentials and unauthenticated IP address change that could allow an attacker to remotely login as root or cause denial of service condition of the device.</p>
<p>Siemens has released a new version for SIMATIC CN 4100 and recommends to update to the latest version.</p>
https://cert-portal.siemens.com/productcert/html/ssa-772220.htmlSSA-772220 V2.3 (Last Update: 2024-01-09): OpenSSL Vulnerabilities in Industrial Products2024-01-09T00:00:00+00:00<p>OpenSSL has published a security advisory [0] about a vulnerability in OpenSSL versions 1.1.1 < 1.1.1k, that allows an unauthenticated attacker to cause a Denial-of-Service (DoS) if a maliciously crafted renegotiation message is sent.</p>
<p>Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens recommends countermeasures for products where fixes are not, or not yet available.</p>
<p>[0] <a href="https://www.openssl.org/news/secadv/20210325.txt" class="uri">https://www.openssl.org/news/secadv/20210325.txt</a></p>
https://cert-portal.siemens.com/productcert/html/ssa-712929.htmlSSA-712929 V2.5 (Last Update: 2024-01-09): Denial of Service Vulnerability in OpenSSL (CVE-2022-0778) Affecting Industrial Products2024-01-09T00:00:00+00:00<p>A vulnerability in the openSSL component (CVE-2022-0778, [0]) could allow an attacker to create a denial of service condition by providing specially crafted elliptic curve certificates to products that use a vulnerable version of openSSL.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends countermeasures for products where updates are not, or not yet available.</p>
<p>[0] <a href="https://www.openssl.org/news/secadv/20220315.txt" class="uri">https://www.openssl.org/news/secadv/20220315.txt</a></p>
https://cert-portal.siemens.com/productcert/html/ssa-711309.htmlSSA-711309 V1.4 (Last Update: 2024-01-09): Denial of Service Vulnerability in the OPC UA Implementations of SIMATIC Products2024-01-09T00:00:00+00:00<p>The OPC UA implementations (ANSI C and C++) as used in several SIMATIC products contain a denial of service vulnerability that could allow an unauthenticated remote attacker to create a denial of service condition by sending a specially crafted certificate.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/html/ssa-702935.htmlSSA-702935 V1.0: Redfish Server Vulnerability in maxView Storage Manager2024-01-09T00:00:00+00:00<p>MaxView Storage Manager shipped with affected SIMATIC IPCs contains a Redfish Server Vulnerability that could provide unauthorized access.</p>
<p>Microchip has released new versions for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/html/ssa-589891.htmlSSA-589891 V1.0: Multiple PAR File Parsing Vulnerabilities in Solid Edge2024-01-09T00:00:00+00:00<p>Siemens Solid Edge 2023 has released Update 10, that fixes multiple vulnerabilities that could be triggered when the application reads PAR files. If a user is tricked to open a malicious file using the affected application, this could lead to a crash, and potentially also to arbitrary code execution on the target host system.</p>
<p>Siemens has released a new version for Solid Edge SE2023 and recommends to update to the latest version.</p>
https://cert-portal.siemens.com/productcert/html/ssa-398330.htmlSSA-398330 V1.1 (Last Update: 2024-01-09): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.12024-01-09T00:00:00+00:00<p>Multiple vulnerabilities have been identified in the additional GNU/Linux subsystem of the firmware version V3.1 for the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP (incl. SIPLUS variant).</p>
<p>These GNU/Linux vulnerabilities have been externally identified. Siemens is preparing fix versions and recommends specific countermeasures for products where fixes are not, or not yet available.</p>
<p>Note: This SSA advises vulnerabilities for firmware version V3.1 only; for versions < V3.1 refer to Siemens Security Bulletin SSB-439005 (<a href="https://cert-portal.siemens.com/productcert/html/ssb-439005.html" class="uri">https://cert-portal.siemens.com/productcert/html/ssb-439005.html</a>).</p>
https://cert-portal.siemens.com/productcert/html/ssa-999588.htmlSSA-999588 V1.0: Multiple Vulnerabilities in User Management Component (UMC) before V2.11.22023-12-12T00:00:00+00:00<p>Siemens User Management Component (UMC) before V2.11.2 is affected by multiple vulnerabilities where the most severe could lead to a restart of the UMC server.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/html/ssa-983300.htmlSSA-983300 V1.1 (Last Update: 2023-12-12): Vulnerabilities in LOGO! Soft Comfort2023-12-12T00:00:00+00:00<p>Two vulnerabilities have been identified in the LOGO! Soft Comfort software. These could allow an attacker to take over a system with the affected software installed.</p>
<p>Siemens has released an update for LOGO! Soft Comfort and recommends to update to the latest version.</p>
https://cert-portal.siemens.com/productcert/html/ssa-955858.htmlSSA-955858 V1.1 (Last Update: 2023-12-12): Multiple Vulnerabilities in LOGO! 8 BM Devices2023-12-12T00:00:00+00:00<p>LOGO! 8 BM (incl. SIPLUS variants) contains multiple web-related vulnerabilities. These could allow an attacker to execute code remotely, put the device into a denial of service state or retrieve parts of the memory.</p>
<p>The vulnerabilities are related to the hardware of the product. Siemens has released new hardware versions with the LOGO! V8.4 BM product family for several affected devices in which several of those vulnerabilities are fixed. Siemens is working on new hardware versions for the SIPLUS devices to address this issue further. See the chapter “Additional Information” below for more details.</p>
<p>For more information please also refer to the related product support article: <a href="https://support.industry.siemens.com/cs/ww/en/view/109826554/" class="uri">https://support.industry.siemens.com/cs/ww/en/view/109826554/</a>.</p>
https://cert-portal.siemens.com/productcert/html/ssa-892915.htmlSSA-892915 V1.0: Multiple Denial of Service Vulnerabilities in the Webserver of Industrial Products2023-12-12T00:00:00+00:00<p>Multiple vulnerabilities in the affected products could allow an unauthorized attacker with network access to the webserver to perform a denial of service attack.</p>
<p>Siemens has released a new version for SINAMICS S120 (incl. SIPLUS variants) and recommends to update to the latest version. Siemens recommends specific countermeasures for products where fixes are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/html/ssa-887801.htmlSSA-887801 V1.0: Information Disclosure Vulnerability in SIMATIC STEP 7 (TIA Portal)2023-12-12T00:00:00+00:00<p>Siemens has released a new version of STEP 7 (TIA Portal) that fixes an information disclosure vulnerability. A local attacker could gain access to the access level password of the SIMATIC S7-1200 and S7-1500 CPUs, when entered by a legitimate user in the hardware configuration of the affected application.</p>
https://cert-portal.siemens.com/productcert/html/ssa-844582.htmlSSA-844582 V1.0: Electromagnetic Fault Injection in LOGO! V8.3 BM Devices Results in Broken LOGO! V8.3 Product CA2023-12-12T00:00:00+00:00<p>LOGO! V8.3 BM (incl. SIPLUS variants) devices contain a vulnerability that could allow an electromagnetic fault injection. This could allow an attacker to dump and debug the firmware, including the manipulation of memory. Further actions could allow to inject public keys of custom created key pairs which are then signed by the LOGO! V8.3 Product CA.</p>
<p>The vulnerability is related to the specific hardware architecture of the LOGO! V8.3 BM. Siemens has released new hardware versions with the LOGO! V8.4 BM product family for several affected devices in which the vulnerability is fixed and the Product CA private key is rotated. Siemens is working on new hardware versions for the SIPLUS devices to address this issue further. See the chapter “Additional Information” below for more details.</p>
<p>For more information please also refer to the related product support article: <a href="https://support.industry.siemens.com/cs/ww/en/view/109826554/" class="uri">https://support.industry.siemens.com/cs/ww/en/view/109826554/</a>.</p>
https://cert-portal.siemens.com/productcert/html/ssa-831302.htmlSSA-831302 V1.3 (Last Update: 2023-12-12): Vulnerabilities in the BIOS of the SIMATIC S7-1500 TM MFP V1.02023-12-12T00:00:00+00:00<p>Multiple vulnerabilities have been identified in the BIOS of the SIMATIC S7-1500 TM MFP V1.0.</p>
<p>Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/html/ssa-794697.htmlSSA-794697 V1.5 (Last Update: 2023-12-12): Vulnerabilities in the Linux Kernel of the SIMATIC S7-1500 TM MFP V1.02023-12-12T00:00:00+00:00<p>Multiple vulnerabilities have been identified in the Linux Kernel of the SIMATIC S7-1500 TM MFP V1.0.</p>
<p>Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/html/ssa-783481.htmlSSA-783481 V1.1 (Last Update: 2023-12-12): Denial-of-Service Vulnerability in LOGO! 8 BM2023-12-12T00:00:00+00:00<p>A Denial-of-Service vulnerability has been identified in LOGO! 8 BM. This vulnerability could allow an attacker to crash a device, if a user is tricked into loading a malicious project file onto an affected device.</p>
<p>The vulnerability is related to the hardware of the product. Siemens has released new hardware versions with the LOGO! V8.4 BM product family for several affected devices in which this vulnerability is fixed. Siemens is working on new hardware versions for the SIPLUS devices to address this issue further. See the chapter “Additional Information” below for more details.</p>
<p>For more information please also refer to the related product support article: <a href="https://support.industry.siemens.com/cs/ww/en/view/109826554/" class="uri">https://support.industry.siemens.com/cs/ww/en/view/109826554/</a>.</p>
https://cert-portal.siemens.com/productcert/html/ssa-711309.htmlSSA-711309 V1.3 (Last Update: 2023-12-12): Denial of Service Vulnerability in the OPC UA Implementations of SIMATIC Products2023-12-12T00:00:00+00:00<p>The OPC UA implementations (ANSI C and C++) as used in several SIMATIC products contain a denial of service vulnerability that could allow an unauthenticated remote attacker to create a denial of service condition by sending a specially crafted certificate.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/html/ssa-699386.htmlSSA-699386 V1.1 (Last Update: 2023-12-12): Multiple Vulnerabilities in SCALANCE XB-200 / XC-200 / XP-200 / XF-200BA / XR-300WG Family before V4.52023-12-12T00:00:00+00:00<p>SCALANCE XB-200/XC-200/XP-200/XF-200BA/XR-300WG Family before V4.5 is affected by multiple vulnerabilities.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/html/ssa-693975.htmlSSA-693975 V1.0: Denial-of-Service Vulnerability in the Web Server of Industrial Products2023-12-12T00:00:00+00:00<p>A vulnerability in the affected products could allow an unauthorized attacker with network access to the webserver of an affected device to perform a denial-of-service attack.</p>
<p>Siemens has released a new version for SINAMICS S210 (6SL5…) and recommends to update to the latest version. Siemens is preparing further fix versions and recommends specific countermeasures for products where fixes are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/html/ssa-618620.htmlSSA-618620 V1.2 (Last Update: 2023-12-12): Vulnerabilities in Boot Loader (U-Boot) of RUGGEDCOM ROS Devices2023-12-12T00:00:00+00:00<p>The boot loader within RUGGEDCOM ROS contains two vulnerabilities in the loading process of the operating system kernel. The more severe of these vulnerabilities could allow an attacker with local access to the device to execute arbitrary code on an affected device.</p>
<p>Siemens recommends specific countermeasures to mitigate this issue.</p>
https://cert-portal.siemens.com/productcert/html/ssa-592380.htmlSSA-592380 V1.0: Denial of Service Vulnerability in SIMATIC S7-1500 CPUs and related products2023-12-12T00:00:00+00:00<p>A vulnerability has been identified in the SIMATIC S7-1500 CPU family and related products that could allow an attacker to cause a denial of service condition. In order to exploit the vulnerability, an attacker must have access to the affected devices on port 102/tcp.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/html/ssa-482757.htmlSSA-482757 V1.3 (Last Update: 2023-12-12): Missing Immutable Root of Trust in S7-1500 CPU devices2023-12-12T00:00:00+00:00<p>Affected models of the S7-1500 CPU product family do not contain an Immutable Root of Trust in Hardware. With this the integrity of the code executed on the device can not be validated during load-time. An attacker with physical access to the device could use this to replace the boot image of the device and execute arbitrary code.</p>
<p>As exploiting this vulnerability requires physical tampering with the product, Siemens recommends to assess the risk of physical access to the device in the target deployment and to implement measures to make sure that only trusted personnel have access to the physical hardware.</p>
<p>The vulnerability is related to the hardware of the product. Siemens has released new hardware versions for several CPU types of the S7-1500 product family in which this vulnerability is fixed and is working on new hardware versions for remaining PLC types to address this vulnerability completely. See the chapter “Additional Information” below for more details.</p>
<p>For more information please also refer to the related product support article: <a href="https://support.industry.siemens.com/cs/ww/en/view/109816536/" class="uri">https://support.industry.siemens.com/cs/ww/en/view/109816536/</a>.</p>
https://cert-portal.siemens.com/productcert/html/ssb-439005.htmlSSB-439005 V5.8 (Last Update: 2023-12-12): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP < V3.12023-12-12T00:00:00+00:00https://cert-portal.siemens.com/productcert/html/ssa-398330.htmlSSA-398330 V1.0: Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.12023-12-12T00:00:00+00:00<p>Multiple vulnerabilities have been identified in the additional GNU/Linux subsystem of the firmware version V3.1 for the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP (incl. SIPLUS variant).</p>
<p>These GNU/Linux vulnerabilities have been externally identified. Siemens is preparing fix versions and recommends specific countermeasures for products where fixes are not, or not yet available.</p>
<p>Note: This SSA advises vulnerabilities for firmware version V3.1 only; for versions < V3.1 refer to Siemens Security Bulletin SSB-439005 (<a href="https://cert-portal.siemens.com/productcert/html/ssb-439005.html" class="uri">https://cert-portal.siemens.com/productcert/html/ssb-439005.html</a>).</p>
https://cert-portal.siemens.com/productcert/html/ssa-280603.htmlSSA-280603 V1.0: Denial of Service Vulnerability in SINUMERIK ONE and SINUMERIK MC2023-12-12T00:00:00+00:00<p>A vulnerability has been identified in the integrated S7-1500 CPU of SINUMERIK ONE and SINUMERIK MC products that could allow an attacker to cause a denial of service condition. In order to exploit the vulnerability, an attacker must have access to the affected devices on port 102/tcp.</p>
<p>Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
<p>Note: The affected integrated S7-1500 CPUs and related products are advised in [1].</p>
<p>[1] <a href="https://cert-portal.siemens.com/productcert/html/ssa-592380.html">https://cert-portal.siemens.com/productcert/html/ssa-592380.html</a></p>
https://cert-portal.siemens.com/productcert/html/ssa-264815.htmlSSA-264815 V1.2 (Last Update: 2023-12-12): Type Confusion Vulnerability in OpenSSL X.400 Address Processing in SIMATIC Products2023-12-12T00:00:00+00:00<p>Several SIMATIC products are affected by a type confusion vulnerability relating to OpenSSL X.400 address processing (CVE-2023-0286), as disclosed disclosed on 2023-02-07 at <a href="https://www.openssl.org/news/secadv/20230207.txt" class="uri">https://www.openssl.org/news/secadv/20230207.txt</a>.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/html/ssa-264814.htmlSSA-264814 V1.3 (Last Update: 2023-12-12): Timing Based Side Channel Vulnerability in the OpenSSL RSA Decryption in SIMATIC Products2023-12-12T00:00:00+00:00<p>Several SIMATIC products are affected by a timing based side channel vulnerability in the OpenSSL RSA Decryption (CVE-2023-4304), as disclosed on 2023-02-07 at <a href="https://www.openssl.org/news/secadv/20230207.txt" class="uri">https://www.openssl.org/news/secadv/20230207.txt</a>.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/html/ssa-256353.htmlSSA-256353 V1.5 (Last Update: 2023-12-12): Third-Party Component Vulnerabilities in RUGGEDCOM ROS2023-12-12T00:00:00+00:00<p>Multiple vulnerabilities affect various third-party components of the RUGGEDCOM Operating System (ROS). If exploited, an attacker could cause a denial-of-service, act as a man-in-the-middle or retrieval of sensitive information or gain privileged functions.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/html/ssa-240541.htmlSSA-240541 V1.2 (Last Update: 2023-12-12): WIBU Systems CodeMeter Heap Buffer Overflow Vulnerability in Industrial Products2023-12-12T00:00:00+00:00<p>WIBU Systems published information about a heap buffer overflow vulnerability and associated fix releases of CodeMeter Runtime, a product provided by WIBU Systems and used in several Siemens industrial products for license management.</p>
<p>The vulnerability is described in the section “Vulnerability Classification” below and got assigned the CVE ID CVE-2023-3935. Successful exploitation of this vulnerability could allow</p>
<ul>
<li>an unauthenticated remote attacker to execute code on vulnerable products, where CodeMeter Runtime (i.e., CodeMeter.exe) is configured as a server, or</li>
<li>an authenticated local attacker to gain root/admin privileges on vulnerable products, where CodeMeter Runtime is configured as a client.</li>
</ul>
<p>Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where fixes are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/html/ssa-180704.htmlSSA-180704 V1.0: Multiple Vulnerabilities in SCALANCE M-800/S615 Family before V8.02023-12-12T00:00:00+00:00<p>SCALANCE M-800/S615 Family before V8.0 is affected by multiple vulnerabilities.</p>
<p>Siemens has released a new version for SCALANCE M-800 / S615 and recommends to update to the latest version. Siemens recommends countermeasures for products where fixes are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/html/ssa-118850.htmlSSA-118850 V1.0: Denial of Service Vulnerability in the OPC UA Implementation in SINUMERIK ONE and SINUMERIK MC2023-12-12T00:00:00+00:00<p>SINUMERIK ONE and SINUMERIK MC products are affected by a denial of service vulnerability in the OPC UA implementation of the integrated S7-1500 CPU. The vulnerability in the integrated S7-1500 CPU is documented in more detail in SSA-711309 [1].</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
<p>[1] <a href="https://cert-portal.siemens.com/productcert/html/ssa-711309.html" class="uri">https://cert-portal.siemens.com/productcert/html/ssa-711309.html</a></p>
https://cert-portal.siemens.com/productcert/html/ssa-077170.htmlSSA-077170 V1.0: Multiple Vulnerabilities in SINEC INS before V1.0 SP2 Update 22023-12-12T00:00:00+00:00<p>SINEC INS before V1.0 SP2 Update 2 is affected by multiple vulnerabilities.</p>
<p>Siemens has released an update for SINEC INS and recommends to update to the latest version.</p>
https://cert-portal.siemens.com/productcert/html/ssa-068047.htmlSSA-068047 V1.0: Multiple Vulnerabilities in SCALANCE M-800/S615 Family before V7.2.22023-12-12T00:00:00+00:00<p>SCALANCE M-800/S615 Family before V7.2.2 is affected by multiple vulnerabilities.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/html/ssa-042050.htmlSSA-042050 V1.1 (Last Update: 2023-12-12): Know-How Protection Mechanism Failure in TIA Portal2023-12-12T00:00:00+00:00<p>The know-how protection feature in Totally Integrated Automation Portal (TIA Portal) does not properly update the encryption of existing program blocks when a project file is updated. This could allow attackers with access to the project file to recover previous - yet unprotected - versions of the project without the knowledge of the know-how protection password.</p>
<p>Siemens is preparing fix versions and recommends countermeasures for products where fixes are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/html/ssa-981975.htmlSSA-981975 V1.1 (Last Update: 2023-11-14): Information Disclosure Vulnerability in Intel-CPUs (CVE-2022-40982) Impacting SIMATIC IPCs2023-11-14T00:00:00+00:00<p>Several Intel-CPU based SIMATIC IPCs are affected by an information exposure vulnerability (CVE-2022-40982) in the CPU that could allow an authenticated local user to potentially read other users’ data [1].</p>
<p>The issue is also known as “Gather Data Sampling” (GDS) or Downfall Attacks. For details refer to the chapter “Additional Information”.</p>
<p>Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
<p>[1] <a href="https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00828.html" class="uri">https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00828.html</a></p>
https://cert-portal.siemens.com/productcert/html/ssa-975766.htmlSSA-975766 V1.1 (Last Update: 2023-11-14): Open Design Alliance Drawings SDK Vulnerability in Solid Edge2023-11-14T00:00:00+00:00<p>Solid Edge is affected by a file parsing vulnerability in Drawings SDK from Open Design Alliance. If a user is tricked to open a malicious DWG file with the affected application, an attacker could leverage the vulnerability to crash the application or execute arbitrary code.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
<p>Note:</p>
<ul>
<li>This advisory covers security vulnerabilities recently disclosed by Open Design Alliance [0]</li>
</ul>
<p>[0] <a href="https://www.opendesign.com/security-advisories">https://www.opendesign.com/security-advisories</a></p>
https://cert-portal.siemens.com/productcert/html/ssa-908185.htmlSSA-908185 V1.1 (Last Update: 2023-11-14): Mirror Port Isolation Vulnerability in RUGGEDCOM ROS Devices2023-11-14T00:00:00+00:00<p>A vulnerability was identified in RUGGEDCOM ROS devices with mirror port enabled, that could allow an attacker to inject information into the network via the mirror port.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/html/ssa-887122.htmlSSA-887122 V1.0: X_T File Parsing Vulnerabilities in Simcenter Femap2023-11-14T00:00:00+00:00<p>Simcenter Femap is affected by out of bounds write vulnerabilities that could be triggered when the application reads files in X_T format. If a user is tricked to open a malicious file with the affected applications, an attacker could leverage the vulnerability to perform remote code execution in the context of the current process.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/html/ssa-840800.htmlSSA-840800 V1.4 (Last Update: 2023-11-14): Code Injection Vulnerability in RUGGEDCOM ROS2023-11-14T00:00:00+00:00<p>RUGGEDCOM ROS-based devices are vulnerable to a web-based code injection attack. To execute this attack, it is necessary to access the system via the Command Line Interface (CLI).</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/html/ssa-831302.htmlSSA-831302 V1.2 (Last Update: 2023-11-14): Vulnerabilities in the BIOS of the SIMATIC S7-1500 TM MFP V1.02023-11-14T00:00:00+00:00<p>Multiple vulnerabilities have been identified in the BIOS of the SIMATIC S7-1500 TM MFP V1.0.</p>
<p>Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/html/ssa-794697.htmlSSA-794697 V1.4 (Last Update: 2023-11-14): Vulnerabilities in the Linux Kernel of the SIMATIC S7-1500 TM MFP V1.02023-11-14T00:00:00+00:00<p>Multiple vulnerabilities have been identified in the Linux Kernel of the SIMATIC S7-1500 TM MFP V1.0.</p>
<p>Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/html/ssa-787941.htmlSSA-787941 V1.4 (Last Update: 2023-11-14): Denial of Service Vulnerability in RUGGEDCOM ROS devices2023-11-14T00:00:00+00:00<p>RUGGEDCOM ROS-based devices are vulnerable to a denial of service attack (Slowloris). By sending partial HTTP requests nonstop, with none completed, the affected web servers will be waiting for the completion of each request, occupying all available HTTP connections. The web server recovers by itself once the attack ends.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/html/ssa-770902.htmlSSA-770902 V1.1 (Last Update: 2023-11-14): Denial of Service Vulnerability in the Web Server of RUGGEDCOM ROS Devices2023-11-14T00:00:00+00:00<p>A denial of service vulnerability could allow an unauthorized attacker to cause total loss of availability in the web server of the affected devices.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/html/ssa-764417.htmlSSA-764417 V1.8 (Last Update: 2023-11-14): Weak Encryption Vulnerability in RUGGEDCOM ROS Devices2023-11-14T00:00:00+00:00<p>The SSH server on RUGGEDCOM ROS devices is configured to offer weak ciphers by default. This could allow an unauthorized attacker in a man-in-the-middle position to read and modify any data passed over the connection between legitimate clients and the affected device.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/html/ssa-711309.htmlSSA-711309 V1.2 (Last Update: 2023-11-14): Denial of Service Vulnerability in the OPC UA Implementations of SIMATIC Products2023-11-14T00:00:00+00:00<p>The OPC UA implementations (ANSI C and C++) as used in several SIMATIC products contain a denial of service vulnerability that could allow an unauthenticated remote attacker to create a denial of service condition by sending a specially crafted certificate.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/html/ssa-699386.htmlSSA-699386 V1.0: Multiple Vulnerabilities in SCALANCE XB-200 / XC-200 / XP-200 / XF-200BA / XR-300WG Family before V4.52023-11-14T00:00:00+00:00<p>SCALANCE XB-200/XC-200/XP-200/XF-200BA/XR-300WG Family before V4.5 is affected by multiple vulnerabilities.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/html/ssa-691715.htmlSSA-691715 V1.3 (Last Update: 2023-11-14): Vulnerability in OPC Foundation Local Discovery Server Affecting Siemens Products2023-11-14T00:00:00+00:00<p>A vulnerability was identified in OPC Foundation Local Discovery Server which also affects Siemens products that could allow an attacker to escalate privileges under certain circumstances.</p>
<p>Siemens has released an update for SIMATIC WinCC and recommends to update to the latest version. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/html/ssa-647455.htmlSSA-647455 V1.1 (Last Update: 2023-11-14): Multiple Vulnerabilities in Nozomi Guardian/CMC before 22.6.2 on RUGGEDCOM APE1808 devices2023-11-14T00:00:00+00:00<p>Nozomi Networks has published information on vulnerabilities in <a href="https://security.nozominetworks.com/">Nozomi Guardian/CMC before V22.6.2</a>. This advisory lists the related Siemens Industrial products affected by these vulnerabilities.</p>
<p>Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available. Customers are advised to consult and implement the workarounds provided in Nozomi Network’s upstream security notifications.</p>
https://cert-portal.siemens.com/productcert/html/ssa-478780.htmlSSA-478780 V1.0: Multiple WRL File Parsing Vulnerabilities in Tecnomatix Plant Simulation2023-11-14T00:00:00+00:00<p>Siemens Tecnomatix Plant Simulation contains multiple file parsing vulnerabilities that could be triggered when the application reads files in WRL format. If a user is tricked to open a malicious file with any of the affected products, this could lead the application to crash or potentially lead to arbitrary code execution.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/html/ssa-457702.htmlSSA-457702 V1.0: Wi-Fi Encryption Bypass Vulnerabilities in SCALANCE W700 Product Family2023-11-14T00:00:00+00:00<p>The SCALANCE W700 devices are affected by Wi-Fi encryption bypass vulnerabilities (“Framing Frames”) that could allow an attacker to disclose sensitive information or to steal the victims session. CVE-2022-47522 is divided into 3 different scenarios which are described in the section “Additional Information”.</p>
<p>Siemens recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/html/ssa-456933.htmlSSA-456933 V1.0: Multiple Vulnerabilities in SIMATIC PCS neo before V4.12023-11-14T00:00:00+00:00<p>SIMATIC PCS neo before V4.1 is affected by multiple vulnerabilities.</p>
<p>Siemens has released a new version for SIMATIC PCS neo and recommends to update to the latest version.</p>
https://cert-portal.siemens.com/productcert/html/ssb-439005.htmlSSB-439005 V5.7 (Last Update: 2023-11-14): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP2023-11-14T00:00:00+00:00https://cert-portal.siemens.com/productcert/html/ssa-407785.htmlSSA-407785 V1.1 (Last Update: 2023-11-14): Multiple X_T File Parsing Vulnerabilities in Parasolid and Teamcenter Visualization2023-11-14T00:00:00+00:00<p>Parasolid and Teamcenter Visualization are affected by memory corruption vulnerabilities that could be triggered when the application reads files in X_T format. If a user is tricked to open a malicious file with the affected applications, an attacker could leverage the vulnerability to perform remote code execution or denial of service in the context of the current process.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/html/ssa-363107.htmlSSA-363107 V1.4 (Last Update: 2023-11-14): An Improper Initialization Vulnerability Affects SIMATIC WinCC Kiosk Mode2023-11-14T00:00:00+00:00<p>A vulnerability was found in SIMATIC WinCC that could allow authenticated attackers to escape the Kiosk Mode.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/html/ssa-309571.htmlSSA-309571 V1.9 (Last Update: 2023-11-14): IPU 2021.1 Vulnerabilities in Siemens Industrial Products using Intel CPUs (June 2021)2023-11-14T00:00:00+00:00<p>Intel has published information on vulnerabilities in Intel products in <a href="https://blogs.intel.com/technology/2021/06/intel-security-advisories-for-june-2021/">June 2021</a>. This advisory lists the related Siemens Industrial products affected by these vulnerabilities that can be patched by applying the corresponding BIOS update.</p>
<p>In this advisory we summarize:</p>
<ul>
<li><p>“2021.1 IPU – Intel® CSME, SPS and LMS Advisory” Intel-SA-00459,</p></li>
<li><p>“2021.1 IPU – BIOS Advisory” Intel-SA-00463,</p></li>
<li><p>“2021.1 IPU – Intel® Processor Advisory” Intel-SA-00464, and</p></li>
<li><p>“2021.1 IPU - Intel Atom® Processor Advisory” Intel-SA-00465.</p></li>
</ul>
<p>Siemens has released updates for several affected products and is currently working on BIOS updates that include chipset microcode updates for further products.</p>
https://cert-portal.siemens.com/productcert/html/ssa-306654.htmlSSA-306654 V1.8 (Last Update: 2023-11-14): Insyde BIOS Vulnerabilities in Siemens Industrial Products2023-11-14T00:00:00+00:00<p>Insyde has published information on vulnerabilities in Insyde BIOS in <a href="https://www.insyde.com/security-pledge">February 2022</a>. This advisory lists the Siemens Industrial products affected by these vulnerabilities.</p>
<p>Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/html/ssa-292063.htmlSSA-292063 V1.0: Multiple Vulnerabilities in Nozomi Guardian/CMC before 22.6.3 and 23.1.0 on RUGGEDCOM APE1808 devices2023-11-14T00:00:00+00:00<p>Nozomi Networks has published information on vulnerabilities in <a href="https://security.nozominetworks.com/">Nozomi Guardian/CMC before V22.6.3 and 23.1.0</a>. This advisory lists the related Siemens Industrial products affected by these vulnerabilities.</p>
<p>Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available. Customers are advised to consult and implement the workarounds provided in Nozomi Network’s upstream security notifications.</p>
https://cert-portal.siemens.com/productcert/html/ssa-264814.htmlSSA-264814 V1.2 (Last Update: 2023-11-14): Timing Based Side Channel Vulnerability in the OpenSSL RSA Decryption in SIMATIC Products2023-11-14T00:00:00+00:00<p>Several SIMATIC products are affected by a timing based side channel vulnerability in the OpenSSL RSA Decryption (CVE-2023-4304), as disclosed on 2023-02-07 at <a href="https://www.openssl.org/news/secadv/20230207.txt" class="uri">https://www.openssl.org/news/secadv/20230207.txt</a>.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/html/ssa-197270.htmlSSA-197270 V1.0: Information Disclosure Vulnerability in Siemens OPC UA Modeling Editor (SiOME)2023-11-14T00:00:00+00:00<p>Siemens OPC UA Modeling Editor (SiOME) is affected by an XML external entity (XXE) injection vulnerability that could allow an attacker to interfere with an application’s processing of XML data and read arbitrary files in the system.</p>
<p>Siemens has released a new version for Siemens OPC UA Modelling Editor (SiOME) and recommends to update to the latest version.</p>
https://cert-portal.siemens.com/productcert/html/ssa-150063.htmlSSA-150063 V1.0: Multiple Vulnerabilities in SINEC PNI before V2.02023-11-14T00:00:00+00:00<p>SINEC PNI before V2.0 is affected by multiple vulnerabilities.</p>
<p>Siemens has released an update for SINEC PNI and recommends to update to the latest version.</p>
https://cert-portal.siemens.com/productcert/html/ssa-137900.htmlSSA-137900 V1.0: Multiple Vulnerabilities in COMOS2023-11-14T00:00:00+00:00<p>COMOS is affected by multiple vulnerabilities that could allow an attacker to execute arbitrary code or cause denial of service condition, data infiltration or perform access control violations.</p>
<p>Siemens has released an update for COMOS and recommends to update to the latest version. Siemens recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/html/ssa-099606.htmlSSA-099606 V1.0: Multiple Vulnerabilities in SIMATIC MV500 before V3.3.52023-11-14T00:00:00+00:00<p>SIMATIC MV500 before V3.3.5 is affected by multiple vulnerabilities.</p>
<p>Siemens has released an update for SIMATIC MV500 and recommends to update to the latest version.</p>
https://cert-portal.siemens.com/productcert/html/ssa-843070.htmlSSA-843070 V1.0: Multiple Vulnerabilities in SCALANCE W1750D2023-10-10T00:00:00+00:00<p>The SCALANCE W1750D device contains multiple vulnerabilities that could allow an attacker to inject commands or exploit buffer overflow vulnerabilities which could lead to sensitive information disclosure, unauthenticated denial of service or unauthenticated remote code execution.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/html/ssa-829656.htmlSSA-829656 V1.0: Stack Overflow Vulnerability in Xpedition Layout Browser2023-10-10T00:00:00+00:00<p>Siemens Xpedition Layout Browser consists of a stack overflow vulnerability that could be triggered when the application reads a malicious file in PCB format. If a user is tricked to open a malicious file with the affected product, this could lead the application to crash or potentially lead to arbitrary code execution.</p>
<p>Siemens has released an update for Xpedition Layout Browser and recommends to update to the latest version.</p>
https://cert-portal.siemens.com/productcert/html/ssa-784849.htmlSSA-784849 V1.0: Direct Memory Access Vulnerabilities in SIMATIC CP Devices2023-10-10T00:00:00+00:00<p>Several SIMATIC CP devices contain direct memory access vulnerabilities that could allow an attacker to execute code, access the PROFINET network without restrictions or perform denial of service attacks.</p>
<p>Siemens recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/html/ssa-712929.htmlSSA-712929 V2.4 (Last Update: 2023-10-10): Denial of Service Vulnerability in OpenSSL (CVE-2022-0778) Affecting Industrial Products2023-10-10T00:00:00+00:00<p>A vulnerability in the openSSL component (CVE-2022-0778, [0]) could allow an attacker to create a denial of service condition by providing specially crafted elliptic curve certificates to products that use a vulnerable version of openSSL.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends countermeasures for products where updates are not, or not yet available.</p>
<p>[0] <a href="https://www.openssl.org/news/secadv/20220315.txt" class="uri">https://www.openssl.org/news/secadv/20220315.txt</a></p>
https://cert-portal.siemens.com/productcert/html/ssa-711309.htmlSSA-711309 V1.1 (Last Update: 2023-10-10): Denial of Service Vulnerability in the OPC UA Implementations of SIMATIC Products2023-10-10T00:00:00+00:00<p>The OPC UA implementations (ANSI C and C++) as used in several SIMATIC products contain a denial of service vulnerability that could allow an unauthenticated remote attacker to create a denial of service condition by sending a specially crafted certificate.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/html/ssa-710008.htmlSSA-710008 V1.4 (Last Update: 2023-10-10): Multiple Web Vulnerabilities in SCALANCE Products2023-10-10T00:00:00+00:00<p>SCALANCE devices contain multiple vulnerabilities in MSPS based product lines that could allow authenticated remote attackers to execute custom code or create a XSS situation, as well as unauthenticated remote attackers to create a denial of service condition.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/html/ssa-647455.htmlSSA-647455 V1.0: Multiple Vulnerabilities in Nozomi Guardian/CMC before 22.6.2 on RUGGEDCOM APE1808 devices2023-10-10T00:00:00+00:00<p>Nozomi Networks has published information on vulnerabilities in <a href="https://security.nozominetworks.com/">Nozomi Guardian/CMC before V22.6.2</a>. This advisory lists the related Siemens Industrial products affected by these vulnerabilities.</p>
<p>Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available. Customers are advised to consult and implement the workarounds provided in Nozomi Network’s upstream security notifications.</p>
https://cert-portal.siemens.com/productcert/html/ssa-594373.htmlSSA-594373 V1.0: Cross-Site-Scripting (XSS) Vulnerability in SINEMA Server V142023-10-10T00:00:00+00:00<p>SINEMA Server V14 improperly sanitizes certain SNMP configuration data retrieved from monitored devices. An attacker with access to a monitored device could perform a stored cross-site scripting (XSS) attack that may lead to arbitrary code execution with <code>SYSTEM</code> privileges on the application server.</p>
<p>Siemens recommends to migrate to its successor product SINEC NMS V2.0 or later. Siemens recommends to apply specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/html/ssa-524778.htmlSSA-524778 V1.0: File Parsing Vulnerabilities in Tecnomatix Plant Simulation2023-10-10T00:00:00+00:00<p>Siemens Tecnomatix Plant Simulation contains multiple vulnerabilities that could be triggered when the application reads SPP and IGS files. If a user is tricked to open a malicious file using the affected application, this could lead to a crash, and potentially also to arbitrary code execution on the target host system.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/html/ssa-516174.htmlSSA-516174 V1.1 (Last Update: 2023-10-10): Wi-Fi Encryption Bypass Vulnerabilities in SCALANCE W1750D2023-10-10T00:00:00+00:00<p>The SCALANCE W1750D device is affected by Wi-Fi encryption bypass vulnerabilities (“Framing Frames”) that could allow an attacker to disclose sensitive information or to steal the victims session.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/html/ssb-439005.htmlSSB-439005 V5.6 (Last Update: 2023-10-10): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP2023-10-10T00:00:00+00:00https://cert-portal.siemens.com/productcert/html/ssa-413565.htmlSSA-413565 V1.3 (Last Update: 2023-10-10): Multiple Vulnerabilities in SCALANCE Products2023-10-10T00:00:00+00:00<p>Multiple SCALANCE devices are affected by several vulnerabilities that could allow an attacker to inject code, retrieve data as debug information as well as user CLI passwords or set the CLI to an irresponsive state.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/html/ssa-386812.htmlSSA-386812 V1.0: Remote Code Execution Vulnerability in Simcenter Amesim before V2021.12023-10-10T00:00:00+00:00<p>Simcenter Amesim contains a vulnerable SOAP endpoint that could allow an unauthenticated remote attacker to perform DLL injection and execute arbitrary code in the context of the affected application process.</p>
<p>Siemens has released an update for Simcenter Amesim and recommends to update to the latest version.</p>
https://cert-portal.siemens.com/productcert/html/ssa-363107.htmlSSA-363107 V1.3 (Last Update: 2023-10-10): An Improper Initialization Vulnerability Affects SIMATIC WinCC Kiosk Mode2023-10-10T00:00:00+00:00<p>A vulnerability was found in SIMATIC WinCC that could allow authenticated attackers to escape the Kiosk Mode.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/html/ssa-285795.htmlSSA-285795 V1.4 (Last Update: 2023-10-10): Denial of Service in OPC-UA in Industrial Products2023-10-10T00:00:00+00:00<p>A vulnerability in the underlying third party component OPC UA ANSIC Stack (also called Legacy C-Stack) affects several industrial products. The vulnerability could cause a crash of the component that includes the vulnerable part of the stack.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/html/ssa-250085.htmlSSA-250085 V1.3 (Last Update: 2023-10-10): Multiple Vulnerabilities in SINEC NMS and SINEMA Server2023-10-10T00:00:00+00:00<p>SINEC NMS and SINEMA Server V14 contain multiple vulnerabilities that could allow an attacker to execute arbitrary code on the system, arbitrary commands on the local database or achieve privilege escalation.</p>
<p>Siemens has released several updates for SINEC NMS and recommends to update to the latest version. Siemens recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/html/ssa-240541.htmlSSA-240541 V1.1 (Last Update: 2023-10-10): WIBU Systems CodeMeter Heap Buffer Overflow Vulnerability in Industrial Products2023-10-10T00:00:00+00:00<p>WIBU Systems published information about a heap buffer overflow vulnerability and associated fix releases of CodeMeter Runtime, a product provided by WIBU Systems and used in several Siemens industrial products for license management.</p>
<p>The vulnerability is described in the section “Vulnerability Classification” below and got assigned the CVE ID CVE-2023-3935. Successful exploitation of this vulnerability could allow</p>
<ul>
<li>an unauthenticated remote attacker to execute code on vulnerable products, where CodeMeter Runtime (i.e., CodeMeter.exe) is configured as a server, or</li>
<li>an authenticated local attacker to gain root/admin privileges on vulnerable products, where CodeMeter Runtime is configured as a client.</li>
</ul>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/html/ssa-203374.htmlSSA-203374 V1.1 (Last Update: 2023-10-10): Multiple OpenSSL Vulnerabilities in SCALANCE W1750D Devices2023-10-10T00:00:00+00:00<p>The SCALANCE W1750D device contains multiple vulnerabilities in the integrated OpenSSL component that could allow an attacker to read memory contents, decrypt RSA-encrypted messages or create a denial of service condition.</p>
<p>Siemens recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/html/ssa-160243.htmlSSA-160243 V1.0: Multiple Vulnerabilities in SINEC NMS before V2.02023-10-10T00:00:00+00:00<p>SINEC NMS before V2.0 is affected by a code injection and a stored cross-site scripting vulnerability.</p>
<p>Siemens has released an update for SINEC NMS and recommends to update to the latest version.</p>
https://cert-portal.siemens.com/productcert/html/ssa-646240.htmlSSA-646240 V1.0: Sensitive Information Disclosure in SIMATIC PCS neo Administration Console2023-09-14T00:00:00+00:00<p>The Administration Console of SIMATIC PCS neo leaks Windows admin credentials. An attacker with local Windows access to the Administration Console could get the credentials, and impersonate the admin user, thereby gaining admin access to other Windows systems.</p>
<p>Siemens has released a security patch for the affected products and recommends to install the patch.</p>
https://cert-portal.siemens.com/productcert/html/ssa-981975.htmlSSA-981975 V1.0: Information Disclosure Vulnerability in Intel-CPUs (CVE-2022-40982) Impacting SIMATIC IPCs2023-09-12T00:00:00+00:00<p>Several Intel-CPU based SIMATIC IPCs are affected by an information exposure vulnerability (CVE-2022-40982) in the CPU that could allow an authenticated local user to potentially read other users’ data [1].</p>
<p>The issue is also known as “Gather Data Sampling” (GDS) or Downfall Attacks. For details refer to the chapter “Additional Information”.</p>
<p>Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
<p>[1] <a href="https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00828.html" class="uri">https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00828.html</a></p>
https://cert-portal.siemens.com/productcert/html/ssa-957369.htmlSSA-957369 V1.0: Insyde BIOS Vulnerabilities in RUGGEDCOM APE1808 Product Family2023-09-12T00:00:00+00:00<p>Insyde has published information on vulnerabilities in Insyde BIOS up to <a href="https://www.insyde.com/security-pledge">August 2023</a>. These vulnerabilities also affect the RUGGEDCOM APE1808 product family.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/html/ssa-831302.htmlSSA-831302 V1.1 (Last Update: 2023-09-12): Vulnerabilities in the BIOS of the SIMATIC S7-1500 TM MFP V1.02023-09-12T00:00:00+00:00<p>Multiple vulnerabilities have been identified in the BIOS of the SIMATIC S7-1500 TM MFP V1.0.</p>
<p>Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/html/ssa-794697.htmlSSA-794697 V1.3 (Last Update: 2023-09-12): Vulnerabilities in the Linux Kernel of the SIMATIC S7-1500 TM MFP V1.02023-09-12T00:00:00+00:00<p>Multiple vulnerabilities have been identified in the Linux Kernel of the SIMATIC S7-1500 TM MFP V1.0.</p>
<p>Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/html/ssa-787941.htmlSSA-787941 V1.3 (Last Update: 2023-09-12): Denial of Service Vulnerability in RUGGEDCOM ROS V42023-09-12T00:00:00+00:00<p>RUGGEDCOM ROS-based V4 devices are vulnerable to a denial of service attack (Slowloris). By sending partial HTTP requests nonstop, with none completed, the affected web servers will be waiting for the completion of each request, occupying all available HTTP connections. The web server recovers by itself once the attack ends.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/html/ssa-764801.htmlSSA-764801 V1.2 (Last Update: 2023-09-12): File Parsing Vulnerabilities in Tecnomatix Plant Simulation2023-09-12T00:00:00+00:00<p>Siemens Tecnomatix Plant Simulation contains multiple vulnerabilities that could be triggered when the application reads PAR, SPP, STP and PRT files. If a user is tricked to open a malicious file using the affected application, this could lead to a crash, and potentially also to arbitrary code execution on the target host system.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/html/ssa-712929.htmlSSA-712929 V2.3 (Last Update: 2023-09-12): Denial of Service Vulnerability in OpenSSL (CVE-2022-0778) Affecting Industrial Products2023-09-12T00:00:00+00:00<p>A vulnerability in the openSSL component (CVE-2022-0778, [0]) could allow an attacker to create a denial of service condition by providing specially crafted elliptic curve certificates to products that use a vulnerable version of openSSL.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends countermeasures for products where updates are not, or not yet available.</p>
<p>[0] <a href="https://www.openssl.org/news/secadv/20220315.txt" class="uri">https://www.openssl.org/news/secadv/20220315.txt</a></p>
https://cert-portal.siemens.com/productcert/html/ssa-711309.htmlSSA-711309 V1.0: Denial of Service Vulnerability in the ANSI C OPC UA SDK of SIMATIC Products2023-09-12T00:00:00+00:00<p>The ANSI C OPC UA implementation as used in several SIMATIC products contains a denial of service vulnerability that could allow an unauthenticated remote attacker to create a denial of service condition by sending a specially crafted certificate.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/html/ssa-587547.htmlSSA-587547 V1.1 (Last Update: 2023-09-12): Unencrypted Storage of User Credentials in QMS Automotive2023-09-12T00:00:00+00:00<p>QMS Automotive contains a vulnerability that stores user credentials in plantext within the user database. This could allow an attacker to read credentials from memory.</p>
<p>Siemens has released an update for QMS Automotive and recommends to update to the latest version.</p>
https://cert-portal.siemens.com/productcert/html/ssa-478960.htmlSSA-478960 V1.7 (Last Update: 2023-09-12): Missing CSRF Protection in the Web Server Login Page of Industrial Controllers2023-09-12T00:00:00+00:00<p>The web server login page of affected products does not apply proper origin checking. This could allow authenticated remote attackers to track the activities of other users via a login cross-site request forgery attack..</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/html/ssa-450613.htmlSSA-450613 V1.1 (Last Update: 2023-09-12): Insyde BIOS Vulnerabilities in RUGGEDCOM APE1808 Product Family2023-09-12T00:00:00+00:00<p>Insyde has published information on vulnerabilities in Insyde BIOS on <a href="https://www.insyde.com/security-pledge">November 8th 2022</a>. These vulnerabilities also affect the RUGGEDCOM APE1808 product family.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/html/ssb-439005.htmlSSB-439005 V5.5 (Last Update: 2023-09-12): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP2023-09-12T00:00:00+00:00https://cert-portal.siemens.com/productcert/html/ssa-382653.htmlSSA-382653 V1.5 (Last Update: 2023-09-12): Multiple Denial of Service Vulnerabilities in Industrial Products2023-09-12T00:00:00+00:00<p>Affected SIMATIC firmware contains multiple vulnerabilities that could allow an unauthenticated attacker to perform a denial of service attack under certain conditions.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/html/ssa-278349.htmlSSA-278349 V1.0: Multiple WRL File Parsing Vulnerabilities in Teamcenter Visualization and JT2Go2023-09-12T00:00:00+00:00<p>Siemens JT2Go and Teamcenter Visualization are affected by file parsing vulnerabilities that could be triggered when the application reads files in WRL format. If a user is tricked to open a malicious file with any of the affected products, this could lead the application to crash or potentially lead to arbitrary code execution.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/html/ssa-264815.htmlSSA-264815 V1.1 (Last Update: 2023-09-12): Type Confusion Vulnerability in OpenSSL X.400 Address Processing in SIMATIC Products2023-09-12T00:00:00+00:00<p>Several SIMATIC products are affected by a type confusion vulnerability relating to OpenSSL X.400 address processing (CVE-2023-0286), as disclosed disclosed on 2023-02-07 at <a href="https://www.openssl.org/news/secadv/20230207.txt" class="uri">https://www.openssl.org/news/secadv/20230207.txt</a>.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/html/ssa-264814.htmlSSA-264814 V1.1 (Last Update: 2023-09-12): Timing Based Side Channel Vulnerability in the OpenSSL RSA Decryption in SIMATIC Products2023-09-12T00:00:00+00:00<p>Several SIMATIC products are affected by a timing based side channel vulnerability in the OpenSSL RSA Decryption (CVE-2023-4304), as disclosed on 2023-02-07 at <a href="https://www.openssl.org/news/secadv/20230207.txt" class="uri">https://www.openssl.org/news/secadv/20230207.txt</a>.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/html/ssa-240541.htmlSSA-240541 V1.0: WIBU Systems CodeMeter Heap Buffer Overflow Vulnerability in Industrial Products2023-09-12T00:00:00+00:00<p>WIBU Systems published information about a heap buffer overflow vulnerability and associated fix releases of CodeMeter Runtime, a product provided by WIBU Systems and used in several Siemens industrial products for license management.</p>
<p>The vulnerability is described in the section “Vulnerability Classification” below and got assigned the CVE ID CVE-2023-3935. Successful exploitation of this vulnerability could allow</p>
<ul>
<li>an unauthenticated remote attacker to execute code on vulnerable products, where CodeMeter Runtime (i.e., CodeMeter.exe) is configured as a server, or</li>
<li>an authenticated local attacker to gain root/admin privileges on vulnerable products, where CodeMeter Runtime is configured as a client.</li>
</ul>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/html/ssa-190839.htmlSSA-190839 V1.0: X_T File Parsing Vulnerabilities in Parasolid2023-09-12T00:00:00+00:00<p>Parasolid is affected by out of bounds write vulnerabilities that could be triggered when the application reads files in X_T format. If a user is tricked to open a malicious file with the affected applications, an attacker could leverage the vulnerability to perform remote code execution in the context of the current process.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/html/ssa-147266.htmlSSA-147266 V1.0: Multiple Vulnerabilities in QMS Automotive before V12.392023-09-12T00:00:00+00:00<p>QMS Automotive before V12.39 contains multiple vulnerabilities that could allow an attacker to perform malicious code injection, information disclosure or lead to a denial of service condition.</p>
<p>Siemens has released an update for QMS Automotive and recommends to update to the latest version.</p>
https://cert-portal.siemens.com/productcert/html/ssa-932528.htmlSSA-932528 V1.1 (Last Update: 2023-08-08): Multiple File Parsing Vulnerabilities in Solid Edge2023-08-08T00:00:00+00:00<p>Solid Edge is affected by multiple memory corruption vulnerabilities that could be triggered when the application reads specially crafted files in various formats such as DWG, IFC, OBJ or STP format. If a user is tricked to open a malicious file with the affected application, an attacker could leverage the vulnerability to crash the application or execute arbitrary code.</p>
<p>Siemens has released several updates for Solid Edge SE2023 and recommends to update to the latest version.</p>
https://cert-portal.siemens.com/productcert/html/ssa-908185.htmlSSA-908185 V1.0: Mirror Port Isolation Vulnerability in RUGGEDCOM ROS Devices2023-08-08T00:00:00+00:00<p>A vulnerability was identified in RUGGEDCOM ROS devices with mirror port enabled, that could allow an attacker to inject information into the network via the mirror port.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/html/ssa-811403.htmlSSA-811403 V1.0: Multiple File Parsing Vulnerabilities in Solid Edge before V223 Update 72023-08-08T00:00:00+00:00<p>Solid Edge is affected by multiple memory corruption vulnerabilities that could be triggered when the application reads specially crafted files in various formats such as DFT, PAR or PSM format. If a user is tricked to open a malicious file with the affected application, an attacker could leverage the vulnerability to crash the application or execute arbitrary code.</p>
<p>Siemens has released an update for Solid Edge SE2023 and recommends to update to the latest version.</p>
https://cert-portal.siemens.com/productcert/html/ssa-794697.htmlSSA-794697 V1.2 (Last Update: 2023-08-08): Vulnerabilities in the Linux Kernel of the SIMATIC S7-1500 TM MFP V1.02023-08-08T00:00:00+00:00<p>Multiple vulnerabilities have been identified in the Linux Kernel of the SIMATIC S7-1500 TM MFP V1.0.</p>
<p>Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/html/ssa-770902.htmlSSA-770902 V1.0: Denial of Service Vulnerability in the Web Server of RUGGEDCOM ROS Devices2023-08-08T00:00:00+00:00<p>A denial of service vulnerability could allow an unauthorized attacker to cause total loss of availability in the web server of the affected devices.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/html/ssa-764801.htmlSSA-764801 V1.1 (Last Update: 2023-08-08): File Parsing Vulnerabilities in Tecnomatix Plant Simulation2023-08-08T00:00:00+00:00<p>Siemens Tecnomatix Plant Simulation contains multiple vulnerabilities that could be triggered when the application reads PAR, SPP, STP and PRT files. If a user is tricked to open a malicious file using the affected application, this could lead to a crash, and potentially also to arbitrary code execution on the target host system.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/html/ssa-691715.htmlSSA-691715 V1.2 (Last Update: 2023-08-08): Vulnerability in OPC Foundation Local Discovery Server Affecting Siemens Products2023-08-08T00:00:00+00:00<p>A vulnerability was identified in OPC Foundation Local Discovery Server which also affects Siemens products that could allow an attacker to escalate privileges under certain circumstances.</p>
<p>Siemens has released an update for SIMATIC WinCC and recommends to update to the latest version. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/html/ssa-686975.htmlSSA-686975 V1.3 (Last Update: 2023-08-08): IPU 2022.3 Vulnerabilities in Siemens Industrial Products using Intel CPUs2023-08-08T00:00:00+00:00<p>Intel has published information on vulnerabilities in Intel products in November 2022. This advisory lists the related Siemens Industrial products affected by these vulnerabilities that can be patched by applying the corresponding BIOS update (“2022.3 IPU – BIOS Advisory” <a href="https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00688.html">Intel-SA-00688</a>).</p>
<p>Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/html/ssa-478960.htmlSSA-478960 V1.6 (Last Update: 2023-08-08): Missing CSRF Protection in the Web Server Login Page of Industrial Controllers2023-08-08T00:00:00+00:00<p>The web server login page of affected products does not apply proper origin checking. This could allow authenticated remote attackers to track the activities of other users via a login cross-site request forgery attack..</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/html/ssa-472630.htmlSSA-472630 V1.0: Security Vulnerabilities Fixed in RUGGEDCOM CROSSBOW V5.42023-08-08T00:00:00+00:00<p>The RUGGEDCOM CROSSBOW server application before V5.4 contains multiple vulnerabilities that could allow an attacker to execute arbitrary database queries via SQL injection attacks, to create a denial of service condition, or to write arbitrary files to the application’s file system.</p>
<p>Siemens has released an update for RUGGEDCOM CROSSBOW and recommends to update to the latest version.</p>
https://cert-portal.siemens.com/productcert/html/ssb-439005.htmlSSB-439005 V5.4 (Last Update: 2023-08-08): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP2023-08-08T00:00:00+00:00https://cert-portal.siemens.com/productcert/html/ssa-407785.htmlSSA-407785 V1.0: Multiple X_T File Parsing Vulnerabilities in Parasolid and Teamcenter Visualization2023-08-08T00:00:00+00:00<p>Parasolid and Teamcenter Visualization are affected by memory corruption vulnerabilities that could be triggered when the application reads files in X_T format. If a user is tricked to open a malicious file with the affected applications, an attacker could leverage the vulnerability to perform remote code execution or denial of service in the context of the current process.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates for Teamcenter Visualization V14.1 and V14.3 where fixes are planned for the next patch release.</p>
https://cert-portal.siemens.com/productcert/html/ssa-306654.htmlSSA-306654 V1.7 (Last Update: 2023-08-08): Insyde BIOS Vulnerabilities in Siemens Industrial Products2023-08-08T00:00:00+00:00<p>Insyde has published information on vulnerabilities in Insyde BIOS in <a href="https://www.insyde.com/security-pledge">February 2022</a>. This advisory lists the Siemens Industrial products affected by these vulnerabilities.</p>
<p>Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/html/ssa-264815.htmlSSA-264815 V1.0: Type Confusion Vulnerability in OpenSSL X.400 Address Processing in SIMATIC Products2023-08-08T00:00:00+00:00<p>Several SIMATIC products are affected by a type confusion vulnerability relating to OpenSSL X.400 address processing (CVE-2023-0286), as disclosed disclosed on 2023-02-07 at <a href="https://www.openssl.org/news/secadv/20230207.txt" class="uri">https://www.openssl.org/news/secadv/20230207.txt</a>.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/html/ssa-264814.htmlSSA-264814 V1.0: Timing Based Side Channel Vulnerability in the OpenSSL RSA Decryption in SIMATIC Products2023-08-08T00:00:00+00:00<p>Several SIMATIC products are affected by a timing based side channel vulnerability in the OpenSSL RSA Decryption (CVE-2023-4304), as disclosed on 2023-02-07 at <a href="https://www.openssl.org/news/secadv/20230207.txt" class="uri">https://www.openssl.org/news/secadv/20230207.txt</a>.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/html/ssa-188491.htmlSSA-188491 V1.0: DLL Hijacking Vulnerabilities in Siemens Software Center2023-08-08T00:00:00+00:00<p>Multiple DLL Hijacking vulnerabilities in Siemens Software Center (SSC) could allow a local attacker to execute code with elevated privileges.</p>
<p>Siemens has released an update for the Siemens Software Center and recommends to update to the latest version.</p>
https://cert-portal.siemens.com/productcert/html/ssa-131450.htmlSSA-131450 V1.0: File parsing Vulnerabilities in Solid Edge, JT2Go and Teamcenter Visualization2023-08-08T00:00:00+00:00<p>Siemens JT2Go, Teamcenter Visualization and Solid Edge are affected by multiple file parsing vulnerabilities. If a user is tricked to open a malicious file (crafted as ASM or TIFF file format) with any of the affected products, this could lead the application to crash or potentially lead to arbitrary code execution.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/html/ssa-116172.htmlSSA-116172 V1.0: Nullsoft Scriptable Install System (NSIS) Vulnerability (CVE-2023-37378) in Parasolid Installer2023-08-08T00:00:00+00:00<p>A vulnerability in Nullsoft Scriptable Installer System (NSIS) software (CVE-2023-37378) used in Parasolid installers before V36 creates an “uninstall directory” with insufficient access control. This could allow an attacker to misuse the vulnerability, and potentially escalate privileges.</p>
<p>Only systems where Parasolid is installed with a Parasolid installer is impacted. Siemens recommends to uninstall impacted Parasolid instances and reinstall with the latest installer available.</p>
https://cert-portal.siemens.com/productcert/html/ssa-001569.htmlSSA-001569 V1.0: JT File Parsing Vulnerabilities in JT Open, JT Utilities and Parasolid2023-08-08T00:00:00+00:00<p>JT Open Toolkit, JT Utilities and Parasolid are affected by memory corruption vulnerabilities that could be triggered while parsing JT files. If a user is tricked to open a malicious JT file with any of the affected products, this could cause the application to crash or potentially lead to arbitrary code execution.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/html/ssa-968170.htmlSSA-968170 V1.1 (Last Update: 2023-07-11): Remote Code Execution Vulnerability in SIMATIC STEP 7 V5.x and Derived Products2023-07-11T00:00:00+00:00<p>SIMATIC STEP 7 and PCS 7 contain a database management system that could allow remote users to use embedded functions of the database (local or in a network share) that have impact on the server.</p>
<p>An attacker with network access to the server network could leverage these embedded functions to run code in the database management system’s server (where STEP 7 or PCS 7 are running).</p>
<p>Siemens has released an update for SIMATIC STEP 7 V5 and recommends to update to the latest version. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/html/ssa-930100.htmlSSA-930100 V1.1 (Last Update: 2023-07-11): Privilege Escalation Vulnerability in Simcenter STAR-CCM+2023-07-11T00:00:00+00:00<p>Simcenter STAR-CCM+ contains a privilege escalation vulnerability which could allow a local attacker with an unprivileged account to override or modify the service executable and subsequently gain elevated privileges.</p>
<p>Siemens has released an update for Simcenter STAR-CCM+ and recommends to update to the latest version.</p>
https://cert-portal.siemens.com/productcert/html/ssa-794697.htmlSSA-794697 V1.1 (Last Update: 2023-07-11): Vulnerabilities in the Linux Kernel of the SIMATIC S7-1500 TM MFP V1.02023-07-11T00:00:00+00:00<p>Multiple vulnerabilities have been identified in the Linux Kernel of the SIMATIC S7-1500 TM MFP V1.0.</p>
<p>Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/html/ssa-764801.htmlSSA-764801 V1.0: File Parsing Vulnerabilities in Tecnomatix Plant Simulation2023-07-11T00:00:00+00:00<p>Siemens Tecnomatix Plant Simulation contains multiple vulnerabilities that could be triggered when the application reads PAR, SPP, STP and PRT files. If a user is tricked to open a malicious file using the affected application, this could lead to a crash, and potentially also to arbitrary code execution on the target host system.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/html/ssa-712929.htmlSSA-712929 V2.2 (Last Update: 2023-07-11): Denial of Service Vulnerability in OpenSSL (CVE-2022-0778) Affecting Industrial Products2023-07-11T00:00:00+00:00<p>A vulnerability in the openSSL component (CVE-2022-0778, [0]) could allow an attacker to create a denial of service condition by providing specially crafted elliptic curve certificates to products that use a vulnerable version of openSSL.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends countermeasures for products where updates are not, or not yet available.</p>
<p>[0] <a href="https://www.openssl.org/news/secadv/20220315.txt" class="uri">https://www.openssl.org/news/secadv/20220315.txt</a></p>
https://cert-portal.siemens.com/productcert/html/ssa-686975.htmlSSA-686975 V1.2 (Last Update: 2023-07-11): IPU 2022.3 Vulnerabilities in Siemens Industrial Products using Intel CPUs2023-07-11T00:00:00+00:00<p>Intel has published information on vulnerabilities in Intel products in November 2022. This advisory lists the related Siemens Industrial products affected by these vulnerabilities that can be patched by applying the corresponding BIOS update (“2022.3 IPU – BIOS Advisory” <a href="https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00688.html">Intel-SA-00688</a>).</p>
<p>Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/html/ssa-561322.htmlSSA-561322 V1.0: Multiple Vulnerabilities in SIMATIC MV500 Devices before V3.3.42023-07-11T00:00:00+00:00<p>SIMATIC MV500 devices before V3.3.4 are affected by multiple vulnerabilities in the web server and several third-party components.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/html/ssa-478960.htmlSSA-478960 V1.5 (Last Update: 2023-07-11): Missing CSRF Protection in the Web Server Login Page of Industrial Controllers2023-07-11T00:00:00+00:00<p>The web server login page of affected products does not apply proper origin checking. This could allow authenticated remote attackers to track the activities of other users via a login cross-site request forgery attack..</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/html/ssa-446448.htmlSSA-446448 V1.9 (Last Update: 2023-07-11): Denial of Service Vulnerability in PROFINET Stack Integrated on Interniche Stack2023-07-11T00:00:00+00:00<p>The PROFINET (PNIO) stack, when integrated with the Interniche IP stack, contains a vulnerability that could allow an attacker to cause a denial of service condition on affected industrial products.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/html/ssb-439005.htmlSSB-439005 V5.3 (Last Update: 2023-07-11): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP2023-07-11T00:00:00+00:00https://cert-portal.siemens.com/productcert/html/ssa-408105.htmlSSA-408105 V1.2 (Last Update: 2023-07-11): Buffer Overflow Vulnerabilities in OpenSSL 3.0 Affecting Siemens Products2023-07-11T00:00:00+00:00<p>The openSSL component, versions 3.0.0 through 3.0.6, contains two buffer overflow vulnerabilities (CVE-2022-3602, CVE-2022-3786) in the X.509 certificate verification [0]. They could allow an attacker to create a denial of service condition or execute arbitrary code on a vulnerable TLS server (if the server requests client certificate authentication), or on a vulnerable TLS client.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
<p>[0] <a href="https://www.openssl.org/news/secadv/20221101.txt" class="uri">https://www.openssl.org/news/secadv/20221101.txt</a></p>
https://cert-portal.siemens.com/productcert/html/ssa-382653.htmlSSA-382653 V1.4 (Last Update: 2023-07-11): Multiple Denial of Service Vulnerabilities in Industrial Products2023-07-11T00:00:00+00:00<p>Affected SIMATIC firmware contains multiple vulnerabilities that could allow an unauthenticated attacker to perform a denial of service attack under certain conditions.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/html/ssa-363107.htmlSSA-363107 V1.2 (Last Update: 2023-07-11): An Improper Initialization Vulnerability Affects SIMATIC WinCC Kiosk Mode2023-07-11T00:00:00+00:00<p>A vulnerability was found in SIMATIC WinCC that could allow authenticated attackers to escape the Kiosk Mode.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/html/ssa-313488.htmlSSA-313488 V1.0: Multiple Vulnerabilities in SIMATIC CN 4100 before V2.52023-07-11T00:00:00+00:00<p>SIMATIC CN 4100 is vulnerable to improper access control and insecure default configurations that could allow an attacker to gain privilege escalation, and bypass network isolation.</p>
<p>Siemens has released an update for SIMATIC CN 4100 and recommends to update to the latest version.</p>
https://cert-portal.siemens.com/productcert/html/ssa-306654.htmlSSA-306654 V1.6 (Last Update: 2023-07-11): Insyde BIOS Vulnerabilities in Siemens Industrial Products2023-07-11T00:00:00+00:00<p>Insyde has published information on vulnerabilities in Insyde BIOS in <a href="https://www.insyde.com/security-pledge">February 2022</a>. This advisory lists the Siemens Industrial products affected by these vulnerabilities.</p>
<p>Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/html/ssa-146325.htmlSSA-146325 V1.0: Multiple Vulnerabilities in RUGGEDCOM ROX before V2.162023-07-11T00:00:00+00:00<p>Devices based on RUGGEDCOM ROX before V2.16 contain multiple high severity vulnerabilities, including the third-party vulnerabilities: CVE-2022-24903, CVE-2022-2068, CVE-2021-22946, CVE-2022-22576, CVE-2022-27781, CVE-2022-27782, CVE-2022-32207, CVE-2022-1292.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/html/ssa-942865.htmlSSA-942865 V1.1 (Last Update: 2023-06-14): Multiple Vulnerabilities in the Integrated SCALANCE S615 of SINAMICS Medium Voltage Products2023-06-14T00:00:00+00:00<p>SINAMICS PERFECT HARMONY GH180 is affected by multiple vulnerabilities in the integrated SCALANCE S615 device, as documented in SSA-419740 (<a href="https://cert-portal.siemens.com/productcert/html/ssa-419740.html" class="uri">https://cert-portal.siemens.com/productcert/html/ssa-419740.html</a>).</p>
<p>Siemens recommends to update the firmware of the integrated SCALANCE S615 device to the latest version. Siemens recommends specific countermeasures for products where the firmware update is not, or not yet applied.</p>
<p>Additional considerations regarding the specific impact of the vulnerabilities to SINAMICS MV products can be found in the chapter “Additional Information”.</p>
https://cert-portal.siemens.com/productcert/html/ssa-988345.htmlSSA-988345 V1.1 (Last Update: 2023-06-13): Local Privilege Escalation Vulnerability in Xpedition Designer2023-06-13T00:00:00+00:00<p>A vulnerability in Xpedition Designer could allow an attacker with an unprivileged account to override or modify the service executable and subsequently gain elevated privileges.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/html/ssa-975766.htmlSSA-975766 V1.0: Open Design Alliance Drawings SDK Vulnerability in Solid Edge2023-06-13T00:00:00+00:00<p>Solid Edge is affected by a file parsing vulnerability in Drawings SDK from Open Design Alliance. If a user is tricked to open a malicious DWG file with any of the affected products, this could lead the application to crash or potentially lead to arbitrary code execution.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
<p>Note:</p>
<ul>
<li>This advisory covers security vulnerabilities recently disclosed by Open Design Alliance [0]</li>
</ul>
<p>[0] <a href="https://www.opendesign.com/security-advisories">https://www.opendesign.com/security-advisories</a></p>
https://cert-portal.siemens.com/productcert/html/ssa-968170.htmlSSA-968170 V1.0: Remote Code Execution Vulnerability in SIMATIC STEP 7 V5.x and Derived Products2023-06-13T00:00:00+00:00<p>SIMATIC STEP 7 and PCS 7 contain a database management system that could allow remote users with low privileges to use embedded functions of the database (local or in a network share) that have impact on the server.</p>
<p>An attacker with network access to the server network could leverage these embedded functions to run code with elevated privileges in the database management system’s server (where STEP 7 or PCS 7 are running).</p>
<p>Siemens has released an update for SIMATIC STEP 7 V5 and recommends to update to the latest version. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/html/ssa-942865.htmlSSA-942865 V1.0: Multiple Vulnerabilities in the Integrated SCALANCE S615 of SINAMICS Medium Voltage Products2023-06-13T00:00:00+00:00<p>Several SINAMICS MV (medium voltage) products are affected by multiple vulnerabilities in the integrated SCALANCE S615 device, as documented in SSA-419740 (<a href="https://cert-portal.siemens.com/productcert/html/ssa-419740.html" class="uri">https://cert-portal.siemens.com/productcert/html/ssa-419740.html</a>).</p>
<p>Siemens recommends to update the firmware of the integrated SCALANCE S615 device to the latest version. Siemens recommends specific countermeasures for products where the firmware update is not, or not yet applied.</p>
<p>Additional considerations regarding the specific impact of the vulnerabilities to SINAMICS MV products can be found in the chapter “Additional Information”.</p>
https://cert-portal.siemens.com/productcert/html/ssa-914026.htmlSSA-914026 V1.0: Local Code Execution Vulnerability in SIMATIC WinCC V72023-06-13T00:00:00+00:00<p>SIMATIC WinCC V7 is affected by a vulnerability that could allow a local attacker to inject arbitrary code and escalate privileges, if a non-default installation path was chosen during installation.</p>
<p>Siemens has released an update for SIMATIC WinCC and recommends to update to the latest version.</p>
https://cert-portal.siemens.com/productcert/html/ssa-831302.htmlSSA-831302 V1.0: Vulnerabilities in the BIOS of the SIMATIC S7-1500 TM MFP V1.02023-06-13T00:00:00+00:00<p>Multiple vulnerabilities have been identified in the BIOS of the SIMATIC S7-1500 TM MFP V1.0.</p>
<p>Siemens is preparing updates and recommends countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/html/ssa-794697.htmlSSA-794697 V1.0: Vulnerabilities in the Linux Kernel of the SIMATIC S7-1500 TM MFP V1.02023-06-13T00:00:00+00:00<p>Multiple vulnerabilities have been identified in the Linux Kernel of the SIMATIC S7-1500 TM MFP V1.0.</p>
<p>Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/html/ssa-712929.htmlSSA-712929 V2.1 (Last Update: 2023-06-13): Denial of Service Vulnerability in OpenSSL (CVE-2022-0778) Affecting Industrial Products2023-06-13T00:00:00+00:00<p>A vulnerability in the openSSL component (CVE-2022-0778, [0]) could allow an attacker to create a denial of service condition by providing specially crafted elliptic curve certificates to products that use a vulnerable version of openSSL.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends countermeasures for products where updates are not, or not yet available.</p>
<p>[0] <a href="https://www.openssl.org/news/secadv/20220315.txt" class="uri">https://www.openssl.org/news/secadv/20220315.txt</a></p>
https://cert-portal.siemens.com/productcert/html/ssa-691715.htmlSSA-691715 V1.1 (Last Update: 2023-06-13): Vulnerability in OPC Foundation Local Discovery Server Affecting Siemens Products2023-06-13T00:00:00+00:00<p>A vulnerability was identified in OPC Foundation Local Discovery Server which also affects Siemens products that could allow an attacker to escalate privileges under certain circumstances.</p>
<p>Siemens has released an update for SIMATIC WinCC and recommends to update to the latest version. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/html/ssa-538795.htmlSSA-538795 V1.0: Multiple File Parsing Vulnerabilities in Teamcenter Visualization and JT2Go2023-06-13T00:00:00+00:00<p>Siemens Teamcenter Visualization and JT2Go are affected by multiple file parsing vulnerabilities that could be triggered when the application reads malicious CGM files. If a user is tricked to open a malicious CGM file with the affected products, this could lead the application to crash or potentially lead to arbitrary code execution.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/html/ssa-508677.htmlSSA-508677 V1.0: Use of Obsolete Function Vulnerability in SIMATIC WinCC before V82023-06-13T00:00:00+00:00<p>Before SIMATIC WinCC V8, legacy OPC services (OPC DA (Data Access), OPC HDA (Historical Data Access), and OPC AE (Alarms & Events)) were used per default. These services were designed on top of the Windows ActiveX and DCOM mechanisms and do not implement state-of-the-art security mechanisms for authentication and encryption of contents.</p>
<p>Starting with WinCC V8.0 the legacy OPC services are no longer enabled by default in new installations. Siemens recommends to use OPC UA instead and to disable the legacy OPC services. For deployments where the legacy OPC services are still in use, ensure that only trusted users are part of the SIMATIC HMI group.</p>
https://cert-portal.siemens.com/productcert/html/ssa-482956.htmlSSA-482956 V1.0: Information Disclosure Vulnerability in SIMOTION before V5.52023-06-13T00:00:00+00:00<p>SIMOTION contains an information disclosure vulnerability that could allow an unauthenticated attacker to extract confidential technology object (TO) configuration from the device.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/html/ssb-439005.htmlSSB-439005 V5.2 (Last Update: 2023-06-13): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP2023-06-13T00:00:00+00:00https://cert-portal.siemens.com/productcert/html/ssa-120378.htmlSSA-120378 V1.2 (Last Update: 2023-06-13): Multiple File Parsing Vulnerabilities in Teamcenter Visualization and JT2Go2023-06-13T00:00:00+00:00<p>Siemens Teamcenter Visualization and JT2Go are affected by multiple file parsing vulnerabilities that could be triggered when the application reads malicious TIF, CGM or PDF files. If a user is tricked to open a malicious TIF, CGM or PDF file with the affected products, this could lead the application to crash or potentially lead to arbitrary code execution.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/html/ssa-042050.htmlSSA-042050 V1.0: Know-How Protection Mechanism Failure in TIA Portal2023-06-13T00:00:00+00:00<p>The know-how protection feature in Totally Integrated Automation Portal (TIA Portal) does not properly update the encryption of existing program blocks when a project file is updated. This could allow attackers with access to the project file to recover previous - yet unprotected - versions of the project without the knowledge of the know-how protection password.</p>
<p>Siemens recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/html/ssa-932528.htmlSSA-932528 V1.0: Multiple File Parsing Vulnerabilities in Solid Edge2023-05-09T00:00:00+00:00<p>Solid Edge is affected by multiple memory corruption vulnerabilities that could be triggered when the application reads specially crafted files in various formats such as IFC, OBJ or STP format. If a user is tricked to open a malicious file with the affected application, an attacker could leverage the vulnerability to crash the application or execute arbitrary code.</p>
<p>Siemens has released several updates for Solid Edge SE2023 and recommends to update to the latest version.</p>
https://cert-portal.siemens.com/productcert/html/ssa-892048.htmlSSA-892048 V1.0: Third-Party Component Vulnerabilities in SINEC NMS before V1.0.3.12023-05-09T00:00:00+00:00<p>Multiple vulnerabilities affecting third-party components libexpat and libcurl of SINEC NMS before V1.0.3.1 could allow an attacker to impact SINEC NMS confidentiality, integrity and availability.</p>
<p>Siemens has released an update for SINEC NMS and recommends to update to the latest version.</p>
https://cert-portal.siemens.com/productcert/html/ssa-712929.htmlSSA-712929 V2.0 (Last Update: 2023-05-09): Denial of Service Vulnerability in OpenSSL (CVE-2022-0778) Affecting Industrial Products2023-05-09T00:00:00+00:00<p>A vulnerability in the openSSL component (CVE-2022-0778, [0]) could allow an attacker to create a denial of service condition by providing specially crafted elliptic curve certificates to products that use a vulnerable version of openSSL.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends countermeasures for products where updates are not, or not yet available.</p>
<p>[0] <a href="https://www.openssl.org/news/secadv/20220315.txt" class="uri">https://www.openssl.org/news/secadv/20220315.txt</a></p>
https://cert-portal.siemens.com/productcert/html/ssa-686975.htmlSSA-686975 V1.1 (Last Update: 2023-05-09): IPU 2022.3 Vulnerabilities in Siemens Industrial Products using Intel CPUs2023-05-09T00:00:00+00:00<p>Intel has published information on vulnerabilities in Intel products in November 2022. This advisory lists the related Siemens Industrial products affected by these vulnerabilities that can be patched by applying the corresponding BIOS update (“2022.3 IPU – BIOS Advisory” <a href="https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00688.html">Intel-SA-00688</a>).</p>
<p>Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/html/ssa-640968.htmlSSA-640968 V1.1 (Last Update: 2023-05-09): Untrusted Search Path Vulnerability in TIA Project-Server formerly known as TIA Multiuser Server2023-05-09T00:00:00+00:00<p>TIA Project-Server formerly known as TIA Multiuser Server contains an untrusted search path vulnerability that could allow an attacker to escalate privileges, when tricking a legitimate user to start the service from an attacker controlled path.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/html/ssa-632164.htmlSSA-632164 V1.1 (Last Update: 2023-05-09): External Entity Injection Vulnerability in Polarion ALM2023-05-09T00:00:00+00:00<p>Polarion ALM is vulnerable to XML External Entity (XXE) injection attack that could allow an attacker to potentially disclose confidential data.</p>
<p>Siemens has released an update for Polarion ALM and recommends to update to the latest version.</p>
https://cert-portal.siemens.com/productcert/html/ssa-592007.htmlSSA-592007 V2.1 (Last Update: 2023-05-09): Denial of Service Vulnerability in Industrial Products2023-05-09T00:00:00+00:00<p>Several industrial controllers are affected by a security vulnerability that could allow an attacker to cause a denial of service condition via PROFINET DCP network packets under certain circumstances. Precondition for this scenario is a direct OSI Layer 2 access to the affected products. PROFIBUS interfaces are not affected.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/html/ssa-566905.htmlSSA-566905 V1.1 (Last Update: 2023-05-09): Multiple Denial of Service Vulnerabilities in the Webserver of Industrial Products2023-05-09T00:00:00+00:00<p>Multiple vulnerabilities in the affected products could allow an unauthorized attacker with network access to the webserver of an affected products to perform a denial of service attack.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/html/ssa-555292.htmlSSA-555292 V1.0: Security Vulnerabilities Fixed in SIMATIC Cloud Connect 7 V2.12023-05-09T00:00:00+00:00<p>SIMATIC Cloud Connect 7 contains multiple vulnerabilities that could allow an attacker to impact its confidentiality, integrity and availability.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/html/ssa-516174.htmlSSA-516174 V1.0: Wi-Fi Encryption Bypass Vulnerabilities in SCALANCE W1750D2023-05-09T00:00:00+00:00<p>The SCALANCE W1750D device is affected by Wi-Fi encryption bypass vulnerabilities (“Framing Frames”) that could allow an attacker to disclose sensitive information or to steal the victims session.</p>
<p>Siemens is preparing updates and recommends countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/html/ssa-480230.htmlSSA-480230 V2.7 (Last Update: 2023-05-09): Denial of Service Vulnerability in Webserver of Industrial Products2023-05-09T00:00:00+00:00<p>A vulnerability in the affected devices could allow an unauthorized attacker with network access to the webserver of an affected device to perform a denial of service attack.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/html/ssa-478960.htmlSSA-478960 V1.4 (Last Update: 2023-05-09): Missing CSRF Protection in the Web Server Login Page of Industrial Controllers2023-05-09T00:00:00+00:00<p>The web server login page of affected products does not apply proper origin checking. This could allow authenticated remote attackers to track the activities of other users via a login cross-site request forgery attack..</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/html/ssa-473245.htmlSSA-473245 V2.6 (Last Update: 2023-05-09): Denial of Service Vulnerability in Profinet Devices2023-05-09T00:00:00+00:00<p>A vulnerability in affected devices could allow an attacker to perform a denial of service attack if a large amount of specially crafted UDP packets are sent to the device.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/html/ssa-382653.htmlSSA-382653 V1.3 (Last Update: 2023-05-09): Multiple Denial of Service Vulnerabilities in Industrial Products2023-05-09T00:00:00+00:00<p>Affected SIMATIC firmware contains multiple vulnerabilities that could allow an unauthenticated attacker to perform a denial of service attack under certain conditions.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/html/ssa-349422.htmlSSA-349422 V2.0 (Last Update: 2023-05-09): Denial of Service Vulnerability in Industrial Real-Time (IRT) Devices2023-05-09T00:00:00+00:00<p>A vulnerability in the affected products could allow an unauthorized attacker with network access to perform a denial-of-service attack resulting in loss of real-time synchronization.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/html/ssa-325383.htmlSSA-325383 V1.0: Multiple Vulnerabilities in SCALANCE LPE9403 before V2.12023-05-09T00:00:00+00:00<p>SCALANCE LPE9403 is affected by multiple vulnerabilities that could allow an attacker to impact its confidentiality, integrity and availability.</p>
<p>Siemens has released an update for the SCALANCE LPE9403 and recommends to update to the latest version.</p>
https://cert-portal.siemens.com/productcert/html/ssa-309571.htmlSSA-309571 V1.8 (Last Update: 2023-05-09): IPU 2021.1 Vulnerabilities in Siemens Industrial Products using Intel CPUs (June 2021)2023-05-09T00:00:00+00:00<p>Intel has published information on vulnerabilities in Intel products in <a href="https://blogs.intel.com/technology/2021/06/intel-security-advisories-for-june-2021/">June 2021</a>. This advisory lists the related Siemens Industrial products affected by these vulnerabilities that can be patched by applying the corresponding BIOS update.</p>
<p>In this advisory we summarize:</p>
<ul>
<li><p>“2021.1 IPU – Intel® CSME, SPS and LMS Advisory” Intel-SA-00459,</p></li>
<li><p>“2021.1 IPU – BIOS Advisory” Intel-SA-00463,</p></li>
<li><p>“2021.1 IPU – Intel® Processor Advisory” Intel-SA-00464, and</p></li>
<li><p>“2021.1 IPU - Intel Atom® Processor Advisory” Intel-SA-00465.</p></li>
</ul>
<p>Siemens has released updates for several affected products and is currently working on BIOS updates that include chipset microcode updates for further products.</p>
https://cert-portal.siemens.com/productcert/html/ssa-116924.htmlSSA-116924 V1.1 (Last Update: 2023-05-09): Path Traversal Vulnerability in TIA Portal2023-05-09T00:00:00+00:00<p>TIA Portal contains a path traversal vulnerability that could allow the creation or overwrite of arbitrary files in the engineering system. If the user is tricked to open a malicious PC system configuration file, an attacker could exploit this vulnerability to achieve arbitrary code execution.</p>
<p>Siemens has released an update for TIA Portal V18 and recommends to update to the latest version. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/html/ssa-113131.htmlSSA-113131 V1.5 (Last Update: 2023-05-09): Denial of Service Vulnerabilities in SIMATIC S7-400 CPUs2023-05-09T00:00:00+00:00<p>Two vulnerabilities have been identified in the SIMATIC S7-400 CPU family that could allow an attacker to cause a denial of service condition. In order to exploit the vulnerabilities, an attacker must have access to the affected devices on port 102/tcp via Ethernet, PROFIBUS or Multi Point Interfaces (MPI).</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/html/ssa-978220.htmlSSA-978220 V1.8 (Last Update: 2023-04-11): Denial of Service Vulnerability over SNMP in Multiple Industrial Products2023-04-11T00:00:00+00:00<p>Several industrial products are affected by a vulnerability that could allow remote attackers to conduct a denial of service attack by sending specially crafted packets to port 161/udp (SNMP).</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/html/ssa-840800.htmlSSA-840800 V1.3 (Last Update: 2023-04-11): Code Injection Vulnerability in RUGGEDCOM ROS2023-04-11T00:00:00+00:00<p>RUGGEDCOM ROS-based devices are vulnerable to a web-based code injection attack. To execute this attack, it is necessary to access the system via the Command Line Interface (CLI).</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/html/ssa-840188.htmlSSA-840188 V1.6 (Last Update: 2023-04-11): Multiple Vulnerabilities in SIMATIC WinCC Affecting Other SIMATIC Software Products2023-04-11T00:00:00+00:00<p>Multiple vulnerabilities were found in SIMATIC WinCC that ultimately could allow local or remote attackers to escalate privileges and read, write or delete critical files.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not, or not yet available.</p>
<p>Note: The vulnerability CVE-2021-40359 is part of a shared component, used by various Siemens products (SIMATIC Communication Services - SCS). The installation of a fix version of any product also removes the vulnerability for other products on the same system, even if those products were not updated.</p>
https://cert-portal.siemens.com/productcert/html/ssa-838121.htmlSSA-838121 V1.3 (Last Update: 2023-04-11): Multiple Denial of Service Vulnerabilities in Industrial Products2023-04-11T00:00:00+00:00<p>Affected SIMATIC firmware contains three vulnerabilities that could allow an unauthenticated attacker to perform a denial of service attack under certain conditions.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/html/ssa-813746.htmlSSA-813746 V1.0: BadAlloc Vulnerabilities in SCALANCE X-200, X-200IRT, and X-300 Switch Families2023-04-11T00:00:00+00:00<p>Siemens has released a new firmware version for SCALANCE X-200 and X-200 IRT switches that address Bad Alloc vulnerabilities in the underlying operating system and recommends to update to the latest versions. Siemens recommends countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/html/ssa-792594.htmlSSA-792594 V1.1 (Last Update: 2023-04-11): Host Header Injection Vulnerability in Polarion ALM2023-04-11T00:00:00+00:00<p>Polarion ALM contains a misconfiguration in its default Apache HTTP Server configuration that could allow an attacker to perform host header injection attacks.</p>
<p>Siemens has released an update for Polarion ALM and recommends to update to the latest version.</p>
https://cert-portal.siemens.com/productcert/html/ssa-787941.htmlSSA-787941 V1.2 (Last Update: 2023-04-11): Denial of Service Vulnerability in RUGGEDCOM ROS V42023-04-11T00:00:00+00:00<p>RUGGEDCOM ROS-based V4 devices are vulnerable to a denial of service attack (Slowloris). By sending partial HTTP requests nonstop, with none completed, the affected web servers will be waiting for the completion of each request, occupying all available HTTP connections. The web server recovers by itself once the attack ends.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/html/ssa-780073.htmlSSA-780073 V2.3 (Last Update: 2023-04-11): Denial of Service Vulnerability in PROFINET Devices via DCE-RPC Packets2023-04-11T00:00:00+00:00<p>Products that include the Siemens PROFINET-IO (PNIO) stack in versions prior V06.00 are potentially affected by a denial of service vulnerability when multiple legitimate diagnostic package requests are sent to the DCE-RPC interface.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not, or not yet available.</p>
<p>Additionally, Siemens recommends other vendors of PROFINET devices to check if their products have incorporated a vulnerable version of the Siemens PNIO stack as part of the Siemens Development/Evaluation Kits.</p>
https://cert-portal.siemens.com/productcert/html/ssa-712929.htmlSSA-712929 V1.9 (Last Update: 2023-04-11): Denial of Service Vulnerability in OpenSSL (CVE-2022-0778) Affecting Industrial Products2023-04-11T00:00:00+00:00<p>A vulnerability in the openSSL component (CVE-2022-0778, [0]) could allow an attacker to create a denial of service condition by providing specially crafted elliptic curve certificates to products that use a vulnerable version of openSSL.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends countermeasures for products where updates are not, or not yet available.</p>
<p>[0] <a href="https://www.openssl.org/news/secadv/20220315.txt" class="uri">https://www.openssl.org/news/secadv/20220315.txt</a></p>
https://cert-portal.siemens.com/productcert/html/ssa-710008.htmlSSA-710008 V1.3 (Last Update: 2023-04-11): Multiple Web Vulnerabilities in SCALANCE Products2023-04-11T00:00:00+00:00<p>SCALANCE devices contain multiple vulnerabilities in MSPS based product lines that could allow authenticated remote attackers to execute custom code or create a XSS situation, as well as unauthenticated remote attackers to create a denial of service condition.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/html/ssa-700053.htmlSSA-700053 V1.2 (Last Update: 2023-04-11): Multiple File Parsing Vulnerabilities in Teamcenter Visualization and JT2Go2023-04-11T00:00:00+00:00<p>Siemens Teamcenter Visualization and JT2Go are affected by multiple file parsing vulnerabilities that could be triggered when the application reads a malicious file in CGM or RAS format. If a user is tricked to open a malicious file with the affected products, this could lead the application to crash or potentially lead to arbitrary code execution.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/html/ssa-691715.htmlSSA-691715 V1.0: Vulnerability in OPC Foundation Local Discovery Server Affecting Siemens Products2023-04-11T00:00:00+00:00<p>A vulnerability was identified in OPC Foundation Local Discovery Server which also affects Siemens products that could allow an attacker to escalate privileges under certain circumstances.</p>
<p>Siemens has released an update for SIMATIC WinCC and recommends to update to the latest version. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/html/ssa-676336.htmlSSA-676336 V1.2 (Last Update: 2023-04-11): OpenSSH Vulnerabilities in SCALANCE X-200 and X-300/X408 Switches2023-04-11T00:00:00+00:00<p>The latest update of the SCALANCE X-200 and X-300/X408 switches families fixes multiple OpenSSH vulnerabilities. The most severe of these vulnerabilities could allow a denial of service condition.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/html/ssa-642810.htmlSSA-642810 V1.0: JT File Parsing Vulnerability in JT Open and JT Utilities2023-04-11T00:00:00+00:00<p>JT Open Toolkit and JT Utilities are affected by a memory corruption vulnerability that could be triggered while parsing JT files. If a user is tricked to open a malicious JT file with any of the affected products, this could cause the application to crash or potentially lead to arbitrary code execution.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/html/ssa-632164.htmlSSA-632164 V1.0: External Entity Injection Vulnerability in Polarion ALM2023-04-11T00:00:00+00:00<p>Polarion ALM is vulnerable to XML External Entity (XXE) injection attack that could allow an attacker to potentially disclose confidential data.</p>
<p>Siemens has released an update for Polarion ALM and recommends to update to the latest version, and update specific configurations to mitigate against the vulnerability. The configuration changes to mitigate this vulnerability will be default from Polarion V2304.</p>
https://cert-portal.siemens.com/productcert/html/ssa-629917.htmlSSA-629917 V1.0: Datalogics File Parsing Vulnerability in Teamcenter Visualization and JT2Go2023-04-11T00:00:00+00:00<p>Siemens Teamcenter Visualization and JT2Go are affected by a memory corruption vulnerability in the APDFL library from Datalogics. If a user is tricked to open a malicious PDF file with the affected products, this could lead the application to crash or potentially lead to arbitrary code execution.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/html/ssa-603476.htmlSSA-603476 V1.4 (Last Update: 2023-04-11): Web Vulnerabilities in SIMATIC NET CP 343-1/CP 443-1 Modules and SIMATIC S7-300/S7-400 CPUs2023-04-11T00:00:00+00:00<p>SIMATIC CP 343-1 Advanced/CP-443-1 Advanced devices and SIMATIC S7-300/S7-400 CPUs are affected by two vulnerabilities. One of the vulnerabilities could allow remote attackers to perform operations as an authenticated user under certain conditions.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/html/ssa-592007.htmlSSA-592007 V2.0 (Last Update: 2023-04-11): Denial of Service Vulnerability in Industrial Products2023-04-11T00:00:00+00:00<p>Several industrial controllers are affected by a security vulnerability that could allow an attacker to cause a denial of service condition via PROFINET DCP network packets under certain circumstances. Precondition for this scenario is a direct OSI Layer 2 access to the affected products. PROFIBUS interfaces are not affected.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/html/ssa-572164.htmlSSA-572164 V1.0: Luxion KeyShot Vulnerability in Solid Edge2023-04-11T00:00:00+00:00<p>The Solid Edge installation package includes a specific version of the third-party product KeyShot from Luxion : <a href="https://www.keyshot.com" class="uri">https://www.keyshot.com</a>, which may not contain the latest security fixes provided by Luxion.</p>
<p>Siemens recommends to update KeyShot according to the information in the Luxion Security Advisory LSA-610622: <a href="https://download.keyshot.com/cert/lsa-610622/lsa-610622.pdf" class="uri">https://download.keyshot.com/cert/lsa-610622/lsa-610622.pdf</a>.</p>
https://cert-portal.siemens.com/productcert/html/ssa-566905.htmlSSA-566905 V1.0: Multiple Denial of Service Vulnerabilities in the Webserver of Industrial Products2023-04-11T00:00:00+00:00<p>Multiple vulnerabilities in the affected products could allow an unauthorized attacker with network access to the webserver of an affected products to perform a denial of service attack.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/html/ssa-558014.htmlSSA-558014 V1.0: Third-Party Component Vulnerabilities in SCALANCE XCM332 before V2.22023-04-11T00:00:00+00:00<p>Multiple vulnerabilities in the third-party components cURL, BusyBox, libtirpc, Expat as well as in the Linux Kernel could allow an attacker to impact the SCALANCE XCM332 device’s confidentiality, integrity and availability.</p>
<p>Siemens has released an update for the SCALANCE XCM332 and recommends to update to the latest version.</p>
https://cert-portal.siemens.com/productcert/html/ssa-557541.htmlSSA-557541 V1.2 (Last Update: 2023-04-11): Denial-of-Service Vulnerability in SIMATIC S7-400 CPUs2023-04-11T00:00:00+00:00<p>SIMATIC S7-400 CPU devices contain an input validation vulnerability that could allow an attacker to create a Denial-of-Service condition. A restart is needed to restore normal operations.</p>
<p>Siemens has released an update for SIMATIC S7-410 V10 CPU family and SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants for both) and recommends to update to the latest version. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not yet available.</p>
https://cert-portal.siemens.com/productcert/html/ssa-552702.htmlSSA-552702 V1.5 (Last Update: 2023-04-11): Privilege Escalation Vulnerability in the Web Interface of SCALANCE and RUGGEDCOM Products2023-04-11T00:00:00+00:00<p>The products listed below do not properly authorize the change password function of the web interface. This could allow low privileged users to escalate their privileges.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/html/ssa-549234.htmlSSA-549234 V1.3 (Last Update: 2023-04-11): Denial-of-Service Vulnerability in SIMATIC NET CP Modules2023-04-11T00:00:00+00:00<p>A denial of service vulnerability was identified in different types of Communication Processors. An attacker could exploit this vulnerability causing the device to become un-operational until the device is restarted.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/html/ssa-511182.htmlSSA-511182 V1.0: Use of Static TLS Certificate Known Hard Coded Private Keys in Adaptec Maxview Application2023-04-11T00:00:00+00:00<p>The Adaptec Maxview application shipped with affected SIMATIC IPCs contains a hard coded, non-unique certificate to secure HTTPS connections between the browser and the local Maxview configuration application. A local attacker may use this key to decrypt intercepted local traffic between the browser and the application and could perform a man-in-the-middle attack in order to modify data in transit.</p>
<p>Adaptec has released updates for the affected products and recommends to update to the latest versions. Siemens recommends countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/html/ssa-480230.htmlSSA-480230 V2.6 (Last Update: 2023-04-11): Denial of Service Vulnerability in Webserver of Industrial Products2023-04-11T00:00:00+00:00<p>A vulnerability in the affected devices could allow an unauthorized attacker with network access to the webserver of an affected device to perform a denial of service attack.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/html/ssa-479249.htmlSSA-479249 V1.0: Weak Encryption Vulnerability in SCALANCE X-200IRT Devices2023-04-11T00:00:00+00:00<p>The SSH server on SCALANCE X-200IRT devices is configured to offer weak ciphers by default. This could allow an unauthorized attacker in a man-in-the-middle position to read and modify any data passed over the connection between legitimate clients and the affected device.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/html/ssa-478960.htmlSSA-478960 V1.3 (Last Update: 2023-04-11): Missing CSRF Protection in the Web Server Login Page of Industrial Controllers2023-04-11T00:00:00+00:00<p>The web server login page of affected products does not apply proper origin checking. This could allow authenticated remote attackers to track the activities of other users via a login cross-site request forgery attack..</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/html/ssa-462066.htmlSSA-462066 V3.1 (Last Update: 2023-04-11): Vulnerability known as TCP SACK PANIC in Industrial Products2023-04-11T00:00:00+00:00<p>Multiple industrial products are affected by a vulnerability in the kernel known as TCP SACK PANIC. The vulnerability could allow a remote attacker to cause a denial of service condition.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/html/ssa-459643.htmlSSA-459643 V1.2 (Last Update: 2023-04-11): Denial of Service Vulnerability in RUGGEDCOM ROS before V5.6.02023-04-11T00:00:00+00:00<p>RUGGEDCOM ROS-based devices are vulnerable to a denial of service attack (Slowloris). By sending partial HTTP requests nonstop, with none completed, the affected web servers will be waiting for the completion of each request, occupying all available HTTP connections. The web server recovers by itself once the attack ends.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/html/ssa-446448.htmlSSA-446448 V1.8 (Last Update: 2023-04-11): Denial of Service Vulnerability in PROFINET Stack Integrated on Interniche Stack2023-04-11T00:00:00+00:00<p>The PROFINET (PNIO) stack, when integrated with the Interniche IP stack, contains a vulnerability that could allow an attacker to cause a denial of service condition on affected industrial products.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/html/ssa-413565.htmlSSA-413565 V1.2 (Last Update: 2023-04-11): Multiple Vulnerabilities in SCALANCE Products2023-04-11T00:00:00+00:00<p>Multiple SCALANCE devices are affected by several vulnerabilities that could allow an attacker to inject code, retrieve data as debug information as well as user CLI passwords or set the CLI to an irresponsive state.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/html/ssa-408105.htmlSSA-408105 V1.1 (Last Update: 2023-04-11): Buffer Overflow Vulnerabilities in OpenSSL 3.0 Affecting Siemens Products2023-04-11T00:00:00+00:00<p>The openSSL component, versions 3.0.0 through 3.0.6, contains two buffer overflow vulnerabilities (CVE-2022-3602, CVE-2022-3786) in the X.509 certificate verification [0]. They could allow an attacker to create a denial of service condition or execute arbitrary code on a vulnerable TLS server (if the server requests client certificate authentication), or on a vulnerable TLS client.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
<p>[0] <a href="https://www.openssl.org/news/secadv/20221101.txt" class="uri">https://www.openssl.org/news/secadv/20221101.txt</a></p>
https://cert-portal.siemens.com/productcert/html/ssa-382653.htmlSSA-382653 V1.2 (Last Update: 2023-04-11): Multiple Denial of Service Vulnerabilities in Industrial Products2023-04-11T00:00:00+00:00<p>Affected SIMATIC firmware contains multiple vulnerabilities that could allow an unauthenticated attacker to perform a denial-of-service attack under certain conditions.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/html/ssa-349422.htmlSSA-349422 V1.9 (Last Update: 2023-04-11): Denial of Service Vulnerability in Industrial Real-Time (IRT) Devices2023-04-11T00:00:00+00:00<p>A vulnerability in the affected products could allow an unauthorized attacker with network access to perform a denial-of-service attack resulting in loss of real-time synchronization.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/html/ssa-321292.htmlSSA-321292 V1.5 (Last Update: 2023-04-11): Denial of Service in the OPC Foundation Local Discovery Server (LDS) in Industrial Products2023-04-11T00:00:00+00:00<p>A vulnerability has been identified in the OPC Foundation Local Discovery Server (LDS) [0] of several industrial products. The vulnerability could cause a denial of service condition on the service or the device.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
<p>[0] <a href="https://files.opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2021-40142.pdf" class="uri">https://files.opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2021-40142.pdf</a></p>
https://cert-portal.siemens.com/productcert/html/ssa-310038.htmlSSA-310038 V1.1 (Last Update: 2023-04-11): Multiple Vulnerabilities in SCALANCE X Switch Devices2023-04-11T00:00:00+00:00<p>Several SCALANCE X switches contain multiple vulnerabilities. An unauthenticated attacker could reboot, cause denial-of-service conditions and potentially impact the system by other means through heap and buffer overflow vulnerabilities.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/html/ssa-270778.htmlSSA-270778 V1.8 (Last Update: 2023-04-11): Denial-of-Service Vulnerability in SIMATIC PCS 7, SIMATIC WinCC and SIMATIC NET PC Software2023-04-11T00:00:00+00:00<p>A Denial-of-Service vulnerability was found in SIMATIC PCS 7, SIMATIC WinCC and SIMATIC NET PC software when encrypted communication is enabled. The vulnerability could allow an attacker with network access to cause a Denial-of-Service condition under certain circumstances (versions prior to SIMATIC WinCC V7.3 or SIMATIC PCS 7 V8.1 are not affected as encrypted communication is not an option).</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not, or not yet available.</p>
<p>Note: The vulnerability is part of a shared component, used by various Siemens products (SIMATIC Communication Services - SCS). The installation of a fix version of any product also removes the vulnerability for other products on the same system, even if those products were not updated.</p>
https://cert-portal.siemens.com/productcert/html/ssa-256353.htmlSSA-256353 V1.4 (Last Update: 2023-04-11): Third-Party Component Vulnerabilities in RUGGEDCOM ROS2023-04-11T00:00:00+00:00<p>Multiple vulnerabilities affect various third-party components of the RUGGEDCOM Operating System (ROS). If exploited, an attacker could cause a denial-of-service, act as a man-in-the-middle or retrieval of sensitive information or gain privileged functions.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/html/ssa-244969.htmlSSA-244969 V2.0 (Last Update: 2023-04-11): OpenSSL Vulnerability in Industrial Products2023-04-11T00:00:00+00:00<p>OpenSSL has published a security advisory [0] about a vulnerability in OpenSSL versions 1.1.1 < 1.1.1l and 1.0.2 < 1.0.2za that allows an attacker to cause a denial of service (DoS) or to disclose private memory content.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends countermeasures for products where updates are not, or not yet available.</p>
<p>[0] <a href="https://www.openssl.org/news/secadv/20210824.txt" class="uri">https://www.openssl.org/news/secadv/20210824.txt</a></p>
https://cert-portal.siemens.com/productcert/html/ssa-116924.htmlSSA-116924 V1.0: Path Traversal Vulnerability in TIA Portal2023-04-11T00:00:00+00:00<p>TIA Portal contains a path traversal vulnerability that could allow the creation or overwrite of arbitrary files in the engineering system. If the user is tricked to open a malicious PC system configuration file, an attacker could exploit this vulnerability to achieve arbitrary code execution.</p>
<p>Siemens has released an update for TIA Portal V18 and recommends to update to the latest version. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/html/ssa-102233.htmlSSA-102233 V2.1 (Last Update: 2023-04-11): SegmentSmack in VxWorks-based Industrial Devices2023-04-11T00:00:00+00:00<p>The products listed below contain a vulnerability that could allow remote attackers to affect the availability of the devices under certain conditions. The underlying TCP stack can be forced to make very computation expensive calls for every incoming packet which can lead to a Denial-of-Service.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/html/ssa-941426.htmlSSA-941426 V1.4 (Last Update: 2023-03-14): Multiple LLDP Vulnerabilities in Industrial Products2023-03-14T00:00:00+00:00<p>There are multiple vulnerabilities in an underlying Link Layer Discovery Protocol (LLDP) third party library.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/html/ssa-851884.htmlSSA-851884 V1.0: Authentication Bypass Vulnerability in Mendix SAML Module2023-03-14T00:00:00+00:00<p>The Mendix SAML module insufficiently verifies the SAML assertions. This could allow unauthenticated remote attackers to bypass authentication and get access to the application.</p>
<p>Mendix has provided fix releases for the Mendix SAML module and recommends to update to the latest version.</p>
https://cert-portal.siemens.com/productcert/html/ssa-847261.htmlSSA-847261 V1.1 (Last Update: 2023-03-14): Multiple SPP File Parsing Vulnerabilities in Tecnomatix Plant Simulation2023-03-14T00:00:00+00:00<p>Siemens Tecnomatix Plant Simulation has released an update, 2201 Update 6, that fixes multiple vulnerabilities that could be triggered when the application reads SPP files. If a user is tricked to open a malicious file using the affected application, this could lead to a crash, and potentially also to arbitrary code execution on the target host system.</p>
<p>Siemens recommends to update to the latest version and to avoid opening of untrusted files from unknown sources.</p>
https://cert-portal.siemens.com/productcert/html/ssa-840800.htmlSSA-840800 V1.2 (Last Update: 2023-03-14): Code Injection Vulnerability in RUGGEDCOM ROS2023-03-14T00:00:00+00:00<p>RUGGEDCOM ROS-based devices are vulnerable to a web-based code injection attack. To execute this attack, it is necessary to access the system via the Command Line Interface (CLI).</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/html/ssa-787941.htmlSSA-787941 V1.1 (Last Update: 2023-03-14): Denial of Service Vulnerability in RUGGEDCOM ROS V42023-03-14T00:00:00+00:00<p>RUGGEDCOM ROS-based V4 devices are vulnerable to a denial of service attack (Slowloris). By sending partial HTTP requests nonstop, with none completed, the affected web servers will be waiting for the completion of each request, occupying all available HTTP connections. The web server recovers by itself once the attack ends.</p>
<p>Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/html/ssa-772220.htmlSSA-772220 V2.2 (Last Update: 2023-03-14): OpenSSL Vulnerabilities in Industrial Products2023-03-14T00:00:00+00:00<p>OpenSSL has published a security advisory [0] about a vulnerability in OpenSSL versions 1.1.1 < 1.1.1k, that allows an unauthenticated attacker to cause a Denial-of-Service (DoS) if a maliciously crafted renegotiation message is sent.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends countermeasures for products where updates are not, or not yet available.</p>
<p>[0] <a href="https://www.openssl.org/news/secadv/20210325.txt" class="uri">https://www.openssl.org/news/secadv/20210325.txt</a></p>
https://cert-portal.siemens.com/productcert/html/ssa-764417.htmlSSA-764417 V1.7 (Last Update: 2023-03-14): Weak Encryption Vulnerability in RUGGEDCOM ROS Devices2023-03-14T00:00:00+00:00<p>The SSH server on RUGGEDCOM ROS devices is configured to offer weak ciphers by default. This could allow an unauthorized attacker in a man-in-the-middle position to read and modify any data passed over the connection between legitimate clients and the affected device.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/html/ssa-712929.htmlSSA-712929 V1.8 (Last Update: 2023-03-14): Denial of Service Vulnerability in OpenSSL (CVE-2022-0778) Affecting Industrial Products2023-03-14T00:00:00+00:00<p>A vulnerability in the openSSL component (CVE-2022-0778, [0]) could allow an attacker to create a denial of service condition by providing specially crafted elliptic curve certificates to products that use a vulnerable version of openSSL.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends countermeasures for products where updates are not, or not yet available.</p>
<p>[0] <a href="https://www.openssl.org/news/secadv/20220315.txt" class="uri">https://www.openssl.org/news/secadv/20220315.txt</a></p>
https://cert-portal.siemens.com/productcert/html/ssa-700053.htmlSSA-700053 V1.1 (Last Update: 2023-03-14): Multiple File Parsing Vulnerabilities in Teamcenter Visualization and JT2Go2023-03-14T00:00:00+00:00<p>Siemens Teamcenter Visualization and JT2Go are affected by multiple file parsing vulnerabilities that could be triggered when the application reads a malicious file in CGM or RAS format. If a user is tricked to open a malicious file with the affected products, this could lead the application to crash or potentially lead to arbitrary code execution.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/html/ssa-697140.htmlSSA-697140 V1.2 (Last Update: 2023-03-14): Denial of Service Vulnerability in the TCP Event Service of SCALANCE and RUGGEDCOM Products2023-03-14T00:00:00+00:00<p>The products listed below contain a denial of service vulnerability in the TCP event interface that could allow an unauthenticated remote attacker to render the device unusable.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/html/ssa-565386.htmlSSA-565386 V1.0: Third-Party Component Vulnerabilities in SCALANCE W-700 IEEE 802.11ax devices before V2.02023-03-14T00:00:00+00:00<p>Multiple vulnerabilities affecting various third-party components of SCALANCE W-700 IEEE 802.11ax devices before V2.0 could allow an attacker to cause a denial of service condition, disclose sensitive data or violate the system integrity.</p>
<p>Siemens has released an update for SCALANCE W-700 IEEE 802.11ax and recommends to update to the latest version.</p>
https://cert-portal.siemens.com/productcert/html/ssa-552702.htmlSSA-552702 V1.4 (Last Update: 2023-03-14): Privilege Escalation Vulnerability in the Web Interface of SCALANCE and RUGGEDCOM Products2023-03-14T00:00:00+00:00<p>The products listed below do not properly authorize the change password function of the web interface. This could allow low privileged users to escalate their privileges.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/html/ssa-539476.htmlSSA-539476 V1.4 (Last Update: 2023-03-14): Siemens SIMATIC NET CP, SINEMA and SCALANCE Products Affected by Vulnerabilities in Third-Party Component strongSwan2023-03-14T00:00:00+00:00<p>Vulnerabilities in the third-party component strongSwan could allow an attacker to cause a denial of service (DoS) condition in affected devices by exploiting integer overflow bugs.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/html/ssa-517377.htmlSSA-517377 V1.2 (Last Update: 2023-03-14): Multiple Vulnerabilities in the SRCS VPN Feature in SIMATIC CP Devices2023-03-14T00:00:00+00:00<p>The below referenced devices contain multiple vulnerabilities that could be exploited when the SINEMA Remote Connect Server (SRCS) VPN feature is used. The feature is not activated by default. The most severe could allow an attacker to execute arbitrary code with elevated privileges under certain circumstances.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/html/ssa-491245.htmlSSA-491245 V1.1 (Last Update: 2023-03-14): Multiple File Parsing Vulnerabilities in Solid Edge2023-03-14T00:00:00+00:00<p>Solid Edge is affected by multiple memory corruption vulnerabilities that could be triggered when the application reads specially crafted files in various formats such as X_B, DWG, DXF, STL, STP, SLDPRT and PAR format. If a user is tricked to open a malicious file with the affected applications, an attacker could leverage the vulnerability to crash the application, extract data or potentially lead to arbitrary code execution.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/html/ssa-482757.htmlSSA-482757 V1.2 (Last Update: 2023-03-14): Missing Immutable Root of Trust in S7-1500 CPU devices2023-03-14T00:00:00+00:00<p>Affected models of the S7-1500 CPU product family do not contain an Immutable Root of Trust in Hardware. With this the integrity of the code executed on the device can not be validated during load-time. An attacker with physical access to the device could use this to replace the boot image of the device and execute arbitrary code.</p>
<p>As exploiting this vulnerability requires physical tampering with the product, Siemens recommends to assess the risk of physical access to the device in the target deployment and to implement measures to make sure that only trusted personnel have access to the physical hardware.</p>
<p>The vulnerability is related to the hardware of the product. Siemens has released new hardware versions for several CPU types of the S7-1500 product family in which this vulnerability is fixed and is working on new hardware versions for remaining PLC types to address this vulnerability completely. See the chapter “Additional Information” below for more details.</p>
<p>For more information please also refer to the related product support article: <a href="https://support.industry.siemens.com/cs/ww/en/view/109816536/" class="uri">https://support.industry.siemens.com/cs/ww/en/view/109816536/</a>.</p>
https://cert-portal.siemens.com/productcert/html/ssa-476715.htmlSSA-476715 V1.1 (Last Update: 2023-03-14): Two Vulnerabilities in Automation License Manager2023-03-14T00:00:00+00:00<p>Siemens Automation License Manager contains two vulnerabilities which, when combined, could allow an attacker to modify and rename license files, extract licenses and overwrite arbitrary files on the target system potentially leading to privilege escalation and remote code execution. The affected functionality is not available for remote attackers in the default configuration since version V6.0 SP2 of Automation License Manager.</p>
<p>Siemens has released an update for Automation License Manager V6 and recommends to update to the latest version. Siemens recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/html/ssb-439005.htmlSSB-439005 V5.1 (Last Update: 2023-03-14): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP2023-03-14T00:00:00+00:00https://cert-portal.siemens.com/productcert/html/ssa-419740.htmlSSA-419740 V1.0: Multiple Third-Party Component Vulnerabilities in RUGGEDCOM and SCALANCE Products before V7.22023-03-14T00:00:00+00:00<p>Multiple third-party component vulnerabilities were reported for the Busybox applet, the Linux Kernel, OpenSSL, OpenVPN and various other components used by the RUGGEDCOM and SCALANCE products. The vulnerabilities range from improper neutralization of special elements to improper handling of commands under certain circumstances, that could lead to code injection and denial of service.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/html/ssa-413565.htmlSSA-413565 V1.1 (Last Update: 2023-03-14): Multiple Vulnerabilities in SCALANCE Products2023-03-14T00:00:00+00:00<p>Multiple SCALANCE devices are affected by several vulnerabilities that could allow an attacker to inject code, retrieve data as debug information as well as user CLI passwords or set the CLI to an irresponsive state.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/html/ssa-324955.htmlSSA-324955 V2.0 (Last Update: 2023-03-14): SAD DNS Attack in Linux Based Products2023-03-14T00:00:00+00:00<p>A vulnerability made public under the name SAD DNS affects Domain Name System resolvers due to a vulnerability in the Linux kernel when handling ICMP packets. The Siemens products which are affected are listed below. For more information please see <a href="https://www.saddns.net/" class="uri">https://www.saddns.net/</a>.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/html/ssa-321292.htmlSSA-321292 V1.4 (Last Update: 2023-03-14): Denial of Service in the OPC Foundation Local Discovery Server (LDS) in Industrial Products2023-03-14T00:00:00+00:00<p>A vulnerability has been identified in the OPC Foundation Local Discovery Server (LDS) [0] of several industrial products. The vulnerability could cause a denial of service condition on the service or the device.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
<p>[0] <a href="https://files.opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2021-40142.pdf" class="uri">https://files.opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2021-40142.pdf</a></p>
https://cert-portal.siemens.com/productcert/html/ssa-320629.htmlSSA-320629 V1.0: Security Vulnerabilities Fixed in RUGGEDCOM CROSSBOW V5.32023-03-14T00:00:00+00:00<p>RUGGEDCOM CROSSBOW before V5.3 contains two vulnerabilities that could allow authenticated remote attackers to access data they are not authorized for, or execute arbitrary database queries via an SQL injection attack.</p>
<p>Siemens has released an update for RUGGEDCOM CROSSBOW and recommends to update to the latest version.</p>
https://cert-portal.siemens.com/productcert/html/ssa-260625.htmlSSA-260625 V1.0: Security Vulnerabilities Fixed in RUGGEDCOM CROSSBOW V5.22023-03-14T00:00:00+00:00<p>RUGGEDCOM CROSSBOW V5.2 fixes two vulnerabilities that could allow authenticated remote attackers to perform unauthorized actions (CVE-2023-27309) or escalate privileges (CVE-2023-27310).</p>
<p>Siemens has released an update for RUGGEDCOM CROSSBOW and recommends to update to the latest version.</p>
https://cert-portal.siemens.com/productcert/html/ssa-256353.htmlSSA-256353 V1.3 (Last Update: 2023-03-14): Third-Party Component Vulnerabilities in RUGGEDCOM ROS2023-03-14T00:00:00+00:00<p>Multiple vulnerabilities affect various third-party components of the RUGGEDCOM Operating System (ROS). If exploited, an attacker could cause a denial-of-service, act as a man-in-the-middle or retrieval of sensitive information or gain privileged functions.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/html/ssa-250085.htmlSSA-250085 V1.2 (Last Update: 2023-03-14): Multiple Vulnerabilities in SINEC NMS and SINEMA Server2023-03-14T00:00:00+00:00<p>SINEC NMS and SINEMA Server V14 contains multiple vulnerabilities that could allow an attacker to execute arbitrary code on the system, arbitrary commands on the local database or achieve privilege escalation.</p>
<p>Siemens has released an update for SINEC NMS to fix CVE-2022-24281 and recommends to update to the latest version. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/html/ssa-244969.htmlSSA-244969 V1.9 (Last Update: 2023-03-14): OpenSSL Vulnerability in Industrial Products2023-03-14T00:00:00+00:00<p>OpenSSL has published a security advisory [0] about a vulnerability in OpenSSL versions 1.1.1 < 1.1.1l and 1.0.2 < 1.0.2za that allows an attacker to cause a denial of service (DoS) or to disclose private memory content.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends countermeasures for products where updates are not, or not yet available.</p>
<p>[0] <a href="https://www.openssl.org/news/secadv/20210824.txt" class="uri">https://www.openssl.org/news/secadv/20210824.txt</a></p>
https://cert-portal.siemens.com/productcert/html/ssa-203374.htmlSSA-203374 V1.0: Multiple OpenSSL Vulnerabilities in SCALANCE W1750D Devices2023-03-14T00:00:00+00:00<p>The SCALANCE W1750D device contains multiple vulnerabilities in the integrated OpenSSL component that could allow an attacker to read memory contents, decrypt RSA-encrypted messages or create a denial of service condition.</p>
<p>Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-953464.pdfSSA-953464 V1.0: Multiple Vulnerabilites in Siemens Brownfield Connectivity - Client before V2.152023-02-14T00:00:00+00:00<p>Siemens has released a new version for Brownfield Connectivity - Client that contains fixes for multiple vulnerabilities in the underlying OpenSSL library. Successful exploitation of these vulnerabilities could lead to Denial of Service (DoS).</p>
<p>Siemens has released an update for Brownfield Connectivity - Client and recommends to update to the latest version.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-847261.pdfSSA-847261 V1.0: Multiple SPP File Parsing Vulnerabilities in Tecnomatix Plant Simulation2023-02-14T00:00:00+00:00<p>Siemens Tecnomatix Plant Simulation has released an update, 2201 Update 6, that fixes multiple vulnerabilities that could be triggered when the application reads SPP files. If a user is tricked to open a malicious file using the affected application, this could lead to a crash, and potentially also to arbitrary code execution on the target host system.</p>
<p>Siemens recommends to update to the latest version and to avoid opening of untrusted files from unknown sources.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-836777.pdfSSA-836777 V1.0: JT File Parsing Vulnerabilities in JT Open, JT Utilities and Parasolid2023-02-14T00:00:00+00:00<p>JT Open Toolkit, JT Utilities and Parasolid are affected by memory corruption vulnerabilities that could be triggered while parsing JT files. If a user is tricked to open a malicious JT file with any of the affected products, this could cause the application to crash or potentially lead to arbitrary code execution.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-744259.pdfSSA-744259 V1.0: Golang Vulnerabilities in Brownfield Connectivity - Gateway before V1.10.12023-02-14T00:00:00+00:00<p>Siemens has released a new version for Brownfield Connectivity - Gateway that contains fixes for multiple vulnerabilities in the underlying Golang implementation. Successful exploitation of these vulnerabilities could lead to Denial of Service (DoS).</p>
<p>Siemens has released an update for Brownfield Connectivity - Gateway and recommends to update to the latest version.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-712929.pdfSSA-712929 V1.7 (Last Update: 2023-02-14): Denial of Service Vulnerability in OpenSSL (CVE-2022-0778) Affecting Industrial Products2023-02-14T00:00:00+00:00<p>A vulnerability in the openSSL component (CVE-2022-0778, [0]) could allow an attacker to create a denial of service condition by providing specially crafted elliptic curve certificates to products that use a vulnerable version of openSSL.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends countermeasures for products where updates are not, or not yet available.</p>
<p>[0] <a href="https://www.openssl.org/news/secadv/20220315.txt" class="uri">https://www.openssl.org/news/secadv/20220315.txt</a></p>
https://cert-portal.siemens.com/productcert/pdf/ssa-693110.pdfSSA-693110 V1.0: Buffer Overflow Vulnerability in COMOS2023-02-14T00:00:00+00:00<p>COMOS is affected by memory corruption vulnerability in the cache validation service that could allow an attacker to execute arbitrary code or cause denial of service condition.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-686975.pdfSSA-686975 V1.0: IPU 2022.3 Vulnerabilities in Siemens Industrial Products using Intel CPUs2023-02-14T00:00:00+00:00<p>Intel has published information on vulnerabilities in Intel products in November 2022. This advisory lists the related Siemens Industrial products affected by these vulnerabilities that can be patched by applying the corresponding BIOS update (“2022.3 IPU – BIOS Advisory” <a href="https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00688.html">Intel-SA-00688</a>).</p>
<p>Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-640968.pdfSSA-640968 V1.0: Untrusted Search Path Vulnerability in TIA Project-Server formerly known as TIA Multiuser Server2023-02-14T00:00:00+00:00<p>TIA Project-Server formerly known as TIA Multiuser Server contains an untrusted search path vulnerability that could allow an attacker to escalate privileges, when tricking a legitimate user to start the service from an attacker controlled path.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-617755.pdfSSA-617755 V1.0: Denial of Service Vulnerability in the SNMP Agent of SCALANCE X-200IRT Products2023-02-14T00:00:00+00:00<p>Products of the SCALANCE X-200IRT switch family are affected by a denial of service vulnerability in the SNMP agent that could allow remote attackers to cause a denial of service condition.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-593272.pdfSSA-593272 V2.0 (Last Update: 2023-02-14): SegmentSmack in Interniche IP-Stack based Industrial Devices2023-02-14T00:00:00+00:00<p>A vulnerability exists in affected products that could allow remote attackers to affect the availability of the devices under certain conditions.</p>
<p>The underlying TCP stack can be forced to make very computation expensive calls for every incoming packet which can lead to a Denial-of-Service.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-568428.pdfSSA-568428 V1.1 (Last Update: 2023-02-14): Weak Key Protection Vulnerability in SINUMERIK ONE and SINUMERIK MC2023-02-14T00:00:00+00:00<p>SINUMERIK ONE and SINUMERIK MC products are affected by a weak key protection vulnerability in the integrated S7-1500 CPU. The weak key protection vulnerability in the integrated S7-1500 CPU is documented in more detail in SSA-568427 [1].</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
<p>[1] <a href="https://cert-portal.siemens.com/productcert/html/ssa-568427.html" class="uri">https://cert-portal.siemens.com/productcert/html/ssa-568427.html</a></p>
https://cert-portal.siemens.com/productcert/pdf/ssa-565356.pdfSSA-565356 V1.0: X_T File Parsing Vulnerabilities in Simcenter Femap before V2023.12023-02-14T00:00:00+00:00<p>Simcenter Femap is affected by out of bounds read/write vulnerabilities that could be triggered when the application reads files in X_T format. If a user is tricked to open a malicious file with the affected applications, an attacker could leverage the vulnerability to perform remote code execution in the context of the current process.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdfSSA-506569 V1.1 (Last Update: 2023-02-14): Multiple Vulnerabilities in SCALANCE W1750D2023-02-14T00:00:00+00:00<p>The SCALANCE W1750D device contains multiple vulnerabilities that could allow an attacker to inject commands or exploit buffer overflow vulnerabilities which could lead to denial of service, unauthenticated remote code execution or stored XSS.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-491245.pdfSSA-491245 V1.0: Multiple File Parsing Vulnerabilities in Solid Edge2023-02-14T00:00:00+00:00<p>Solid Edge is affected by multiple memory corruption vulnerabilities that could be triggered when the application reads specially crafted files in various formats such as X_B, DWG, DXF, STL, STP, SLDPRT and PAR format. If a user is tricked to open a malicious file with the affected applications, an attacker could leverage the vulnerability to crash the application, extract data or potentially lead to arbitrary code execution.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-482757.pdfSSA-482757 V1.1 (Last Update: 2023-02-14): Missing Immutable Root of Trust in S7-1500 CPU devices2023-02-14T00:00:00+00:00<p>Affected models of the S7-1500 CPU product family do not contain an Immutable Root of Trust in Hardware. With this the integrity of the code executed on the device can not be validated during load-time. An attacker with physical access to the device could use this to replace the boot image of the device and execute arbitrary code.</p>
<p>As exploiting this vulnerability requires physical tampering with the product, Siemens recommends to assess the risk of physical access to the device in the target deployment and to implement measures to make sure that only trusted personnel have access to the physical hardware.</p>
<p>The vulnerability is related to the hardware of the product. Siemens has released new hardware versions for several CPU types of the S7-1500 product family in which this vulnerability is fixed and is working on new hardware versions for remaining PLC types to address this vulnerability completely. See the chapter “Additional Information” below for more details.</p>
<p>For more information please also refer to the related product support article: <a href="https://support.industry.siemens.com/cs/ww/en/view/109816536/" class="uri">https://support.industry.siemens.com/cs/ww/en/view/109816536/</a>.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-450613.pdfSSA-450613 V1.0: Insyde BIOS Vulnerabilities in RUGGEDCOM APE1808 Product Family2023-02-14T00:00:00+00:00<p>Insyde has published information on vulnerabilities in Insyde BIOS in <a href="https://www.insyde.com/security-pledge">November 2022</a>. These vulnerabilities also affect the RUGGEDCOM APE1808 product family.</p>
<p>Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-446448.pdfSSA-446448 V1.7 (Last Update: 2023-02-14): Denial of Service Vulnerability in PROFINET Stack Integrated on Interniche Stack2023-02-14T00:00:00+00:00<p>The PROFINET (PNIO) stack, when integrated with the Interniche IP stack, contains a vulnerability that could allow an attacker to cause a denial of service condition on affected industrial products.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssb-439005.pdfSSB-439005 V5.0 (Last Update: 2023-02-14): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP2023-02-14T00:00:00+00:00https://cert-portal.siemens.com/productcert/pdf/ssa-313313.pdfSSA-313313 V1.2 (Last Update: 2023-02-14): Denial of Service Vulnerability in the FTP Server of Nucleus RTOS2023-02-14T00:00:00+00:00<p>The FTP server of the networking component (Nucleus NET) in Nucleus Real-Time Operating System (RTOS) does not properly release memory resources that were reserved for incomplete connection attempts by FTP clients. This could allow a remote attacker to generate a denial of service condition on devices that incorporate a vulnerable version of the FTP server.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdfSSA-306654 V1.5 (Last Update: 2023-02-14): Insyde BIOS Vulnerabilities in Siemens Industrial Products2023-02-14T00:00:00+00:00<p>Insyde has published information on vulnerabilities in Insyde BIOS in <a href="https://www.insyde.com/security-pledge">February 2022</a>. This advisory lists the Siemens Industrial products affected by these vulnerabilities.</p>
<p>Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-997779.pdfSSA-997779 V1.0: File Parsing Vulnerability in Solid Edge before V2023 MP12023-01-10T00:00:00+00:00<p>Solid Edge is affected by memory corruption vulnerability that could be triggered when the application read files in different file formats such as PAR, ASM, DFT. If a user is tricked to open a malicious file with the affected applications, an attacker could leverage the vulnerability to perform remote code execution in the context of the current process.</p>
<p>Siemens has released an update for Solid Edge and recommends to update to the latest version.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-936212.pdfSSA-936212 V1.0: JT File Parsing Vulnerabilities in JT Open, JT Utilities and Solid Edge2023-01-10T00:00:00+00:00<p>JT Open Toolkit, JT Utilities and Solid Edge are affected by memory corruption vulnerabilities that could be triggered while parsing JT files. If a user is tricked to open a malicious JT file with any of the affected products, this could cause the application to crash or potentially lead to arbitrary code execution.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-712929.pdfSSA-712929 V1.6 (Last Update: 2023-01-10): Denial of Service Vulnerability in OpenSSL (CVE-2022-0778) Affecting Industrial Products2023-01-10T00:00:00+00:00<p>A vulnerability in the openSSL component (CVE-2022-0778, [0]) could allow an attacker to create a denial of service condition by providing specially crafted elliptic curve certificates to products that use a vulnerable version of openSSL.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends countermeasures for products where updates are not, or not yet available.</p>
<p>[0] <a href="https://www.openssl.org/news/secadv/20220315.txt" class="uri">https://www.openssl.org/news/secadv/20220315.txt</a></p>
https://cert-portal.siemens.com/productcert/pdf/ssa-710008.pdfSSA-710008 V1.2 (Last Update: 2023-01-10): Multiple Web Vulnerabilities in SCALANCE Products2023-01-10T00:00:00+00:00<p>SCALANCE devices contain multiple vulnerabilities in MSPS based product lines that could allow authenticated remote attackers to execute custom code or create a XSS situation, as well as unauthenticated remote attackers to create a denial of service condition.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-697140.pdfSSA-697140 V1.1 (Last Update: 2023-01-10): Denial of Service Vulnerability in the TCP Event Service of SCALANCE and RUGGEDCOM Products2023-01-10T00:00:00+00:00<p>The products listed below contain a denial of service vulnerability in the TCP event interface that could allow an unauthenticated remote attacker to render the device unusable.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-593272.pdfSSA-593272 V1.9 (Last Update: 2023-01-10): SegmentSmack in Interniche IP-Stack based Industrial Devices2023-01-10T00:00:00+00:00<p>A vulnerability exists in affected products that could allow remote attackers to affect the availability of the devices under certain conditions.</p>
<p>The underlying TCP stack can be forced to make very computation expensive calls for every incoming packet which can lead to a Denial-of-Service.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-592007.pdfSSA-592007 V1.9 (Last Update: 2023-01-10): Denial of Service Vulnerability in Industrial Products2023-01-10T00:00:00+00:00<p>Several industrial controllers are affected by a security vulnerability that could allow an attacker to cause a denial of service condition via PROFINET DCP network packets under certain circumstances. Precondition for this scenario is a direct OSI Layer 2 access to the affected products. PROFIBUS interfaces are not affected.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-552702.pdfSSA-552702 V1.3 (Last Update: 2023-01-10): Privilege Escalation Vulnerability in the Web Interface of SCALANCE and RUGGEDCOM Products2023-01-10T00:00:00+00:00<p>The products listed below do not properly authorize the change password function of the web interface. This could allow low privileged users to escalate their privileges.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-547714.pdfSSA-547714 V1.1 (Last Update: 2023-01-10): Argument Injection Vulnerability in SIMATIC WinCC OA Ultralight Client2023-01-10T00:00:00+00:00<p>SIMATIC WinCC OA contains an argument injection vulnerability that could allow an authenticated remote attacker to inject arbitrary parameters, when starting the Ultralight Client via the web interface (e.g., open attacker chosen panels with the attacker’s credentials or start a Ctrl script).</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-496604.pdfSSA-496604 V1.0: Cross-Site Scripting Vulnerability in Mendix SAML Module2023-01-10T00:00:00+00:00<p>The Mendix SAML module is affected by a reflected cross-site scripting (XSS) vulnerability that could allow an attacker to extract sensitive information by tricking users into accessing a malicious link. Apps are only vulnerable in certain cases when non-default configuration is used.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-482757.pdfSSA-482757 V1.0: Missing Immutable Root of Trust in S7-1500 CPU devices2023-01-10T00:00:00+00:00<p>Affected models of the S7-1500 CPU product family do not contain an Immutable Root of Trust in Hardware. With this the integrity of the code executed on the device can not be validated during load-time. An attacker with physical access to the device could use this to replace the boot image of the device and execute arbitrary code.</p>
<p>As exploiting this vulnerability requires physical tampering with the product, Siemens recommends to assess the risk of physical access to the device in the target deployment and to implement measures to make sure that only trusted personnel have access to the physical hardware.</p>
<p>The vulnerability is related to the hardware of the product. Siemens has released new hardware versions for several CPU types of the S7-1500 product family in which this vulnerability is fixed and is working on new hardware versions for remaining PLC types to address this vulnerability completely. See the chapter “Additional Information” below for more details.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-480230.pdfSSA-480230 V2.5 (Last Update: 2023-01-10): Denial of Service Vulnerability in Webserver of Industrial Products2023-01-10T00:00:00+00:00<p>A vulnerability in the affected devices could allow an unauthorized attacker with network access to the webserver of an affected device to perform a denial of service attack.</p>
<p>Siemens has released updates for several affected products and recommends to update to the new versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-478960.pdfSSA-478960 V1.2 (Last Update: 2023-01-10): Missing CSRF Protection in the Web Server Login Page of Industrial Controllers2023-01-10T00:00:00+00:00<p>The web server login page of affected products does not apply proper origin checking. This could allow authenticated remote attackers to track the activities of other users via a login cross-site request forgery attack..</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-476715.pdfSSA-476715 V1.0: Two Vulnerabilities in Automation License Manager2023-01-10T00:00:00+00:00<p>Siemens has released a new version for Automation License Manager that fixes multiple vulnerabilities which, when combined, could allow an attacker to modify and rename license files, extract licenses and overwrite arbitrary files on the target system potentially leading to privilege escalation and remote code execution.</p>
<p>Siemens has released an update for Automation License Manager V6 and recommends to update to the latest version. Siemens recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-473245.pdfSSA-473245 V2.5 (Last Update: 2023-01-10): Denial-of-Service Vulnerability in Profinet Devices2023-01-10T00:00:00+00:00<p>A vulnerability in affected devices could allow an attacker to perform a denial-of-service attack if a large amount of specially crafted UDP packets are sent to the device.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-446448.pdfSSA-446448 V1.6 (Last Update: 2023-01-10): Denial of Service Vulnerability in PROFINET Stack Integrated on Interniche Stack2023-01-10T00:00:00+00:00<p>The PROFINET (PNIO) stack, when integrated with the Interniche IP stack, contains a vulnerability that could allow an attacker to cause a denial of service condition on affected industrial products.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-431678.pdfSSA-431678 V1.4 (Last Update: 2023-01-10): Denial of Service Vulnerability in SIMATIC S7 CPU Families2023-01-10T00:00:00+00:00<p>SIMATIC S7 CPU families are affected by a vulnerability that could allow remote attackers to perform a denial of service attack by sending a specially crafted HTTP request to the web server of an affected device.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-382653.pdfSSA-382653 V1.1 (Last Update: 2023-01-10): Multiple Denial of Service Vulnerabilities in Industrial Products2023-01-10T00:00:00+00:00<p>Affected SIMATIC firmware contains multiple vulnerabilities that could allow an unauthenticated attacker to perform a denial-of-service attack under certain conditions.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-349422.pdfSSA-349422 V1.8 (Last Update: 2023-01-10): Denial of Service Vulnerability in Industrial Real-Time (IRT) Devices2023-01-10T00:00:00+00:00<p>A vulnerability in the affected products could allow an unauthorized attacker with network access to perform a denial-of-service attack resulting in loss of real-time synchronization.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdfSSA-332410 V1.0: Multiple Vulnerabilities in SINEC INS before V1.0 SP2 Update 12023-01-10T00:00:00+00:00<p>Siemens has released a new version for SINEC INS that fixes multiple vulnerabilities that could allow an attacker to read and write arbitrary files from the file system of the affected component and to ultimately execute arbitrary code on the device. In addition, this version also contains fixes for multiple vulnerabilities in underlying third party components.</p>
<p>Siemens has released an update for SINEC INS and recommends to update to the latest version.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-113131.pdfSSA-113131 V1.4 (Last Update: 2023-01-10): Denial of Service Vulnerabilities in SIMATIC S7-400 CPUs2023-01-10T00:00:00+00:00<p>Two vulnerabilities have been identified in the SIMATIC S7-400 CPU family that could allow an attacker to cause a denial of service condition. In order to exploit the vulnerabilities, an attacker must have access to the affected devices on port 102/tcp via Ethernet, PROFIBUS or Multi Point Interfaces (MPI).</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-951513.pdfSSA-951513 V1.3 (Last Update: 2022-12-13): Clickjacking Vulnerability in SCALANCE S, SCALANCE X-300, X-200IRT, X-200RNA and X-200 Switch Families2022-12-13T00:00:00+00:00<p>Several SCALANCE X switches contain a vulnerability that could allow an attacker to perform administrative actions if the victim is tricked into clicking on a website controlled by the attacker. The attack only works if the victim has an authenticated session on the administrative interface of the switch.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-930100.pdfSSA-930100 V1.0: Privilege Escalation Vulnerability in Simcenter STAR-CCM+2022-12-13T00:00:00+00:00<p>Simcenter STAR-CCM+ contains a privilege escalation vulnerability which could allow a local attacker with an unprivileged account to override or modify the service executable and subsequently gain elevated privileges.</p>
<p>Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-792594.pdfSSA-792594 V1.0: Host Header Injection Vulnerability in Polarion ALM2022-12-13T00:00:00+00:00<p>Polarion ALM contains a misconfiguration in its default Apache HTTP Server configuration that could allow an attacker to perform host header injection attacks.</p>
<p>Siemens is preparing updates and recommends specific countermeasures for existing installations by checking for misconfigurations in configuration files.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-764417.pdfSSA-764417 V1.6 (Last Update: 2022-12-13): Weak Encryption Vulnerability in RUGGEDCOM ROS Devices2022-12-13T00:00:00+00:00<p>The SSH server on RUGGEDCOM ROS devices is configured to offer weak ciphers by default. This could allow an unauthorized attacker in a man-in-the-middle position to read and modify any data passed over the connection between legitimate clients and the affected device.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-712929.pdfSSA-712929 V1.5 (Last Update: 2022-12-13): Denial of Service Vulnerability in OpenSSL (CVE-2022-0778) Affecting Industrial Products2022-12-13T00:00:00+00:00<p>A vulnerability in the openSSL component (CVE-2022-0778, [0]) could allow an attacker to create a denial of service condition by providing specially crafted elliptic curve certificates to products that use a vulnerable version of openSSL.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends countermeasures for products where updates are not, or not yet available.</p>
<p>[0] <a href="https://www.openssl.org/news/secadv/20220315.txt" class="uri">https://www.openssl.org/news/secadv/20220315.txt</a></p>
https://cert-portal.siemens.com/productcert/pdf/ssa-700053.pdfSSA-700053 V1.0: Multiple File Parsing Vulnerabilities in Teamcenter Visualization and JT2Go2022-12-13T00:00:00+00:00<p>Siemens Teamcenter Visualization and JT2Go are affected by multiple file parsing vulnerabilities that could be triggered when the application reads a malicious file in CGM or RAS format. If a user is tricked to open a malicious file with the affected products, this could lead the application to crash or potentially lead to arbitrary code execution.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-678983.pdfSSA-678983 V1.6 (Last Update: 2022-12-13): Vulnerabilities in Industrial PCs and CNC devices using Intel CPUs (November 2020)2022-12-13T00:00:00+00:00<p>Intel has published information on vulnerabilities in Intel products in <a href="https://blogs.intel.com/technology/2020/11/ipas-security-advisories-for-november-2020/">November 2020</a>. This advisory lists the Siemens IPC related products, that are affected by these vulnerabilities.</p>
<p>In this advisory we take a representative CVE from each advisory:</p>
<ul>
<li><p>“Intel CSME, SPS, TXE, AMT and DAL Advisory” Intel-SA-00391 is represented by CVE-2020-8745</p></li>
<li><p>“Intel RAPL Interface Advisory” Intel-SA-00389 is represented by CVE-2020-8694</p></li>
<li><p>“Intel Processor Advisory” Intel-SA-00381 is represented by CVE-2020-8698, and</p></li>
<li><p>“BIOS Advisory” Intel-SA-00358 is represented by CVE-2020-0590.</p></li>
</ul>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-593272.pdfSSA-593272 V1.8 (Last Update: 2022-12-13): SegmentSmack in Interniche IP-Stack based Industrial Devices2022-12-13T00:00:00+00:00<p>A vulnerability exists in affected products that could allow remote attackers to affect the availability of the devices under certain conditions.</p>
<p>The underlying TCP stack can be forced to make very computation expensive calls for every incoming packet which can lead to a Denial-of-Service.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-588101.pdfSSA-588101 V1.0: Multiple File Parsing Vulnerabilities in Parasolid2022-12-13T00:00:00+00:00<p>Parasolid is affected by out of bounds read/write vulnerabilities that could be triggered when the application reads files in X_B format. If a user is tricked to open a malicious file with the affected applications, an attacker could leverage the vulnerability to perform remote code execution in the context of the current process.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-552702.pdfSSA-552702 V1.2 (Last Update: 2022-12-13): Privilege Escalation Vulnerability in the Web Interface of SCALANCE and RUGGEDCOM Products2022-12-13T00:00:00+00:00<p>The products listed below do not properly authorize the change password function of the web interface. This could allow low privileged users to escalate their privileges.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-547714.pdfSSA-547714 V1.0: Argument Injection Vulnerability in SIMATIC WinCC OA Ultralight Client2022-12-13T00:00:00+00:00<p>SIMATIC WinCC OA contains an argument injection vulnerability that could allow an authenticated remote attacker to inject arbitrary parameters, when starting the Ultralight Client via the web interface (e.g., open attacker chosen panels with the attacker’s credentials or start a Ctrl script).</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-480829.pdfSSA-480829 V1.2 (Last Update: 2022-12-13): Cross-Site Scripting Vulnerabilities in SCALANCE X Switches2022-12-13T00:00:00+00:00<p>Two cross-site scripting (XSS) vulnerabilities were identified in the web server of several SCALANCE X switches.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-478960.pdfSSA-478960 V1.1 (Last Update: 2022-12-13): Missing CSRF Protection in the Web Server Login Page of Industrial Controllers2022-12-13T00:00:00+00:00<p>The web server login page of affected products does not apply proper origin checking. This could allow authenticated remote attackers to track the activities of other users via a login cross-site request forgery attack..</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-473245.pdfSSA-473245 V2.4 (Last Update: 2022-12-13): Denial-of-Service Vulnerability in Profinet Devices2022-12-13T00:00:00+00:00<p>A vulnerability in affected devices could allow an attacker to perform a denial-of-service attack if a large amount of specially crafted UDP packets are sent to the device.</p>
<p>Siemens has released updates for several affected products, and recommends that customers update to the new version. Siemens is preparing further updates and recommends specific countermeasures until patches are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-446448.pdfSSA-446448 V1.5 (Last Update: 2022-12-13): Denial of Service Vulnerability in PROFINET Stack Integrated on Interniche Stack2022-12-13T00:00:00+00:00<p>The PROFINET (PNIO) stack, when integrated with the Interniche IP stack, contains a vulnerability that could allow an attacker to cause a denial of service condition on affected industrial products.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-443566.pdfSSA-443566 V1.3 (Last Update: 2022-12-13): Authentication Bypass in SCALANCE X Switches Families2022-12-13T00:00:00+00:00<p>Several SCALANCE X switches are affected by an Authentication Bypass vulnerability. The vulnerability allows an unauthenticated attacker to violate access-control rules. The vulnerability can be exploited by sending a GET request to a specific uniform resource locator on the web configuration interface of the device.</p>
<p>The security vulnerability could be exploited by an attacker with network access to the affected systems. An attacker could use the vulnerability to obtain sensitive information or change the device configuration.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/pdf/ssb-439005.pdfSSB-439005 V4.9 (Last Update: 2022-12-13): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP2022-12-13T00:00:00+00:00https://cert-portal.siemens.com/productcert/pdf/ssa-413565.pdfSSA-413565 V1.0: Multiple Vulnerabilities in SCALANCE Products2022-12-13T00:00:00+00:00<p>Multiple SCALANCE devices are affected by several vulnerabilities that could allow an attacker to inject code, retrieve data as debug information as well as user CLI passwords or set the CLI to an irresponsive state.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdfSSA-412672 V1.0: Multiple OpenSSL and OpenSSH Vulnerabilities in SCALANCE X-200RNA Switch Devices before V3.2.72022-12-13T00:00:00+00:00<p>SCALANCE X-200RNA switch devices before V3.2.7 contain multiple OpenSSL and OpenSSH vulnerabilities. The most severe of these vulnerabilities could allow a denial of service condition or could lead to execution of arbitrary code.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-408105.pdfSSA-408105 V1.0: Buffer Overflow Vulnerabilities in OpenSSL 3.0 Affecting Siemens Products2022-12-13T00:00:00+00:00<p>The openSSL component, versions 3.0.0 through 3.0.6, contains two buffer overflow vulnerabilities (CVE-2022-3602, CVE-2022-3786) in the X.509 certificate verification [0]. They could allow an attacker to create a denial of service condition or execute arbitrary code on a vulnerable TLS server (if the server requests client certificate authentication), or on a vulnerable TLS client.</p>
<p>Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
<p>[0] <a href="https://www.openssl.org/news/secadv/20221101.txt" class="uri">https://www.openssl.org/news/secadv/20221101.txt</a></p>
https://cert-portal.siemens.com/productcert/pdf/ssa-382653.pdfSSA-382653 V1.0: Multiple Denial of Service Vulnerabilities in Industrial Products2022-12-13T00:00:00+00:00<p>Affected SIMATIC firmware contains multiple vulnerabilities that could allow an unauthenticated attacker to perform a denial-of-service attack under certain conditions.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-363821.pdfSSA-363821 V1.0: Multiple Vulnerabilities in SCALANCE X-200RNA Switch Devices before V3.2.72022-12-13T00:00:00+00:00<p>SCALANCE X-200RNA switch devices before V3.2.7 contain multiple vulnerabilities that could allow an attacker to cause a denial of service condition, to extract sensitive information or to hijack existing sessions.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-360681.pdfSSA-360681 V1.0: Datalogics File Parsing Vulnerabilities in Teamcenter Visualization and JT2Go2022-12-13T00:00:00+00:00<p>Siemens Teamcenter Visualization and JT2Go are affected by multiple out of bounds write vulnerabilities in the APDFL library from Datalogics. If a user is tricked to open a malicious PDF file with the affected products, this could lead the application to crash or potentially lead to arbitrary code execution.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdfSSA-333517 V1.0: Multiple Vulnerabilities in SCALANCE SC-600 Family before V3.02022-12-13T00:00:00+00:00<p>Multiple vulnerabilities affecting various third-party components of the SCALANCE SC-600 family could allow an attacker to cause a denial of service condition, corrupt memory or potentially execute custom code.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-321292.pdfSSA-321292 V1.3 (Last Update: 2022-12-13): Denial of Service in the OPC Foundation Local Discovery Server (LDS) in Industrial Products2022-12-13T00:00:00+00:00<p>A vulnerability has been identified in the OPC Foundation Local Discovery Server (LDS) [0] of several industrial products. The vulnerability could cause a denial of service condition on the service or the device.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
<p>[0] <a href="https://files.opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2021-40142.pdf" class="uri">https://files.opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2021-40142.pdf</a></p>
https://cert-portal.siemens.com/productcert/pdf/ssa-313313.pdfSSA-313313 V1.1 (Last Update: 2022-12-13): Denial of Service Vulnerability in the FTP Server of Nucleus RTOS2022-12-13T00:00:00+00:00<p>The FTP server of the networking component (Nucleus NET) in Nucleus Real-Time Operating System (RTOS) does not properly release memory resources that were reserved for incomplete connection attempts by FTP clients. This could allow a remote attacker to generate a denial of service condition on devices that incorporate a vulnerable version of the FTP server.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-312271.pdfSSA-312271 V2.1 (Last Update: 2022-12-13): Unquoted Search Path Vulnerability in Windows-based Industrial Software Applications2022-12-13T00:00:00+00:00<p>Several industrial products as listed below contain a local privilege escalation vulnerability that could allow a local attacker to execute arbitrary code with SYTEM privileges.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-309571.pdfSSA-309571 V1.7 (Last Update: 2022-12-13): IPU 2021.1 Vulnerabilities in Siemens Industrial Products using Intel CPUs (June 2021)2022-12-13T00:00:00+00:00<p>Intel has published information on vulnerabilities in Intel products in <a href="https://blogs.intel.com/technology/2021/06/intel-security-advisories-for-june-2021/">June 2021</a>. This advisory lists the related Siemens Industrial products affected by these vulnerabilities that can be patched by applying the corresponding BIOS update.</p>
<p>In this advisory we summarize:</p>
<ul>
<li><p>“2021.1 IPU – Intel® CSME, SPS and LMS Advisory” Intel-SA-00459,</p></li>
<li><p>“2021.1 IPU – BIOS Advisory” Intel-SA-00463,</p></li>
<li><p>“2021.1 IPU – Intel® Processor Advisory” Intel-SA-00464, and</p></li>
<li><p>“2021.1 IPU - Intel Atom® Processor Advisory” Intel-SA-00465.</p></li>
</ul>
<p>Siemens has released updates for several affected products and is currently working on BIOS updates that include chipset microcode updates for further products.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-274900.pdfSSA-274900 V1.3 (Last Update: 2022-12-13): Use of Hardcoded Key in SCALANCE X Devices Under Certain Conditions2022-12-13T00:00:00+00:00<p>SCALANCE X devices might not generate a unique random key after factory reset, and use a private key shipped with the firmware.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-274282.pdfSSA-274282 V1.0: Cross Site Scripting Vulnerability in PLM Help Server V4.22022-12-13T00:00:00+00:00<p>The Siemens PLM Help Server V4.2 for documentation contains a reflected cross-site scripting vulnerability. This product has reached end of life, and security vulnerabilities are no longer patched.</p>
<p>Siemens has released a new version of Documentation Server that resolves this vulnerability. See the chapter “Additional Information” below for more details.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-120378.pdfSSA-120378 V1.1 (Last Update: 2022-12-13): Multiple File Parsing Vulnerabilities in Teamcenter Visualization and JT2Go2022-12-13T00:00:00+00:00<p>Siemens Teamcenter Visualization and JT2Go are affected by multiple file parsing vulnerabilities that could be triggered when the application reads malicious TIF, CGM or PDF files. If a user is tricked to open a malicious TIF, CGM or PDF file with the affected products, this could lead the application to crash or potentially lead to arbitrary code execution.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-853037.pdfSSA-853037 V1.0: File Parsing Vulnerabilities in Parasolid2022-11-08T00:00:00+00:00<p>Parasolid is affected by out of bounds read/write vulnerabilities that could be triggered when the application reads files in X_T format. If a user is tricked to open a malicious file with the affected applications, an attacker could leverage the vulnerability to perform remote code execution in the context of the current process.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-787941.pdfSSA-787941 V1.0: Denial of Service Vulnerability in RUGGEDCOM ROS V42022-11-08T00:00:00+00:00<p>RUGGEDCOM ROS-based V4 devices are vulnerable to a denial of service attack (Slowloris). By sending partial HTTP requests nonstop, with none completed, the affected web servers will be waiting for the completion of each request, occupying all available HTTP connections. The web server recovers by itself once the attack ends.</p>
<p>Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-764417.pdfSSA-764417 V1.5 (Last Update: 2022-11-08): Weak Encryption Vulnerability in RUGGEDCOM ROS Devices2022-11-08T00:00:00+00:00<p>The SSH server on RUGGEDCOM ROS devices is configured to offer weak ciphers by default. This could allow an unauthorized attacker in a man-in-the-middle position to read and modify any data passed over the connection between legitimate clients and the affected device.</p>
<p>Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-620288.pdfSSA-620288 V1.1 (Last Update: 2022-11-08): Multiple Vulnerabilities (NUCLEUS:13) in CAPITAL VSTAR2022-11-08T00:00:00+00:00<p>Multiple vulnerabilities (also known as “NUCLEUS:13”) have be identified in the Nucleus RTOS (real-time operating system) and reported in the Siemens Security Advisory SSA-044112: <a href="https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf" class="uri">https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf</a>.</p>
<p>CAPITAL VSTAR uses an affected version of the Nucleus software and inherently contains several of these vulnerabilities.</p>
<p>Siemens recommends specific countermeasures for products where updates are not available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-587547.pdfSSA-587547 V1.0: Unencrypted Storage of User Credentials in QMS Automotive2022-11-08T00:00:00+00:00<p>QMS Automotive contains a vulnerability that stores user credentials in plantext within the user database. This could allow an attacker to read credentials from memory.</p>
<p>Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-568428.pdfSSA-568428 V1.0: Weak Key Protection Vulnerability in SINUMERIK ONE and SINUMERIK MC2022-11-08T00:00:00+00:00<p>SINUMERIK ONE and SINUMERIK MC products are affected by a weak key protection vulnerability in the integrated S7-1500 CPU. The weak key protection vulnerability in the integrated S7-1500 CPU is documented in more detail in SSA-568427 [1].</p>
<p>Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
<p>[1] <a href="https://cert-portal.siemens.com/productcert/html/ssa-568427.html" class="uri">https://cert-portal.siemens.com/productcert/html/ssa-568427.html</a></p>
https://cert-portal.siemens.com/productcert/pdf/ssa-552702.pdfSSA-552702 V1.1 (Last Update: 2022-11-08): Privilege Escalation Vulnerability in the Web Interface of SCALANCE and RUGGEDCOM Products2022-11-08T00:00:00+00:00<p>The products listed below do not properly authorize the change password function of the web interface. This could allow low privileged users to escalate their privileges.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdfSSA-506569 V1.0: Multiple Vulnerabilities in SCALANCE W1750D2022-11-08T00:00:00+00:00<p>The SCALANCE W1750D device contains multiple vulnerabilities that could allow an attacker to inject commands or exploit buffer overflow vulnerabilities which could lead to denial of service, unauthenticated remote code execution or stored XSS.</p>
<p>Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-501891.pdfSSA-501891 V1.1 (Last Update: 2022-11-08): Cross-Site Scripting Vulnerability in SCALANCE X-200 and X-200IRT Families2022-11-08T00:00:00+00:00<p>There is a cross-site scripting vulnerability that affects the SCALANCE switches. This vulnerability if used by a threat actor could result in the stealing of session cookies and session hijacking.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-478960.pdfSSA-478960 V1.0: Missing CSRF Protection in the Web Server Login Page of Industrial Controllers2022-11-08T00:00:00+00:00<p>The web server login page of affected products does not apply proper origin checking. This could allow authenticated remote attackers to track the activities of other users via a login cross-site request forgery attack..</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-459643.pdfSSA-459643 V1.1 (Last Update: 2022-11-08): Denial of Service Vulnerability in RUGGEDCOM ROS before V5.6.02022-11-08T00:00:00+00:00<p>RUGGEDCOM ROS-based devices are vulnerable to a denial of service attack (Slowloris). By sending partial HTTP requests nonstop, with none completed, the affected web servers will be waiting for the completion of each request, occupying all available HTTP connections. The web server recovers by itself once the attack ends.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-400332.pdfSSA-400332 V1.1 (Last Update: 2022-11-08): Insufficient Design IP Protection in IEEE 1735 Recommended Practice - Impact to Questa and ModelSim2022-11-08T00:00:00+00:00<p>A security research [1] identified weaknesses in the IEEE 1735 recommended practice for encryption of Design IP, which could allow a sophisticated attacker access to unencrypted Design IP data in IEEE 1735-compliant products. This advisory addresses the specific details for the affected Siemens software products: Questa and ModelSim simulators.</p>
<p>Siemens is preparing updates and recommends specific countermeasures for Questa and ModelSim.</p>
<p>[1] <a href="https://arxiv.org/abs/2112.04838" class="uri">https://arxiv.org/abs/2112.04838</a></p>
https://cert-portal.siemens.com/productcert/pdf/ssa-371761.pdfSSA-371761 V1.0: Arbitrary Code Execution Vulnerability in the Logback Component of SINEC NMS before V1.0.32022-11-08T00:00:00+00:00<p>SINEC NMS versions before V1.0.3 are affected by a vulnerability in the logback component (CVE-2021-42550) that could allow attackers with write access to the logback configuration file to execute arbitrary code on the system.</p>
<p>Siemens has released an update for SINEC NMS and recommends to update to the latest version.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-362164.pdfSSA-362164 V1.2 (Last Update: 2022-11-08): Predictable Initial Sequence Numbers in the TCP/IP Stack of Nucleus RTOS2022-11-08T00:00:00+00:00<p>The networking component (Nucleus NET) in Nucleus Real-Time Operating System (RTOS) use Initial Sequence Numbers for TCP-Sessions that are predictable.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-120378.pdfSSA-120378 V1.0: Multiple File Parsing Vulnerabilities in Teamcenter Visualization and JT2Go2022-11-08T00:00:00+00:00<p>Siemens Teamcenter Visualization and JT2Go are affected by multiple file parsing vulnerabilities that could be triggered when the application reads malicious TIF, CGM or PDF files. If a user is tricked to open a malicious TIF, CGM or PDF file with the affected products, this could lead the application to crash or potentially lead to arbitrary code execution.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-955858.pdfSSA-955858 V1.0: Multiple Vulnerabilities in LOGO! 8 BM Devices2022-10-11T00:00:00+00:00<p>LOGO! 8 BM (incl. SIPLUS variants) contains multiple web-related vulnerabilities. These could allow an attacker to execute code remotely, put the device into a denial of service state or retrieve parts of the memory.</p>
<p>Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-928782.pdfSSA-928782 V1.0: Firmware Authenticity Vulnerability in LOGO! 8 BM Devices2022-10-11T00:00:00+00:00<p>LOGO! 8 BM (incl. SIPLUS variants) contains a vulnerability that could allow an attacker to install manipulated firmware packages.</p>
<p>Siemens has released an update for the LOGO! 8 BM (incl. SIPLUS variants) and recommends to update to the latest version.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-917476.pdfSSA-917476 V1.1 (Last Update: 2022-10-11): Multiple Vulnerabilities in SCALANCE W1750D2022-10-11T00:00:00+00:00<p>The Scalance W1750D device contains multiple vulnerabilities that could allow an attacker to execute code on the affected device(s), read arbitrary files, or create a denial-of-service condition.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/pdf/ssb-898115.pdfSSB-898115 V1.0: Remarks Regarding SSA-568427 (Weak Key Protection Vulnerability in SIMATIC S7-1200 and S7-1500 CPU Families)2022-10-11T00:00:00+00:00https://cert-portal.siemens.com/productcert/pdf/ssa-712929.pdfSSA-712929 V1.4 (Last Update: 2022-10-11): Denial of Service Vulnerability in OpenSSL (CVE-2022-0778) Affecting Industrial Products2022-10-11T00:00:00+00:00<p>A vulnerability in the openSSL component (CVE-2022-0778, [0]) could allow an attacker to create a denial of service condition by providing specially crafted elliptic curve certificates to products that use a vulnerable version of openSSL.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends countermeasures for products where updates are not, or not yet available.</p>
<p>[0] <a href="https://www.openssl.org/news/secadv/20220315.txt" class="uri">https://www.openssl.org/news/secadv/20220315.txt</a></p>
https://cert-portal.siemens.com/productcert/pdf/ssa-697140.pdfSSA-697140 V1.0: Denial of Service Vulnerability in the TCP Event Service of SCALANCE and RUGGEDCOM Products2022-10-11T00:00:00+00:00<p>The products listed below contain a denial of service vulnerability in the TCP event interface that could allow an unauthenticated remote attacker to render the device unusable.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-685781.pdfSSA-685781 V1.1 (Last Update: 2022-10-11): Multiple Vulnerabilities in Apache HTTP Server Affecting Siemens Products2022-10-11T00:00:00+00:00<p>Multiple vulnerabilities were identified in the Apache HTTP Server software. These include NULL Pointer Dereferencing, Out-of-bounds Write and Server-Side Request Forgery related vulnerabilities.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-649853.pdfSSA-649853 V1.0: Improper Certificate Validation Vulnerability in Industrial Edge Management2022-10-11T00:00:00+00:00<p>Industrial Edge Management contains a vulnerability that could allow an unauthenticated attacker to spoof a trusted entity by interfering in the communication path between the Industrial Edge Management (IEM) and the Industrial Edge Hub (IEH) using a crafted certificate.</p>
<p>An attacker could use this to inject malicious maintenance requests (e.g. sending statistics, activating remote support, exchanging the initial keys when onboarding, querying new extensions).</p>
<p>Siemens has released an update for the Industrial Edge Management and recommends to update to the latest version.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-611756.pdfSSA-611756 V1.0: JT File Parsing Vulnerability in JTTK and Simcenter Femap2022-10-11T00:00:00+00:00<p>JT Open Toolkit (JTTK) and Simcenter Femap are affected by an uninitialized pointer reference vulnerability that could be triggered while parsing JT files. If a user is tricked to open a malicious JT file with any of the affected products, this could cause the application to crash or potentially lead to arbitrary code execution.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-568427.pdfSSA-568427 V1.0: Weak Key Protection Vulnerability in SIMATIC S7-1200 and S7-1500 CPU Families2022-10-11T00:00:00+00:00<p>SIMATIC S7-1200, S7-1500 CPUs and related products protect the built-in global private key in a way that cannot be considered sufficient any longer. The key is used for the legacy protection of confidential configuration data and the legacy PG/PC and HMI communication.<br />
This could allow attackers to discover the private key of a CPU product family by an offline attack against a single CPU of the family. Attackers could then use this knowledge to extract confidential configuration data from projects that are protected by that key or to perform attacks against legacy PG/PC and HMI communication.</p>
<p>Siemens recommends to update both the affected products as well as the corresponding TIA Portal project to the latest versions. TIA Portal V17 and related CPU firmware versions introduced protection of confidential configuration data based on individual passwords per device and TLS-protected PG/PC and HMI communication.</p>
<p>Additional details can be found in the related Siemens security bulletin SSB-898115 (<a href="https://cert-portal.siemens.com/productcert/html/ssb-898115.html" class="uri">https://cert-portal.siemens.com/productcert/html/ssb-898115.html</a>).</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-552702.pdfSSA-552702 V1.0: Privilege Escalation Vulnerability in the Web Interface of SCALANCE and RUGGEDCOM Products2022-10-11T00:00:00+00:00<p>The products listed below do not properly authorize the change password function of the web interface. This could allow low privileged users to escalate their privileges.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-501891.pdfSSA-501891 V1.0: Cross-Site Scripting Vulnerability in SCALANCE X-200 and X-200IRT Families2022-10-11T00:00:00+00:00<p>There is a cross-site scripting vulnerability that affects the SCALANCE switches. This vulnerability if used by a threat actor could result in the stealing of session cookies and session hijacking.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-446448.pdfSSA-446448 V1.4 (Last Update: 2022-10-11): Denial of Service Vulnerability in PROFINET Stack Integrated on Interniche Stack2022-10-11T00:00:00+00:00<p>The PROFINET (PNIO) stack, when integrated with the Interniche IP stack, contains a vulnerability that could allow an attacker to cause a denial of service condition on affected industrial products.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssb-439005.pdfSSB-439005 V4.8 (Last Update: 2022-10-11): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP2022-10-11T00:00:00+00:00https://cert-portal.siemens.com/productcert/pdf/ssa-384224.pdfSSA-384224 V1.0: Denial of Service Vulnerability in SIMATIC HMI Panels2022-10-11T00:00:00+00:00<p>Several SIMATIC HMI Panels are affected by a vulnerability that could allow an attacker to cause a permanent denial of service condition (requiring a device reboot) by sending specially crafted TCP packets.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-313313.pdfSSA-313313 V1.0: Denial of Service Vulnerability in the FTP Server of Nucleus RTOS2022-10-11T00:00:00+00:00<p>The FTP server of the networking component (Nucleus NET) in Nucleus Real-Time Operating System (RTOS) does not properly release memory resources that were reserved for incomplete connection attempts by FTP clients. This could allow a remote attacker to generate a denial of service condition on devices that incorporate a vulnerable version of the FTP server.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdfSSA-306654 V1.4 (Last Update: 2022-10-11): Insyde BIOS Vulnerabilities in Siemens Industrial Products2022-10-11T00:00:00+00:00<p>Insyde has published information on vulnerabilities in Insyde BIOS in <a href="https://www.insyde.com/security-pledge">February 2022</a>. This advisory lists the Siemens Industrial products affected by these vulnerabilities.</p>
<p>Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-285795.pdfSSA-285795 V1.3 (Last Update: 2022-10-11): Denial of Service in OPC-UA in Industrial Products2022-10-11T00:00:00+00:00<p>A vulnerability in the underlying third party component OPC UA ANSIC Stack (also called Legacy C-Stack) affects several industrial products. The vulnerability could cause a crash of the component that includes the vulnerable part of the stack.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdfSSA-280624 V1.1 (Last Update: 2022-10-11): Multiple Vulnerabilities in SCALANCE W1750D2022-10-11T00:00:00+00:00<p>The Scalance W1750D device contains multiple vulnerabilities that could allow an attacker to inject commands or exploit multiple buffer overflow vulnerabilities that could lead to denial of service or unauthenticated remote code execution.</p>
<p>Siemens has released updates for the SCALANCE W1750D and recommends to update to the latest version. Siemens recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-258115.pdfSSA-258115 V1.0: DWG File Parsing Vulnerability in Solid Edge before SE2022MP92022-10-11T00:00:00+00:00<p>Solid Edge is affected by a heap overflow vulnerability that could be triggered when the application reads DWG files. If a user is tricked to open a malicious file with the affected application, an attacker could leverage the vulnerability to perform remote code execution in the context of the current process.</p>
<p>Siemens has released an update for the Solid Edge and recommends to update to the latest version.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-254054.pdfSSA-254054 V1.3 (Last Update: 2022-10-11): Spring Framework Vulnerability (Spring4Shell or SpringShell, CVE-2022-22965) - Impact to Siemens Products2022-10-11T00:00:00+00:00<p>A vulnerability in Spring Framework was disclosed, that could allow remote unauthenticated attackers to execute code on vulnerable systems. The vulnerability is tracked as CVE-2022-22965 and is also known as “Spring4Shell” or “SpringShell”.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-250085.pdfSSA-250085 V1.1 (Last Update: 2022-10-11): Multiple Vulnerabilities in SINEC NMS2022-10-11T00:00:00+00:00<p>SINEC NMS contains multiple vulnerabilities that could allow an attacker to execute arbitrary code on the system, arbitrary commands on the local database or achieve privilege escalation.</p>
<p>Siemens has released an update for SINEC NMS to fix CVE-2022-24281 and recommends to update to the latest version. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-244969.pdfSSA-244969 V1.8 (Last Update: 2022-10-11): OpenSSL Vulnerability in Industrial Products2022-10-11T00:00:00+00:00<p>OpenSSL has published a security advisory [0] about a vulnerability in OpenSSL versions 1.1.1 < 1.1.1l and 1.0.2 < 1.0.2za that allows an attacker to cause a denial of service (DoS) or to disclose private memory content.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends countermeasures for products where updates are not, or not yet available.</p>
<p>[0] <a href="https://www.openssl.org/news/secadv/20210824.txt" class="uri">https://www.openssl.org/news/secadv/20210824.txt</a></p>
https://cert-portal.siemens.com/productcert/pdf/ssa-712929.pdfSSA-712929 V1.3 (Last Update: 2022-09-13): Denial of Service Vulnerability in OpenSSL (CVE-2022-0778) Affecting Industrial Products2022-09-13T00:00:00+00:00<p>A vulnerability in the openSSL component (CVE-2022-0778, [0]) could allow an attacker to create a denial of service condition by providing specially crafted elliptic curve certificates to products that use a vulnerable version of openSSL.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends countermeasures for products where updates are not, or not yet available.</p>
<p>[0] <a href="https://www.openssl.org/news/secadv/20220315.txt" class="uri">https://www.openssl.org/news/secadv/20220315.txt</a></p>
https://cert-portal.siemens.com/productcert/pdf/ssa-710008.pdfSSA-710008 V1.1 (Last Update: 2022-09-13): Multiple Web Vulnerabilities in SCALANCE Products2022-09-13T00:00:00+00:00<p>SCALANCE devices contain multiple vulnerabilities in MSPS based product lines that could allow authenticated remote attackers to execute custom code or create a XSS situation, as well as unauthenticated remote attackers to create a denial of service condition.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdfSSA-637483 V1.0: Third-Party Component Vulnerabilities in SINEC INS before V1.0 SP22022-09-13T00:00:00+00:00<p>Multiple vulnerabilities affecting various third-party components of SINEC INS before V1.0 SP2 could allow an attacker to cause a denial of service condition, disclose sensitive data or violate the system integrity.</p>
<p>Siemens has released an update for the SINEC INS and recommends to update to the latest version.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-618620.pdfSSA-618620 V1.1 (Last Update: 2022-09-13): Vulnerabilities in Boot Loader (U-Boot) of RUGGEDCOM ROS Devices2022-09-13T00:00:00+00:00<p>The boot loader within RUGGEDCOM ROS contains two vulnerabilities in the loading process of the operating system kernel. The more severe of these vulnerabilities could allow an attacker with local access to the device to execute arbitrary code on an affected device.</p>
<p>Siemens recommends specific countermeasures to mitigate this issue.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-518824.pdfSSA-518824 V1.0: Multiple File Parsing Vulnerabilities in Simcenter Femap and Parasolid2022-09-13T00:00:00+00:00<p>Simcenter Femap and Parasolid are affected by multiple file parsing vulnerabilities that could be triggered when the application reads files in X_T file formats. If a user is tricked to open a malicious file with the affected applications, an attacker could leverage the vulnerability to perform remote code execution in the context of the current process.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-459643.pdfSSA-459643 V1.0: Denial of Service Vulnerability in RUGGEDCOM ROS before V5.6.02022-09-13T00:00:00+00:00<p>RUGGEDCOM ROS-based devices are vulnerable to a denial of service attack (Slowloris). By sending partial HTTP requests nonstop, with none completed, the affected web servers will be waiting for the completion of each request, occupying all available HTTP connections. The web server recovers by itself once the attack ends.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/pdf/ssb-439005.pdfSSB-439005 V4.7 (Last Update: 2022-09-13): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP2022-09-13T00:00:00+00:00https://cert-portal.siemens.com/productcert/pdf/ssa-429204.pdfSSA-429204 V1.2 (Last Update: 2022-09-13): Open Design Alliance Drawings SDK Vulnerabilities in JT2Go and Teamcenter Visualization2022-09-13T00:00:00+00:00<p>JT2Go and Teamcenter Visualization are affected by multiple file parsing vulnerabilities in Drawings SDK from Open Design Alliance. If a user is tricked to open a malicious DWG file with any of the affected products, this could lead the application to crash or potentially lead to arbitrary code execution.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
<p>Note:</p>
<ul>
<li>This advisory covers security vulnerabilities recently disclosed by Open Design Alliance [0]</li>
</ul>
<p>[0] <a href="https://www.opendesign.com/security-advisories">https://www.opendesign.com/security-advisories</a></p>
https://cert-portal.siemens.com/productcert/pdf/ssa-309571.pdfSSA-309571 V1.6 (Last Update: 2022-09-13): IPU 2021.1 Vulnerabilities in Siemens Industrial Products using Intel CPUs (June 2021)2022-09-13T00:00:00+00:00<p>Intel has published information on vulnerabilities in Intel products in <a href="https://blogs.intel.com/technology/2021/06/intel-security-advisories-for-june-2021/">June 2021</a>. This advisory lists the related Siemens Industrial products affected by these vulnerabilities that can be patched by applying the corresponding BIOS update.</p>
<p>In this advisory we summarize:</p>
<ul>
<li><p>“2021.1 IPU – Intel® CSME, SPS and LMS Advisory” Intel-SA-00459,</p></li>
<li><p>“2021.1 IPU – BIOS Advisory” Intel-SA-00463,</p></li>
<li><p>“2021.1 IPU – Intel® Processor Advisory” Intel-SA-00464, and</p></li>
<li><p>“2021.1 IPU - Intel Atom® Processor Advisory” Intel-SA-00465.</p></li>
</ul>
<p>Siemens has released updates for several affected products and is currently working on BIOS updates that include chipset microcode updates for further products.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-243317.pdfSSA-243317 V1.2 (Last Update: 2022-09-13): File Parsing Vulnerability in Simcenter Femap and Parasolid2022-09-13T00:00:00+00:00<p>Simcenter Femap and Parasolid are affected by an out of bounds read vulnerability that could be triggered when the application reads files in NEU format. If a user is tricked to open a malicious file with the affected applications, an attacker could leverage the vulnerability to perform remote code execution in the context of the current process.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-179516.pdfSSA-179516 V1.7 (Last Update: 2022-09-13): OpenSSL Vulnerability in Industrial Products2022-09-13T00:00:00+00:00<p>Several Siemens industrial products are affected by a vulnerability in OpenSSL, that could result in data being sent out unencrypted by the SSL/TLS record layer.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-941426.pdfSSA-941426 V1.3 (Last Update: 2022-08-09): Multiple LLDP Vulnerabilities in Industrial Products2022-08-09T00:00:00+00:00<p>
There are multiple vulnerabilities in an underlying Link Layer Discovery Protocol (LLDP) third party library.
</p>
<p>
Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not, or not yet available.
</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-914168.pdfSSA-914168 V1.3 (Last Update: 2022-08-09): Multiple Vulnerabilities in SIMATIC WinCC Affecting Other SIMATIC Software Products2022-08-09T00:00:00+00:00<p>
Multiple vulnerabilities were found in SIMATIC WinCC that ultimately could allow attackers to retrieve and brute force password hashes and access other systems.
</p>
<p>
Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.
</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdfSSA-841348 V1.9 (Last Update: 2022-08-09): Multiple Vulnerabilities in the UMC Component2022-08-09T00:00:00+00:00<p>
The products listed below contain two security vulnerabilities in the UMC component that could allow an attacker to cause a partial denial-of-service of the UMC component, or to locally escalate privileges from a user with administrative privileges to execute code with SYSTEM level privileges.
</p>
<p>
Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not, or not yet available.
</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-840800.pdfSSA-840800 V1.1 (Last Update: 2022-08-09): Code Injection Vulnerability in RUGGEDCOM ROS2022-08-09T00:00:00+00:00<p>
RUGGEDCOM ROS-based devices are vulnerable to a web-based code injection attack. To execute this attack, it is necessary to access the system via the Command Line Interface (CLI).
</p>
<p>
Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not, or not yet available.
</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-829738.pdfSSA-829738 V1.1 (Last Update: 2022-08-09): Datalogics File Parsing Vulnerability in Teamcenter Visualization and JT2Go2022-08-09T00:00:00+00:00<p>
Siemens Teamcenter Visualization and JT2Go are affected by an out of bounds write vulnerability in APDFL library from Datalogics. If a user is tricked to open a malicious PDF file with the affected products, this could lead the application to crash or potentially lead to arbitrary code execution.
</p>
<p>
Siemens has released updates for the affected products and recommends to update to the latest versions.
</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-789162.pdfSSA-789162 V1.2 (Last Update: 2022-08-09): Vulnerabilities in Teamcenter2022-08-09T00:00:00+00:00<p>
Teamcenter is affected by XML External Entity Injection (XXE, CVE-2022-29801) and a stack based buffer overflow vulnerability (CVE-2022-24290). XXE impacts only Teamcenter versions before V13.1.
</p>
<p>
Siemens has released updates for the affected products and recommends to update to the latest versions.
</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-772220.pdfSSA-772220 V2.1 (Last Update: 2022-08-09): OpenSSL Vulnerabilities in Industrial Products2022-08-09T00:00:00+00:00<p>
OpenSSL has published a security advisory [0] about a vulnerability in OpenSSL versions 1.1.1 < 1.1.1k, that allows an unauthenticated attacker to cause a Denial-of-Service (DoS) if a maliciously crafted renegotiation message is sent .
</p>
<p>
Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends countermeasures for products where updates are not, or not yet available.
</p>
<p>
[0] <a href="https://www.openssl.org/news/secadv/20210325.txt">https://www.openssl.org/news/secadv/20210325.txt</a>
</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-764417.pdfSSA-764417 V1.4 (Last Update: 2022-08-09): Weak Encryption Vulnerability in RUGGEDCOM ROS Devices2022-08-09T00:00:00+00:00<p>
The SSH server on RUGGEDCOM ROS devices is configured to offer weak ciphers by default. This could allow an unauthorized attacker in a man-in-the-middle position to read and modify any data passed over the connection between legitimate clients and the affected device.
</p>
<p>
Siemens recommends specific countermeasures for products where updates are not, or not yet available.
</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-759952.pdfSSA-759952 V1.0: Command Injection and Denial of Service Vulnerability in Teamcenter2022-08-09T00:00:00+00:00<p>
Teamcenter is affected by two security vulnerabilities in the File Service Cache service that could lead to command injection and denial of service issues.
</p>
<p>
Siemens has released updates for the affected products and recommends to update to the latest versions.
</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-732250.pdfSSA-732250 V1.2 (Last Update: 2022-08-09): Libcurl Vulnerabilities in Industrial Devices2022-08-09T00:00:00+00:00<p>
Vulnerabilities in third-party component cURL could allow an attacker to interfere with the affected products in various ways.
</p>
<p>
Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends countermeasures for products where updates are not, or not yet available.
</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-712929.pdfSSA-712929 V1.2 (Last Update: 2022-08-09): Denial of Service Vulnerability in OpenSSL (CVE-2022-0778) Affecting Industrial Products2022-08-09T00:00:00+00:00<p>
A vulnerability in the openSSL component (CVE-2022-0778, [0]) could allow an attacker to create a denial of service condition by providing specially crafted elliptic curve certificates to products that use a vulnerable version of openSSL.
</p>
<p>
Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends countermeasures for products where updates are not, or not yet available.
</p>
<p>
[0] <a href="https://www.openssl.org/news/secadv/20220315.txt">https://www.openssl.org/news/secadv/20220315.txt</a>
</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-710008.pdfSSA-710008 V1.0: Multiple Web Vulnerabilities in SCALANCE Products2022-08-09T00:00:00+00:00<p>
SCALANCE devices contain multiple vulnerabilities in MSPS based product lines that could allow authenticated remote attackers to execute custom code or create a XSS situation, as well as unauthenticated remote attackers to create a denial of service condition.
</p>
<p>
Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.
</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdfSSA-661247 V3.0 (Last Update: 2022-08-09): Apache Log4j Vulnerabilities (Log4Shell, CVE-2021-44228, CVE-2021-45046) - Impact to Siemens Products2022-08-09T00:00:00+00:00<p>
On 2021-12-09, a vulnerability in Apache Log4j (a logging tool used in many Java-based applications) was disclosed, that could allow remote unauthenticated attackers to execute code on vulnerable systems. The vulnerability is tracked as CVE-2021-44228 and is also known as “Log4Shell”.
</p>
<p>
On 2021-12-14 an additional denial of service vulnerability (CVE-2021-45046) was published rendering the initial mitigations and fix in version 2.15.0 as incomplete under certain non-default configurations. Log4j versions 2.16.0 and 2.12.2 are supposed to fix both vulnerabilities.
</p>
<p>
On 2021-12-17, CVE-2021-45046 was reclassified with an increased CVSS base score (from 3.7 to 9.0). The potential impact of CVE-2021-45046 now includes - besides denial of service - also information disclosure and local (and potential remote) code execution.
</p>
<p>
Siemens is currently investigating to determine which products are affected and is continuously updating this advisory as more information becomes available. See section Additional Information for more details regarding the investigation status.
</p>
<p>
Note: two additional vulnerabilities were published for Apache Log4j, the impact of which are documented in SSA-501673: <a href="https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf">https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf</a> (CVE-2021-45105) and SSA-784507: <a href="https://cert-portal.siemens.com/productcert/pdf/ssa-784507.pdf">https://cert-portal.siemens.com/productcert/pdf/ssa-784507.pdf</a> (CVE-2021-44832).
</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-661034.pdfSSA-661034 V1.2 (Last Update: 2022-08-09): Incorrect Permission Assignment in Multiple SIMATIC Software Products2022-08-09T00:00:00+00:00<p>
Multiple SIMATIC software products are affected by a vulnerability that could allow an attacker to change the content of certain metafiles and subsequently manipulate parameters or behaviour of devices configured by the affected software products.
</p>
<p>
Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.
</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-629512.pdfSSA-629512 V1.6 (Last Update: 2022-08-09): Local Privilege Escalation Vulnerability in TIA Portal2022-08-09T00:00:00+00:00<p>
The latest updates for TIA Portal fix a vulnerability that could allow a local attacker to execute arbitrary code with SYSTEM privileges.
</p>
<p>
Update: The previously provided fixes only correctly set the permissions on English Windows versions.
</p>
<p>
Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not, or not yet available.
</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-592007.pdfSSA-592007 V1.8 (Last Update: 2022-08-09): Denial-of-Service Vulnerability in Industrial Products2022-08-09T00:00:00+00:00<p>
Several industrial controllers are affected by a security vulnerability that could allow an attacker to cause a Denial-of-Service condition via PROFINET DCP network packets under certain circumstances. Precondition for this scenario is a direct OSI Layer 2 access to the affected products. PROFIBUS interfaces are not affected.
</p>
<p>
Siemens has released updates for several affected products, is working on updates for the remaining affected products and recommends specific countermeasures until fixes are available.
</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-580693.pdfSSA-580693 V1.3 (Last Update: 2022-08-09): WIBU Systems CodeMeter Runtime Denial-of-Service Vulnerability in Siemens Products2022-08-09T00:00:00+00:00<p>
WIBU Systems published information about a denial-of-service vulnerability and an associated fix release version of CodeMeter Runtime, a product provided by WIBU Systems and used in several Siemens products for license management.
</p>
<p>
The vulnerability is described in the section “Vulnerability Classification” below and got assigned the CVE ID CVE-2021-41057. Successful exploitation of this vulnerability could allow an attacker to crash the CodeMeter Runtime Server (i.e., CodeMeter.exe), which could cause a denial-of-service condition for the affected Siemens product.
</p>
<p>
Siemens has released updates for the affected products and recommends to update to the latest versions.
</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-580125.pdfSSA-580125 V1.1 (Last Update: 2022-08-09): Multiple Vulnerabilities in SIMATIC eaSie2022-08-09T00:00:00+00:00<p>
SIMATIC eaSie contains multiple vulnerabilities that could allow an attacker to send arbitrary messages to the underlying message passing framework of the affected system or crash the attached application.
</p>
<p>
Siemens has released an update for the SIMATIC eaSie Core Package and recommends to update to the latest version.
</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-557541.pdfSSA-557541 V1.1 (Last Update: 2022-08-09): Denial-of-Service Vulnerability in SIMATIC S7-400 CPUs2022-08-09T00:00:00+00:00<p>
SIMATIC S7-400 CPU devices contain an input validation vulnerability that could allow an attacker to create a Denial-of-Service condition. A restart is needed to restore normal operations.
</p>
<p>
Siemens has released an update for SIMATIC S7-410 V10 CPU family and SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants for both) and recommends to update to the latest version. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not yet available.
</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-555707.pdfSSA-555707 V1.0: Information Disclosure Vulnerability in Simcenter STAR-CCM+2022-08-09T00:00:00+00:00<p>
Simcenter STAR-CCM+ contains an information disclosure vulnerability when using the Power-on-Demand public license server. An attacker could access a system’s host, user, and display name.
</p>
<p>
Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available.
</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-539476.pdfSSA-539476 V1.3 (Last Update: 2022-08-09): Siemens SIMATIC NET CP, SINEMA and SCALANCE Products Affected by Vulnerabilities in Third-Party Component strongSwan2022-08-09T00:00:00+00:00<p>
Vulnerabilities in the third-party component strongSwan could allow an attacker to cause a denial of service (DoS) condition in affected devices by exploiting integer overflow bugs.
</p>
<p>
Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends countermeasures for products where updates are not, or not yet available.
</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-517377.pdfSSA-517377 V1.1 (Last Update: 2022-08-09): Multiple Vulnerabilities in the SRCS VPN Feature in SIMATIC CP Devices2022-08-09T00:00:00+00:00<p>
The below referenced devices contain multiple vulnerabilities that could be exploited when the SINEMA Remote Connect Server (SRCS) VPN feature is used. The feature is not activated by default. The most severe could allow an attacker to execute arbitrary code with elevated privileges under certain circumstances.
</p>
<p>
Siemens has released an update for several products and recommends to update to the latest version. Siemens is preparing further updates and recommends countermeasures for products where updates are not, or not yet available.
</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-492828.pdfSSA-492828 V1.2 (Last Update: 2022-08-09): Denial-of-Service Vulnerability in SIMATIC S7-300 CPUs and SINUMERIK Controller2022-08-09T00:00:00+00:00<p>
A vulnerability in S7-300 might allow an attacker to cause a Denial-of-Service condition on port 102 of the affected devices by sending specially crafted packets.
</p>
<p>
Siemens recommends specific countermeasures for products where updates are not, or not yet available.
</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-480230.pdfSSA-480230 V2.4 (Last Update: 2022-08-09): Denial of Service Vulnerability in Webserver of Industrial Products2022-08-09T00:00:00+00:00<p>
A vulnerability in the affected devices could allow an unauthorized attacker with network access to the webserver of an affected device to perform a denial of service attack.
</p>
<p>
Siemens has released updates for several affected products and recommends to update to the new versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.
</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-473245.pdfSSA-473245 V2.3 (Last Update: 2022-08-09): Denial-of-Service Vulnerability in Profinet Devices2022-08-09T00:00:00+00:00<p>
A vulnerability in affected devices could allow an attacker to perform a denial-of-service attack if a large amount of specially crafted UDP packets are sent to the device.
</p>
<p>
Siemens has released updates for several affected products, and recommends that customers update to the new version. Siemens is preparing further updates and recommends specific countermeasures until patches are available.
</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-446448.pdfSSA-446448 V1.3 (Last Update: 2022-08-09): Denial of Service Vulnerability in PROFINET Stack Integrated on Interniche Stack2022-08-09T00:00:00+00:00<p>
The PROFINET (PNIO) stack, when integrated with the Interniche IP stack, contains a vulnerability that could allow an attacker to cause a denial of service condition on affected industrial products.
</p>
<p>
Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.
</p>
https://cert-portal.siemens.com/productcert/pdf/ssb-439005.pdfSSB-439005 V4.6 (Last Update: 2022-08-09): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP2022-08-09T00:00:00+00:00https://cert-portal.siemens.com/productcert/pdf/ssa-431678.pdfSSA-431678 V1.3 (Last Update: 2022-08-09): Denial-of-Service Vulnerability in SIMATIC S7 CPU Families2022-08-09T00:00:00+00:00<p>
SIMATIC S7 CPU families are affected by a vulnerability that could allow remote attackers to perform a Denial-of-Service attack by sending a specially crafted HTTP request to the web server of an affected device.
</p>
<p>
Siemens has released updates for several affected products, is working on updates for the remaining affected products and recommends specific countermeasures until fixes are available.
</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-429204.pdfSSA-429204 V1.1 (Last Update: 2022-08-09): Open Design Alliance Drawings SDK Vulnerabilities in JT2Go and Teamcenter Visualization2022-08-09T00:00:00+00:00<p>
JT2Go and Teamcenter Visualization are affected by multiple file parsing vulnerabilities in Drawings SDK from Open Design Alliance. If a user is tricked to open a malicious DWG file with any of the affected products, this could lead the application to crash or potentially lead to arbitrary code execution.
</p>
<p>
Siemens has released updates for the affected products and recommends to update to the latest versions.
</p>
<p>
Note:
</p>
<ul>
<li>
This advisory covers security vulnerabilities recently disclosed by Open Design Alliance [0]
</li>
</ul>
<p>
[0] <a href="https://www.opendesign.com/security-advisories">https://www.opendesign.com/security-advisories</a>
</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-324955.pdfSSA-324955 V1.9 (Last Update: 2022-08-09): SAD DNS Attack in Linux Based Products2022-08-09T00:00:00+00:00<p>
A vulnerability made public under the name SAD DNS affects Domain Name System resolvers due to a vulnerability in the Linux kernel when handling ICMP packets. The Siemens products which are affected are listed below. For more information please see <a href="https://www.saddns.net/">https://www.saddns.net/</a>.
</p>
<p>
Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.
</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-321292.pdfSSA-321292 V1.2 (Last Update: 2022-08-09): Denial of Service in the OPC Foundation Local Discovery Server (LDS) in Industrial Products2022-08-09T00:00:00+00:00<p>
A vulnerability has been identified in the OPC Foundation Local Discovery Server (LDS) [0] of several industrial products. The vulnerability could cause a denial of service condition on the service or the device.
</p>
<p>
Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.
</p>
<p>
[0] <a href="https://files.opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2021-40142.pdf">https://files.opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2021-40142.pdf</a>
</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-309571.pdfSSA-309571 V1.5 (Last Update: 2022-08-09): IPU 2021.1 Vulnerabilities in Siemens Industrial Products using Intel CPUs (June 2021)2022-08-09T00:00:00+00:00<p>
Intel has published information on vulnerabilities in Intel products in <a href="https://blogs.intel.com/technology/2021/06/intel-security-advisories-for-june-2021/">June 2021</a>. This advisory lists the related Siemens Industrial products affected by these vulnerabilities that can be patched by applying the corresponding BIOS update.
</p>
<p>
In this advisory we summarize:
</p>
<ul>
<li>
<p>
“2021.1 IPU – Intel® CSME, SPS and LMS Advisory” Intel-SA-00459,
</p>
</li>
<li>
<p>
“2021.1 IPU – BIOS Advisory” Intel-SA-00463,
</p>
</li>
<li>
<p>
“2021.1 IPU – Intel® Processor Advisory” Intel-SA-00464, and
</p>
</li>
<li>
<p>
“2021.1 IPU - Intel Atom® Processor Advisory” Intel-SA-00465.
</p>
</li>
</ul>
<p>
Siemens has released updates for several affected products and is currently working on BIOS updates that include chipset microcode updates for further products.
</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-307392.pdfSSA-307392 V1.9 (Last Update: 2022-08-09): Denial of Service in OPC UA in Industrial Products2022-08-09T00:00:00+00:00<p>
A vulnerability has been identified in the OPC UA server of several industrial products. The vulnerability could cause a denial of service condition on the service or the device.
</p>
<p>
Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not, or not yet available.
</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdfSSA-306654 V1.3 (Last Update: 2022-08-09): Insyde BIOS Vulnerabilities in Siemens Industrial Products2022-08-09T00:00:00+00:00<p>
Insyde has published information on vulnerabilities in Insyde BIOS in <a href="https://www.insyde.com/security-pledge">February 2022</a>. This advisory lists the Siemens Industrial products affected by these vulnerabilities.
</p>
<p>
Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available.
</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-285795.pdfSSA-285795 V1.2 (Last Update: 2022-08-09): Denial of Service in OPC-UA in Industrial Products2022-08-09T00:00:00+00:00<p>
A vulnerability in the underlying third party component OPC UA ANSIC Stack (also called Legacy C-Stack) affects several industrial products. The vulnerability could cause a crash of the component that includes the vulnerable part of the stack.
</p>
<p>
Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.
</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-244969.pdfSSA-244969 V1.7 (Last Update: 2022-08-09): OpenSSL Vulnerability in Industrial Products2022-08-09T00:00:00+00:00<p>
OpenSSL has published a security advisory [0] about a vulnerability in OpenSSL versions 1.1.1 < 1.1.1l and 1.0.2 < 1.0.2za that allows an attacker to cause a denial of service (DoS) or to disclose private memory content.
</p>
<p>
Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends countermeasures for products where updates are not, or not yet available.
</p>
<p>
[0] <a href="https://www.openssl.org/news/secadv/20210824.txt">https://www.openssl.org/news/secadv/20210824.txt</a>
</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-243317.pdfSSA-243317 V1.1 (Last Update: 2022-08-09): File Parsing Vulnerability in Simcenter Femap and Parasolid2022-08-09T00:00:00+00:00<p>
Simcenter Femap and Parasolid are affected by an out of bounds read vulnerability that could be triggered when the application reads files in NEU format. If a user is tricked to open a malicious file with the affected applications, an attacker could leverage the vulnerability to perform remote code execution in the context of the current process.
</p>
<p>
Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.
</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-232418.pdfSSA-232418 V1.4 (Last Update: 2022-08-09): Vulnerabilities in SIMATIC S7-1200 and SIMATIC S7-1500 CPU Families2022-08-09T00:00:00+00:00<p>
Two vulnerabilities have been identified in the SIMATIC S7-1200/S7-1500 CPU families and related products. One vulnerability (CVE-2019-10943) could allow an attacker with network access to affected devices to modify the user program stored on these devices such that the source code differs from the actual running code. The other vulnerability (CVE-2019-10929) could allow an attacker in a Man-in-the-Middle position to modify network traffic exchanged on port 102/tcp.
</p>
<p>
Siemens has released updates for several affected products to fix CVE-2019-10929 and recommends to update to the latest versions. Regarding CVE-2019-10943, Siemens recommends specific countermeasures for products where updates are not, or not yet available.
</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-220589.pdfSSA-220589 V1.2 (Last Update: 2022-08-09): Hard Coded Default Credential Vulnerability in Teamcenter2022-08-09T00:00:00+00:00<p>
Siemens has released updates for Teamcenter that fixes a security vulnerability related to unsecure storage of user credentials. This vulnerability affects Java EE Server Manager HTML Adaptor. This service is not installed by default and currently also obsoleted.
</p>
<p>
Siemens has released updates for the affected products and recommends to update to the latest versions.
</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-113131.pdfSSA-113131 V1.3 (Last Update: 2022-08-09): Denial of Service Vulnerabilities in SIMATIC S7-400 CPUs2022-08-09T00:00:00+00:00<p>
Two vulnerabilities have been identified in the SIMATIC S7-400 CPU family that could allow an attacker to cause a denial of service condition. In order to exploit the vulnerabilities, an attacker must have access to the affected devices on port 102/tcp via Ethernet, PROFIBUS or Multi Point Interfaces (MPI).
</p>
<p>
Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.
</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-944952.pdfSSA-944952 V1.0: Authentication Bypass Vulnerability in Opcenter Quality2022-07-12T00:00:00+00:00<p>
Siemens has released updates for Opcenter Quality to fix an authentication bypass vulnerability. This could allow unauthenticated access to the application or cause denial of service condition for existing users. The issue is based on rich client modules using IbsGailWrapper-interface. After issuing the record the authentication bypass vulnerability could take place on all modules.
</p>
<p>
Siemens has released updates for the affected products and recommends to update to the latest versions.
</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-910883.pdfSSA-910883 V1.0: DHCP Client Vulnerability in SINAMICS PERFECT HARMONY GH180 Drives2022-07-12T00:00:00+00:00<p>
Several models of SINAMICS PERFECT HARMONY GH180 Drives are affected by a DHCP client vulnerability (CVE-2021-29998) in the integrated SCALANCE X206-1 device. The vulnerability could allow an attacker to cause a heap-based buffer overflow on that device and use it to get access to the drive’s internal network.
</p>
<p>
The list of affected drive models can be found in the section “Additional Information” below.
</p>
<p>
Recently manufactured drives are no longer affected. For older drives, Siemens provides detailed remediation advise via customer support.
</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-840800.pdfSSA-840800 V1.0: Code Injection Vulnerability in RUGGEDCOM ROS2022-07-12T00:00:00+00:00<p>
RUGGEDCOM ROS-based devices are vulnerable to a web-based code injection attack. To execute this attack, it is necessary to access the system via the console.
</p>
<p>
Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not, or not yet available.
</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-840188.pdfSSA-840188 V1.5 (Last Update: 2022-07-12): Multiple Vulnerabilities in SIMATIC WinCC Affecting Other SIMATIC Software Products2022-07-12T00:00:00+00:00<p>
Multiple vulnerabilities were found in SIMATIC WinCC that ultimately could allow local or remote attackers to escalate privileges and read, write or delete critical files.
</p>
<p>
Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.
</p>
<p>
Note: The vulnerability CVE-2021-40359 is part of a shared component, used by various Siemens products (SIMATIC Communication Services - SCS). The installation of a fix version of any product also removes the vulnerability for other products on the same system, even if those products were not updated.
</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-838121.pdfSSA-838121 V1.2 (Last Update: 2022-07-12): Multiple Denial of Service Vulnerabilities in Industrial Products2022-07-12T00:00:00+00:00<p>
Affected SIMATIC firmware contains three vulnerabilities that could allow an unauthenticated attacker to perform a denial-of-service attack under certain conditions.
</p>
<p>
Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends countermeasures for products where updates are not, or not yet available.
</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-829738.pdfSSA-829738 V1.0: Datalogics File Parsing Vulnerability in Teamcenter Visualization and JT2Go2022-07-12T00:00:00+00:00<p>
Siemens has released a new version for Teamcenter Visualization and JT2Go that fixes an out of bounds write vulnerability in APDFL library from Datalogics. If a user is tricked to open a malicious PDF file with the affected products, this could lead the application to crash or potentially lead to arbitrary code execution.
</p>
<p>
Siemens has released updates for the affected products and recommends to update to the latest versions.
</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-712929.pdfSSA-712929 V1.1 (Last Update: 2022-07-12): Denial of Service Vulnerability in OpenSSL (CVE-2022-0778) Affecting Industrial Products2022-07-12T00:00:00+00:00<p>
A vulnerability in the openSSL component (CVE-2022-0778, [0]) could allow an attacker to create a denial of service condition by providing specially crafted elliptic curve certificates to products that use a vulnerable version of openSSL.
</p>
<p>
Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends countermeasures for products where updates are not, or not yet available.
</p>
<p>
[0] <a href="https://www.openssl.org/news/secadv/20220315.txt">https://www.openssl.org/news/secadv/20220315.txt</a>
</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-711829.pdfSSA-711829 V1.1 (Last Update: 2022-07-12): Denial of Service Vulnerability in TIA Administrator2022-07-12T00:00:00+00:00<p>
In conjunction with the installation of the affected products listed in the table below, a vulnerability in TIA Administrator occurs that could allow an unauthenticated attacker to perform a denial of service attack.
</p>
<p>
Siemens has released updates for the affected products and recommends to update to the latest versions.
</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-678983.pdfSSA-678983 V1.5 (Last Update: 2022-07-12): Vulnerabilities in Industrial PCs and CNC devices using Intel CPUs (November 2020)2022-07-12T00:00:00+00:00<p>
Intel has published information on vulnerabilities in Intel products in <a href="https://blogs.intel.com/technology/2020/11/ipas-security-advisories-for-november-2020/">November 2020</a>. This advisory lists the Siemens IPC related products, that are affected by these vulnerabilities.
</p>
<p>
In this advisory we take a representative CVE from each advisory:
</p>
<ul>
<li>
<p>
“Intel CSME, SPS, TXE, AMT and DAL Advisory” Intel-SA-00391 is represented by CVE-2020-8745
</p>
</li>
<li>
<p>
“Intel RAPL Interface Advisory” Intel-SA-00389 is represented by CVE-2020-8694
</p>
</li>
<li>
<p>
“Intel Processor Advisory” Intel-SA-00381 is represented by CVE-2020-8698, and
</p>
</li>
<li>
<p>
“BIOS Advisory” Intel-SA-00358 is represented by CVE-2020-0590.
</p>
</li>
</ul>
<p>
Siemens has released updates for several affected products and is currently working on BIOS updates that include chipset microcode updates for further products.
</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-599506.pdfSSA-599506 V1.0: Command Injection in RUGGEDCOM ROX2022-07-12T00:00:00+00:00<p>
RUGGEDCOM ROX devices are affected by a command injection vulnerability that could allow an attacker with administrative privileges to gain root access.
</p>
<p>
Siemens has released updates for the affected products and recommends to update to the latest versions.
</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-580125.pdfSSA-580125 V1.0: Multiple Vulnerabilities in SIMATIC eaSie Core Package2022-07-12T00:00:00+00:00<p>
SIMATIC eaSie PCS 7 Skill Package contains multiple vulnerabilities that could allow an attacker to send arbitrary messages to the underlying message passing framework of the affected system or crash the attached application.
</p>
<p>
Siemens has released an update for the SIMATIC eaSie Core Package and recommends to update to the latest version.
</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-557804.pdfSSA-557804 V1.4 (Last Update: 2022-07-12): Mirror Port Isolation Vulnerability in SCALANCE X Switches2022-07-12T00:00:00+00:00<p>
A vulnerability was identified in several SCALANCE X switches that could allow an attacker to feed information into a network via the mirror port with the monitor barrier feature enabled.
</p>
<p>
Siemens has released updates for the affected products and recommends to update to the latest versions.
</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-517377.pdfSSA-517377 V1.0: Multiple Vulnerabilities in the SRCS VPN Feature in SIMATIC CP Devices2022-07-12T00:00:00+00:00<p>
The below referenced devices contain multiple vulnerabilities that could be exploited when the SINEMA Remote Connect Server (SRCS) VPN feature is used. The feature is not activated by default. The most severe could allow an attacker to execute arbitrary code with elevated privileges under certain circumstances.
</p>
<p>
Siemens has released an update for SIMATIC CP 1543-1 (incl. SIPLUS variants) and recommends to update to the latest version. Siemens is preparing further updates and recommends countermeasures for products where updates are not, or not yet available.
</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-474231.pdfSSA-474231 V1.0: File Parsing Vulnerability in Simcenter Femap before V2022.22022-07-12T00:00:00+00:00<p>
Siemens Simcenter Femap versions before V2022.2 are affected by an out of bounds write vulnerability that could be triggered when the application reads files in X_T format. If a user is tricked to open a malicious file with the affected application, an attacker could leverage the vulnerability to perform remote code execution in the context of the current process.
</p>
<p>
Siemens has released an update for the Simcenter Femap and recommends to update to the latest version.
</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-446448.pdfSSA-446448 V1.2 (Last Update: 2022-07-12): Denial of Service Vulnerability in PROFINET Stack Integrated on Interniche Stack2022-07-12T00:00:00+00:00<p>
The PROFINET (PNIO) stack, when integrated with the Interniche IP stack, contains a vulnerability that could allow an attacker to cause a denial of service condition on affected industrial products.
</p>
<p>
Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.
</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-439148.pdfSSA-439148 V1.0: File Parsing Vulnerabilities in PADS Standard/Plus Viewer2022-07-12T00:00:00+00:00<p>
Siemens PADS Standard/Plus Viewer is affected by multiple memory corruption vulnerabilities that could be triggered when the application reads files in PCB format. If a user is tricked to open a malicious file with the affected application, an attacker could leverage the vulnerability to perform remote code execution in the context of the current process
</p>
<p>
Siemens recommends specific countermeasures for products where updates are not, or not yet available.
</p>
https://cert-portal.siemens.com/productcert/pdf/ssb-439005.pdfSSB-439005 V4.5 (Last Update: 2022-07-12): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP2022-07-12T00:00:00+00:00https://cert-portal.siemens.com/productcert/pdf/ssa-429204.pdfSSA-429204 V1.0: Open Design Alliance Drawings SDK Vulnerabilities in JT2Go and Teamcenter Visualization2022-07-12T00:00:00+00:00<p>
JT2Go and Teamcenter Visualization are affected by multiple file parsing vulnerabilities in Drawings SDK from Open Design Alliance. If a user is tricked to open a malicious DWG file with any of the affected products, this could lead the application to crash or potentially lead to arbitrary code execution.
</p>
<p>
Siemens has released updates for the affected products and recommends to update to the latest versions.
</p>
<p>
Note:
</p>
<ul>
<li>
This advisory covers security vulnerabilities recently disclosed by Open Design Alliance [0]
</li>
</ul>
<p>
[0] <a href="https://www.opendesign.com/security-advisories">https://www.opendesign.com/security-advisories</a>
</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-414513.pdfSSA-414513 V1.2 (Last Update: 2022-07-12): Information Disclosure Vulnerability in Mendix2022-07-12T00:00:00+00:00<p>
An information disclosure vulnerability in Mendix applications was discovered. The vulnerability could allow to read sensitive data.
</p>
<p>
Siemens has released updates for the affected products and recommends to update to the latest versions.
</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-348662.pdfSSA-348662 V1.0: Multiple Vulnerabilities in SIMATIC MV500 Devices before V3.32022-07-12T00:00:00+00:00<p>
SIMATIC MV500 devices before V3.3 are affected by multiple vulnerabilities that could allow attackers to hijack other users’ web based management sessions (CVE-2022-33137) or access data on the device without prior authentication (CVE-2022-33138).
</p>
<p>
Siemens has released an update for the SIMATIC MV500 devices and recommends to update to the latest version. Note that the update also contains additional fixes for vulnerabilities documented in Siemens Security Advisory SSA-712929.
</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-321292.pdfSSA-321292 V1.1 (Last Update: 2022-07-12): Denial of Service in the OPC Foundation Local Discovery Server (LDS) in Industrial Products2022-07-12T00:00:00+00:00<p>
A vulnerability has been identified in the OPC Foundation Local Discovery Server (LDS) [0] of several industrial products. The vulnerability could cause a denial of service condition on the service or the device.
</p>
<p>
Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.
</p>
<p>
[0] <a href="https://files.opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2021-40142.pdf">https://files.opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2021-40142.pdf</a>
</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-310038.pdfSSA-310038 V1.0: Multiple Vulnerabilities in SCALANCE X Switch Devices2022-07-12T00:00:00+00:00<p>
Several SCALANCE X switches contain multiple vulnerabilities. An unauthenticated attacker could reboot, cause denial-of-service conditions and potentially impact the system by other means through heap and buffer overflow vulnerabilities.
</p>
<p>
Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.
</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-309571.pdfSSA-309571 V1.4 (Last Update: 2022-07-12): IPU 2021.1 Vulnerabilities in Siemens Industrial Products using Intel CPUs (June 2021)2022-07-12T00:00:00+00:00<p>
Intel has published information on vulnerabilities in Intel products in <a href="https://blogs.intel.com/technology/2021/06/intel-security-advisories-for-june-2021/">June 2021</a>. This advisory lists the related Siemens Industrial products affected by these vulnerabilities that can be patched by applying the corresponding BIOS update.
</p>
<p>
In this advisory we summarize:
</p>
<ul>
<li>
<p>
“2021.1 IPU – Intel® CSME, SPS and LMS Advisory” Intel-SA-00459,
</p>
</li>
<li>
<p>
“2021.1 IPU – BIOS Advisory” Intel-SA-00463,
</p>
</li>
<li>
<p>
“2021.1 IPU – Intel® Processor Advisory” Intel-SA-00464, and
</p>
</li>
<li>
<p>
“2021.1 IPU - Intel Atom® Processor Advisory” Intel-SA-00465.
</p>
</li>
</ul>
<p>
Siemens has released updates for several affected products and is currently working on BIOS updates that include chipset microcode updates for further products.
</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdfSSA-306654 V1.2 (Last Update: 2022-07-12): Insyde BIOS Vulnerabilities in Siemens Industrial Products2022-07-12T00:00:00+00:00<p>
Insyde has published information on vulnerabilities in Insyde BIOS in <a href="https://www.insyde.com/security-pledge">February 2022</a>. This advisory lists the Siemens Industrial products affected by these vulnerabilities.
</p>
<p>
Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available.
</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-285795.pdfSSA-285795 V1.1 (Last Update: 2022-07-12): Denial of Service in OPC-UA in Industrial Products2022-07-12T00:00:00+00:00<p>
Vulnerability in the underlying third party component OPC UA ANSIC Stack (also called Legacy C-Stack) affects several industrial products. The vulnerability could cause a crash of the component that includes the vulnerable part of the stack.
</p>
<p>
Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.
</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-244969.pdfSSA-244969 V1.6 (Last Update: 2022-07-12): OpenSSL Vulnerability in Industrial Products2022-07-12T00:00:00+00:00<p>
OpenSSL has published a security advisory [0] about a vulnerability in OpenSSL versions 1.1.1 < 1.1.1l and 1.0.2 < 1.0.2za that allows an attacker to cause a denial of service (DoS) or to disclose private memory content.
</p>
<p>
Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends countermeasures for products where updates are not, or not yet available.
</p>
<p>
[0] <a href="https://www.openssl.org/news/secadv/20210824.txt">https://www.openssl.org/news/secadv/20210824.txt</a>
</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-243317.pdfSSA-243317 V1.0: File Parsing Vulnerability in Simcenter Femap and Parasolid2022-07-12T00:00:00+00:00<p>
Simcenter Femap and Parasolid are affected by an out of bounds read vulnerability that could be triggered when the application reads files in NEU format. If a user is tricked to open a malicious file with the affected applications, an attacker could leverage the vulnerability to perform remote code execution in the context of the current process.
</p>
<p>
Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.
</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-220589.pdfSSA-220589 V1.1 (Last Update: 2022-07-12): Hard Coded Default Credential Vulnerability in Teamcenter2022-07-12T00:00:00+00:00<p>
Siemens has released updates for Teamcenter that fixes a security vulnerability related to unsecure storage of user credentials. This vulnerability affects Java EE Server Manager HTML Adaptor. This service is not installed by default and currently also obsoleted.
</p>
<p>
Siemens has released updates for the affected products and recommends to update to the latest versions.
</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-111512.pdfSSA-111512 V1.0: Client-side Authentication in SIMATIC WinCC OA2022-06-21T00:00:00+00:00<p>SIMATIC WinCC OA implements client-side only authentication, when neither server-side authentication (SSA) nor Kerberos authentication is enabled. In this configuration, attackers could impersonate other users or exploit the client-server protocol without being authenticated.</p>
<p>Siemens recommends to enable server-side authentication (SSA) or Kerberos authentication for all WinCC OA projects, as documented in the WinCC OA Security Guideline. In SIMATIC WinCC OA server-side authentication is available since V3.15 (and offered as the default configuration since V3.17). Additional information can be found at: <a href="https://cert-portal.siemens.com/productcert/news.html?id=21" class="uri">https://cert-portal.siemens.com/productcert/news.html?id=21</a>.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-988345.pdfSSA-988345 V1.0: Local Privilege Escalation Vulnerability in Xpedition Designer2022-06-14T00:00:00+00:00<p>A vulnerability in Xpedition Designer could allow an attacker with an unprivileged account to override or modify the service executable and subsequently gain elevated privileges.</p>
<p>Siemens has released an update for the Xpedition Designer and recommends to update to the latest version.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-978220.pdfSSA-978220 V1.7 (Last Update: 2022-06-14): Denial of Service Vulnerability over SNMP in Multiple Industrial Products2022-06-14T00:00:00+00:00<p>Several industrial products are affected by a vulnerability that could allow remote attackers to conduct a denial of service attack by sending specially crafted packets to port 161/udp (SNMP).</p>
<p>Siemens has released updates for several affected products and recommends to update to the new versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-941426.pdfSSA-941426 V1.2 (Last Update: 2022-06-14): Multiple LLDP Vulnerabilities in Industrial Products2022-06-14T00:00:00+00:00<p>There are multiple vulnerabilities in an underlying Link Layer Discovery Protocol (LLDP) third party library.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-911567.pdfSSA-911567 V1.0: Missing HTTP headers in SINEMA Remote Connect Server before V3.0 SP22022-06-14T00:00:00+00:00<p>SINEMA Remote Connect Server is missing HTTP security headers on the web server. This could aid attackers by making the servers more prone to clickjacking, channel downgrade attacks and other similar client-based attack vectors.</p>
<p>Siemens has released an update for the SINEMA Remote Connect Server and recommends to update to the latest version.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-789162.pdfSSA-789162 V1.1 (Last Update: 2022-06-14): Vulnerabilities in Teamcenter2022-06-14T00:00:00+00:00<p>Teamcenter is affected by XML External Entity Injection (XXE, CVE-2022-29801) and a stack based buffer overflow vulnerability (CVE-2022-24290). XXE impacts only Teamcenter versions before V13.1.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-780073.pdfSSA-780073 V2.2 (Last Update: 2022-06-14): Denial of Service Vulnerability in PROFINET Devices via DCE-RPC Packets2022-06-14T00:00:00+00:00<p>Products that include the Siemens PROFINET-IO (PNIO) stack in versions prior V06.00 are potentially affected by a denial of service vulnerability when multiple legitimate diagnostic package requests are sent to the DCE-RPC interface.</p>
<p>Siemens has released updates for several affected products and recommends to update to the new versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
<p>Additionally, Siemens recommends other vendors of PROFINET devices to check if their products have incorporated a vulnerable version of the Siemens PNIO stack as part of the Siemens Development/Evaluation Kits.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-772220.pdfSSA-772220 V2.0 (Last Update: 2022-06-14): OpenSSL Vulnerabilities in Industrial Products2022-06-14T00:00:00+00:00<p>OpenSSL has published a security advisory [0] about a vulnerability in OpenSSL versions 1.1.1 < 1.1.1k, that allows an unauthenticated attacker to cause a Denial-of-Service (DoS) if a maliciously crafted renegotiation message is sent .</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends countermeasures for products where updates are not, or not yet available.</p>
<p>[0] <a href="https://www.openssl.org/news/secadv/20210325.txt" class="uri">https://www.openssl.org/news/secadv/20210325.txt</a></p>
https://cert-portal.siemens.com/productcert/pdf/ssa-764417.pdfSSA-764417 V1.3 (Last Update: 2022-06-14): Weak Encryption Vulnerability in RUGGEDCOM ROS Devices2022-06-14T00:00:00+00:00<p>The SSH server on RUGGEDCOM ROS devices is configured to offer weak ciphers by default. This could allow an unauthorized attacker in a man-in-the-middle position to read and modify any data passed over the connection between legitimate clients and the affected device.</p>
<p>Siemens recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-732250.pdfSSA-732250 V1.1 (Last Update: 2022-06-14): Libcurl Vulnerabilities in Industrial Devices2022-06-14T00:00:00+00:00<p>Vulnerabilities in third-party component cURL could allow an attacker to interfere with the affected products in various ways.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-712929.pdfSSA-712929 V1.0: Denial of Service Vulnerability in OpenSSL (CVE-2022-0778) Affecting Industrial Products2022-06-14T00:00:00+00:00<p>A vulnerability in the openSSL component (CVE-2022-0778, [0]) could allow an attacker to create a denial of service condition by providing specially crafted elliptic curve certificates to products that use a vulnerable version of openSSL.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends countermeasures for products where updates are not, or not yet available.</p>
<p>[0] <a href="https://www.openssl.org/news/secadv/20220315.txt" class="uri">https://www.openssl.org/news/secadv/20220315.txt</a></p>
https://cert-portal.siemens.com/productcert/pdf/ssa-685781.pdfSSA-685781 V1.0: Multiple Vulnerabilities in Apache HTTP Server Affecting Siemens Products2022-06-14T00:00:00+00:00<p>Multiple vulnerabilities were identified in the Apache HTTP Server software. These include NULL Pointer Dereferencing, Out-of-bounds Write and Server-Side Request Forgery related vulnerabilities.</p>
<p>Siemens has released an update for the SINEMA Remote Connect Server and recommends to update to the latest version. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-679335.pdfSSA-679335 V1.1 (Last Update: 2022-06-14): Multiple Vulnerabilities in Embedded FTP Server of SIMATIC CP Modules2022-06-14T00:00:00+00:00<p>SIMATIC CP 1543-1 and CP 1545-1 devices are affected by multiple vulnerabilities in ProFTPD, a third party component, that could allow a remote attacker to access sensitive information and execute arbitrary code.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdfSSA-661247 V2.9 (Last Update: 2022-06-14): Apache Log4j Vulnerabilities (Log4Shell, CVE-2021-44228, CVE-2021-45046) - Impact to Siemens Products2022-06-14T00:00:00+00:00<p>On 2021-12-09, a vulnerability in Apache Log4j (a logging tool used in many Java-based applications) was disclosed, that could allow remote unauthenticated attackers to execute code on vulnerable systems. The vulnerability is tracked as CVE-2021-44228 and is also known as “Log4Shell”.</p>
<p>On 2021-12-14 an additional denial of service vulnerability (CVE-2021-45046) was published rendering the initial mitigations and fix in version 2.15.0 as incomplete under certain non-default configurations. Log4j versions 2.16.0 and 2.12.2 are supposed to fix both vulnerabilities.</p>
<p>On 2021-12-17, CVE-2021-45046 was reclassified with an increased CVSS base score (from 3.7 to 9.0). The potential impact of CVE-2021-45046 now includes - besides denial of service - also information disclosure and local (and potential remote) code execution.</p>
<p>Siemens is currently investigating to determine which products are affected and is continuously updating this advisory as more information becomes available. See section Additional Information for more details regarding the investigation status.</p>
<p>Note: two additional vulnerabilities were published for Apache Log4j, the impact of which are documented in SSA-501673: <a href="https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf" class="uri">https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf</a> (CVE-2021-45105) and SSA-784507: <a href="https://cert-portal.siemens.com/productcert/pdf/ssa-784507.pdf" class="uri">https://cert-portal.siemens.com/productcert/pdf/ssa-784507.pdf</a> (CVE-2021-44832).</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-629512.pdfSSA-629512 V1.5 (Last Update: 2022-06-14): Local Privilege Escalation Vulnerability in TIA Portal2022-06-14T00:00:00+00:00<p>The latest updates for TIA Portal fix a vulnerability that could allow a local attacker to execute arbitrary code with SYSTEM privileges.</p>
<p>Update: The previously provided fixes only correctly set the permissions on English Windows versions.</p>
<p>Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-593272.pdfSSA-593272 V1.7 (Last Update: 2022-06-14): SegmentSmack in Interniche IP-Stack based Industrial Devices2022-06-14T00:00:00+00:00<p>A vulnerability exists in affected products that could allow remote attackers to affect the availability of the devices under certain conditions.</p>
<p>The underlying TCP stack can be forced to make very computation expensive calls for every incoming packet which can lead to a Denial-of-Service.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-592007.pdfSSA-592007 V1.7 (Last Update: 2022-06-14): Denial-of-Service Vulnerability in Industrial Products2022-06-14T00:00:00+00:00<p>Several industrial controllers are affected by a security vulnerability that could allow an attacker to cause a Denial-of-Service condition via PROFINET DCP network packets under certain circumstances. Precondition for this scenario is a direct OSI Layer 2 access to the affected products. PROFIBUS interfaces are not affected.</p>
<p>Siemens has released updates for several affected products, is working on updates for the remaining affected products and recommends specific countermeasures until fixes are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-549234.pdfSSA-549234 V1.2 (Last Update: 2022-06-14): Denial-of-Service Vulnerability in SIMATIC NET CP Modules2022-06-14T00:00:00+00:00<p>A denial of service vulnerability was identified in different types of Communication Processors. An attacker could exploit this vulnerability causing the device to become un-operational until the device is restarted.</p>
<p>Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-539476.pdfSSA-539476 V1.2 (Last Update: 2022-06-14): Siemens SIMATIC NET CP, SINEMA and SCALANCE Products Affected by Vulnerabilities in Third-Party Component strongSwan2022-06-14T00:00:00+00:00<p>Vulnerabilities in the third-party component strongSwan could allow an attacker to cause a denial of service (DoS) condition in affected devices by exploiting integer overflow bugs.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-535997.pdfSSA-535997 V1.1 (Last Update: 2022-06-14): Cleartext Storage of Sensitive Information in Multiple SIMATIC Products2022-06-14T00:00:00+00:00<p>A cleartext vulnerability was found in the SIMATIC communication processors CP 1543-1 and CP 1545-1 that could allow an attacker to read sensitive information.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdfSSA-484086 V1.0: Multiple Vulnerabilities in SINEMA Remote Connect Server before V3.12022-06-14T00:00:00+00:00<p>SINEMA Remote Connect Server is affected by multiple vulnerabilities, including</p>
<ul>
<li>A cross-site scripting vulnerability in an error message pop up window (CVE-2022-29034)</li>
<li>Several authentication bypass, privilege escalation and integrity check vulnerabilities (CVE-2022-32251 through -32261)</li>
<li>A command injection vulnerability in the file upload service (CVE-2022-32262)</li>
<li>A chosen-plaintext attack against HTTP over TLS (“BREACH”, CVE-2022-27221)</li>
<li>Information disclosure vulnerabilities in the curl component (CVE-2021-22924 through -22925)</li>
<li>Several vulnerabilities in the libexpat library, that could be exploited when the server is parsing untrusted XML files (CVE-2021-45960, CVE-2021-46143, CVE-2022-22822 through -22827, CVE-2022-23852, CVE-2022-23990, CVE-2022-25235 through -25236, CVE-2022-25313 through -25315.</li>
</ul>
<p>Siemens has released an update for the SINEMA Remote Connect Server and recommends to update to the latest version. Note that the update also contains additional fixes for vulnerabilities documented in Siemens Security Advisories SSA-244969, SSA-539476, SSA-685781 and SSA-712929.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-480230.pdfSSA-480230 V2.3 (Last Update: 2022-06-14): Denial of service in Webserver of Industrial Products2022-06-14T00:00:00+00:00<p>A vulnerability in the affected devices could allow an unauthorized attacker with network access to the webserver of an affected device to perform a denial of service attack.</p>
<p>Siemens has released updates for several affected products and recommends to update to the new versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdfSSA-462066 V3.0 (Last Update: 2022-06-14): Vulnerability known as TCP SACK PANIC in Industrial Products2022-06-14T00:00:00+00:00<p>Multiple industrial products are affected by a vulnerability in the kernel known as TCP SACK PANIC. The vulnerability could allow a remote attacker to cause a denial of service condition.</p>
<p>Siemens has released updates for several affected products and recommends to update to the new versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-446448.pdfSSA-446448 V1.1 (Last Update: 2022-06-14): Denial of Service Vulnerability in PROFINET Stack Integrated on Interniche Stack2022-06-14T00:00:00+00:00<p>The PROFINET (PNIO) stack, when integrated with the Interniche IP stack, contains a vulnerability that could allow an attacker to cause a denial of service condition on affected industrial products.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-443566.pdfSSA-443566 V1.2 (Last Update: 2022-06-14): Authentication Bypass in SCALANCE X Switches Families2022-06-14T00:00:00+00:00<p>Several SCALANCE X switches are affected by an Authentication Bypass vulnerability. The vulnerability allows an unauthenticated attacker to violate access-control rules. The vulnerability can be exploited by sending a GET request to a specific uniform resource locator on the web configuration interface of the device.</p>
<p>The security vulnerability could be exploited by an attacker with network access to the affected systems. An attacker could use the vulnerability to obtain sensitive information or change the device configuration.</p>
<p>Siemens has released an update for the SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) and recommends to update to the latest version. Siemens recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssb-439005.pdfSSB-439005 V4.4 (Last Update: 2022-06-14): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP2022-06-14T00:00:00+00:00https://cert-portal.siemens.com/productcert/pdf/ssa-414513.pdfSSA-414513 V1.1 (Last Update: 2022-06-14): Information Disclosure Vulnerability in Mendix2022-06-14T00:00:00+00:00<p>An information disclosure vulnerability in Mendix applications was discovered. The vulnerability could allow to read sensitive data.</p>
<p>Siemens has released updates for several Mendix Applications and recommends to update to the latest versions. Siemens is preparing further updates and recommends countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-401167.pdfSSA-401167 V1.0: Cross-site scripting Vulnerability in Teamcenter Active Workspace2022-06-14T00:00:00+00:00<p>Teamcenter Active Workspace is affected by a cross site scripting vulnerability. Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-363107.pdfSSA-363107 V1.1 (Last Update: 2022-06-14): An Improper Initialization Vulnerability Affects SIMATIC WinCC Kiosk Mode2022-06-14T00:00:00+00:00<p>A vulnerability was found in SIMATIC WinCC that could allow authenticated attackers to escape the Kiosk Mode.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-330556.pdfSSA-330556 V1.0: PwnKit Vulnerability in SCALANCE LPE9403 and SINUMERIK Edge Products (CVE-2021-4034)2022-06-14T00:00:00+00:00<p>The products listed below contain a local privilege escalation vulnerability (CVE-2021-4034) found on polkit’s pkexec utility, that could allow an unprivileged user to gain administrative rights.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-324955.pdfSSA-324955 V1.8 (Last Update: 2022-06-14): SAD DNS Attack in Linux Based Products2022-06-14T00:00:00+00:00<p>A vulnerability made public under the name SAD DNS affects Domain Name System resolvers due to a vulnerability in the Linux kernel when handling ICMP packets. The Siemens products which are affected are listed below. For more information please see <a href="https://www.saddns.net/" class="uri">https://www.saddns.net/</a>.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-301589.pdfSSA-301589 V1.3 (Last Update: 2022-06-14): Multiple File Parsing Vulnerabilities in Solid Edge, JT2Go and Teamcenter Visualization2022-06-14T00:00:00+00:00<p>Siemens has released updates for JT2Go, Solid Edge and Teamcenter Visualization to fix multiple file parsing vulnerabilities. If a user is tricked to open a malicious file (crafted as PDF, DXF or PAR) with any of the affected products, this could lead the application to crash or potentially lead to arbitrary code execution.</p>
<p>Siemens has released updates for some of the affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-254054.pdfSSA-254054 V1.2 (Last Update: 2022-06-14): Spring Framework Vulnerability (Spring4Shell or SpringShell, CVE-2022-22965) - Impact to Siemens Products2022-06-14T00:00:00+00:00<p>A vulnerability in Spring Framework was disclosed, that could allow remote unauthenticated attackers to execute code on vulnerable systems. The vulnerability is tracked as CVE-2022-22965 and is also known as “Spring4Shell” or “SpringShell”.</p>
<p>Siemens is currently investigating to determine which products are affected and is continuously updating this advisory as more information becomes available.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-244969.pdfSSA-244969 V1.5 (Last Update: 2022-06-14): OpenSSL Vulnerability in Industrial Products2022-06-14T00:00:00+00:00<p>OpenSSL has published a security advisory [0] about a vulnerability in OpenSSL versions 1.1.1 < 1.1.1l and 1.0.2 < 1.0.2za that allows an attacker to cause a denial of service (DoS) or to disclose private memory content.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends countermeasures for products where updates are not, or not yet available.</p>
<p>[0] <a href="https://www.openssl.org/news/secadv/20210824.txt" class="uri">https://www.openssl.org/news/secadv/20210824.txt</a></p>
https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdfSSA-222547 V1.0: Third-Party Component Vulnerabilities in SCALANCE LPE9403 before V2.02022-06-14T00:00:00+00:00<p>Multiple vulnerabilities in the third-party components CivetWeb, Docker, Linux Kernel and systemd could allow an attacker to impact SCALANCE LPE9403 confidentiality, integrity and availability.</p>
<p>Siemens has released an update for the SCALANCE LPE9403 and recommends to update to the latest version.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-220589.pdfSSA-220589 V1.0: Hard Coded Default Credential Vulnerability in Teamcenter2022-06-14T00:00:00+00:00<p>Siemens has released updates for Teamcenter that fixes a security vulnerability related to unsecure storage of user credentials. This vulnerability affects Java EE Server Manager HTML Adaptor. This service is not installed by default and currently also obsoleted.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-145224.pdfSSA-145224 V1.0: Vulnerability in OSPF Packet Handling of SCALANCE XM-400 and XR-500 Devices2022-06-14T00:00:00+00:00<p>SCALANCE XM-400 and XR-500 devices contain a vulnerability in the OSPF protocol implementation that could allow an unauthenticated remote attacker to cause interruptions in the network.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-102233.pdfSSA-102233 V2.0 (Last Update: 2022-06-14): SegmentSmack in VxWorks-based Industrial Devices2022-06-14T00:00:00+00:00<p>The products listed below contain a vulnerability that could allow remote attackers to affect the availability of the devices under certain conditions. The underlying TCP stack can be forced to make very computation expensive calls for every incoming packet which can lead to a Denial-of-Service.</p>
<p>Siemens has released an update for the SCALANCE X-200IRT switch family and recommends to update to the latest version. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-162616.pdfSSA-162616 V1.0: File Parsing Vulnerabilities in Simcenter Femap before V2022.22022-05-10T00:00:00+00:00<p>Siemens Simcenter Femap versions before V2022.2 are affected by an out of bounds write vulnerability that could be triggered when the application reads files in .NEU format. If a user is tricked to open a malicious file with the affected application, an attacker could leverage the vulnerability to perform remote code execution in the context of the current process.</p>
<p>Siemens recommends to update to the latest version line of Simcenter Femap and to avoid opening of untrusted files from unknown sources.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-285795.pdfSSA-285795 V1.0: Denial of Service in OPC-UA in Industrial Products2022-05-10T00:00:00+00:00<p>Vulnerability in the underlying third party component OPC UA ANSIC Stack (also called Legacy C-Stack) affects several industrial products. The vulnerability could cause a crash of the component that includes the vulnerable part of the stack.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-321292.pdfSSA-321292 V1.0: Denial of Service in the OPC Foundation Local Discovery Server (LDS) in Industrial Products2022-05-10T00:00:00+00:00<p>A vulnerability has been identified in the OPC Foundation Local Discovery Server (LDS) [0] of several industrial products. The vulnerability could cause a denial of service condition on the service or the device.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
<p>[0] <a href="https://files.opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2021-40142.pdf" class="uri">https://files.opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2021-40142.pdf</a></p>
https://cert-portal.siemens.com/productcert/pdf/ssa-363107.pdfSSA-363107 V1.0: An Improper Initialization Vulnerability Affects SIMATIC WinCC Kiosk Mode2022-05-10T00:00:00+00:00<p>A vulnerability was found in SIMATIC WinCC that could allow authenticated attackers to escape the Kiosk Mode.</p>
<p>Siemens has released an update for the SIMATIC WinCC V7.5 and recommends to update to the latest version. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-480937.pdfSSA-480937 V1.0: Denial of Service Vulnerability in CP 44x-1 RNA before V1.5.182022-05-10T00:00:00+00:00<p>Siemens has released a new version for the communication processor modules CP 44x-1 RNA that fixes a vulnerability that could allow an attacker to cause a denial of service condition.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-553086.pdfSSA-553086 V1.0: Multiple File Parsing Vulnerabilities in JT2Go and Teamcenter Visualization2022-05-10T00:00:00+00:00<p>Siemens has released updates for JT2Go and Teamcenter Visualization to fix multiple file parsing vulnerabilities. If a user is tricked to open a malicious file (crafted as CGM, TIFF or TG4) with any of the affected products, this could lead the application to crash or potentially lead to arbitrary code execution.</p>
<p>Siemens has released updates for some of the affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-732250.pdfSSA-732250 V1.0: Libcurl Vulnerabilities in Industrial Devices2022-05-10T00:00:00+00:00<p>Vulnerabilities in third-party component cURL could allow an attacker to interfere with the affected products in various ways.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-736385.pdfSSA-736385 V1.0: Memory Corruption Vulnerability in OpenV2G2022-05-10T00:00:00+00:00<p>The open source software OpenV2G contains a buffer overflow vulnerability that could allow an attacker to trigger a memory corruption.</p>
<p>Siemens has released an update for the OpenV2G and recommends to update to the latest version.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-789162.pdfSSA-789162 V1.0: Vulnerabilities in Teamcenter2022-05-10T00:00:00+00:00<p>Teamcenter is affected by XML External Entity Injection (XXE, CVE-2022-29801) and a stack based buffer overflow vulnerability (CVE-2022-24290). XXE impacts only Teamcenter versions before V13.1.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-102233.pdfSSA-102233 V1.9 (Last Update: 2022-05-10): SegmentSmack in VxWorks-based Industrial Devices2022-05-10T00:00:00+00:00<p>The products listed below contain a vulnerability that could allow remote attackers to affect the availability of the devices under certain conditions. The underlying TCP stack can be forced to make very computation expensive calls for every incoming packet which can lead to a Denial-of-Service.</p>
<p>Siemens has released an update for the SCALANCE X-200IRT switch family and recommends to update to the latest version. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-162506.pdfSSA-162506 V1.3 (Last Update: 2022-05-10): DHCP Client Vulnerability in SIMOTICS CONNECT 400, Desigo PXC/PXM, APOGEE MEC/MBC/PXC, APOGEE PXC Series, and TALON TC Series2022-05-10T00:00:00+00:00<p>SIMOTICS CONNECT 400, Desigo (Power PC-based), APOGEE MEC/MBC/PXC and TALON TC products are affected by a DHCP Client vulnerability as initially reported in <a href="https://cert-portal.siemens.com/productcert/pdf/ssa-434032.pdf">SSA-434032</a> for the Mentor Nucleus Networking Module.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-244969.pdfSSA-244969 V1.4 (Last Update: 2022-05-10): OpenSSL Vulnerability in Industrial Products2022-05-10T00:00:00+00:00<p>OpenSSL has published a security advisory [0] about a vulnerability in OpenSSL versions 1.1.1 < 1.1.1l and 1.0.2 < 1.0.2za that allows an attacker to cause a denial of service (DoS) or to disclose private memory content.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends countermeasures for products where updates are not, or not yet available.</p>
<p>[0] <a href="https://www.openssl.org/news/secadv/20210824.txt" class="uri">https://www.openssl.org/news/secadv/20210824.txt</a></p>
https://cert-portal.siemens.com/productcert/pdf/ssb-439005.pdfSSB-439005 V4.3 (Last Update: 2022-05-10): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP2022-05-10T00:00:00+00:00https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdfSSA-462066 V2.9 (Last Update: 2022-05-10): Vulnerability known as TCP SACK PANIC in Industrial Products2022-05-10T00:00:00+00:00<p>Multiple industrial products are affected by a vulnerability in the kernel known as TCP SACK PANIC. The vulnerability could allow a remote attacker to cause a denial of service condition.</p>
<p>Siemens has released updates for several affected products and recommends to update to the new versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-560465.pdfSSA-560465 V1.2 (Last Update: 2022-05-10): DHCP Client Vulnerability in VxWorks-based Industrial Products2022-05-10T00:00:00+00:00<p>Various industry products are affected by a DHCP client vulnerability in Wind River VxWorks, that could allow an attacker to cause a heap-based buffer overflow.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-629512.pdfSSA-629512 V1.4 (Last Update: 2022-05-10): Local Privilege Escalation Vulnerability in TIA Portal2022-05-10T00:00:00+00:00<p>The latest updates for TIA Portal fix a vulnerability that could allow a local attacker to execute arbitrary code with SYSTEM privileges.</p>
<p>Update: The previously provided fixes only correctly set the permissions on English Windows versions.</p>
<p>Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdfSSA-661247 V2.8 (Last Update: 2022-05-10): Apache Log4j Vulnerabilities (Log4Shell, CVE-2021-44228, CVE-2021-45046) - Impact to Siemens Products2022-05-10T00:00:00+00:00<p>On 2021-12-09, a vulnerability in Apache Log4j (a logging tool used in many Java-based applications) was disclosed, that could allow remote unauthenticated attackers to execute code on vulnerable systems. The vulnerability is tracked as CVE-2021-44228 and is also known as “Log4Shell”.</p>
<p>On 2021-12-14 an additional denial of service vulnerability (CVE-2021-45046) was published rendering the initial mitigations and fix in version 2.15.0 as incomplete under certain non-default configurations. Log4j versions 2.16.0 and 2.12.2 are supposed to fix both vulnerabilities.</p>
<p>On 2021-12-17, CVE-2021-45046 was reclassified with an increased CVSS base score (from 3.7 to 9.0). The potential impact of CVE-2021-45046 now includes - besides denial of service - also information disclosure and local (and potential remote) code execution.</p>
<p>Siemens is currently investigating to determine which products are affected and is continuously updating this advisory as more information becomes available. See section Additional Information for more details regarding the investigation status.</p>
<p>Note: two additional vulnerabilities were published for Apache Log4j, the impact of which are documented in SSA-501673: <a href="https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf" class="uri">https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf</a> (CVE-2021-45105) and SSA-784507: <a href="https://cert-portal.siemens.com/productcert/pdf/ssa-784507.pdf" class="uri">https://cert-portal.siemens.com/productcert/pdf/ssa-784507.pdf</a> (CVE-2021-44832).</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-678983.pdfSSA-678983 V1.4 (Last Update: 2022-05-10): Vulnerabilities in Industrial PCs and CNC devices using Intel CPUs (November 2020)2022-05-10T00:00:00+00:00<p>Intel has published information on vulnerabilities in Intel products in <a href="https://blogs.intel.com/technology/2020/11/ipas-security-advisories-for-november-2020/">November 2020</a>. This advisory lists the Siemens IPC related products, that are affected by these vulnerabilities.</p>
<p>In this advisory we take a representative CVE from each advisory:</p>
<ul>
<li><p>“Intel CSME, SPS, TXE, AMT and DAL Advisory” Intel-SA-00391 is represented by CVE-2020-8745</p></li>
<li><p>“Intel RAPL Interface Advisory” Intel-SA-00389 is represented by CVE-2020-8694</p></li>
<li><p>“Intel Processor Advisory” Intel-SA-00381 is represented by CVE-2020-8698, and</p></li>
<li><p>“BIOS Advisory” Intel-SA-00358 is represented by CVE-2020-0590.</p></li>
</ul>
<p>Siemens has released updates for several affected products and is currently working on BIOS updates that include chipset microcode updates for further products.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-756638.pdfSSA-756638 V1.1 (Last Update: 2022-05-10): Vulnerabilities in Third-Party Component Mbed TLS of LOGO! CMR Family and SIMATIC RTU 3000 Family2022-05-10T00:00:00+00:00<p>Devices of the LOGO! CMR family and the SIMATIC RTU 3000 family are affected by several vulnerabilities in the third party component Mbed TLS. They could allow an attacker with access to any of the interfaces of an affected device to impact the availability or to communicate with invalid certificates.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-772220.pdfSSA-772220 V1.9 (Last Update: 2022-05-10): OpenSSL Vulnerabilities in Industrial Products2022-05-10T00:00:00+00:00<p>OpenSSL has published a security advisory [0] about a vulnerability in OpenSSL versions 1.1.1 < 1.1.1k, that allows an unauthenticated attacker to cause a Denial-of-Service (DoS) if a maliciously crafted renegotiation message is sent .</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends countermeasures for products where updates are not, or not yet available.</p>
<p>[0] <a href="https://www.openssl.org/news/secadv/20210325.txt" class="uri">https://www.openssl.org/news/secadv/20210325.txt</a></p>
https://cert-portal.siemens.com/productcert/pdf/ssa-787292.pdfSSA-787292 V1.2 (Last Update: 2022-05-10): Denial of Service Vulnerability in SIMATIC RFID Readers2022-05-10T00:00:00+00:00<p>The latest updates for SIMATIC RF products fix a vulnerability that could allow an unauthorized attacker to crash the OPC UA service of the affected devices.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-840188.pdfSSA-840188 V1.4 (Last Update: 2022-05-10): Multiple Vulnerabilities in SIMATIC WinCC Affecting Other SIMATIC Software Products2022-05-10T00:00:00+00:00<p>Multiple vulnerabilities were found in SIMATIC WinCC that ultimately could allow local or remote attackers to escalate privileges and read, write or delete critical files.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
<p>Note: The vulnerability CVE-2021-40359 is part of a shared component, used by various Siemens products (SIMATIC Communication Services - SCS). The installation of a fix version of any product also removes the vulnerability for other products on the same system, even if those products were not updated.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-914168.pdfSSA-914168 V1.2 (Last Update: 2022-05-10): Multiple Vulnerabilities in SIMATIC WinCC Affecting Other SIMATIC Software Products2022-05-10T00:00:00+00:00<p>Multiple vulnerabilities were found in SIMATIC WinCC that ultimately could allow attackers to retrieve and brute force password hashes and access other systems.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-254054.pdfSSA-254054 V1.1 (Last Update: 2022-04-27): Spring Framework Vulnerability (Spring4Shell or SpringShell, CVE-2022-22965) - Impact to Siemens Products2022-04-27T00:00:00+00:00<p>A vulnerability in Spring Framework was disclosed, that could allow remote unauthenticated attackers to execute code on vulnerable systems. The vulnerability is tracked as CVE-2022-22965 and is also known as “Spring4Shell” or “SpringShell”.</p>
<p>Siemens is currently investigating to determine which products are affected and is continuously updating this advisory as more information becomes available.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-254054.pdfSSA-254054 V1.0: Spring Framework Vulnerability (Spring4Shell or SpringShell, CVE-2022-22965) - Impact to Siemens Products2022-04-19T00:00:00+00:00<p>A vulnerability in Spring Framework was disclosed, that could allow remote unauthenticated attackers to execute code on vulnerable systems. The vulnerability is tracked as CVE-2022-22965 and is also known as “Spring4Shell” or “SpringShell”.</p>
<p>Siemens is currently investigating to determine which products are affected and is continuously updating this advisory as more information becomes available.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-350757.pdfSSA-350757 V1.0: Improper Access Control Vulnerability in TIA Portal Affecting S7-1200 and S7-1500 CPUs Web Server (Incl. Related ET200 CPUs and SIPLUS variants)2022-04-12T00:00:00+00:00<p>An attacker could achieve privilege escalation on the web server of certain devices configured by SIMATIC STEP 7 (TIA Portal) due to incorrect handling of the webserver’s user management configuration during downloading. This only affects the S7-1200 and S7-1500 CPUs’ (incl. related ET200 CPUs and SIPLUS variants) web server, when activated.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-392912.pdfSSA-392912 V1.0: Multiple Denial Of Service Vulnerabilities in SCALANCE W1700 Devices2022-04-12T00:00:00+00:00<p>Vulnerabilities have been identified in devices of the SCALANCE W-1700 (11ac) family that could allow an attacker to cause various denial of service conditions.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-414513.pdfSSA-414513 V1.0: Information Disclosure Vulnerability in Mendix2022-04-12T00:00:00+00:00<p>An information disclosure vulnerability in Mendix applications was discovered. The vulnerability could allow to read sensitive data.</p>
<p>Siemens has released an update for the Mendix Applications using Mendix 9 and recommends to update to the latest version. Siemens recommends countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-446448.pdfSSA-446448 V1.0: Denial of Service Vulnerability in PROFINET Stack Integrated on Interniche Stack2022-04-12T00:00:00+00:00<p>The PROFINET (PNIO) stack, when integrated with the Interniche IP stack, contains a vulnerability that could allow an attacker to cause a denial of service condition on affected industrial products.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-557541.pdfSSA-557541 V1.0: Denial-of-Service Vulnerability in SIMATIC S7-400 CPUs2022-04-12T00:00:00+00:00<p>SIMATIC S7-400 CPU devices contain an input validation vulnerability that could allow an attacker to create a Denial-of-Service condition. A restart is needed to restore normal operations.</p>
<p>Siemens has released an update for SIMATIC S7-410 V10 CPU family and SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants for both) and recommends to update to the latest version. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-655554.pdfSSA-655554 V1.0: Multiple Vulnerabilities in SIMATIC Energy Manager before V7.3 Update 12022-04-12T00:00:00+00:00<p>SIMATIC Energy Manager is affected by multiple vulnerabilities that could allow an attacker to gain local privilege escalation, local code execution or remote code execution.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-711829.pdfSSA-711829 V1.0: Denial of Service Vulnerability in TIA Administrator2022-04-12T00:00:00+00:00<p>In conjunction with the installation of the affected products listed in the table below, a vulnerability in TIA Administrator occurs that could allow an unauthenticated attacker to perform a denial of service attack.</p>
<p>Siemens has released a first update for one of the affected products and recommends to update to the latest version. Siemens is preparing further updates and recommends specific countermeasures.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-836527.pdfSSA-836527 V1.0: Multiple Vulnerabilities in SCALANCE X-300 Switch Family Devices2022-04-12T00:00:00+00:00<p>Several SCALANCE X-300 switches contain multiple vulnerabilities. An unauthenticated attacker could reboot, cause denial of service conditions and potentially impact the system by other means through heap and buffer overflow vulnerabilities.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-998762.pdfSSA-998762 V1.0: File Parsing Vulnerabilities in Simcenter Femap before V2022.1.22022-04-12T00:00:00+00:00<p>Siemens Simcenter Femap versions before V2022.1.2 are affected by vulnerabilities that could be triggered when the application reads files in .NEU format. If a user is tricked to open a malicious file with the affected application, an attacker could leverage the vulnerability to leak information or potentially perform remote code execution in the context of the current process.</p>
<p>Siemens recommends to update to the latest version line of Simcenter Femap and to avoid opening of untrusted files from unknown sources.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-102233.pdfSSA-102233 V1.8 (Last Update: 2022-04-12): SegmentSmack in VxWorks-based Industrial Devices2022-04-12T00:00:00+00:00<p>The products listed below contain a vulnerability that could allow remote attackers to affect the availability of the devices under certain conditions. The underlying TCP stack can be forced to make very computation expensive calls for every incoming packet which can lead to a Denial-of-Service.</p>
<p>Siemens has released an update for the SCALANCE X-200IRT switch family and recommends to update to the latest version. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-162506.pdfSSA-162506 V1.2 (Last Update: 2022-04-12): DHCP Client Vulnerability in SIMOTICS CONNECT 400, Desigo PXC/PXM, APOGEE MEC/MBC/PXC, APOGEE PXC Series, and TALON TC Series2022-04-12T00:00:00+00:00<p>SIMOTICS CONNECT 400, Desigo (Power PC-based), APOGEE MEC/MBC/PXC and TALON TC products are affected by a DHCP Client vulnerability as initially reported in <a href="https://cert-portal.siemens.com/productcert/pdf/ssa-434032.pdf">SSA-434032</a> for the Mentor Nucleus Networking Module.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-244969.pdfSSA-244969 V1.3 (Last Update: 2022-04-12): OpenSSL Vulnerability in Industrial Products2022-04-12T00:00:00+00:00<p>OpenSSL has published a security advisory [0] about a vulnerability in OpenSSL versions 1.1.1 < 1.1.1l and 1.0.2 < 1.0.2za that allows an attacker to cause a denial of service (DoS) or to disclose private memory content.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends countermeasures for products where updates are not, or not yet available.</p>
<p>[0] <a href="https://www.openssl.org/news/secadv/20210824.txt" class="uri">https://www.openssl.org/news/secadv/20210824.txt</a></p>
https://cert-portal.siemens.com/productcert/pdf/ssa-256353.pdfSSA-256353 V1.2 (Last Update: 2022-04-12): Third-Party Component Vulnerabilities in RUGGEDCOM ROS2022-04-12T00:00:00+00:00<p>Multiple vulnerabilities affect various third-party components of the RUGGEDCOM ROS, and a cross-site scripting exploit. If exploited, an attacker could cause a denial-of-service, act as a man-in-the-middle or retrieval of sensitive information or gain privileged functions.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-270778.pdfSSA-270778 V1.7 (Last Update: 2022-04-12): Denial-of-Service Vulnerability in SIMATIC PCS 7, SIMATIC WinCC and SIMATIC NET PC Software2022-04-12T00:00:00+00:00<p>A Denial-of-Service vulnerability was found in SIMATIC PCS 7, SIMATIC WinCC and SIMATIC NET PC software when encrypted communication is enabled. The vulnerability could allow an attacker with network access to cause a Denial-of-Service condition under certain circumstances (versions prior to SIMATIC WinCC V7.3 or SIMATIC PCS 7 V8.1 are not affected as encrypted communication is not an option).</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not, or not yet available.</p>
<p>Note: The vulnerability is part of a shared component, used by various Siemens products (SIMATIC Communication Services - SCS). The installation of a fix version of any product also removes the vulnerability for other products on the same system, even if those products were not updated.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-273799.pdfSSA-273799 V1.3 (Last Update: 2022-04-12): Message Integrity Protection Bypass Vulnerability in SIMATIC Products2022-04-12T00:00:00+00:00<p>A message integrity protection bypass vulnerability has been identified in several SIMATIC products. The vulnerability could allow an attacker in a Man-in-the-Middle position to modify network traffic exchanged on port 102/tcp to PLCs of the SIMATIC S7-1200, SIMATIC S7-1500 and SIMATIC SoftwareController CPU families.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-301589.pdfSSA-301589 V1.2 (Last Update: 2022-04-12): Multiple File Parsing Vulnerabilities in Solid Edge, JT2Go and Teamcenter Visualization2022-04-12T00:00:00+00:00<p>Siemens has released updates for JT2Go, Solid Edge and Teamcenter Visualization to fix multiple file parsing vulnerabilities. If a user is tricked to open a malicious file (crafted as PDF, DXF or PAR) with any of the affected products, this could lead the application to crash or potentially lead to arbitrary code execution.</p>
<p>Siemens has released updates for some of the affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-307392.pdfSSA-307392 V1.8 (Last Update: 2022-04-12): Denial of Service in OPC UA in Industrial Products2022-04-12T00:00:00+00:00<p>A vulnerability has been identified in the OPC UA server of several industrial products. The vulnerability could cause a denial of service condition on the service or the device.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-309571.pdfSSA-309571 V1.3 (Last Update: 2022-04-12): IPU 2021.1 Vulnerabilities in Siemens Industrial Products using Intel CPUs (June 2021)2022-04-12T00:00:00+00:00<p>Intel has published information on vulnerabilities in Intel products in <a href="https://blogs.intel.com/technology/2021/06/intel-security-advisories-for-june-2021/">June 2021</a>. This advisory lists the related Siemens Industrial products affected by these vulnerabilities that can be patched by applying the corresponding BIOS update.</p>
<p>In this advisory we summarize:</p>
<ul>
<li><p>“2021.1 IPU – Intel® CSME, SPS and LMS Advisory” Intel-SA-00459,</p></li>
<li><p>“2021.1 IPU – BIOS Advisory” Intel-SA-00463,</p></li>
<li><p>“2021.1 IPU – Intel® Processor Advisory” Intel-SA-00464, and</p></li>
<li><p>“2021.1 IPU - Intel Atom® Processor Advisory” Intel-SA-00465.</p></li>
</ul>
<p>Siemens has released updates for several affected products and is currently working on BIOS updates that include chipset microcode updates for further products.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-312271.pdfSSA-312271 V2.0 (Last Update: 2022-04-12): Unquoted Search Path Vulnerabilities in Windows-based Industrial Software Applications2022-04-12T00:00:00+00:00<p>Several industrial products as listed below contain a local privilege escalation vulnerabilities that could allow authorized local users with administrative privileges to execute custom code with SYSTEM level privileges.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-348629.pdfSSA-348629 V1.9 (Last Update: 2022-04-12): Denial-of-Service Vulnerability in SIMATIC PCS 7, SIMATIC WinCC, SIMATIC WinCC Runtime Professional and SIMATIC NET PC Software2022-04-12T00:00:00+00:00<p>A Denial-of-Service vulnerability has been identified in SIMATIC PCS 7, SIMATIC WinCC, SIMATIC WinCC Runtime Professional and SIMATIC NET PC-Software.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssb-439005.pdfSSB-439005 V4.2 (Last Update: 2022-04-12): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP2022-04-12T00:00:00+00:00https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdfSSA-462066 V2.8 (Last Update: 2022-04-12): Vulnerability known as TCP SACK PANIC in Industrial Products2022-04-12T00:00:00+00:00<p>Multiple industrial products are affected by a vulnerability in the kernel known as TCP SACK PANIC. The vulnerability could allow a remote attacker to cause a denial of service condition.</p>
<p>Siemens has released updates for several affected products and recommends to update to the new versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-535640.pdfSSA-535640 V1.5 (Last Update: 2022-04-12): Vulnerability in Industrial Products2022-04-12T00:00:00+00:00<p>Various industrial products use the Discovery Service of the OPC UA protocol stack by the OPC foundation <a href="https://github.com/OPCFoundation/UA-.NETStandard" class="uri">https://github.com/OPCFoundation/UA-.NETStandard</a> and could therefore be affected by the remote resource consumption attacks (CVE-2017-12069).</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-539476.pdfSSA-539476 V1.1 (Last Update: 2022-04-12): Siemens SIMATIC NET CP, SINEMA and SCALANCE Products Affected by Vulnerabilities in Third-Party Component strongSwan2022-04-12T00:00:00+00:00<p>Vulnerabilities in the third-party component strongSwan could allow an attacker to cause a denial of service (DoS) condition in affected devices by exploiting integer overflow bugs.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-560465.pdfSSA-560465 V1.1 (Last Update: 2022-04-12): DHCP Client Vulnerability in VxWorks-based Industrial Products2022-04-12T00:00:00+00:00<p>Various industry products are affected by a DHCP client vulnerability in Wind River VxWorks, that could allow an attacker to cause a heap-based buffer overflow.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-562051.pdfSSA-562051 V1.1 (Last Update: 2022-04-12): Cross-Site Scripting Vulnerability in Polarion ALM2022-04-12T00:00:00+00:00<p>The Subversion Webclient in Polarion ALM contains a cross-site scripting vulnerability, that could be triggered by an attacker by sending crafted links to an administrator user of Polarion ALM.</p>
<p>Siemens has released an update for the Subversion Webclient in Polarion ALM and recommends to update to the latest version.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-593272.pdfSSA-593272 V1.6 (Last Update: 2022-04-12): SegmentSmack in Interniche IP-Stack based Industrial Devices2022-04-12T00:00:00+00:00<p>A vulnerability exists in affected products that could allow remote attackers to affect the availability of the devices under certain conditions.</p>
<p>The underlying TCP stack can be forced to make very computation expensive calls for every incoming packet which can lead to a Denial-of-Service.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-599968.pdfSSA-599968 V1.5 (Last Update: 2022-04-12): Denial-of-Service Vulnerability in Profinet Devices2022-04-12T00:00:00+00:00<p>A vulnerability in affected devices could allow an attacker to perform a denial-of-service attack if a large amount of Profinet Discovery and Configuration Protocol (DCP) reset packets is sent to the affected devices.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdfSSA-661247 V2.7 (Last Update: 2022-04-12): Apache Log4j Vulnerabilities (Log4Shell, CVE-2021-44228, CVE-2021-45046) - Impact to Siemens Products2022-04-12T00:00:00+00:00<p>On 2021-12-09, a vulnerability in Apache Log4j (a logging tool used in many Java-based applications) was disclosed, that could allow remote unauthenticated attackers to execute code on vulnerable systems. The vulnerability is tracked as CVE-2021-44228 and is also known as “Log4Shell”.</p>
<p>On 2021-12-14 an additional denial of service vulnerability (CVE-2021-45046) was published rendering the initial mitigations and fix in version 2.15.0 as incomplete under certain non-default configurations. Log4j versions 2.16.0 and 2.12.2 are supposed to fix both vulnerabilities.</p>
<p>On 2021-12-17, CVE-2021-45046 was reclassified with an increased CVSS base score (from 3.7 to 9.0). The potential impact of CVE-2021-45046 now includes - besides denial of service - also information disclosure and local (and potential remote) code execution.</p>
<p>Siemens is currently investigating to determine which products are affected and is continuously updating this advisory as more information becomes available. See section Additional Information for more details regarding the investigation status.</p>
<p>Note: two additional vulnerabilities were published for Apache Log4j, the impact of which are documented in SSA-501673: <a href="https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf" class="uri">https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf</a> (CVE-2021-45105) and SSA-784507: <a href="https://cert-portal.siemens.com/productcert/pdf/ssa-784507.pdf" class="uri">https://cert-portal.siemens.com/productcert/pdf/ssa-784507.pdf</a> (CVE-2021-44832).</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-672373.pdfSSA-672373 V1.2 (Last Update: 2022-04-12): Vulnerabilities in CP 1543-1 before V2.0.282022-04-12T00:00:00+00:00<p>SIMATIC CP 1543-1 devices before V2.0.28 contain two vulnerabilities that could allow authorized users to escalate their privileges on the CP or create a denial of service condition.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-676336.pdfSSA-676336 V1.1 (Last Update: 2022-04-12): OpenSSH Vulnerabilities in SCALANCE X-200 and X-300/X408 Switches2022-04-12T00:00:00+00:00<p>The latest update of the SCALANCE X-200 and X-300/X408 switches families fixes multiple OpenSSH vulnerabilities. The most severe of these vulnerabilities could allow a denial of service condition.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-764417.pdfSSA-764417 V1.2 (Last Update: 2022-04-12): Multiple Vulnerabilities in RUGGEDCOM Devices2022-04-12T00:00:00+00:00<p>There is an insecure cryptographic vulnerability for the affected RUGGEDCOM devices. If an attacker were to exploit this, they could gain privileged functions.</p>
<p>Siemens recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-772220.pdfSSA-772220 V1.8 (Last Update: 2022-04-12): OpenSSL Vulnerabilities in Industrial Products2022-04-12T00:00:00+00:00<p>OpenSSL has published a security advisory [0] about a vulnerability in OpenSSL versions 1.1.1 < 1.1.1k, that allows an unauthenticated attacker to cause a Denial-of-Service (DoS) if a maliciously crafted renegotiation message is sent .</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends countermeasures for products where updates are not, or not yet available.</p>
<p>[0] <a href="https://www.openssl.org/news/secadv/20210325.txt" class="uri">https://www.openssl.org/news/secadv/20210325.txt</a></p>
https://cert-portal.siemens.com/productcert/pdf/ssa-780073.pdfSSA-780073 V2.1 (Last Update: 2022-04-12): Denial of Service Vulnerability in PROFINET Devices via DCE-RPC Packets2022-04-12T00:00:00+00:00<p>Products that include the Siemens PROFINET-IO (PNIO) stack in versions prior V06.00 are potentially affected by a denial of service vulnerability when multiple legitimate diagnostic package requests are sent to the DCE-RPC interface.</p>
<p>Siemens has released updates for several affected products and recommends to update to the new versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
<p>Additionally, Siemens recommends other vendors of PROFINET devices to check if their products have incorporated a vulnerable version of the Siemens PNIO stack as part of the Siemens Development/Evaluation Kits.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-787292.pdfSSA-787292 V1.1 (Last Update: 2022-04-12): Denial-of-Service Vulnerability in SIMATIC RFID Readers2022-04-12T00:00:00+00:00<p>The latest updates for SIMATIC RF products fix a vulnerability that could allow an unauthorized attacker to crash the OPC UA service of the affected devices.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-840188.pdfSSA-840188 V1.3 (Last Update: 2022-04-12): Multiple Vulnerabilities in SIMATIC WinCC Affecting Other SIMATIC Software Products2022-04-12T00:00:00+00:00<p>Multiple vulnerabilities were found in SIMATIC WinCC that ultimately could allow local or remote attackers to escalate privileges and read, write or delete critical files.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
<p>Note: The vulnerability CVE-2021-40359 is part of a shared component, used by various Siemens products (SIMATIC Communication Services - SCS). The installation of a fix version of any product also removes the vulnerability for other products on the same system, even if those products were not updated.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdfSSA-913875 V1.3 (Last Update: 2022-04-12): Frame Aggregation and Fragmentation Vulnerabilities in 802.112022-04-12T00:00:00+00:00<p>Twelve vulnerabilities in the implementation of frame aggregation and fragmentation of the 802.11 standard, under the name of <a href="https://www.fragattacks.com/">FragAttacks</a>, have been published.</p>
<p>Successful exploitation of these vulnerabilities could allow an attacker within Wi-Fi range to forge encrypted frames, which could result in sensitive data disclosure and possibly traffic manipulation.</p>
<p>The advised Siemens products are only affected by some of the published vulnerabilities.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-914168.pdfSSA-914168 V1.1 (Last Update: 2022-04-12): Multiple Vulnerabilities in SIMATIC WinCC Affecting Other SIMATIC Software Products2022-04-12T00:00:00+00:00<p>Multiple vulnerabilities were found in SIMATIC WinCC that ultimately could allow attackers to retrieve and brute force password hashes and access other systems.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-978220.pdfSSA-978220 V1.6 (Last Update: 2022-04-12): Denial of Service Vulnerability over SNMP in Multiple Industrial Products2022-04-12T00:00:00+00:00<p>Several industrial products are affected by a vulnerability that could allow remote attackers to conduct a denial of service attack by sending specially crafted packets to port 161/udp (SNMP).</p>
<p>Siemens has released updates for several affected products and recommends to update to the new versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-995338.pdfSSA-995338 V1.2 (Last Update: 2022-04-12): Multiple Vulnerabilities in COMOS Web2022-04-12T00:00:00+00:00<p>Multiple vulnerabilities were identified in the web components of COMOS that could allow an attacker to conduct code injections, store data in undesired locations, execute arbitrary SQL statements, and run cross-site request forgery attacks.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-593272.pdfSSA-593272 V1.5 (Last Update: 2022-03-28): SegmentSmack in Interniche IP-Stack based Industrial Devices2022-03-28T00:00:00+00:00<p>A vulnerability exists in affected products that could allow remote attackers to affect the availability of the devices under certain conditions.</p>
<p>The underlying TCP stack can be forced to make very computation expensive calls for every incoming packet which can lead to a Denial-of-Service.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-256353.pdfSSA-256353 V1.1 (Last Update: 2022-03-11): Third-Party Component Vulnerabilities in RUGGEDCOM ROS2022-03-11T00:00:00+00:00<p>Multiple vulnerabilities affect various third-party components of the RUGGEDCOM ROS, and a cross-site scripting exploit. If exploited, an attacker could cause a denial-of-service, act as a man-in-the-middle or retrieval of sensitive information or gain privileged functions.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-593272.pdfSSA-593272 V1.4 (Last Update: 2022-03-11): SegmentSmack in Interniche IP-Stack based Industrial Devices2022-03-11T00:00:00+00:00<p>A vulnerability exists in affected products that could allow remote attackers to affect the availability of the devices under certain conditions.</p>
<p>The underlying TCP stack can be forced to make very computation expensive calls for every incoming packet which can lead to a Denial-of-Service.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-764417.pdfSSA-764417 V1.1 (Last Update: 2022-03-11): Multiple Vulnerabilities in RUGGEDCOM Devices2022-03-11T00:00:00+00:00<p>There is an insecure cryptographic vulnerability for the affected RUGGEDCOM devices. If an attacker were to exploit this, they could gain privileged functions.</p>
<p>Siemens recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-134279.pdfSSA-134279 V1.0: Vulnerability in Mendix Forgot Password Appstore module2022-03-08T00:00:00+00:00<p>Mendix Forgot Password Appstore module contains two vulnerabilities that could allow unauthorized users to take over accounts.</p>
<p>Mendix has released an update for the Mendix Forgot Password Appstore module and recommends to update to the latest version.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-148641.pdfSSA-148641 V1.0: XPath Constraint Vulnerability in Mendix Runtime2022-03-08T00:00:00+00:00<p>A XPath Constraint vulnerability in the Mendix Studio Pro was discovered, that can affect the running applications. The vulnerability, if acted upon by a malicious user, could allow them the ability to dump and modify sensitive data.</p>
<p>Mendix has released updates for the affected product lines, recommends to update to the latest versions and to redeploy the applications.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdfSSA-155599 V1.0: File Parsing Vulnerabilities in COMOS2022-03-08T00:00:00+00:00<p>COMOS uses Drawings SDK from Open Design Alliance that is affected by multiple vulnerabilities that could be triggered when the application reads files in DGN, DXF or DWG file formats. If a user is tricked to open a malicious file with the affected application, an attacker could leverage the vulnerability to leak information or potentially perform remote code execution in the context of the current process.</p>
<p>Siemens has released an update for the COMOS and recommends to update to the latest version.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-166747.pdfSSA-166747 V1.0: Scene File Parsing Vulnerability in Simcenter STAR-CCM+ Viewer before V2022.12022-03-08T00:00:00+00:00<p>Siemens Simcenter STAR-CCM+ Viewer is affected by a memory corruption vulnerability that could be triggered when the application reads scene (.sce) files. If a user is tricked to open a malicious file with the affected application, this could lead to a crash, and potentially also to arbitrary code execution or data extraction on the target host system.</p>
<p>Siemens has released an update for Simcenter STAR-CCM+ Viewer and recommends to update to the latest version to fix the vulnerability. Siemens recommends to avoid opening of untrusted files from unknown sources.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-250085.pdfSSA-250085 V1.0: Multiple Vulnerabilities in SINEC NMS2022-03-08T00:00:00+00:00<p>SINEC NMS contains multiple vulnerabilities that could allow an attacker to execute arbitrary code on the system, arbitrary commands on the local database or achieve privilege escalation.</p>
<p>Siemens recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-256353.pdfSSA-256353 V1.0: Third-Party Component Vulnerabilities in RUGGEDCOM ROS2022-03-08T00:00:00+00:00<p>Multiple vulnerabilities affect various third-party components of the RUGGEDCOM ROS, and a cross-site scripting exploit. If exploited, an attacker could cause a denial-of-service, act as a man-in-the-middle or retrieval of sensitive information or gain privileged functions.</p>
<p>Siemens is preparing updates and recommends countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-337210.pdfSSA-337210 V1.0: Privilege Escalation Vulnerability in SINUMERIK MC2022-03-08T00:00:00+00:00<p>The NC plug-in card in SINUMERIK MC contains a privilege escalation vulnerability that could allow local attackers to escalate their privileges to root. This allows full access to the device, including read and modifying G code.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdfSSA-389290 V1.0: Third-Party Component Vulnerabilities in SINEC INS2022-03-08T00:00:00+00:00<p>71 vulnerabilities in third-party components as Node.js, cURL, SQLite, CivetWeb and DNS(ISC BIND) could allow an attacker to interfere with the affected product in various ways.</p>
<p>Siemens has released an update for SINEC INS and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-406691.pdfSSA-406691 V1.0: Buffer Vulnerabilities in DHCP function of RUGGEDCOM ROX products2022-03-08T00:00:00+00:00<p>A vulnerability in the RUGGEDCOM ROX devices’ third party component, ISC DHCP, could allow an attacker to cause a buffer overrun due to a bug when reading a stored DHCP lease containing certain option information, eventually leading to a denial-of-service condition, or cause a remote-code execution.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-415938.pdfSSA-415938 V1.0: Improper Access Control Vulnerability in Mendix2022-03-08T00:00:00+00:00<p>A vulnerability in Mendix Studio Pro was discovered, that, if acted upon by a malicious user, could allow to retrieve the status of a job run by another user in certain cases.</p>
<p>Mendix has released updates for the affected product lines, recommends to update to the latest versions and to redeploy the applications.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-562051.pdfSSA-562051 V1.0: Cross-Site Scripting Vulnerability in Polarion ALM2022-03-08T00:00:00+00:00<p>An attacker could trigger malicious actions via a cross-site scripting vulnerability by sending crafted links to an administrator user of Polarion ALM.</p>
<p>Siemens has released an update for the Polarion Subversion Webclient and recommends to update to the latest version.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-594438.pdfSSA-594438 V1.0: Remote Code Execution and Denial-of-Service Vulnerability in multiple RUGGEDCOM ROX products2022-03-08T00:00:00+00:00<p>A vulnerability in the RUGGEDCOM ROX devices’ third party component, NSS, could allow an attacker to remotely execute code or cause a denial-of-service condition due to the way it verifies security certificates.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-764417.pdfSSA-764417 V1.0: Multiple Vulnerabilities in RUGGEDCOM Devices2022-03-08T00:00:00+00:00<p>There is an insecure cryptographic vulnerability for the affected RUGGEDCOM devices. If an attacker were to exploit this, they could gain privileged functions.</p>
<p><strong>See auto-generated summary suggestion from build</strong></p>
https://cert-portal.siemens.com/productcert/pdf/ssa-244969.pdfSSA-244969 V1.2 (Last Update: 2022-03-08): OpenSSL Vulnerability in Industrial Products2022-03-08T00:00:00+00:00<p>OpenSSL has published a security advisory [0] about a vulnerability in OpenSSL versions 1.1.1 < 1.1.1l and 1.0.2 < 1.0.2za that allows an attacker to cause a denial of service (DoS) or to disclose private memory content.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends countermeasures for products where updates are not, or not yet available.</p>
<p>[0] <a href="https://www.openssl.org/news/secadv/20210824.txt" class="uri">https://www.openssl.org/news/secadv/20210824.txt</a></p>
https://cert-portal.siemens.com/productcert/pdf/ssa-301589.pdfSSA-301589 V1.1 (Last Update: 2022-03-08): Multiple File Parsing Vulnerabilities in Solid Edge, JT2Go and Teamcenter Visualization2022-03-08T00:00:00+00:00<p>Siemens has released updates for Solid Edge and Teamcenter Visualization to fix multiple file parsing vulnerabilities. If a user is tricked to open a malicious file (crafted as PDF, DXF or PAR) with any of the affected products, this could lead the application to crash or potentially lead to arbitrary code execution.</p>
<p>Siemens has released updates for some of the affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdfSSA-306654 V1.1 (Last Update: 2022-03-08): Insyde BIOS Vulnerabilities in Siemens Industrial Products2022-03-08T00:00:00+00:00<p>Insyde has published information on vulnerabilities in Insyde BIOS in <a href="https://www.insyde.com/security-pledge">February 2022</a>. This advisory lists the Siemens Industrial products affected by these vulnerabilities.</p>
<p>Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-309571.pdfSSA-309571 V1.2 (Last Update: 2022-03-08): IPU 2021.1 Vulnerabilities in Siemens Industrial Products using Intel CPUs (June 2021)2022-03-08T00:00:00+00:00<p>Intel has published information on vulnerabilities in Intel products in <a href="https://blogs.intel.com/technology/2021/06/intel-security-advisories-for-june-2021/">June 2021</a>. This advisory lists the related Siemens Industrial products affected by these vulnerabilities that can be patched by applying the corresponding BIOS update.</p>
<p>In this advisory we summarize:</p>
<ul>
<li><p>“2021.1 IPU – Intel® CSME, SPS and LMS Advisory” Intel-SA-00459,</p></li>
<li><p>“2021.1 IPU – BIOS Advisory” Intel-SA-00463,</p></li>
<li><p>“2021.1 IPU – Intel® Processor Advisory” Intel-SA-00464, and</p></li>
<li><p>“2021.1 IPU - Intel Atom® Processor Advisory” Intel-SA-00465.</p></li>
</ul>
<p>Siemens has released updates for several affected products and is currently working on BIOS updates that include chipset microcode updates for further products.</p>
https://cert-portal.siemens.com/productcert/pdf/ssb-439005.pdfSSB-439005 V4.1 (Last Update: 2022-03-08): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP2022-03-08T00:00:00+00:00https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdfSSA-462066 V2.7 (Last Update: 2022-03-08): Vulnerability known as TCP SACK PANIC in Industrial Products2022-03-08T00:00:00+00:00<p>Multiple industrial products are affected by a vulnerability in the kernel known as TCP SACK PANIC. The vulnerability could allow a remote attacker to cause a denial of service condition.</p>
<p>Siemens has released updates for several affected products and recommends to update to the new versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-501073.pdfSSA-501073 V1.1 (Last Update: 2022-03-08): Vulnerabilities in Controllers CPU 1518 MFP using Intel CPUs (November 2020)2022-03-08T00:00:00+00:00<p>Intel has published information on vulnerabilities in Intel products in <a href="https://blogs.intel.com/technology/2020/11/ipas-security-advisories-for-november-2020/">November 2020</a>. This advisory lists the Siemens Controllers that are affected by these vulnerabilities.</p>
<p>In this advisory we take a representative CVE from each advisory:</p>
<ul>
<li><p>“Intel CSME, SPS, TXE, AMT and DAL Advisory” Intel-SA-00391 is represented by CVE-2020-8744</p></li>
<li><p>“BIOS Advisory” Intel-SA-00358 is represented by CVE-2020-0591.</p></li>
</ul>
<p>Siemens is currently working on BIOS updates that include chipset microcode updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-534763.pdfSSA-534763 V1.6 (Last Update: 2022-03-08): Special Register Buffer Data Sampling (SRBDS) aka Crosstalk in Industrial Products2022-03-08T00:00:00+00:00<p>Security researchers published information on a vulnerability known as Crosstalk (<a href="https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00320.html">INTEL-SA-00320</a>). This vulnerability affects modern Intel processors to a varying degree.</p>
<p>Several Siemens Industrial Products contain processors that are affected by the vulnerability.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-541018.pdfSSA-541018 V1.5 (Last Update: 2022-03-08): Embedded TCP/IP Stack Vulnerabilities (AMNESIA:33) in SENTRON PAC / 3VA Devices (Part 2)2022-03-08T00:00:00+00:00<p>Security researchers discovered and disclosed 33 vulnerabilities in several open-source TCP/IP stacks for embedded devices, also known as “AMNESIA:33” vulnerabilities.</p>
<p>This advisory describes the impact of two of these vulnerabilities (CVE-2020-13987, CVE-2020-17437) to Siemens products.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not available.</p>
<p>The impact of another “AMNESIA:33” vulnerability (CVE-2020-13988) is described in <a href="https://cert-portal.siemens.com/productcert/pdf/ssa-541017.pdf">Siemens Security Advisory SSA-541017</a>.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdfSSA-661247 V2.6 (Last Update: 2022-03-08): Apache Log4j Vulnerabilities (Log4Shell, CVE-2021-44228, CVE-2021-45046) - Impact to Siemens Products2022-03-08T00:00:00+00:00<p>On 2021-12-09, a vulnerability in Apache Log4j (a logging tool used in many Java-based applications) was disclosed, that could allow remote unauthenticated attackers to execute code on vulnerable systems. The vulnerability is tracked as CVE-2021-44228 and is also known as “Log4Shell”.</p>
<p>On 2021-12-14 an additional denial of service vulnerability (CVE-2021-45046) was published rendering the initial mitigations and fix in version 2.15.0 as incomplete under certain non-default configurations. Log4j versions 2.16.0 and 2.12.2 are supposed to fix both vulnerabilities.</p>
<p>On 2021-12-17, CVE-2021-45046 was reclassified with an increased CVSS base score (from 3.7 to 9.0). The potential impact of CVE-2021-45046 now includes - besides denial of service - also information disclosure and local (and potential remote) code execution.</p>
<p>Siemens is currently investigating to determine which products are affected and is continuously updating this advisory as more information becomes available. See section Additional Information for more details regarding the investigation status.</p>
<p>Note: two additional vulnerabilities were published for Apache Log4j, the impact of which are documented in SSA-501673: <a href="https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf" class="uri">https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf</a> (CVE-2021-45105) and SSA-784507: <a href="https://cert-portal.siemens.com/productcert/pdf/ssa-784507.pdf" class="uri">https://cert-portal.siemens.com/productcert/pdf/ssa-784507.pdf</a> (CVE-2021-44832).</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-669158.pdfSSA-669158 V1.1 (Last Update: 2022-03-08): DNS Client Vulnerabilities in SIMOTICS CONNECT 4002022-03-08T00:00:00+00:00<p>SIMOTICS CONNECT 400 is affected by DNS Client vulnerabilities as initially reported in Siemens Security Advisory SSA-705111 (<a href="https://cert-portal.siemens.com/productcert/pdf/ssa-705111.pdf" class="uri">https://cert-portal.siemens.com/productcert/pdf/ssa-705111.pdf</a>) for the DNS Module in Nucleus RTOS.</p>
<p>Siemens has released updates for the SIMOTICS CONNECT 400 and recommends to update to the latest version.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-678983.pdfSSA-678983 V1.3 (Last Update: 2022-03-08): Vulnerabilities in Industrial PCs and CNC devices using Intel CPUs (November 2020)2022-03-08T00:00:00+00:00<p>Intel has published information on vulnerabilities in Intel products in <a href="https://blogs.intel.com/technology/2020/11/ipas-security-advisories-for-november-2020/">November 2020</a>. This advisory lists the Siemens IPC related products, that are affected by these vulnerabilities.</p>
<p>In this advisory we take a representative CVE from each advisory:</p>
<ul>
<li><p>“Intel CSME, SPS, TXE, AMT and DAL Advisory” Intel-SA-00391 is represented by CVE-2020-8745</p></li>
<li><p>“Intel RAPL Interface Advisory” Intel-SA-00389 is represented by CVE-2020-8694</p></li>
<li><p>“Intel Processor Advisory” Intel-SA-00381 is represented by CVE-2020-8698, and</p></li>
<li><p>“BIOS Advisory” Intel-SA-00358 is represented by CVE-2020-0590.</p></li>
</ul>
<p>Siemens has released updates for several affected products and is currently working on BIOS updates that include chipset microcode updates for further products.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-838121.pdfSSA-838121 V1.1 (Last Update: 2022-03-08): Multiple Denial of Service Vulnerabilities in Industrial Products2022-03-08T00:00:00+00:00<p>Affected SIMATIC firmware contains three vulnerabilities that could allow an unauthenticated attacker to perform a denial-of-service attack under certain conditions.</p>
<p>Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-840188.pdfSSA-840188 V1.2 (Last Update: 2022-03-08): Multiple Vulnerabilities in SIMATIC WinCC Affecting Other SIMATIC Software Products2022-03-08T00:00:00+00:00<p>Multiple vulnerabilities were found in SIMATIC WinCC that ultimately could allow local or remote attackers to escalate privileges and read, write or delete critical files.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdfSSA-306654 V1.0: Insyde BIOS Vulnerabilities in Siemens Industrial Products2022-02-22T00:00:00+00:00<p>Insyde has published information on vulnerabilities in Insyde BIOS in <a href="https://www.insyde.com/security-pledge">February 2022</a>. This advisory lists the Siemens Industrial products affected by these vulnerabilities.</p>
<p>Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-244969.pdfSSA-244969 V1.1 (Last Update: 2022-02-17): OpenSSL Vulnerability in Industrial Products2022-02-17T00:00:00+00:00<p>OpenSSL has published a security advisory [0] about a vulnerability in OpenSSL versions 1.1.1 < 1.1.1l and 1.0.2 < 1.0.2za that allows an attacker to cause a denial of service (DoS) or to disclose private memory content.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends countermeasures for products where updates are not, or not yet available.</p>
<p>[0] <a href="https://www.openssl.org/news/secadv/20210824.txt" class="uri">https://www.openssl.org/news/secadv/20210824.txt</a></p>
https://cert-portal.siemens.com/productcert/pdf/ssa-455843.pdfSSA-455843 V1.7 (Last Update: 2022-02-17): WIBU Systems CodeMeter Runtime Vulnerabilities in Siemens Products2022-02-17T00:00:00+00:00<p>CISA and WIBU Systems disclosed six vulnerabilities in different versions of CodeMeter Runtime, a product provided by WIBU Systems and used in several Siemens products for license management.</p>
<p>The vulnerabilities are described in the section “Vulnerability Classification” below and got assigned the CVE IDs CVE-2020-14509, CVE-2020-14513, CVE-2020-14515, CVE-2020-14517, CVE-2020-14519, and CVE-2020-16233. Successful exploitation of these vulnerabilities could allow an attacker to alter and forge a license file, cause a denial-of-service condition, attain remote code execution, or prevent normal operation of the Siemens software that depends on CodeMeter Runtime.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-772220.pdfSSA-772220 V1.7 (Last Update: 2022-02-17): OpenSSL Vulnerabilities in Industrial Products2022-02-17T00:00:00+00:00<p>OpenSSL has published a security advisory [0] about a vulnerability in OpenSSL versions 1.1.1 < 1.1.1k, that allows an unauthenticated attacker to cause a Denial-of-Service (DoS) if a maliciously crafted renegotiation message is sent.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends countermeasures for products where updates are not, or not yet available.</p>
<p>[0] <a href="https://www.openssl.org/news/secadv/20210325.txt" class="uri">https://www.openssl.org/news/secadv/20210325.txt</a></p>
https://cert-portal.siemens.com/productcert/pdf/ssa-949188.pdfSSA-949188 V1.0: File Parsing Vulnerabilities in Simcenter Femap before V2022.1.12022-02-17T00:00:00+00:00<p>Siemens Simcenter Femap versions before V2022.1.1 are affected by vulnerabilities that could be triggered when the application reads files in .NEU or .BDF format. If a user is tricked to open a malicious file with the affected application, an attacker could leverage the vulnerability to leak information or potentially perform remote code execution in the context of the current process.</p>
<p>Siemens recommends to update to the latest version line of Simcenter Femap and to avoid opening of untrusted files from unknown sources.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-244969.pdfSSA-244969 V1.0: OpenSSL Vulnerability in Industrial Products2022-02-08T00:00:00+00:00<p>OpenSSL has published a security advisory [0] about a vulnerability in OpenSSL versions 1.1.1 < 1.1.1l and 1.0.2 < 1.0.2za that allows an attacker to cause a denial of service (DoS) or to disclose private memory content.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends countermeasures for products where updates are not, or not yet available.</p>
<p>[0] <a href="https://www.openssl.org/news/secadv/20210824.txt" class="uri">https://www.openssl.org/news/secadv/20210824.txt</a></p>
https://cert-portal.siemens.com/productcert/pdf/ssa-301589.pdfSSA-301589 V1.0: Multiple File Parsing Vulnerabilities in Solid Edge, JT2Go and Teamcenter Visualization2022-02-08T00:00:00+00:00<p>Siemens has released updates for Solid Edge and Teamcenter Visualization to fix multiple file parsing vulnerabilities. If a user is tricked to open a malicious file (crafted as PDF, DXF or PAR) with any of the affected products, this could lead the application to crash or potentially lead to arbitrary code execution.</p>
<p>Siemens has released updates for some of the affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-539476.pdfSSA-539476 V1.0: Siemens SIMATIC NET CP, SINEMA and SCALANCE Products Affected by Vulnerabilities in Third-Party Component strongSwan2022-02-08T00:00:00+00:00<p>Vulnerabilities in the third-party component strongSwan could allow an attacker to cause a denial of service (DoS) condition in affected devices by exploiting integer overflow bugs.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-609880.pdfSSA-609880 V1.0: File Parsing Vulnerabilities in Simcenter Femap before V2022.12022-02-08T00:00:00+00:00<p>Siemens Simcenter Femap is affected by multiple vulnerabilities that could be triggered when the application reads files in .NEU format. If a user is tricked to open a malicious file with the affected application, an attacker could leverage the vulnerability to leak information or potentially perform remote code execution in the context of the current process.</p>
<p>Siemens recommends to update to the latest version line of Simcenter Femap and to avoid opening of untrusted files from unknown sources.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-654775.pdfSSA-654775 V1.0: Open Redirect Vulnerability in SINEMA Remote Connect Server2022-02-08T00:00:00+00:00<p>An open redirect vulnerability in SINEMA Remote Connect Server could allow an attacker to steal logon credentials with a specially crafted malicious link.</p>
<p>Siemens has released software update for the SINEMA Remote Connect Server and recommends to update to the latest version.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-669737.pdfSSA-669737 V1.0: Improper Access Control Vulnerability in SICAM TOOLBOX II2022-02-08T00:00:00+00:00<p>SICAM TOOLBOX II contains a vulnerability that could allow an attacker access through a circumventable access control.</p>
<p>Siemens is preparing updates and recommends countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-838121.pdfSSA-838121 V1.0: Multiple Denial of Service Vulnerabilities in Industrial Products2022-02-08T00:00:00+00:00<p>Affected SIMATIC firmware contains three vulnerabilities that could allow an unauthenticated attacker to perform a denial-of-service attack under certain conditions.</p>
<p>Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-914168.pdfSSA-914168 V1.0: Multiple Vulnerabilities in SIMATIC WinCC Affecting Other SIMATIC Software Products2022-02-08T00:00:00+00:00<p>Multiple vulnerabilities were found in SIMATIC WinCC that ultimately could allow attackers to retrieve and brute force password hashes and access other systems.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-100232.pdfSSA-100232 V1.4 (Last Update: 2022-02-08): Denial-of-Service vulnerability in SCALANCE X Switches2022-02-08T00:00:00+00:00<p>A vulnerability in several SCALANCE X devices could allow an unauthenticated attacker with network access to an affected device to perform a denial-of-service.</p>
<p>Siemens has released an update for SCALANCE X-200IRT and recommends to update to the latest version. Siemens recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-102233.pdfSSA-102233 V1.7 (Last Update: 2022-02-08): SegmentSmack in VxWorks-based Industrial Devices2022-02-08T00:00:00+00:00<p>The products listed below contain a vulnerability that could allow remote attackers to affect the availability of the devices under certain conditions. The underlying TCP stack can be forced to make very computation expensive calls for every incoming packet which can lead to a Denial-of-Service.</p>
<p>Siemens has released an update for the SCALANCE X-200IRT switch family and recommends to update to the latest version. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdfSSA-211752 V1.1 (Last Update: 2022-02-08): Multiple NTP-Client Related Vulnerabilities in SIMATIC CP 443-1 OPC UA2022-02-08T00:00:00+00:00<p>All versions of the SIMATIC CP 443-1 OPC UA contain multiple vulnerabilities in the underlying third party component NTP.</p>
<p>Siemens recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-293562.pdfSSA-293562 V3.4 (Last Update: 2022-02-08): Denial of Service Vulnerabilities in PROFINET DCP Implementation of Industrial Products2022-02-08T00:00:00+00:00<p>Several industrial devices are affected by two vulnerabilities that could allow an attacker to cause a denial of service condition via PROFINET DCP network packets under certain circumstances. The precondition for this scenario is a direct layer 2 access to the affected products. PROFIBUS interfaces are not affected.</p>
<p>Siemens has released updates for several affected products and recommends to update to the new versions. Siemens recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-307392.pdfSSA-307392 V1.7 (Last Update: 2022-02-08): Denial of Service in OPC UA in Industrial Products2022-02-08T00:00:00+00:00<p>A vulnerability has been identified in the OPC UA server of several industrial products. The vulnerability could cause a denial of service condition on the service or the device.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-309571.pdfSSA-309571 V1.1 (Last Update: 2022-02-08): IPU 2021.1 Vulnerabilities in Siemens Industrial Products using Intel CPUs (June 2021)2022-02-08T00:00:00+00:00<p>Intel has published information on vulnerabilities in Intel products in <a href="https://blogs.intel.com/technology/2021/06/intel-security-advisories-for-june-2021/">June 2021</a>. This advisory lists the related Siemens Industrial products affected by these vulnerabilities that can be patched by applying the corresponding BIOS update.</p>
<p>In this advisory we summarize:</p>
<ul>
<li><p>“2021.1 IPU – Intel® CSME, SPS and LMS Advisory” Intel-SA-00459,</p></li>
<li><p>“2021.1 IPU – BIOS Advisory” Intel-SA-00463,</p></li>
<li><p>“2021.1 IPU – Intel® Processor Advisory” Intel-SA-00464, and</p></li>
<li><p>“2021.1 IPU - Intel Atom® Processor Advisory” Intel-SA-00465.</p></li>
</ul>
<p>Siemens has released updates for several affected products and is currently working on BIOS updates that include chipset microcode updates for further products.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-316383.pdfSSA-316383 V1.1 (Last Update: 2022-02-08): NumberJack Vulnerability in LOGO! CMR and SIMATIC RTU 3000 devices2022-02-08T00:00:00+00:00<p>A vulnerability has been identified in the underlying TCP/IP stack of LOGO! CMR and SIMATIC RTU 3000 devices. It could allow an attacker with network access to the LAN interface of an affected device to hijack an ongoing connection or spoof a new one. The WAN interface, however, is not affected.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-346262.pdfSSA-346262 V3.2 (Last Update: 2022-02-08): Denial-of-Service in Industrial Products2022-02-08T00:00:00+00:00<p>Several industrial products are affected by a vulnerability that could allow remote attackers to conduct a Denial-of-Service (DoS) attack by sending specially crafted packets to port 161/udp (SNMP).</p>
<p>Siemens has released updates for several affected products, and recommends that customers update to the new version. Siemens is preparing further updates and recommends specific countermeasures until patches are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-349422.pdfSSA-349422 V1.7 (Last Update: 2022-02-08): Denial-of-Service in Industrial Real-Time (IRT) Devices2022-02-08T00:00:00+00:00<p>A vulnerability in the affected products could allow an unauthorized attacker with network access to perform a denial-of-service attack resulting in loss of real-time synchronization.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssb-439005.pdfSSB-439005 V4.0 (Last Update: 2022-02-08): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP2022-02-08T00:00:00+00:00https://cert-portal.siemens.com/productcert/pdf/ssa-443566.pdfSSA-443566 V1.1 (Last Update: 2022-02-08): Authentication Bypass in SCALANCE X Switches Families2022-02-08T00:00:00+00:00<p>Several SCALANCE X switches are affected by an Authentication Bypass vulnerability. The vulnerability allows an unauthenticated attacker to violate access-control rules. The vulnerability can be exploited by sending a GET request to a specific uniform resource locator on the web configuration interface of the device.</p>
<p>The security vulnerability could be exploited by an attacker with network access to the affected systems. An attacker could use the vulnerability to obtain sensitive information or change the device configuration.</p>
<p>Siemens has released an update for the SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) and recommends to update to the latest version. Siemens recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdfSSA-462066 V2.6 (Last Update: 2022-02-08): Vulnerability known as TCP SACK PANIC in Industrial Products2022-02-08T00:00:00+00:00<p>Multiple industrial products are affected by a vulnerability in the kernel known as TCP SACK PANIC. The vulnerability could allow a remote attacker to cause a denial of service condition.</p>
<p>Siemens has released updates for several affected products and recommends to update to the new versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-473245.pdfSSA-473245 V2.2 (Last Update: 2022-02-08): Denial-of-Service Vulnerability in Profinet Devices2022-02-08T00:00:00+00:00<p>A vulnerability in affected devices could allow an attacker to perform a denial-of-service attack if a large amount of specially crafted UDP packets are sent to the device.</p>
<p>Siemens has released updates for several affected products, and recommends that customers update to the new version. Siemens is preparing further updates and recommends specific countermeasures until patches are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-480230.pdfSSA-480230 V2.2 (Last Update: 2022-02-08): Denial of service in Webserver of Industrial Products2022-02-08T00:00:00+00:00<p>A vulnerability in the affected devices could allow an unauthorized attacker with network access to the webserver of an affected device to perform a denial of service attack.</p>
<p>Siemens has released updates for several affected products and recommends to update to the new versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-541018.pdfSSA-541018 V1.4 (Last Update: 2022-02-08): Embedded TCP/IP Stack Vulnerabilities (AMNESIA:33) in SENTRON PAC / 3VA Devices (Part 2)2022-02-08T00:00:00+00:00<p>Security researchers discovered and disclosed 33 vulnerabilities in several open-source TCP/IP stacks for embedded devices, also known as “AMNESIA:33” vulnerabilities.</p>
<p>This advisory describes the impact of two of these vulnerabilities (CVE-2020-13987, CVE-2020-17437) to Siemens products.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not available.</p>
<p>The impact of another “AMNESIA:33” vulnerability (CVE-2020-13988) is described in <a href="https://cert-portal.siemens.com/productcert/pdf/ssa-541017.pdf">Siemens Security Advisory SSA-541017</a>.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-593272.pdfSSA-593272 V1.3 (Last Update: 2022-02-08): SegmentSmack in Interniche IP-Stack based Industrial Devices2022-02-08T00:00:00+00:00<p>A vulnerability exists in affected products that could allow remote attackers to affect the availability of the devices under certain conditions.</p>
<p>The underlying TCP stack can be forced to make very computation expensive calls for every incoming packet which can lead to a Denial-of-Service.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-599968.pdfSSA-599968 V1.4 (Last Update: 2022-02-08): Denial-of-Service Vulnerability in Profinet Devices2022-02-08T00:00:00+00:00<p>A vulnerability in affected devices could allow an attacker to perform a denial-of-service attack if a large amount of Profinet Discovery and Configuration Protocol (DCP) reset packets is sent to the affected devices.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdfSSA-661247 V2.5 (Last Update: 2022-02-08): Apache Log4j Vulnerabilities (Log4Shell, CVE-2021-44228, CVE-2021-45046) - Impact to Siemens Products2022-02-08T00:00:00+00:00<p>On 2021-12-09, a vulnerability in Apache Log4j (a logging tool used in many Java-based applications) was disclosed, that could allow remote unauthenticated attackers to execute code on vulnerable systems. The vulnerability is tracked as CVE-2021-44228 and is also known as “Log4Shell”.</p>
<p>On 2021-12-14 an additional denial of service vulnerability (CVE-2021-45046) was published rendering the initial mitigations and fix in version 2.15.0 as incomplete under certain non-default configurations. Log4j versions 2.16.0 and 2.12.2 are supposed to fix both vulnerabilities.</p>
<p>On 2021-12-17, CVE-2021-45046 was reclassified with an increased CVSS base score (from 3.7 to 9.0). The potential impact of CVE-2021-45046 now includes - besides denial of service - also information disclosure and local (and potential remote) code execution.</p>
<p>Siemens is currently investigating to determine which products are affected and is continuously updating this advisory as more information becomes available. See section Additional Information for more details regarding the investigation status.</p>
<p>Note: two additional vulnerabilities were published for Apache Log4j, the impact of which are documented in SSA-501673: <a href="https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf" class="uri">https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf</a> (CVE-2021-45105) and SSA-784507: <a href="https://cert-portal.siemens.com/productcert/pdf/ssa-784507.pdf" class="uri">https://cert-portal.siemens.com/productcert/pdf/ssa-784507.pdf</a> (CVE-2021-44832).</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-675303.pdfSSA-675303 V1.3 (Last Update: 2022-02-08): WIBU Systems CodeMeter Runtime Vulnerabilities in Siemens Products2022-02-08T00:00:00+00:00<p>WIBU Systems published information about two vulnerabilities and an associated fix release version of CodeMeter Runtime, a product provided by WIBU Systems and used in several Siemens products for license management.</p>
<p>The vulnerabilities are described in the section “Vulnerability Classification” below and got assigned the CVE IDs CVE-2021-20093 and CVE-2021-20094. Successful exploitation of these vulnerabilities could allow an attacker to read data from the heap of the CodeMeter Runtime network server, or crash the CodeMeter Runtime Server (i.e., CodeMeter.exe).</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-772220.pdfSSA-772220 V1.6 (Last Update: 2022-02-08): OpenSSL Vulnerabilities in Industrial Products2022-02-08T00:00:00+00:00<p>OpenSSL has published a security advisory [0] about a vulnerability in OpenSSL versions 1.1.1 < 1.1.1k, that allows an unauthenticated attacker to cause a Denial-of-Service (DoS) if a maliciously crafted renegotiation message is sent.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends countermeasures for products where updates are not, or not yet available.</p>
<p>[0] <a href="https://www.openssl.org/news/secadv/20210325.txt" class="uri">https://www.openssl.org/news/secadv/20210325.txt</a></p>
https://cert-portal.siemens.com/productcert/pdf/ssa-780073.pdfSSA-780073 V2.0 (Last Update: 2022-02-08): Denial of Service Vulnerability in PROFINET Devices via DCE-RPC Packets2022-02-08T00:00:00+00:00<p>Products that include the Siemens PROFINET-IO (PNIO) stack in versions prior V06.00 are potentially affected by a denial of service vulnerability when multiple legitimate diagnostic package requests are sent to the DCE-RPC interface.</p>
<p>Siemens has released updates for several affected products and recommends to update to the new versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
<p>Additionally, Siemens recommends other vendors of PROFINET devices to check if their products have incorporated a vulnerable version of the Siemens PNIO stack as part of the Siemens Development/Evaluation Kits.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-840188.pdfSSA-840188 V1.1 (Last Update: 2022-02-08): Multiple Vulnerabilities in SIMATIC WinCC Affecting Other SIMATIC Software Products2022-02-08T00:00:00+00:00<p>Multiple vulnerabilities were found in SIMATIC WinCC that ultimately could allow local or remote attackers to escalate privileges and read, write or delete critical files.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdfSSA-913875 V1.2 (Last Update: 2022-02-08): Frame Aggregation and Fragmentation Vulnerabilities in 802.112022-02-08T00:00:00+00:00<p>Twelve vulnerabilities in the implementation of frame aggregation and fragmentation of the 802.11 standard, under the name of <a href="https://www.fragattacks.com/">FragAttacks</a>, have been published.</p>
<p>Successful exploitation of these vulnerabilities could allow an attacker within Wi-Fi range to forge encrypted frames, which could result in sensitive data disclosure and possibly traffic manipulation.</p>
<p>The advised Siemens products are only affected by some of the published vulnerabilities.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-978220.pdfSSA-978220 V1.5 (Last Update: 2022-02-08): Denial of Service Vulnerability over SNMP in Multiple Industrial Products2022-02-08T00:00:00+00:00<p>Several industrial products are affected by a vulnerability that could allow remote attackers to conduct a denial of service attack by sending specially crafted packets to port 161/udp (SNMP).</p>
<p>Siemens has released updates for several affected products and recommends to update to the new versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-995338.pdfSSA-995338 V1.1 (Last Update: 2022-02-08): Multiple Vulnerabilities in COMOS Web2022-02-08T00:00:00+00:00<p>Multiple vulnerabilities were identified in the web components of COMOS that could allow an attacker to conduct code injections, store data in undesired locations, execute arbitrary SQL statements, and run cross-site request forgery attacks.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdfSSA-661247 V2.4 (Last Update: 2022-01-28): Apache Log4j Vulnerabilities (Log4Shell, CVE-2021-44228, CVE-2021-45046) - Impact to Siemens Products2022-01-28T00:00:00+00:00<p>On 2021-12-09, a vulnerability in Apache Log4j (a logging tool used in many Java-based applications) was disclosed, that could allow remote unauthenticated attackers to execute code on vulnerable systems. The vulnerability is tracked as CVE-2021-44228 and is also known as “Log4Shell”.</p>
<p>On 2021-12-14 an additional denial of service vulnerability (CVE-2021-45046) was published rendering the initial mitigations and fix in version 2.15.0 as incomplete under certain non-default configurations. Log4j versions 2.16.0 and 2.12.2 are supposed to fix both vulnerabilities.</p>
<p>On 2021-12-17, CVE-2021-45046 was reclassified with an increased CVSS base score (from 3.7 to 9.0). The potential impact of CVE-2021-45046 now includes - besides denial of service - also information disclosure and local (and potential remote) code execution.</p>
<p>Siemens is currently investigating to determine which products are affected and is continuously updating this advisory as more information becomes available. See section Additional Information for more details regarding the investigation status.</p>
<p>Note: two additional vulnerabilities were published for Apache Log4j, the impact of which are documented in SSA-501673: <a href="https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf" class="uri">https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf</a> (CVE-2021-45105) and SSA-784507: <a href="https://cert-portal.siemens.com/productcert/pdf/ssa-784507.pdf" class="uri">https://cert-portal.siemens.com/productcert/pdf/ssa-784507.pdf</a> (CVE-2021-44832).</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdfSSA-661247 V2.3 (Last Update: 2022-01-17): Apache Log4j Vulnerabilities (Log4Shell, CVE-2021-44228, CVE-2021-45046) - Impact to Siemens Products2022-01-17T00:00:00+00:00<p>On 2021-12-09, a vulnerability in Apache Log4j (a logging tool used in many Java-based applications) was disclosed, that could allow remote unauthenticated attackers to execute code on vulnerable systems. The vulnerability is tracked as CVE-2021-44228 and is also known as “Log4Shell”.</p>
<p>On 2021-12-14 an additional denial of service vulnerability (CVE-2021-45046) was published rendering the initial mitigations and fix in version 2.15.0 as incomplete under certain non-default configurations. Log4j versions 2.16.0 and 2.12.2 are supposed to fix both vulnerabilities.</p>
<p>On 2021-12-17, CVE-2021-45046 was reclassified with an increased CVSS base score (from 3.7 to 9.0). The potential impact of CVE-2021-45046 now includes - besides denial of service - also information disclosure and local (and potential remote) code execution.</p>
<p>Siemens is currently investigating to determine which products are affected and is continuously updating this advisory as more information becomes available. See section Additional Information for more details regarding the investigation status.</p>
<p>Note: two additional vulnerabilities were published for Apache Log4j, the impact of which are documented in SSA-501673: <a href="https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf" class="uri">https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf</a> (CVE-2021-45105) and SSA-784507: <a href="https://cert-portal.siemens.com/productcert/pdf/ssa-784507.pdf" class="uri">https://cert-portal.siemens.com/productcert/pdf/ssa-784507.pdf</a> (CVE-2021-44832).</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-324998.pdfSSA-324998 V1.0: Multiple Vulnerabilities in SICAM A80002022-01-11T00:00:00+00:00<p>SICAM A8000 devices are impacted by two vulnerabilities. The first one could allow a privileged user to enable a debug port with default credentials. The second vulnerability could allow unauthenticated access to certain previously created log files.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-995338.pdfSSA-995338 V1.0: Multiple Vulnerabilities in COMOS Web2022-01-11T00:00:00+00:00<p>Multiple vulnerabilities were identified in the COMOS Web component of COMOS. They could allow an attacker to conduct code injections, store data in undesired locations, execute arbitrary SQL statements, and run cross-site-request-forgery attacks.</p>
<p>Siemens has released an update for COMOS and recommends to update to the latest version.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-185699.pdfSSA-185699 V1.2 (Last Update: 2022-01-11): Out of Bounds Write Vulnerabilities (NAME:WRECK) in the DNS Module of Nucleus RTOS2022-01-11T00:00:00+00:00<p>Security researchers discovered and disclosed 9 vulnerabilities in several DNS implementations, also known as “NAME:WRECK” vulnerabilities. The vulnerabilities described in this advisory are from this set.</p>
<p>The DNS client of the networking component (Nucleus NET) in Nucleus Real-Time Operating System (RTOS) contains two out of bounds write vulnerabilities in the handling of DNS responses that could allow an attacker to cause a denial-of-service condition or to remotely execute code.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-201384.pdfSSA-201384 V1.2 (Last Update: 2022-01-11): Predictable UDP Port Number Vulnerability (NAME:WRECK) in the DNS Module of Nucleus RTOS2022-01-11T00:00:00+00:00<p>Security researchers discovered and disclosed 9 vulnerabilities in several DNS implementations, also known as “NAME:WRECK” vulnerabilities. The vulnerability described in this advisory is from this set.</p>
<p>The DNS client of of the networking component (Nucleus NET) in Nucleus Real-Time Operating System (RTOS) contains a vulnerability related to the handling of UDP port numbers in DNS requests that could allow an attacker to poison the DNS cache or spoof DNS resolving.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-580693.pdfSSA-580693 V1.2 (Last Update: 2022-01-11): WIBU Systems CodeMeter Runtime Denial-of-Service Vulnerability in Siemens Products2022-01-11T00:00:00+00:00<p>WIBU Systems published information about a denial-of-service vulnerability and an associated fix release version of CodeMeter Runtime, a product provided by WIBU Systems and used in several Siemens products for license management.</p>
<p>The vulnerability is described in the section “Vulnerability Classification” below and got assigned the CVE ID CVE-2021-41057. Successful exploitation of this vulnerability could allow an attacker to crash the CodeMeter Runtime Server (i.e., CodeMeter.exe), which could cause a denial-of-service condition for the affected Siemens product.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-705111.pdfSSA-705111 V1.2 (Last Update: 2022-01-11): Multiple Vulnerabilities (NAME:WRECK) in the DNS Module of Nucleus RTOS2022-01-11T00:00:00+00:00<p>Security researchers discovered and disclosed 9 vulnerabilities in several DNS implementations, also known as “NAME:WRECK” vulnerabilities. The vulnerabilities described in this advisory are from this set.</p>
<p>The DNS client of affected products contains multiple vulnerabilities related to the handling of DNS responses and requests. The most severe could allow an attacker to manipulate the DNS responses and cause a denial-of-service condition.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-766247.pdfSSA-766247 V1.1 (Last Update: 2022-01-11): Authentication Vulnerability in SIMATIC Process Historian2022-01-11T00:00:00+00:00<p>The latest update for SIMATIC Process Historian (PH) fixes an authentication vulnerability in the configuration interface of redundant PH instances that could enable the execution of admin operations on the database.</p>
<p>The related vulnerable interface is restricted to local access on recent versions starting from SIMATIC Process Historian 2020.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-772220.pdfSSA-772220 V1.5 (Last Update: 2022-01-11): OpenSSL Vulnerabilities in Industrial Products2022-01-11T00:00:00+00:00<p>OpenSSL has published a security advisory [0] about a vulnerability in OpenSSL versions 1.1.1 < 1.1.1k, that allows an unauthenticated attacker to cause a Denial-of-Service (DoS) if a maliciously crafted renegotiation message is sent.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends countermeasures for products where updates are not, or not yet available.</p>
<p>[0] <a href="https://www.openssl.org/news/secadv/20210325.txt" class="uri">https://www.openssl.org/news/secadv/20210325.txt</a></p>
https://cert-portal.siemens.com/productcert/pdf/ssa-789208.pdfSSA-789208 V1.2 (Last Update: 2022-01-11): Multiple Vulnerabilities (INFRA:HALT) in Interniche IP-Stack based Low Voltage Devices2022-01-11T00:00:00+00:00<p>Security researchers discovered and disclosed 14 vulnerabilities in the Interniche IP stack, also known as “INFRA:HALT” vulnerabilities [0]. This advisory describes the impact to Siemens low voltage products, which are only affected by four out of the 14 vulnerabilities.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not, or not yet available.</p>
<p>[0] <a href="https://www.forescout.com/blog/new-critical-operational-technology-vulnerabilities-found-on-nichestack/">https://www.forescout.com/blog/new-critical-operational-technology-vulnerabilities-found-on-nichestack/</a></p>
https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdfSSA-661247 V2.2 (Last Update: 2022-01-05): Apache Log4j Vulnerabilities (Log4Shell, CVE-2021-44228, CVE-2021-45046) - Impact to Siemens Products2022-01-05T00:00:00+00:00<p>On 2021-12-09, a vulnerability in Apache Log4j (a logging tool used in many Java-based applications) was disclosed, that could allow remote unauthenticated attackers to execute code on vulnerable systems. The vulnerability is tracked as CVE-2021-44228 and is also known as “Log4Shell”.</p>
<p>On 2021-12-14 an additional denial of service vulnerability (CVE-2021-45046) was published rendering the initial mitigations and fix in version 2.15.0 as incomplete under certain non-default configurations. Log4j versions 2.16.0 and 2.12.2 are supposed to fix both vulnerabilities.</p>
<p>On 2021-12-17, CVE-2021-45046 was reclassified with an increased CVSS base score (from 3.7 to 9.0). The potential impact of CVE-2021-45046 now includes - besides denial of service - also information disclosure and local (and potential remote) code execution.</p>
<p>Siemens is currently investigating to determine which products are affected and is continuously updating this advisory as more information becomes available. See section Additional Information for more details regarding the investigation status.</p>
<p>Note: two additional vulnerabilities were published for Apache Log4j, the impact of which are documented in SSA-501673: <a href="https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf" class="uri">https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf</a> (CVE-2021-45105) and SSA-784507: <a href="https://cert-portal.siemens.com/productcert/pdf/ssa-784507.pdf" class="uri">https://cert-portal.siemens.com/productcert/pdf/ssa-784507.pdf</a> (CVE-2021-44832).</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdfSSA-661247 V2.1 (Last Update: 2021-12-28): Apache Log4j Vulnerabilities (Log4Shell, CVE-2021-44228, CVE-2021-45046) - Impact to Siemens Products2021-12-28T00:00:00+00:00<p>On 2021-12-09, a vulnerability in Apache Log4j (a logging tool used in many Java-based applications) was disclosed, that could allow remote unauthenticated attackers to execute code on vulnerable systems. The vulnerability is tracked as CVE-2021-44228 and is also known as “Log4Shell”.</p>
<p>On 2021-12-14 an additional denial of service vulnerability (CVE-2021-45046) was published rendering the initial mitigations and fix in version 2.15.0 as incomplete under certain non-default configurations. Log4j versions 2.16.0 and 2.12.2 are supposed to fix both vulnerabilities.</p>
<p>On 2021-12-17, CVE-2021-45046 was reclassified with an increased CVSS base score (from 3.7 to 9.0). The potential impact of CVE-2021-45046 now includes - besides denial of service - also information disclosure and local (and potential remote) code execution.</p>
<p>Siemens is currently investigating to determine which products are affected and is continuously updating this advisory as more information becomes available. See section Additional Information for more details regarding the investigation status.</p>
<p>Note: two additional vulnerabilities were published for Apache Log4j, the impact of which are documented in SSA-501673: <a href="https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf" class="uri">https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf</a> (CVE-2021-45105) and SSA-784507: <a href="https://cert-portal.siemens.com/productcert/pdf/ssa-784507.pdf" class="uri">https://cert-portal.siemens.com/productcert/pdf/ssa-784507.pdf</a> (CVE-2021-44832).</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-784507.pdfSSA-784507 V1.0: Apache Log4j Vulnerability (CVE-2021-44832) via JDBC Appender - Impact to Siemens Products2021-12-28T00:00:00+00:00<p>Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) contain a vulnerability (CVE-2021-44832) that could allow an attacker with permission to modify the logging configuration file to execute arbitrary code, when the JDBC Appender is used [1].</p>
<p>This advisory informs about the impact of CVE-2021-44832 to Siemens products and the corresponding remediation and mitigation measures. The vulnerability is different from other JNDI lookup vulnerabilities, the impact of which is documented in SSA-661247 [2].</p>
<p>Currently, no products vulnerable to CVE-2021-44832 have been identified.</p>
<p>Siemens is investigating to determine which products are affected and is continuously updating this advisory as more information becomes available. See section Additional Information for more details regarding the investigation status.</p>
<p>[1] <a href="https://logging.apache.org/log4j/2.x/security.html" class="uri">https://logging.apache.org/log4j/2.x/security.html</a></p>
<p>[2] <a href="https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf" class="uri">https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf</a></p>
https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdfSSA-661247 V2.0 (Last Update: 2021-12-27): Apache Log4j Vulnerabilities (Log4Shell, CVE-2021-44228, CVE-2021-45046) - Impact to Siemens Products2021-12-27T00:00:00+00:00<p>On 2021-12-09, a vulnerability in Apache Log4j (a logging tool used in many Java-based applications) was disclosed, that could allow remote unauthenticated attackers to execute code on vulnerable systems. The vulnerability is tracked as CVE-2021-44228 and is also known as “Log4Shell”.</p>
<p>On 2021-12-14 an additional denial of service vulnerability (CVE-2021-45046) was published rendering the initial mitigations and fix in version 2.15.0 as incomplete under certain non-default configurations. Log4j versions 2.16.0 and 2.12.2 are supposed to fix both vulnerabilities.</p>
<p>On 2021-12-17, CVE-2021-45046 was reclassified with an increased CVSS base score (from 3.7 to 9.0). The potential impact of CVE-2021-45046 now includes - besides denial of service - also information disclosure and local (and potential remote) code execution.</p>
<p>Siemens is currently investigating to determine which products are affected and is continuously updating this advisory as more information becomes available. See section Additional Information for more details regarding the investigation status.</p>
<p>Note: an additional but unrelated vulnerability, CVE-2021-45105, was published for Apache Log4j, the impact of which is documented in SSA-501673: <a href="https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf" class="uri">https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf</a>.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdfSSA-661247 V1.9 (Last Update: 2021-12-23): Apache Log4j Vulnerabilities (Log4Shell, CVE-2021-44228, CVE-2021-45046) - Impact to Siemens Products2021-12-23T00:00:00+00:00<p>On 2021-12-09, a vulnerability in Apache Log4j (a logging tool used in many Java-based applications) was disclosed, that could allow remote unauthenticated attackers to execute code on vulnerable systems. The vulnerability is tracked as CVE-2021-44228 and is also known as “Log4Shell”.</p>
<p>On 2021-12-14 an additional denial of service vulnerability (CVE-2021-45046) was published rendering the initial mitigations and fix in version 2.15.0 as incomplete under certain non-default configurations. Log4j versions 2.16.0 and 2.12.2 are supposed to fix both vulnerabilities.</p>
<p>On 2021-12-17, CVE-2021-45046 was reclassified with an increased CVSS base score (from 3.7 to 9.0). The potential impact of CVE-2021-45046 now includes - besides denial of service - also information disclosure and local (and potential remote) code execution.</p>
<p>Siemens is currently investigating to determine which products are affected and is continuously updating this advisory as more information becomes available. See section Additional Information for more details regarding the investigation status.</p>
<p>Note: an additional but unrelated vulnerability, CVE-2021-45105, was published for Apache Log4j, the impact of which is documented in SSA-501673: <a href="https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf" class="uri">https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf</a>.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdfSSA-661247 V1.8 (Last Update: 2021-12-22): Apache Log4j Vulnerabilities (Log4Shell, CVE-2021-44228, CVE-2021-45046) - Impact to Siemens Products2021-12-22T00:00:00+00:00<p>On 2021-12-09, a vulnerability in Apache Log4j (a logging tool used in many Java-based applications) was disclosed, that could allow remote unauthenticated attackers to execute code on vulnerable systems. The vulnerability is tracked as CVE-2021-44228 and is also known as “Log4Shell”.</p>
<p>On 2021-12-14 an additional denial of service vulnerability (CVE-2021-45046) was published rendering the initial mitigations and fix in version 2.15.0 as incomplete under certain non-default configurations. Log4j versions 2.16.0 and 2.12.2 are supposed to fix both vulnerabilities.</p>
<p>On 2021-12-17, CVE-2021-45046 was reclassified with an increased CVSS base score (from 3.7 to 9.0). The potential impact of CVE-2021-45046 now includes - besides denial of service - also information disclosure and local (and potential remote) code execution.</p>
<p>Siemens is currently investigating to determine which products are affected and is continuously updating this advisory as more information becomes available. See section Additional Information for more details regarding the investigation status.</p>
<p>Note: an additional but unrelated vulnerability, CVE-2021-45105, was published for Apache Log4j, the impact of which is documented in SSA-501673: <a href="https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf" class="uri">https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf</a>.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdfSSA-661247 V1.7 (Last Update: 2021-12-21): Apache Log4j Vulnerabilities (Log4Shell, CVE-2021-44228, CVE-2021-45046) - Impact to Siemens Products2021-12-21T00:00:00+00:00<p>On 2021-12-09, a vulnerability in Apache Log4j (a logging tool used in many Java-based applications) was disclosed, that could allow remote unauthenticated attackers to execute code on vulnerable systems. The vulnerability is tracked as CVE-2021-44228 and is also known as “Log4Shell”.</p>
<p>On 2021-12-14 an additional denial of service vulnerability (CVE-2021-45046) was published rendering the initial mitigations and fix in version 2.15.0 as incomplete under certain non-default configurations. Log4j versions 2.16.0 and 2.12.2 are supposed to fix both vulnerabilities.</p>
<p>On 2021-12-17, CVE-2021-45046 was reclassified with an increased CVSS base score (from 3.7 to 9.0). The potential impact of CVE-2021-45046 now includes - besides denial of service - also information disclosure and local (and potential remote) code execution.</p>
<p>Siemens is currently investigating to determine which products are affected and is continuously updating this advisory as more information becomes available. See section Additional Information for more details regarding the investigation status.</p>
<p>Note: an additional but unrelated vulnerability, CVE-2021-45105, was published for Apache Log4j, the impact of which is documented in SSA-501673: <a href="https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf" class="uri">https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf</a>.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdfSSA-661247 V1.6 (Last Update: 2021-12-20): Apache Log4j Vulnerabilities (Log4Shell, CVE-2021-44228, CVE-2021-45046) - Impact to Siemens Products2021-12-20T00:00:00+00:00<p>On 2021-12-09, a vulnerability in Apache Log4j (a logging tool used in many Java-based applications) was disclosed, that could allow remote unauthenticated attackers to execute code on vulnerable systems. The vulnerability is tracked as CVE-2021-44228 and is also known as “Log4Shell”.</p>
<p>On 2021-12-14 an additional denial of service vulnerability (CVE-2021-45046) was published rendering the initial mitigations and fix in version 2.15.0 as incomplete under certain non-default configurations. Log4j versions 2.16.0 and 2.12.2 are supposed to fix both vulnerabilities.</p>
<p>On 2021-12-17, CVE-2021-45046 was reclassified with an increased CVSS base score (from 3.7 to 9.0). The potential impact of CVE-2021-45046 now includes - besides denial of service - also information disclosure and local (and potential remote) code execution.</p>
<p>Siemens is currently investigating to determine which products are affected and is continuously updating this advisory as more information becomes available. See section Additional Information for more details regarding the investigation status.</p>
<p>Note: an additional but unrelated vulnerability, CVE-2021-45105, was published for Apache Log4j, the impact of which is documented in SSA-501673: <a href="https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf" class="uri">https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf</a>.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdfSSA-661247 V1.5 (Last Update: 2021-12-19): Apache Log4j Vulnerabilities (Log4Shell, CVE-2021-44228, CVE-2021-45046) - Impact to Siemens Products2021-12-19T00:00:00+00:00<p>On 2021-12-09, a vulnerability in Apache Log4j (a logging tool used in many Java-based applications) was disclosed, that could allow remote unauthenticated attackers to execute code on vulnerable systems. The vulnerability is tracked as CVE-2021-44228 and is also known as “Log4Shell”.</p>
<p>On 2021-12-14 an additional denial of service vulnerability (CVE-2021-45046) was published rendering the initial mitigations and fix in version 2.15.0 as incomplete under certain non-default configurations. Log4j versions 2.16.0 and 2.12.2 are supposed to fix both vulnerabilities.</p>
<p>On 2021-12-17, CVE-2021-45046 was reclassified with an increased CVSS base score (from 3.7 to 9.0). The potential impact of CVE-2021-45046 now includes - besides denial of service - also information disclosure and local (and potential remote) code execution.</p>
<p>Siemens is currently investigating to determine which products are affected and is continuously updating this advisory as more information becomes available. See section Additional Information for more details regarding the investigation status.</p>
<p>Note: an additional but unrelated vulnerability, CVE-2021-45105, was published for Apache Log4j, the impact of which is documented in SSA-501673: <a href="https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf" class="uri">https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf</a>.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdfSSA-501673 V1.0: Apache Log4j Denial of Service Vulnerability (CVE-2021-45105) - Impact to Siemens Products2021-12-19T00:00:00+00:00<p>Apache Log4j2 versions 2.0-alpha1 through 2.16.0 contain a vulnerability (CVE-2021-45105) that could allow attackers to cause a denial of service condition in affected applications [1].</p>
<p>This advisory informs about the impact of CVE-2021-45105 to Siemens products and the corresponding remediation and mitigation measures. The vulnerability is different from the JNDI lookup vulnerabilities, the impact of which is documented in SSA-661247 [2].</p>
<p>Currently, no products vulnerable to CVE-2021-45105 have been identified.</p>
<p>Siemens is investigating to determine which products are affected and is continuously updating this advisory as more information becomes available. See section Additional Information for more details regarding the investigation status.</p>
<p>[1] <a href="https://logging.apache.org/log4j/2.x/security.html" class="uri">https://logging.apache.org/log4j/2.x/security.html</a></p>
<p>[2] <a href="https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf" class="uri">https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf</a></p>
https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdfSSA-661247 V1.5 (Last Update: 2021-12-19): Apache Log4j Vulnerabilities (Log4Shell, CVE-2021-44228, CVE-2021-45046) - Impact to Siemens Products2021-12-19T00:00:00+00:00<p>On 2021-12-09, a vulnerability in Apache Log4j (a logging tool used in many Java-based applications) was disclosed, that could allow remote unauthenticated attackers to execute code on vulnerable systems. The vulnerability is tracked as CVE-2021-44228 and is also known as “Log4Shell”.</p>
<p>On 2021-12-14 an additional denial of service vulnerability (CVE-2021-45046) was published rendering the initial mitigations and fix in version 2.15.0 as incomplete under certain non-default configurations. Log4j versions 2.16.0 and 2.12.2 are supposed to fix both vulnerabilities.</p>
<p>On 2021-12-17, CVE-2021-45046 was reclassified with an increased CVSS base score (from 3.7 to 9.0). The potential impact of CVE-2021-45046 now includes - besides denial of service - also information disclosure and local (and potential remote) code execution.</p>
<p>Siemens is currently investigating to determine which products are affected and is continuously updating this advisory as more information becomes available. See section Additional Information for more details regarding the investigation status.</p>
<p>Note: an additional but unrelated vulnerability, CVE-2021-45105, was published for Apache Log4j, the impact of which is documented in SSA-501673: <a href="https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf" class="uri">https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf</a>.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdfSSA-501673 V1.0: Apache Log4j Denial of Service Vulnerability (CVE-2021-45105) - Impact to Siemens Products2021-12-19T00:00:00+00:00<p>Apache Log4j2 versions 2.0-alpha1 through 2.16.0 contain a vulnerability (CVE-2021-45105) that could allow attackers to cause a denial of service condition in affected applications [1].</p>
<p>This advisory informs about the impact of CVE-2021-45105 to Siemens products and the corresponding remediation and mitigation measures. The vulnerability is different from the JNDI lookup vulnerabilities, the impact of which is documented in SSA-661247 [2].</p>
<p>Currently, no products vulnerable to CVE-2021-45105 have been identified.</p>
<p>Siemens is investigating to determine which products are affected and is continuously updating this advisory as more information becomes available. See section Additional Information for more details regarding the investigation status.</p>
<p>[1] <a href="https://logging.apache.org/log4j/2.x/security.html" class="uri">https://logging.apache.org/log4j/2.x/security.html</a></p>
<p>[2] <a href="https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf" class="uri">https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf</a></p>
https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdfSSA-661247 V1.4 (Last Update: 2021-12-18): Apache Log4j Vulnerabilities (Log4Shell, CVE-2021-44228, CVE-2021-45046) - Impact to Siemens Products2021-12-18T00:00:00+00:00<p>On 2021-12-09, a vulnerability in Apache Log4j (a logging tool used in many Java-based applications) was disclosed, that could allow remote unauthenticated attackers to execute code on vulnerable systems. The vulnerability is tracked as CVE-2021-44228 and is also known as “Log4Shell”.</p>
<p>On 2021-12-14 an additional denial of service vulnerability (CVE-2021-45046) was published rendering the initial mitigations and fix in version 2.15.0 as incomplete under certain non-default configurations. Log4j versions 2.16.0 and 2.12.2 are supposed to fix both vulnerabilities.</p>
<p>On 2021-12-17, CVE-2021-45046 was reclassified with an increased CVSS base score (from 3.7 to 9.0). The potential impact of CVE-2021-45046 now includes - besides denial of service - also information disclosure and local (and potential remote) code execution.</p>
<p>Siemens is currently investigating to determine which products are affected and is continuously updating this advisory as more information becomes available. See section Additional Information for more details regarding the investigation status.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdfSSA-661247 V1.3 (Last Update: 2021-12-17): Apache Log4j Vulnerabilities (Log4Shell, CVE-2021-44228, CVE-2021-45046) - Impact to Siemens Products2021-12-17T00:00:00+00:00<p>On 2021-12-09, a vulnerability in Apache Log4j (a logging tool used in many Java-based applications) was disclosed, that could allow remote unauthenticated attackers to execute code on vulnerable systems. The vulnerability is tracked as CVE-2021-44228 and is also known as “Log4Shell”.</p>
<p>On 2021-12-14 an additional denial of service vulnerability (CVE-2021-45046) was published rendering the initial mitigations and fix in version 2.15.0 as incomplete under certain non-default configurations. Log4j versions 2.16.0 and 2.12.2 are supposed to fix both vulnerabilities.</p>
<p>Siemens is currently investigating to determine which products are affected and is continuously updating this advisory as more information becomes available. See section Additional Information for more details regarding the investigation status.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdfSSA-661247 V1.2 (Last Update: 2021-12-16): Apache Log4j Vulnerabilities (Log4Shell, CVE-2021-44228, CVE-2021-45046) - Impact to Siemens Products2021-12-16T00:00:00+00:00<p>On 2021-12-09, a vulnerability in Apache Log4j (a logging tool used in many Java-based applications) was disclosed, that could allow remote unauthenticated attackers to execute code on vulnerable systems. The vulnerability is tracked as CVE-2021-44228 and is also known as “Log4Shell”.</p>
<p>On 2021-12-14 an additional denial of service vulnerability (CVE-2021-45046) was published rendering the initial mitigations and fix in version 2.15.0 as incomplete under certain non-default configurations. Log4j versions 2.16.0 and 2.12.2 are supposed to fix both vulnerabilities.</p>
<p>Siemens is currently investigating to determine which products are affected and is continuously updating this advisory as more information becomes available. See section Additional Information for more details regarding the investigation status.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdfSSA-661247 V1.1 (Last Update: 2021-12-15): Apache Log4j Vulnerabilities (Log4Shell, CVE-2021-44228, CVE-2021-45046) - Impact to Siemens Products2021-12-15T00:00:00+00:00<p>On 2021-12-09, a vulnerability in Apache Log4j (a logging tool used in many Java-based applications) was disclosed, that could allow remote unauthenticated attackers to execute code on vulnerable systems. The vulnerability is tracked as CVE-2021-44228 and is also known as “Log4Shell”.</p>
<p>On 2021-12-14 an additional denial of service vulnerability (CVE-2021-45046) was published rendering the initial mitigations and fix in version 2.15.0 as incomplete under certain non-default configurations. Log4j versions 2.16.0 and 2.12.2 are supposed to fix both vulnerabilities.</p>
<p>Siemens is currently investigating to determine which products are affected and is continuously updating this advisory as more information becomes available. See section Additional Information for more details regarding the investigation status.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-133772.pdfSSA-133772 V1.0: Zip Path Traversal Vulnerability in Teamcenter Active Workspace2021-12-14T00:00:00+00:00<p>A zip path traversal vulnerability in Teamcenter Active Workspace could allow an attacker to achieve remote code execution.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-161331.pdfSSA-161331 V1.0: Scene File Parsing Vulnerability in Simcenter STAR-CCM+ Viewer before V2021.3.12021-12-14T00:00:00+00:00<p>Siemens Simcenter STAR-CCM+ Viewer is affected by a vulnerability that could be triggered when the application reads scene (.sce) files. If a user is tricked to open a malicious file with the affected application, this could lead to a crash, and potentially also to arbitrary code execution or data extraction on the target host system.</p>
<p>Siemens has released an update for Simcenter STAR-CCM+ Viewer and recommends to update to the latest version to fix the vulnerability. Siemens recommends to avoid opening of untrusted files from unknown sources.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-199605.pdfSSA-199605 V1.0: Arbitrary File Download Vulnerability in SIMATIC eaSie PCS 7 Skill Package2021-12-14T00:00:00+00:00<p>SIMATIC eaSie PCS 7 Skill Package contains a path traversal vulnerability that could allow an authenticated remote attacker to read arbitrary files for the application server.</p>
<p>Siemens has released an update for the SIMATIC eaSie PCS 7 Skill Package and recommends to update to the latest version.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-352143.pdfSSA-352143 V1.0: Multiple File Parsing Vulnerabilities in JTTK before V11.0.3.0 and JT Utilities before V13.0.3.02021-12-14T00:00:00+00:00<p>JT Open Toolkit (JTTK) before V11.0.3.0 contains multiple vulnerabilities that could be triggered when the affected product reads a maliciously crafted JT file. These vulnerabilities also affects JT Utilities before V13.0.3.0. If a user is tricked to open a malicious file with any of the affected products, this could lead the application to crash or potentially lead to arbitrary code execution.</p>
<p>Siemens recommends to update to the latest versions and to limit opening of untrusted files from unknown sources in the affected products.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdfSSA-390195 V1.0: LibVNC Vulnerabilities in SIMATIC ITC Products2021-12-14T00:00:00+00:00<p>Multiple LibVNC vulnerabilities in the affected products listed below could allow remote code execution, information disclosure and Denial-of-Service attacks under certain conditions.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-396621.pdfSSA-396621 V1.0: Multiple File Parsing Vulnerabilities in JTTK before V10.8.1.1 and JT Utilities before V12.8.1.12021-12-14T00:00:00+00:00<p>JT Open Toolkit (JTTK) before V10.8.1.1 contains multiple vulnerabilities that could be triggered when it reads a maliciously crafted JT file. These vulnerabilities also affects JT Utilities before V12.8.1.1. If a user is tricked to open a malicious file with any of the affected products, this could lead the application to crash or potentially lead to arbitrary code execution.</p>
<p>Siemens recommends to update to the latest versions and to limit opening of untrusted files from unknown sources in the affected products.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-400332.pdfSSA-400332 V1.0: Insufficient Design IP Protection in IEEE 1735 Recommended Practice - Impact to Questa and ModelSim2021-12-14T00:00:00+00:00<p>Recent security research identifies weaknesses in the IEEE 1735 recommended practice for encryption of Design IP, which could allow a sophisticated attacker access to unencrypted Design IP data in IEEE 1735-compliant products. This advisory addresses the specific details for the affected Siemens software products: Questa and ModelSim simulators.</p>
<p>Siemens is preparing updates and recommends specific countermeasures for Questa and ModelSim.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-496292.pdfSSA-496292 V1.0: Remote Code Execution Vulnerability in POWER METER SICAM Q1002021-12-14T00:00:00+00:00<p>POWER METER SICAM Q100 contains a vulnerability that could allow an attacker to remotely execute code.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-523250.pdfSSA-523250 V1.0: Improper Certificate Validation Vulnerability in SINUMERIK Edge2021-12-14T00:00:00+00:00<p>A vulnerability was found in SINUMERIK Edge that could allow an attacker to spoof a trusted entity by interfering in the communication path between the client and the intended server.</p>
<p>Siemens has released an update for the SINUMERIK Edge and recommends to update to the latest version.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdfSSA-595101 V1.0: Multiple File Parsing Vulnerabilities in JT2Go and Teamcenter Visualization before V13.2.0.52021-12-14T00:00:00+00:00<p>Siemens has released version V13.2.0.5 for JT2Go and Teamcenter Visualization to fix multiple vulnerabilities that could be triggered when the products read maliciously crafted files in different file formats (PDF, JT, TIFF, CGM and TIF). If a user is tricked to open a malicious file with any of the affected products, this could lead the application to crash or potentially lead to arbitrary code execution.</p>
<p>Siemens recommends to update to the latest versions and to limit opening of untrusted files from unknown sources in the affected products.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-620288.pdfSSA-620288 V1.0: Multiple Vulnerabilities (NUCLEUS:13) in CAPITAL VSTAR2021-12-14T00:00:00+00:00<p>Multiple vulnerabilities (also known as “NUCLEUS:13”) have be identified in the Nucleus RTOS (real-time operating system) and reported in the Siemens Security Advisory SSA-044112: <a href="https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf" class="uri">https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf</a>.</p>
<p>CAPITAL VSTAR uses an affected version of the Nucleus software and inherently contains several of these vulnerabilities.</p>
<p>Siemens recommends specific countermeasures for products where updates are not available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-802578.pdfSSA-802578 V1.0: Multiple File Parsing Vulnerabilities in JTTK before V11.1.1.0 and JT Utilities before V13.1.1.02021-12-14T00:00:00+00:00<p>JT Open Toolkit (JTTK) before V11.1.1.0 contains multiple vulnerabilities that could be triggered when it reads a maliciously crafted JT file. These vulnerabilities also affects JT Utilities before V13.1.1.0. If a user is tricked to open a malicious JT file with any of the affected products, this could lead the application to crash or potentially lead to arbitrary code execution.</p>
<p>Siemens recommends to update to the latest versions and to limit opening of untrusted files from unknown sources in the affected products.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdfSSA-044112 V1.1 (Last Update: 2021-12-14): Multiple Vulnerabilities (NUCLEUS:13) in the TCP/IP Stack of Nucleus RTOS2021-12-14T00:00:00+00:00<p>The TCP/IP stack and related services (FTP, TFTP) of the networking component (Nucleus NET) in Nucleus Real-Time Operating System (RTOS) contain several vulnerabilities, also known as “NUCLEUS:13” and as documented below.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends countermeasures for products where updates are not available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-324955.pdfSSA-324955 V1.7 (Last Update: 2021-12-14): SAD DNS Attack in Linux Based Products2021-12-14T00:00:00+00:00<p>A vulnerability made public under the name SAD DNS affects Domain Name System resolvers due to a vulnerability in the Linux kernel when handling ICMP packets. The Siemens products which are affected are listed below. For more information please see <a href="https://www.saddns.net/" class="uri">https://www.saddns.net/</a>.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-549234.pdfSSA-549234 V1.1 (Last Update: 2021-12-14): Denial-of-Service Vulnerability in SIMATIC NET CP Modules2021-12-14T00:00:00+00:00<p>A denial of service vulnerability was identified in different types of Communication Processors. An attacker could exploit this vulnerability causing the device to become un-operational until the device is restarted.</p>
<p>Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-580693.pdfSSA-580693 V1.1 (Last Update: 2021-12-14): WIBU Systems CodeMeter Runtime Denial-of-Service Vulnerability in Siemens Products2021-12-14T00:00:00+00:00<p>WIBU Systems published information about a denial-of-service vulnerability and an associated fix release version of CodeMeter Runtime, a product provided by WIBU Systems and used in several Siemens products for license management.</p>
<p>The vulnerability is described in the section “Vulnerability Classification” below and got assigned the CVE ID CVE-2021-41057. Successful exploitation of this vulnerability could allow an attacker to crash the CodeMeter Runtime Server (i.e., CodeMeter.exe), which could cause a denial-of-service condition for the affected Siemens product.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-629512.pdfSSA-629512 V1.3 (Last Update: 2021-12-14): Local Privilege Escalation Vulnerability in TIA Portal2021-12-14T00:00:00+00:00<p>The latest updates for TIA Portal fix a vulnerability that could allow a local attacker to execute arbitrary code with SYSTEM privileges.</p>
<p>Update: The previously provided fixes only correctly set the permissions on English Windows versions.</p>
<p>Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-772220.pdfSSA-772220 V1.4 (Last Update: 2021-12-14): OpenSSL Vulnerabilities in Industrial Products2021-12-14T00:00:00+00:00<p>OpenSSL has published a security advisory [0] about a vulnerability in OpenSSL versions 1.1.1 < 1.1.1k, that allows an unauthenticated attacker to cause a Denial-of-Service (DoS) if a maliciously crafted renegotiation message is sent.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends countermeasures for products where updates are not, or not yet available.</p>
<p>[0] <a href="https://www.openssl.org/news/secadv/20210325.txt" class="uri">https://www.openssl.org/news/secadv/20210325.txt</a></p>
https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdfSSA-661247 V1.0: Apache Log4j Vulnerability (CVE-2021-44228, Log4Shell) - Impact to Siemens Products2021-12-13T00:00:00+00:00<p>On 2021-12-09, a vulnerability in Apache Log4j (a logging tool used in many Java-based applications) was disclosed, that could allow remote unauthenticated attackers to execute code on vulnerable systems. The vulnerability is tracked as CVE-2021-44228 and is also known as “Log4Shell”.</p>
<p>Siemens is currently investigating to determine which products are affected and is continuously updating this advisory as more information becomes available. See section Additional Information for more details regarding the investigation status.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdfSSA-044112 V1.0: Multiple Vulnerabilities (NUCLEUS:13) in the TCP/IP Stack of Nucleus RTOS2021-11-09T00:00:00+00:00<p>The TCP/IP stack and related services (FTP, TFTP) of the networking component (Nucleus NET) in Nucleus Real-Time Operating System (RTOS) contain several vulnerabilities, also known as “NUCLEUS:13” and as documented below.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends countermeasures for products where updates are not available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-145157.pdfSSA-145157 V1.0: Multiple Vulnerabilities in SIMATIC RTLS Locating Manager before V2.122021-11-09T00:00:00+00:00<p>SIMATIC RTLS Locating Manager before V2.12 contains multiple vulnerabilities that could allow an attacker to read sensitive data or trigger a denial-of-service condition of the application service.</p>
<p>Siemens has released an update for the SIMATIC RTLS Locating Manager and recommends to update to the latest version.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-328042.pdfSSA-328042 V1.0: File Parsing Vulnerabilities in OBJ Translator in NX2021-11-09T00:00:00+00:00<p>Siemens NX is affected by two vulnerabilities that could be triggered when the application reads OBJ files. If a user is tricked to open a malicious file with the affected application, this could lead to an access violation, and potentially also to arbitrary code execution on the target host system.</p>
<p>Siemens has released updates for the NX and recommends to update to the latest version. Siemens recommends to avoid opening of untrusted files from unknown sources.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-537983.pdfSSA-537983 V1.0: Local Code Execution Vulnerability in SENTRON powermanager V32021-11-09T00:00:00+00:00<p>SENTRON powermanager V3 is affected by a vulnerability that could allow a local attacker to inject arbitrary code and escalate privileges.</p>
<p>Siemens has released a security patch for SENTRON powermanager V3.6 HF1 and recommends to update to the latest version and apply this patch.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-580693.pdfSSA-580693 V1.0: WIBU Systems CodeMeter Runtime Denial-of-Service Vulnerability in Siemens Products2021-11-09T00:00:00+00:00<p>WIBU Systems published information about a denial-of-service vulnerability and an associated fix release version of CodeMeter Runtime, a product provided by WIBU Systems and used in several Siemens products for license management.</p>
<p>The vulnerability is described in the section “Vulnerability Classification” below and got assigned the CVE ID CVE-2021-41057. Successful exploitation of this vulnerability could allow an attacker to crash the CodeMeter Runtime Server (i.e., CodeMeter.exe), which could cause a denial-of-service condition for the affected Siemens product.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-740908.pdfSSA-740908 V1.0: File Parsing Vulnerabilities in JT Translator in NX2021-11-09T00:00:00+00:00<p>Siemens NX is affected by two vulnerabilities that could be triggered when the application reads JT files. If a user is tricked to open a malicious file with the affected application, this could lead to an access violation, and potentially also to arbitrary code execution on the target host system.</p>
<p>Siemens has released an update for the NX 1980 Series and recommends to update to the latest version. Siemens recommends to avoid opening of untrusted files from unknown sources.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-840188.pdfSSA-840188 V1.0: Multiple Vulnerabilities in SIMATIC WinCC Affecting Other SIMATIC Software Products2021-11-09T00:00:00+00:00<p>Multiple vulnerabilities were found in SIMATIC WinCC that ultimately could allow local attackers to escalate privileges and read, write or delete critical files.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-917476.pdfSSA-917476 V1.0: Multiple Vulnerabilities in SCALANCE W1750D2021-11-09T00:00:00+00:00<p>The Scalance W1750D device contains multiple vulnerabilities that could allow an attacker to execute code on the affected device(s), read arbitrary files, or create a denial-of-service condition.</p>
<p>Siemens has released an update for the SCALANCE W1750D and recommends to update to the latest version. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-185699.pdfSSA-185699 V1.1 (Last Update: 2021-11-09): Out of Bounds Write Vulnerabilities (NAME:WRECK) in the DNS Module of Nucleus RTOS2021-11-09T00:00:00+00:00<p>Security researchers discovered and disclosed 9 vulnerabilities in several DNS implementations, also known as “NAME:WRECK” vulnerabilities. The vulnerabilities described in this advisory are from this set.</p>
<p>The DNS client of the networking component (Nucleus NET) in Nucleus Real-Time Operating System (RTOS) contains two out of bounds write vulnerabilities in the handling of DNS responses that could allow an attacker to cause a denial-of-service condition or to remotely execute code.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-201384.pdfSSA-201384 V1.1 (Last Update: 2021-11-09): Predictable UDP Port Number Vulnerability (NAME:WRECK) in the DNS Module of Nucleus RTOS2021-11-09T00:00:00+00:00<p>Security researchers discovered and disclosed 9 vulnerabilities in several DNS implementations, also known as “NAME:WRECK” vulnerabilities. The vulnerability described in this advisory is from this set.</p>
<p>The DNS client of of the networking component (Nucleus NET) in Nucleus Real-Time Operating System (RTOS) contains a vulnerability related to the handling of UDP port numbers in DNS requests that could allow an attacker to poison the DNS cache or spoof DNS resolving.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-248289.pdfSSA-248289 V1.1 (Last Update: 2021-11-09): Denial of Service Vulnerabilities in the IPv6 Stack of Nucleus RTOS2021-11-09T00:00:00+00:00<p>The IPv6 stack of the networking component (Nucleus NET) in Nucleus Real-Time Operating System (RTOS) contains two vulnerabilities when processing IPv6 headers which could allow an attacker to cause a denial of service condition.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends countermeasures for products where updates are not available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-312271.pdfSSA-312271 V1.9 (Last Update: 2021-11-09): Unquoted Search Path Vulnerabilities in Windows-based Industrial Software Applications2021-11-09T00:00:00+00:00<p>Several industrial products as listed below contain a local privilege escalation vulnerabilities that could allow authorized local users with administrative privileges to execute custom code with SYSTEM level privileges.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-324955.pdfSSA-324955 V1.6 (Last Update: 2021-11-09): SAD DNS Attack in Linux Based Products2021-11-09T00:00:00+00:00<p>A vulnerability made public under the name SAD DNS affects Domain Name System resolvers due to a vulnerability in the Linux kernel when handling ICMP packets. The Siemens products which are affected are listed below. For more information please see <a href="https://www.saddns.net/" class="uri">https://www.saddns.net/</a>.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-362164.pdfSSA-362164 V1.1 (Last Update: 2021-11-09): Predictable Initial Sequence Numbers in the TCP/IP Stack of Nucleus RTOS2021-11-09T00:00:00+00:00<p>The networking component (Nucleus NET) in Nucleus Real-Time Operating System (RTOS) use Initial Sequence Numbers for TCP-Sessions that are predictable.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssb-439005.pdfSSB-439005 V3.9 (Last Update: 2021-11-09): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP2021-11-09T00:00:00+00:00https://cert-portal.siemens.com/productcert/pdf/ssa-675303.pdfSSA-675303 V1.2 (Last Update: 2021-11-09): WIBU Systems CodeMeter Runtime Vulnerabilities in Siemens Products2021-11-09T00:00:00+00:00<p>WIBU Systems published information about two vulnerabilities and an associated fix release version of CodeMeter Runtime, a product provided by WIBU Systems and used in several Siemens products for license management.</p>
<p>The vulnerabilities are described in the section “Vulnerability Classification” below and got assigned the CVE IDs CVE-2021-20093 and CVE-2021-20094. Successful exploitation of these vulnerabilities could allow an attacker to read data from the heap of the CodeMeter Runtime network server, or crash the CodeMeter Runtime Server (i.e., CodeMeter.exe).</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-705111.pdfSSA-705111 V1.1 (Last Update: 2021-11-09): Multiple Vulnerabilities (NAME:WRECK) in the DNS Module of Nucleus RTOS2021-11-09T00:00:00+00:00<p>Security researchers discovered and disclosed 9 vulnerabilities in several DNS implementations, also known as “NAME:WRECK” vulnerabilities. The vulnerabilities described in this advisory are from this set.</p>
<p>The DNS client of affected products contains multiple vulnerabilities related to the handling of DNS responses and requests. The most severe could allow an attacker to manipulate the DNS responses and cause a denial-of-service condition.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-772220.pdfSSA-772220 V1.3 (Last Update: 2021-11-09): OpenSSL Vulnerabilities in Industrial Products2021-11-09T00:00:00+00:00<p>OpenSSL has published a security advisory [0] about a vulnerability in OpenSSL versions 1.1.1 < 1.1.1k, that allows an unauthenticated attacker to cause a Denial-of-Service (DoS) if a maliciously crafted renegotiation message is sent.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends countermeasures for products where updates are not, or not yet available.</p>
<p>[0] <a href="https://www.openssl.org/news/secadv/20210325.txt" class="uri">https://www.openssl.org/news/secadv/20210325.txt</a></p>
https://cert-portal.siemens.com/productcert/pdf/ssa-163251.pdfSSA-163251 V1.0: Multiple Vulnerabilities in SINEC NMS2021-10-12T00:00:00+00:00<p>The latest update for SINEC NMS fixes multiple vulnerabilities. The most severe could allow an authenticated remote attacker to execute arbitrary code on the system, with system privileges, under certain conditions.</p>
<p>Siemens has released an update for SINEC NMS and recommends to update to the latest version.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-173565.pdfSSA-173565 V1.0: Denial-of-Service Vulnerability in RUGGEDCOM ROX Devices2021-10-12T00:00:00+00:00<p>The latest update for RUGGEDCOM ROX devices fixes a vulnerability that could allow an unauthenticated attacker to cause a permanent Denial-of-Service condition under certain conditions.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-178380.pdfSSA-178380 V1.0: Denial-of-Service Vulnerability in SINUMERIK Controllers2021-10-12T00:00:00+00:00<p>A Denial-of-Service vulnerability found in SINUMERIK Controllers could allow an unauthenticated attacker with network access to the affected devices to cause system failure with total loss of availability.</p>
<p>Siemens has released an update for the SINUMERIK 828D and recommends to update to the latest version. Siemens recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-280624.pdfSSA-280624 V1.0: Multiple Vulnerabilities in SCALANCE W1750D2021-10-12T00:00:00+00:00<p>The Scalance W1750D device contains multiple vulnerabilities that could allow an attacker to inject commands or trigger buffer overflows.</p>
<p>Siemens is preparing updates and recommends countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-766247.pdfSSA-766247 V1.0: Authentication Vulnerability in SIMATIC Process Historian2021-10-12T00:00:00+00:00<p>The latest update for SIMATIC Process Historian (PH) fixes an authentication vulnerability in the configuration interface of redundant PH instances that could enable the execution of admin operations on the database.</p>
<p>The related vulnerable interface is restricted to local access on recent versions starting from SIMATIC Process Historian 2020.</p>
<p>Siemens has released an update for the SIMATIC Process Historian 2014 and recommends to update to the latest version. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-150692.pdfSSA-150692 V1.1 (Last Update: 2021-10-12): Multiple Vulnerabilities in RUGGEDCOM ROX2021-10-12T00:00:00+00:00<p>Multiple vulnerabilities in RUGGEDCOM ROX devices have been detected, ranging from command injection to filesystem traversal. An attacker could exploit these to gain root access to the affected devices.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-293562.pdfSSA-293562 V3.3 (Last Update: 2021-10-12): Vulnerabilities in Industrial Products2021-10-12T00:00:00+00:00<p>Several industrial devices are affected by two vulnerabilities that could allow an attacker to cause a Denial-of-Service condition via PROFINET DCP network packets under certain circumstances. The precondition for this scenario is a direct layer 2 access to the affected products. PROFIBUS interfaces are not affected.</p>
<p>Siemens has released updates for several affected products and recommends to update to the new versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-324955.pdfSSA-324955 V1.5 (Last Update: 2021-10-12): SAD DNS Attack in Linux Based Products2021-10-12T00:00:00+00:00<p>A vulnerability made public under the name SAD DNS affects Domain Name System resolvers due to a vulnerability in the Linux kernel when handling ICMP packets. The Siemens products which are affected are listed below. For more information please see <a href="https://www.saddns.net/" class="uri">https://www.saddns.net/</a>.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-346262.pdfSSA-346262 V3.1 (Last Update: 2021-10-12): Denial-of-Service in Industrial Products2021-10-12T00:00:00+00:00<p>Several industrial products are affected by a vulnerability that could allow remote attackers to conduct a Denial-of-Service (DoS) attack by sending specially crafted packets to port 161/udp (SNMP).</p>
<p>Siemens has released updates for several affected products, and recommends that customers update to the new version. Siemens is preparing further updates and recommends specific countermeasures until patches are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-349422.pdfSSA-349422 V1.6 (Last Update: 2021-10-12): Denial-of-Service in Industrial Real-Time (IRT) Devices2021-10-12T00:00:00+00:00<p>A vulnerability in the affected products could allow an unauthorized attacker with network access to perform a denial-of-service attack resulting in loss of real-time synchronization.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssb-439005.pdfSSB-439005 V3.8 (Last Update: 2021-10-12): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP2021-10-12T00:00:00+00:00https://cert-portal.siemens.com/productcert/pdf/ssa-473245.pdfSSA-473245 V2.1 (Last Update: 2021-10-12): Denial-of-Service Vulnerability in Profinet Devices2021-10-12T00:00:00+00:00<p>A vulnerability in affected devices could allow an attacker to perform a denial-of-service attack if a large amount of specially crafted UDP packets are sent to the device.</p>
<p>Siemens has released updates for several affected products, and recommends that customers update to the new version. Siemens is preparing further updates and recommends specific countermeasures until patches are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-538778.pdfSSA-538778 V1.2 (Last Update: 2021-10-12): SmartVNC Vulnerabilities in SIMATIC HMI/WinCC Products2021-10-12T00:00:00+00:00<p>Multiple SmartVNC vulnerabilities in the affected products listed below could allow remote code execution and Denial-of-Service attacks under certain conditions.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest version.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-541018.pdfSSA-541018 V1.3 (Last Update: 2021-10-12): Embedded TCP/IP Stack Vulnerabilities (AMNESIA:33) in SENTRON PAC / 3VA Devices (Part 2)2021-10-12T00:00:00+00:00<p>Security researchers discovered and disclosed 33 vulnerabilities in several open-source TCP/IP stacks for embedded devices, also known as “AMNESIA:33” vulnerabilities.</p>
<p>This advisory describes the impact of two of these vulnerabilities (CVE-2020-13987, CVE-2020-17437) to Siemens products.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not available.</p>
<p>The impact of another “AMNESIA:33” vulnerability (CVE-2020-13988) is described in <a href="https://cert-portal.siemens.com/productcert/pdf/ssa-541017.pdf">Siemens Security Advisory SSA-541017</a>.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-557804.pdfSSA-557804 V1.3 (Last Update: 2021-10-12): Mirror Port Isolation Vulnerability in SCALANCE X Switches2021-10-12T00:00:00+00:00<p>A vulnerability was identified in several SCALANCE X switches that could allow an attacker to feed information into a network via the mirror port with the monitor barrier feature enabled.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-599968.pdfSSA-599968 V1.3 (Last Update: 2021-10-12): Denial-of-Service Vulnerability in Profinet Devices2021-10-12T00:00:00+00:00<p>A vulnerability in affected devices could allow an attacker to perform a denial-of-service attack if a large amount of Profinet Discovery and Configuration Protocol (DCP) reset packets is sent to the affected devices.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdfSSA-723417 V1.2 (Last Update: 2021-10-12): Multiple Vulnerabilities in SCALANCE W1750D2021-10-12T00:00:00+00:00<p>The Scalance W1750D device contains multiple vulnerabilities that could allow an attacker to inject commands or trigger buffer overflows.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-780073.pdfSSA-780073 V1.9 (Last Update: 2021-10-12): Denial-of-Service Vulnerability in PROFINET Devices via DCE-RPC Packets2021-10-12T00:00:00+00:00<p>Products that include the Siemens PROFINET-IO (PNIO) stack in versMions prior V06.00 are potentially affected by a denial-of-service vulnerability when multiple legitimate diagnostic package requests are sent to the DCE-RPC interface.</p>
<p>Siemens has released updates for several affected products and recommends to update to the new versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
<p>Additionally, Siemens recommends other vendors of PROFINET devices to check if their products have incorporated a vulnerable version of the Siemens PNIO stack as part of the Siemens Development/Evaluation Kits.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdfSSA-913875 V1.1 (Last Update: 2021-10-12): Frame Aggregation and Fragmentation Vulnerabilities in 802.112021-10-12T00:00:00+00:00<p>Twelve vulnerabilities in the implementation of frame aggregation and fragmentation of the 802.11 standard, under the name of <a href="https://www.fragattacks.com/">FragAttacks</a>, have been published.</p>
<p>Successful exploitation of these vulnerabilities could allow an attacker within Wi-Fi range to forge encrypted frames, which could result in sensitive data disclosure and possibly traffic manipulation.</p>
<p>The advised Siemens products are only affected by some of the published vulnerabilities.</p>
<p>Siemens has released an update for the SCALANCE W1750D and recommends to update to the latest version. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-728618.pdfSSA-728618 V1.0: Multiple Vulnerabilities in Solid Edge before SE2021MP82021-09-28T00:00:00+00:00<p>Siemens has released a new version for Solid Edge that fixes multiple file parsing vulnerabilities which could be triggered when the application reads files in IFC, JT or OBJ formats.</p>
<p>If a user is tricked to opening a malicious file using the affected application this could lead the application to crash, or potentially arbitrary code execution on the target host system.</p>
<p>Siemens recommends to update to the latest version and to limit opening of files from unknown sources in the affected products.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-109294.pdfSSA-109294 V1.0: Scene File Parsing Vulnerability in Simcenter STAR-CCM+ Viewer2021-09-14T00:00:00+00:00<p>Siemens Simcenter STAR-CCM+ Viewer is affected by a vulnerability that could be triggered when the application reads scene (.sce) files. If a user is tricked to open a malicious file with the affected application, this could lead to a crash, and potentially also to arbitrary code execution or data extraction on the target host system.</p>
<p>Siemens has released an update for Simcenter STAR-CCM+ Viewer and recommends to update to the latest version to fix the vulnerability. Siemens recommends to avoid opening of untrusted files from unknown sources.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-150692.pdfSSA-150692 V1.0: Multiple Vulnerabilities in RUGGEDCOM ROX2021-09-14T00:00:00+00:00<p>Multiple vulnerabilities in RUGGEDCOM ROX devices have been detected, ranging from command injection to filesystem traversal. An attacker could exploit these to gain root access to the affected devices.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-208530.pdfSSA-208530 V1.0: File parsing vulnerabilities in IFC adapter in NX2021-09-14T00:00:00+00:00<p>Siemens NX is affected by two vulnerabilities that could be triggered when the application reads ifc files. If a user is tricked to open a malicious file with the affected application, this could lead to an access violation, and potentially also to arbitrary code execution on the target host system.</p>
<p>Siemens has released updates for NX and recommends to update to the latest version to fix the vulnerabilities. Siemens recommends to avoid opening of untrusted files from unknown sources.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-288459.pdfSSA-288459 V1.0: Heap Overflow Vulnerability in RFID terminals2021-09-14T00:00:00+00:00<p>A heap overflow vulnerability in dhclient of the affected products, which has been published alongside other vulnerabilities as part of NAME:WRECK could allow an attacker to potentially remotely execute code.</p>
<p>Siemens recommends specific countermeasures for products.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-316383.pdfSSA-316383 V1.0: NumberJack Vulnerability in LOGO! CMR family and SIMATIC RTU 3000 family2021-09-14T00:00:00+00:00<p>A vulnerability has been identified in the underlying TCP/IP stack of LOGO! CMR family and SIMATIC RTU 3000 family devices. It could allow an attacker with network access to the LAN interface of an affected device to hijack an ongoing connection or spoof a new one. The WAN interface, however, is not affected.</p>
<p>Siemens has released an update for the LOGO! CMR family and recommends to update to the latest version. Siemens is preparing further updates and recommends countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-330339.pdfSSA-330339 V1.0: Web Vulnerabilities in SINEC NMS2021-09-14T00:00:00+00:00<p>A recent update for SINEC NMS fixed multiple vulnerabilities. The most severe of these vulnerabilities could allow an attacker to manipulate the SINEC NMS configuration by tricking an admin to click on a malicious link.</p>
<p>Siemens has released an update for SINEC NMS and recommends to update to the latest version.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-334944.pdfSSA-334944 V1.0: Vulnerability in SINEMA Remote Connect Server2021-09-14T00:00:00+00:00<p>Multiple vulnerabilities in SINEMA Remote Connect Server could allow an unauthorized remote attacker to retrieve or manipulate sensitive information from the affected software. In addition, the attacker could also cause a Denial-of-Service condition in devices controlled by the affected software.</p>
<p>Siemens has released an update for the SINEMA Remote Connect Server and recommends to update to the latest version.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-413407.pdfSSA-413407 V1.0: Path Traversal Vulnerability in Teamcenter Active Workspace2021-09-14T00:00:00+00:00<p>Teamcenter Active Workspace contains a path traversal vulnerability that could lead to access control violations.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-535997.pdfSSA-535997 V1.0: Cleartext Storage of Sensitive Information in Multiple SIMATIC Products2021-09-14T00:00:00+00:00<p>A cleartext vulnerability was found in the SIMATIC communication processors CP 1543-1 and CP 1545-1 that could allow an attacker to read sensitive information.</p>
<p>Siemens has released an update for the SIMATIC CP 1543-1 (incl. SIPLUS variants) and recommends to update to the latest version. Siemens is preparing further updates and recommends countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-549234.pdfSSA-549234 V1.0: Denial-of-Service Vulnerability in SIMATIC NET CP Modules2021-09-14T00:00:00+00:00<p>A Denial of Service vulnerability was identified in different types of Communication Processors. An attacker could exploit this vulnerability causing the device to become un-operational until the device is restarted.</p>
<p>Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-676336.pdfSSA-676336 V1.0: OpenSSH Vulnerabilities in SCALANCE X-200 and X-300/X408 Switches2021-09-14T00:00:00+00:00<p>The latest update of the SCALANCE X-200 and X-300/X408 switches families fixes multiple OpenSSH vulnerabilities. The most severe of these vulnerabilities could allow a denial of service condition.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-692317.pdfSSA-692317 V1.0: Authorization Bypass Vulnerability in Industrial Edge2021-09-14T00:00:00+00:00<p>The latest update for Industrial Edge fixes a vulnerability that could allow an unauthenticated attacker to change the password of any user in the system. With this an attacker could impersonate any valid user on an affected system.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-756638.pdfSSA-756638 V1.0: Vulnerabilities in Third-Party Component Mbed TLS of LOGO! CMR Family and SIMATIC RTU 3000 Family2021-09-14T00:00:00+00:00<p>Devices of the LOGO! CMR family and the SIMATIC RTU 3000 family are affected by several vulnerabilities in the third party component Mbed TLS. They could allow an attacker with access to any of the interfaces of an affected device to impact the availability or to communicate with invalid certificates.</p>
<p>Siemens has released an update for the LOGO! CMR family and recommends to update to the latest version. Siemens is preparing further updates and recommends countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-835377.pdfSSA-835377 V1.0: Missing Authentication Vulnerability in SINEMA Server2021-09-14T00:00:00+00:00<p>The latest update for SINEMA Server fixes a vulnerability that could allow an unauthenticated attacker to obtain encoded system configuration backup files under certain conditions.</p>
<p>Siemens has released an update for the SINEMA Server and recommends to update to the latest version.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-987403.pdfSSA-987403 V1.0: Multiple Vulnerabilities in Teamcenter2021-09-14T00:00:00+00:00<p>Teamcenter is affected by three vulnerabilities namely incorrect privilege assignment, Insecure Direct Object Reference (IDOR) and XML External Entity Injection (XXE).</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-997732.pdfSSA-997732 V1.0: Modfem File Parsing Vulnerability in Simcenter Femap before V2021.22021-09-14T00:00:00+00:00<p>Siemens Simcenter Femap is affected by a vulnerability that could be triggered when the application reads modfem files. If a user is tricked to open a malicious file with the affected application, an attacker could leverage this vulnerability to leak information in the context of the current process.</p>
<p>Siemens recommends to update to the latest version line of Simcenter Femap (2021.2), which is not affected by this type of vulnerabilities. Siemens recommends to avoid opening of untrusted files from unknown sources.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-100232.pdfSSA-100232 V1.3 (Last Update: 2021-09-14): Denial-of-Service vulnerability in SCALANCE X Switches2021-09-14T00:00:00+00:00<p>A vulnerability in several SCALANCE X devices could allow an unauthenticated attacker with network access to an affected device to perform a denial-of-service.</p>
<p>Siemens has released an update for SCALANCE X-200IRT and recommends to update to the latest version. Siemens recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-102233.pdfSSA-102233 V1.6 (Last Update: 2021-09-14): SegmentSmack in VxWorks-based Industrial Devices2021-09-14T00:00:00+00:00<p>The products listed below contain a vulnerability that could allow remote attackers to affect the availability of the devices under certain conditions. The underlying TCP stack can be forced to make very computation expensive calls for every incoming packet which can lead to a Denial-of-Service.</p>
<p>Siemens has released an update for the SCALANCE X-200IRT switch family and recommends to update to the latest version. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-139628.pdfSSA-139628 V1.2 (Last Update: 2021-09-14): Vulnerabilities in Web Server for Scalance X Products2021-09-14T00:00:00+00:00<p>Several SCALANCE X switches contain vulnerabilities in the web server of the affected devices.</p>
<p>An unauthenticated attacker could reboot, cause denial-of-service conditions and potentially impact the system by other means through heap and buffer overflow vulnerabilities.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-187092.pdfSSA-187092 V1.1 (Last Update: 2021-09-14): Several Buffer-Overflow Vulnerabilities in Web Server of SCALANCE X-2002021-09-14T00:00:00+00:00<p>Several SCALANCE X-200 switches contain buffer overflow vulnerabilities in the web server.</p>
<p>In the most severe case an attacker could potentially remotely execute code.</p>
<p>Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-274900.pdfSSA-274900 V1.2 (Last Update: 2021-09-14): Use of hardcoded key in Scalance X devices under certain conditions2021-09-14T00:00:00+00:00<p>Scalance X devices might not generate a unique random key after factory reset, and use a private key shipped with the firmware</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-312271.pdfSSA-312271 V1.8 (Last Update: 2021-09-14): Unquoted Search Path Vulnerabilities in Windows-based Industrial Software Applications2021-09-14T00:00:00+00:00<p>Several industrial products as listed below contain a local privilege escalation vulnerabilities that could allow authorized local users with administrative privileges to execute custom code with SYSTEM level privileges.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-324955.pdfSSA-324955 V1.4 (Last Update: 2021-09-14): SAD DNS Attack in Linux Based Products2021-09-14T00:00:00+00:00<p>A vulnerability made public under the name SAD DNS affects Domain Name System resolvers due to a vulnerability in the Linux kernel when handling ICMP packets. The Siemens products which are affected are listed below. For more information please see <a href="https://www.saddns.net/" class="uri">https://www.saddns.net/</a>.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-428051.pdfSSA-428051 V1.1 (Last Update: 2021-09-14): Privilege Escalation Vulnerability in TIA Administrator2021-09-14T00:00:00+00:00<p>The latest update for TIA Administrator, installed together with TIA Portal and PCS neo, fixes a privilege escalation vulnerability that could allow local users to escalate privileges and execute code as local SYSTEM user.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-434534.pdfSSA-434534 V1.1 (Last Update: 2021-09-14): Memory Protection Bypass Vulnerability in SIMATIC S7-1200 and S7-1500 CPU Families2021-09-14T00:00:00+00:00<p>SIMATIC S7-1200 and S7-1500 CPU products contain a memory protection bypass vulnerability that could allow an attacker to write arbitrary data and code to protected memory areas or read sensitive data to launch further attacks.</p>
<p>Siemens has released updates for several affected products and strongly recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-434535.pdfSSA-434535 V1.1 (Last Update: 2021-09-14): Memory Protection Bypass Vulnerability in SINAMICS PERFECT HARMONY GH180 Drives2021-09-14T00:00:00+00:00<p>Several models of SINAMICS PERFECT HARMONY GH180 Drives are affected by a memory protection bypass vulnerability in the integrated S7-1500 or S7-1200 CPU that could allow an attacker to write arbitrary data and code to protected memory areas or read sensitive data to launch further attacks on the CPU.</p>
<p>Siemens provides new drives with the fix included and recommends specific countermeasures for older drives. The list of affected drive models can be found in the section “Additional Information”.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-434536.pdfSSA-434536 V1.1 (Last Update: 2021-09-14): Memory Protection Bypass Vulnerability in SINUMERIK ONE and SINUMERIK MC2021-09-14T00:00:00+00:00<p>SINUMERIK ONE and SINUMERIK MC products are affected by a memory protection bypass vulnerability in the integrated S7-1500 CPU that could allow an attacker to write arbitrary data and code to protected memory areas or read sensitive data to launch further attacks on the CPU.</p>
<p>Siemens has released updates for the affected products and recommends that customers update to the new version.</p>
https://cert-portal.siemens.com/productcert/pdf/ssb-439005.pdfSSB-439005 V3.7 (Last Update: 2021-09-14): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP2021-09-14T00:00:00+00:00https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdfSSA-462066 V2.5 (Last Update: 2021-09-14): Vulnerability known as TCP SACK PANIC in Industrial Products2021-09-14T00:00:00+00:00<p>Multiple industrial products are affected by a vulnerability in the kernel known as TCP SACK PANIC. The vulnerability could allow a remote attacker to cause a denial of service condition.</p>
<p>Siemens has released updates for several affected products and recommends to update to the new versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-538778.pdfSSA-538778 V1.1 (Last Update: 2021-09-14): SmartVNC Vulnerabilities in SIMATIC HMI/WinCC Products2021-09-14T00:00:00+00:00<p>Multiple SmartVNC vulnerabilities in the affected products listed below could allow remote code execution and Denial-of-Service attacks under certain conditions.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest version.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-599968.pdfSSA-599968 V1.2 (Last Update: 2021-09-14): Denial-of-Service Vulnerability in Profinet Devices2021-09-14T00:00:00+00:00<p>A vulnerability in affected devices could allow an attacker to perform a denial-of-service attack if a large amount of Profinet Discovery and Configuration Protocol (DCP) reset packets is sent to the affected devices.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-661034.pdfSSA-661034 V1.1 (Last Update: 2021-09-14): Incorrect Permission Assignment in Multiple SIMATIC Software Products2021-09-14T00:00:00+00:00<p>Multiple SIMATIC software products are affected by a vulnerability that could allow an attacker to change the content of certain metafiles and subsequently manipulate parameters or behaviour of devices configured by the affected software products.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-675303.pdfSSA-675303 V1.1 (Last Update: 2021-09-14): WIBU Systems CodeMeter Runtime Vulnerabilities in Siemens Products2021-09-14T00:00:00+00:00<p>WIBU Systems disclosed two vulnerabilities and a new release version of CodeMeter Runtime, a product provided by WIBU Systems and used in several Siemens products for license management.</p>
<p>The vulnerabilities are described in the section “Vulnerability Classification” below and got assigned the CVE IDs CVE-2021-20093 and CVE-2021-20094. Successful exploitation of these vulnerabilities could allow an attacker to read data from the heap of the CodeMeter Runtime network server, or crash the CodeMeter Runtime Server (i.e., CodeMeter.exe).</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-756744.pdfSSA-756744 V1.1 (Last Update: 2021-09-14): OS Command Injection Vulnerability in SINEC NMS2021-09-14T00:00:00+00:00<p>The latest update for SINEC NMS fixes a vulnerability that could allow an authenticated remote attacker to execute arbitrary code on the system, with system privileges, under certain conditions.</p>
<p>Siemens has released an update for SINEC NMS and recommends to update to the latest version.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-772220.pdfSSA-772220 V1.2 (Last Update: 2021-09-14): OpenSSL Vulnerabilities in Industrial Products2021-09-14T00:00:00+00:00<p>OpenSSL has published a security advisory [0] about a vulnerability in OpenSSL versions 1.1.1 < 1.1.1k, that allows an unauthenticated attacker to cause a Denial-of-Service (DoS) if a maliciously crafted renegotiation message is sent.</p>
<p>Siemens is preparing updates and recommends countermeasures for products where updates are not, or not yet available.</p>
<p>[0] <a href="https://www.openssl.org/news/secadv/20210325.txt" class="uri">https://www.openssl.org/news/secadv/20210325.txt</a></p>
https://cert-portal.siemens.com/productcert/pdf/ssa-780073.pdfSSA-780073 V1.8 (Last Update: 2021-09-14): Denial-of-Service Vulnerability in PROFINET Devices via DCE-RPC Packets2021-09-14T00:00:00+00:00<p>Products that include the Siemens PROFINET-IO (PNIO) stack in versMions prior V06.00 are potentially affected by a denial-of-service vulnerability when multiple legitimate diagnostic package requests are sent to the DCE-RPC interface.</p>
<p>Siemens has released updates for several affected products and recommends to update to the new versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
<p>Additionally, Siemens recommends other vendors of PROFINET devices to check if their products have incorporated a vulnerable version of the Siemens PNIO stack as part of the Siemens Development/Evaluation Kits.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-789208.pdfSSA-789208 V1.1 (Last Update: 2021-09-14): Multiple Vulnerabilities (INFRA:HALT) in Interniche IP-Stack based Low Voltage Devices2021-09-14T00:00:00+00:00<p>Security researchers discovered and disclosed 14 vulnerabilities in the Interniche IP stack, also known as “INFRA:HALT” vulnerabilities [0]. This advisory describes the impact to Siemens low voltage products, which are only affected by four out of the 14 vulnerabilities.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
<p>[0] <a href="https://www.forescout.com/blog/new-critical-operational-technology-vulnerabilities-found-on-nichestack/">https://www.forescout.com/blog/new-critical-operational-technology-vulnerabilities-found-on-nichestack/</a></p>
https://cert-portal.siemens.com/productcert/pdf/ssa-830194.pdfSSA-830194 V1.1 (Last Update: 2021-09-14): Missing Authentication Vulnerability in S7-1200 Devices2021-09-14T00:00:00+00:00<p>SIMATIC S7-1200 PLC, version V4.5.0 fails to authenticate against configured passwords when the affected device was provisioned using TIA Portal V13. This could allow an attacker using TIA Portal V13 or later versions to bypass authentication and download arbitrary programs to the PLC.</p>
<p>Siemens has released an update for SIMATIC S7-1200 and recommends to update to the latest version.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-865327.pdfSSA-865327 V1.1 (Last Update: 2021-09-14): Incorrect Authorization Vulnerability in Industrial Products2021-09-14T00:00:00+00:00<p>The latest updates for the below mentioned products fix a vulnerability that allows an unauthenticated attacker to read PLC variables from affected devices without proper authentication under certain circumstances.</p>
<p>Siemens has released updates for some of the affected products, is working on updates for the remaining affected products and recommends specific countermeasures until fixes are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-936080.pdfSSA-936080 V1.2 (Last Update: 2021-09-14): Multiple Vulnerabilities in Third-Party Component libcurl2021-09-14T00:00:00+00:00<p>SIMATIC CM 1542-1, SCALANCE SC600 family and SIMATIC CP 343-1 Advanced devices are vulnerable to a vulnerability in the third party component libcurl that could allow an attacker to cause a Denial-of-Service condition on the affected devices.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not, or not yet available.</p>
<p>The impact of additional libcurl vulnerabilities is described in <a href="https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf">Siemens Security Advisory SSA-436177</a>.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-938030.pdfSSA-938030 V1.1 (Last Update: 2021-09-14): DGN and PAR File Parsing Vulnerabilities in JT2Go and Teamcenter Visualization before V13.2.0.22021-09-14T00:00:00+00:00<p>Siemens has released version V13.2.0.2 for JT2Go and Teamcenter Visualization to fix three vulnerabilities that could be triggered while parsing DGN or PAR files. If a user is tricked to open a malicious file with the affected products, this could lead the application to crash or potential arbitrary code execution.</p>
<p>Siemens recommends to update to the latest versions and to limit opening of untrusted files from unknown sources in the affected products.</p>
<p>Note:</p>
<ul>
<li>This advisory also covers security vulnerabilities recently disclosed by Open Design Alliance [0]</li>
</ul>
<p>[0] <a href="https://www.opendesign.com/security-advisories">https://www.opendesign.com/security-advisories</a></p>
https://cert-portal.siemens.com/productcert/pdf/ssa-816035.pdfSSA-816035 V1.0: Code Execution Vulnerability in SINEMA Remote Connect Client2021-08-19T00:00:00+00:00<p>The latest update for SINEMA Remote Connect Client fixes a vulnerability that could allow a local attacker to escalate privileges or even allow remote code execution under certain circumstances.</p>
<p>Siemens has released a firmware update for SINEMA Remote Connect Client and proposes mitigations if an update is not possible.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-158827.pdfSSA-158827 V1.0: Denial-of-Service Vulnerability in Automation License Manager2021-08-10T00:00:00+00:00<p>A vulnerability was identified in the Automation License Manager software that could be triggered by sending specially crafted packets to port 4410/tcp of an affected system. This could cause a denial-of-service preventing legitimate users from using the system.</p>
<p>Siemens has released an update for the Automation License Manager 6 and recommends to update to the latest version. Siemens recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-309571.pdfSSA-309571 V1.0: IPU 2021.1 Vulnerabilities in Siemens Industrial Products using Intel CPUs (June 2021)2021-08-10T00:00:00+00:00<p>Intel has published information on vulnerabilities in Intel products in <a href="https://blogs.intel.com/technology/2021/06/intel-security-advisories-for-june-2021/">June 2021</a>. This advisory lists the related Siemens Industrial products affected by these vulnerabilities that can be patched by applying the corresponding BIOS update.</p>
<p>In this advisory we summarize:</p>
<ul>
<li><p>“2021.1 IPU – Intel® CSME, SPS and LMS Advisory” Intel-SA-00459,</p></li>
<li><p>“2021.1 IPU – BIOS Advisory” Intel-SA-00463,</p></li>
<li><p>“2021.1 IPU – Intel® Processor Advisory” Intel-SA-00464, and</p></li>
<li><p>“2021.1 IPU - Intel Atom® Processor Advisory” Intel-SA-00465.</p></li>
</ul>
<p>Siemens has released updates for several affected products and is currently working on BIOS updates that include chipset microcode updates for further products.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-365397.pdfSSA-365397 V1.0: Multiple File Parsing Vulnerabilities in JT2Go and Teamcenter Visualization before V13.2.0.12021-08-10T00:00:00+00:00<p>Siemens has released version V13.2.0.1 for JT2Go and Teamcenter Visualization to fix multiple vulnerabilities that could be triggered when the products read files in different file formats (CGM, DGN, DXF, and DWG). If a user is tricked to open a malicious file with the affected products, this could lead the application to crash or potentially arbitrary code execution.</p>
<p>Siemens recommends to update to the latest versions and to limit opening of untrusted files from unknown sources in the affected products.</p>
<p>Note:</p>
<ul>
<li>This advisory also covers security vulnerabilities recently disclosed by Open Design Alliance [0]</li>
</ul>
<p>[0] <a href="https://www.opendesign.com/security-advisories">https://www.opendesign.com/security-advisories</a></p>
https://cert-portal.siemens.com/productcert/pdf/ssa-679335.pdfSSA-679335 V1.0: Multiple Vulnerabilities in Embedded FTP Server of SIMATIC NET CP Modules2021-08-10T00:00:00+00:00<p>SIMATIC CP 1543-1 and CP 1545-1 devices are affected by multiple vulnerabilities in ProFTPD, a third party component, that could allow a remote attacker to access sensitive information and execute arbitrary code.</p>
<p>Siemens has released an update for SIMATIC NET CP 1543-1 and recommends to update to the latest version. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-756744.pdfSSA-756744 V1.0: OS Command Injection Vulnerability in SINEC NMS2021-08-10T00:00:00+00:00<p>The latest update for SINEC NMS fixes a vulnerability that could allow an authenticated remote attacker to execute arbitrary code on the system, with system privileges, under certain conditions.</p>
<p>Siemens has released an update for SINEC NMS and recommends to update to the latest version.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-818688.pdfSSA-818688 V1.0: Multiple Vulnerabilities in Solid Edge before SE2021MP72021-08-10T00:00:00+00:00<p>Siemens has released a new version for Solid Edge that fixes three vulnerabilities - an XML external entity (XXE) injection, and two file parsing issues which could be triggered when the application reads OBJ files.</p>
<p>If a user is tricked to opening a malicious file using the affected application this could lead the application to crash, or potentially arbitrary code execution and data extraction on the target host system.</p>
<p>Siemens recommends to update to the latest version and to limit opening of files from unknown sources in the affected products.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-830194.pdfSSA-830194 V1.0: Missing Authentication Vulnerability in S7-1200 Devices2021-08-10T00:00:00+00:00<p>SIMATIC S7-1200 PLC, version V4.5.0 fails to authenticate against configured passwords when the affected device was provisioned using TIA Portal V13. This could allow an attacker using TIA Portal V17 or later versions to bypass authentication and download arbitrary programs to the PLC.</p>
<p>Siemens has released an update for SIMATIC S7-1200 and recommends to update to the latest version.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-865327.pdfSSA-865327 V1.0: Incorrect Authorization Vulnerability in Industrial Products2021-08-10T00:00:00+00:00<p>The latest updates for the below mentioned products fix a vulnerability that allows an unauthenticated attacker to read PLC variables from affected devices without proper authentication under certain circumstances.</p>
<p>Siemens has released updates for some of the affected products, is working on updates for the remaining affected products and recommends specific countermeasures until fixes are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-938030.pdfSSA-938030 V1.0: DGN and PAR File Parsing Vulnerabilities in JT2Go and Teamcenter Visualization before V13.2.0.22021-08-10T00:00:00+00:00<p>Siemens has released version V13.2.0.2 for JT2Go and Teamcenter Visualization to fix three vulnerabilities that could be triggered while parsing DGN or PAR files. If a user is tricked to open a malicious file with the affected products, this could lead the application to crash or potential arbitrary code execution.</p>
<p>Siemens recommends to update to the latest versions and to limit opening of untrusted files from unknown sources in the affected products.</p>
<p>Note:</p>
<ul>
<li>This advisory also covers security vulnerabilities recently disclosed by Open Design Alliance [0]</li>
</ul>
<p>[0] <a href="https://www.opendesign.com/security-advisories">https://www.opendesign.com/security-advisories</a></p>
https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdfSSA-286838 V1.1 (Last Update: 2021-08-10): Multiple Vulnerabilities in SINAMICS Medium Voltage Products2021-08-10T00:00:00+00:00<p>SINAMICS medium voltage products, with Sm@rtServer enabled on SIMATIC comfort HMI Panels, are affected by multiple vulnerabilities that could allow an attacker, under certain conditions, to gain full remote access to the HMI. Note that by default Sm@rtServer is disabled, but it can be enabled by the system integrator on request.</p>
<p>Siemens has released updates for the affected products, and recommends to update them to the latest version.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-324955.pdfSSA-324955 V1.3 (Last Update: 2021-08-10): SAD DNS Attack in Linux Based Products2021-08-10T00:00:00+00:00<p>A vulnerability made public under the name SAD DNS affects Domain Name System resolvers due to a vulnerability in the Linux kernel when handling ICMP packets. The Siemens products which are affected are listed below. For more information please see <a href="https://www.saddns.net/" class="uri">https://www.saddns.net/</a>.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssb-439005.pdfSSB-439005 V3.6 (Last Update: 2021-08-10): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP2021-08-10T00:00:00+00:00https://cert-portal.siemens.com/productcert/pdf/ssa-492828.pdfSSA-492828 V1.1 (Last Update: 2021-08-10): Denial-of-Service Vulnerability in SIMATIC S7-300 CPUs and SINUMERIK Controller2021-08-10T00:00:00+00:00<p>A vulnerability in S7-300 might allow an attacker to cause a Denial-of-Service condition on port 102 of the affected devices by sending specially crafted packets.</p>
<p>Siemens is preparing updates and recommends specific countermeasures until fixes are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-541018.pdfSSA-541018 V1.2 (Last Update: 2021-08-10): Embedded TCP/IP Stack Vulnerabilities (AMNESIA:33) in SENTRON PAC / 3VA Devices (Part 2)2021-08-10T00:00:00+00:00<p>Security researchers discovered and disclosed 33 vulnerabilities in several open-source TCP/IP stacks for embedded devices, also known as “AMNESIA:33” vulnerabilities.</p>
<p>This advisory describes the impact of two of these vulnerabilities (CVE-2020-13987, CVE-2020-17437) to Siemens products.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
<p>The impact of another “AMNESIA:33” vulnerability (CVE-2020-13988) is described in <a href="https://cert-portal.siemens.com/productcert/pdf/ssa-541017.pdf">Siemens Security Advisory SSA-541017</a>.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-599968.pdfSSA-599968 V1.1 (Last Update: 2021-08-10): Denial-of-Service Vulnerability in Profinet Devices2021-08-10T00:00:00+00:00<p>A vulnerability in affected devices could allow an attacker to perform a denial-of-service attack if a large amount of Profinet Discovery and Configuration Protocol (DCP) reset packets is sent to the affected devices.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-678983.pdfSSA-678983 V1.2 (Last Update: 2021-08-10): Vulnerabilities in Industrial PCs and CNC devices using Intel CPUs (November 2020)2021-08-10T00:00:00+00:00<p>Intel has published information on vulnerabilities in Intel products in <a href="https://blogs.intel.com/technology/2020/11/ipas-security-advisories-for-november-2020/">November 2020</a>. This advisory lists the Siemens IPC related products, that are affected by these vulnerabilities.</p>
<p>In this advisory we take a representative CVE from each advisory:</p>
<ul>
<li><p>“Intel CSME, SPS, TXE, AMT and DAL Advisory” Intel-SA-00391 is represented by CVE-2020-8745</p></li>
<li><p>“Intel RAPL Interface Advisory” Intel-SA-00389 is represented by CVE-2020-8694</p></li>
<li><p>“Intel Processor Advisory” Intel-SA-00381 is represented by CVE-2020-8698, and</p></li>
<li><p>“BIOS Advisory” Intel-SA-00358 is represented by CVE-2020-0590.</p></li>
</ul>
<p>Siemens has released updates for several affected products and is currently working on BIOS updates that include chipset microcode updates for further products.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdfSSA-723417 V1.1 (Last Update: 2021-08-10): Multiple Vulnerabilities in SCALANCE W1750D2021-08-10T00:00:00+00:00<p>Siemens SCALANCE W1750D is a brand-labeled device. Aruba has released a related security advisory <a href="https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt">ARUBA-PSA-2021-007</a> disclosing vulnerabilities in its Aruba Instant product line.</p>
<p>Siemens is preparing updates and recommends countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-752103.pdfSSA-752103 V1.1 (Last Update: 2021-08-10): Telnet Authentication Vulnerability in SINAMICS Medium Voltage Products2021-08-10T00:00:00+00:00<p>SINAMICS medium voltage products, with telnet enabled on SIMATIC comfort HMI Panels, are affected by a remote access vulnerability that could allow an attacker, under certain conditions, to gain full remote access to the HMI. Note that by default telnet is disabled, but it can be enabled by the system integrator on request.</p>
<p>Siemens has released updates for the affected products, and recommends to update them to the latest version.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-772220.pdfSSA-772220 V1.1 (Last Update: 2021-08-10): OpenSSL Vulnerabilities in Industrial Products2021-08-10T00:00:00+00:00<p>OpenSSL has published a security advisory [0] about a vulnerability in OpenSSL versions 1.1.1 < 1.1.1k, that allows an unauthenticated attacker to cause a Denial-of-Service (DoS) if a maliciously crafted renegotiation message is sent.</p>
<p>Siemens is preparing updates and recommends countermeasures for products where updates are not, or not yet available.</p>
<p>[0] <a href="https://www.openssl.org/news/secadv/20210325.txt" class="uri">https://www.openssl.org/news/secadv/20210325.txt</a></p>
https://cert-portal.siemens.com/productcert/pdf/ssa-941426.pdfSSA-941426 V1.1 (Last Update: 2021-08-10): Multiple LLDP Vulnerabilities in Industrial Products2021-08-10T00:00:00+00:00<p>There are multiple vulnerabilities in an underlying Link Layer Discovery Protocol (LLDP) third party library.</p>
<p>Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-789208.pdfSSA-789208 V1.0: Multiple Vulnerabilities (INFRA:HALT) in Interniche IP-Stack based Low Voltage Devices2021-08-04T00:00:00+00:00<p>Security researchers discovered and disclosed 14 vulnerabilities in the Interniche IP stack, also known as “INFRA:HALT” vulnerabilities [0]. This advisory describes the impact to Siemens low voltage products, which are only affected by four out of the 14 vulnerabilities.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
<p>[0] <a href="https://www.forescout.com/blog/new-critical-operational-technology-vulnerabilities-found-on-nichestack/">https://www.forescout.com/blog/new-critical-operational-technology-vulnerabilities-found-on-nichestack/</a></p>
https://cert-portal.siemens.com/productcert/pdf/ssa-173615.pdfSSA-173615 V1.0: Multiple PAR and ASM File Parsing Vulnerabilities in Solid Edge2021-07-13T00:00:00+00:00<p>Siemens has released version SE2021MP5 for Solid Edge to fix multiple heap based buffer overflow vulnerabilities that could be triggered when the application read files in PAR or ASM file formats. If a user is tricked to open a malicious file with the affected application, this could lead to a crash, and potentially also to arbitrary code execution.</p>
<p>Siemens recommends to update to the latest version and to avoid opening of untrusted files from unknown sources.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-209268.pdfSSA-209268 V1.0: Multiple JT File Parsing Vulnerabilities in JT Utilities before V13.0.2.02021-07-13T00:00:00+00:00<p>Siemens has released version V13.0.2.0 for JT Utilities to fix multiple vulnerabilities that could be triggered when reading JT files.</p>
<p>Siemens recommends to update to the latest version, which contains solutions to all the vulnerabilities listed in this advisory. Standing recommendation is to avoid opening of untrusted files from unknown sources in the affected product, as this generally mitigates the risk of exploitation of this class of vulnerabilities for any product release.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-373591.pdfSSA-373591 V1.0: Buffer Overflow Vulnerability in RUGGEDCOM ROS Devices2021-07-13T00:00:00+00:00<p>The latest update for RUGGEDCOM ROS devices fixes a buffer overflow vulnerability in the third party component that could allow an attacker with network access to an affected device to cause a remote code execution condition.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-434535.pdfSSA-434535 V1.0: Memory Protection Bypass Vulnerability in SINAMICS PERFECT HARMONY GH180 Drives2021-07-13T00:00:00+00:00<p>Several models of SINAMICS PERFECT HARMONY GH180 Drives are affected by a memory protection bypass vulnerability in the integrated S7-1500 or S7-1200 CPU that could allow an attacker to write arbitrary data and code to protected memory areas or read sensitive data to launch further attacks on the CPU.</p>
<p>Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-434536.pdfSSA-434536 V1.0: Memory Protection Bypass Vulnerability in SINUMERIK ONE and SINUMERIK MC2021-07-13T00:00:00+00:00<p>SINUMERIK ONE and SINUMERIK MC products are affected by a memory protection bypass vulnerability in the integrated S7-1500 CPU that could allow an attacker to write arbitrary data and code to protected memory areas or read sensitive data to launch further attacks on the CPU.</p>
<p>Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdfSSA-483182 V1.0: Multiple File Parsing Vulnerabilities in JT2Go and Teamcenter Visualization before V13.22021-07-13T00:00:00+00:00<p>Siemens has released version V13.2 for JT2Go and Teamcenter Visualization to fix multiple vulnerabilities that could be triggered when the products read files in different file formats (GIF, TIFF, BMP, J2K, JT, SGI, PDF, PCT, PCX, PAR and ASM ). If a user is tricked to opening of a malicious file with the affected products, this could lead to application crash, or potentially arbitrary code execution on the target host system.</p>
<p>Siemens recommends to update to the latest versions and to limit opening of untrusted files from unknown sources in the affected products.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-560465.pdfSSA-560465 V1.0: DHCP Client Vulnerability in VxWorks-based Industrial Products2021-07-13T00:00:00+00:00<p>Various industry products are affected by a DHCP client vulnerability in Wind River VxWorks, that could allow an attacker to cause a heap-based buffer overflow.</p>
<p>Siemens recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-599968.pdfSSA-599968 V1.0: Denial-of-Service Vulnerability in Profinet Devices2021-07-13T00:00:00+00:00<p>A vulnerability in affected devices could allow an attacker to perform a denial-of-service attack if a large amount of Profinet Discovery and Configuration Protocol (DCP) reset packets is sent to the affected devices.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-622535.pdfSSA-622535 V1.0: Multiple Vulnerabilities in Teamcenter Active Workspace2021-07-13T00:00:00+00:00<p>Multiple vulnerabilities affecting Teamcenter Active Workspace could lead to sensitive information disclosure and reflected cross site scripting.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-641963.pdfSSA-641963 V1.0: Remote Code Execution Vulnerability in Multiple SIMATIC Software Products2021-07-13T00:00:00+00:00<p>Multiple SIMATIC Software products are affected by a vulnerability that could allow an attacker to manipulate project files and remotely execute code.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-661034.pdfSSA-661034 V1.0: Incorrect Permission Assignment in Multiple SIMATIC Software Products2021-07-13T00:00:00+00:00<p>Multiple SIMATIC software products are affected by a vulnerability that could allow an attacker to change the content of certain metafiles and subsequently manipulate parameters or behaviour of devices configured by the affected software products.</p>
<p>Siemens has released an update for the SIMATIC STEP 7 V5.X and recommends to update to the latest version. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-675303.pdfSSA-675303 V1.0: WIBU Systems CodeMeter Runtime Vulnerabilities in Siemens Products2021-07-13T00:00:00+00:00<p>WIBU Systems disclosed two vulnerabilities and a new release version of CodeMeter Runtime, a product provided by WIBU Systems and used in several Siemens products for license management.</p>
<p>The vulnerabilities are described in the section “Vulnerability Classification” below and got assigned the CVE IDs CVE-2021-20093 and CVE-2021-20094. Successful exploitation of these vulnerabilities could allow an attacker to read data from the heap of the CodeMeter Runtime network server, or crash the CodeMeter Runtime Server (i.e., CodeMeter.exe).</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-729965.pdfSSA-729965 V1.0: TLS Certificate Validation Vulnerability in SINUMERIK Integrate Operate Client2021-07-13T00:00:00+00:00<p>The latest update for SINUMERIK Integrate Operate Client fixes a vulnerability that could allow an attacker to spoof any SSL server certificate and conduct man-in-the-middle attacks.</p>
<p>Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-772220.pdfSSA-772220 V1.0: OpenSSL Vulnerabilities in Industrial Products2021-07-13T00:00:00+00:00<p>OpenSSL has published a security advisory [0] about a vulnerability in OpenSSL versions 1.1.1 < k, that allows an unauthenticated attacker to cause a Denial-of-Service (DoS) if a a maliciously crafted renegotiation message is sent.</p>
<p>Siemens is preparing updates and recommends countermeasures for products where updates are not, or not yet available.</p>
<p>[0] <a href="https://www.openssl.org/news/secadv/20210325.txt" class="uri">https://www.openssl.org/news/secadv/20210325.txt</a></p>
https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdfSSA-913875 V1.0: Frame Aggregation and Fragmentation Vulnerabilities in 802.112021-07-13T00:00:00+00:00<p>Twelve vulnerabilities in the implementation of frame aggregation and fragmentation of the 802.11 standard, under the name of <a href="https://www.fragattacks.com/">FragAttacks</a>, have been published.</p>
<p>Successful exploitation of these vulnerabilities could allow an attacker within Wi-Fi range to forge encrypted frames, which could result in sensitive data disclosure and possibly traffic manipulation.</p>
<p>The advised Siemens products are only affected by some of the published vulnerabilities.</p>
<p>Siemens is preparing updates and recommends countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-941426.pdfSSA-941426 V1.0: Multiple LLDP Vulnerabilities in Industrial Products2021-07-13T00:00:00+00:00<p>There are multiple vulnerabilities in an underlying Link Layer Discovery Protocol (LLDP) third party library.</p>
<p>Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-324955.pdfSSA-324955 V1.2 (Last Update: 2021-07-13): SAD DNS Attack in Linux Based Products2021-07-13T00:00:00+00:00<p>A vulnerability made public under the name SAD DNS affects Domain Name System resolvers due to a vulnerability in the Linux kernel when handling ICMP packets. The Siemens products which are affected are listed below. For more information please see <a href="https://www.saddns.net/" class="uri">https://www.saddns.net/</a>.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssb-439005.pdfSSB-439005 V3.5 (Last Update: 2021-07-13): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP2021-07-13T00:00:00+00:00https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdfSSA-462066 V2.4 (Last Update: 2021-07-13): Vulnerability known as TCP SACK PANIC in Industrial Products2021-07-13T00:00:00+00:00<p>Multiple industrial products are affected by a vulnerability in the kernel known as TCP SACK PANIC. The vulnerability could allow a remote attacker to cause a denial of service condition.</p>
<p>Siemens has released updates for several affected products and recommends to update to the new versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdfSSA-841348 V1.8 (Last Update: 2021-07-13): Multiple Vulnerabilities in the UMC Stack2021-07-13T00:00:00+00:00<p>The latest update for the below listed products fixes two security vulnerabilities that could allow an attacker to cause a partial Denial-of-Service on the UMC component of the affected devices under certain circumstances, and one vulnerability that could allow an attacker to locally escalate privileges from a user with administrative privileges to execute code with SYSTEM level privileges.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-133038.pdfSSA-133038 V1.0: Multiple Modfem File Parsing Vulnerabilities in Simcenter Femap2021-06-08T00:00:00+00:00<p>Siemens Simcenter Femap is affected by two vulnerabilities that could be triggered when the application reads modfem files. If a user is tricked to open a malicious file with the affected application, this could lead to a crash, and potentially also to arbitrary code execution or data extraction on the target host system.</p>
<p>Siemens has released updates for Simcenter Femap and recommends to update to the latest version to fix the vulnerabilities. Siemens recommends to avoid opening of untrusted files from unknown sources.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-200951.pdfSSA-200951 V1.0: Multiple Vulnerabilities in Third-Party Component libcurl of TIM Devices2021-06-08T00:00:00+00:00<p>SIMATIC TIM 1531 IRC devices are vulnerable to multiple vulnerabilities in the third party component libcurl that could allow an attacker to extract sensitive information and pass a revoked certificate as valid.</p>
<p>Siemens has released an update for SIMATIC TIM 1531 IRC and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-208356.pdfSSA-208356 V1.0: DFT File Parsing Vulnerabilities in Solid Edge2021-06-08T00:00:00+00:00<p>Siemens has released a new version for Solid Edge to fix two vulnerabilities that could be triggered when the application read files in DFT file format. If a user is tricked to opening of a malicious file with the affected products, this could lead to application crash, or potentially arbitrary code execution on the target host system.</p>
<p>Siemens recommends to update to the latest versions and to limit opening of untrusted files from unknown sources in the affected products.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdfSSA-211752 V1.0: Multiple NTP-Client Related Vulnerabilities in SIMATIC NET CP 443-1 OPC UA2021-06-08T00:00:00+00:00<p>All versions of the SIMATIC NET CP 443-1 OPC UA contain multiple vulnerabilities in the underlying third party component NTP.</p>
<p>Siemens recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-419820.pdfSSA-419820 V1.0: Denial-of-Service Vulnerability in TIM 1531 IRC2021-06-08T00:00:00+00:00<p>The latest update for TIM 1531 IRC fixes a vulnerability that could allow a remote attacker to cause a denial-of-service under certain circumstances.</p>
<p>Siemens has released an update for the TIM 1531 IRC and recommends to update to the latest version.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-645530.pdfSSA-645530 V1.0: TIFF File Parsing Vulnerability in JT2Go and Teamcenter Visualization before V13.1.0.32021-06-08T00:00:00+00:00<p>Siemens has released version V13.1.0.3 for JT2Go and Teamcenter Visualization to fix a vulnerability that could be triggered when the products read files in TIFF file format. If a user is tricked to opening of a malicious file with the affected products, this could lead to application crash, or potentially arbitrary code execution or data extraction on the target host system.</p>
<p>Siemens recommends to update to the latest versions and to limit opening of untrusted files from unknown sources in the affected products.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-787292.pdfSSA-787292 V1.0: Denial-of-Service Vulnerability in SIMATIC RFID Readers2021-06-08T00:00:00+00:00<p>The latest updates for SIMATIC RF products fix a vulnerability that could allow an unauthorized attacker to crash the OPC UA service of the affected devices.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-293562.pdfSSA-293562 V3.2 (Last Update: 2021-06-08): Vulnerabilities in Industrial Products2021-06-08T00:00:00+00:00<p>Several industrial devices are affected by two vulnerabilities that could allow an attacker to cause a Denial-of-Service condition via PROFINET DCP network packets under certain circumstances. The precondition for this scenario is a direct layer 2 access to the affected products. PROFIBUS interfaces are not affected.</p>
<p>Siemens has released updates for several affected products and recommends to update to the new versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-312271.pdfSSA-312271 V1.7 (Last Update: 2021-06-08): Unquoted Search Path Vulnerabilities in Windows-based Industrial Software Applications2021-06-08T00:00:00+00:00<p>The latest update for affected products fix local privilege escalation vulnerabilities that could allow authorized local users with administrative privileges to execute custom code with SYSTEM level privileges.</p>
<p>Siemens has released updates for some of the affected products, and is working on further updates. For the remaining affected products, Siemens recommends specific countermeasures until fixes are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-324955.pdfSSA-324955 V1.1 (Last Update: 2021-06-08): SAD DNS Attack in Linux Based Products2021-06-08T00:00:00+00:00<p>A vulnerability made public under the name SAD DNS affects Domain Name System resolvers due to a vulnerability in the Linux kernel when handling ICMP packets. The Siemens products which are affected are listed below. For more information please see <a href="https://www.saddns.net/" class="uri">https://www.saddns.net/</a>.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-346262.pdfSSA-346262 V3.0 (Last Update: 2021-06-08): Denial-of-Service in Industrial Products2021-06-08T00:00:00+00:00<p>Several industrial products are affected by a vulnerability that could allow remote attackers to conduct a Denial-of-Service (DoS) attack by sending specially crafted packets to port 161/udp (SNMP).</p>
<p>Siemens has released updates for several affected products, and recommends that customers update to the new version. Siemens is preparing further updates and recommends specific countermeasures until patches are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-473245.pdfSSA-473245 V2.0 (Last Update: 2021-06-08): Denial-of-Service Vulnerability in Profinet Devices2021-06-08T00:00:00+00:00<p>A vulnerability in affected devices could allow an attacker to perform a denial-of-service attack if a large amount of specially crafted UDP packets are sent to the device.</p>
<p>Siemens has released updates for several affected products, and recommends that customers update to the new version. Siemens is preparing further updates and recommends specific countermeasures until patches are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-534763.pdfSSA-534763 V1.5 (Last Update: 2021-06-08): Special Register Buffer Data Sampling (SRBDS) aka Crosstalk in Industrial Products2021-06-08T00:00:00+00:00<p>Security researchers published information on a vulnerability known as Crosstalk (<a href="https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00320.html">INTEL-SA-00320</a>). This vulnerability affects modern Intel processors to a varying degree.</p>
<p>Several Siemens Industrial Products contain processors that are affected by the vulnerability.</p>
<p>Siemens is preparing updates and recommends specific countermeasures until fixes are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-542525.pdfSSA-542525 V1.3 (Last Update: 2021-06-08): Authentication Vulnerabilities in SIMATIC HMI Products2021-06-08T00:00:00+00:00<p>SIMATIC HMI Products are affected by two vulnerabilities that could allow a remote attacker to discover user passwords and obtain access to the Sm@rt Server via a brute-force attack.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions. Siemens also suggests following the listed mitigations for the Unified Comfort Panels.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-574442.pdfSSA-574442 V1.1 (Last Update: 2021-06-08): Multiple PAR and DFT File Parsing Vulnerabilities in Solid Edge2021-06-08T00:00:00+00:00<p>Siemens has released a new version for Solid Edge to fix multiple vulnerabilities that could be triggered when the application reads files in different file formats (PAR, DFT extensions). If a user is tricked to open a malicious file with the affected application, this could lead to a crash, and potentially also to arbitrary code execution or data extraction on the target host system.</p>
<p>Siemens recommends to update to the latest version and to avoid opening of untrusted files from unknown sources.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-678983.pdfSSA-678983 V1.1 (Last Update: 2021-06-08): Vulnerabilities in Industrial PCs and CNC devices using Intel CPUs (November 2020)2021-06-08T00:00:00+00:00<p>Intel has published information on vulnerabilities in Intel products in <a href="https://blogs.intel.com/technology/2020/11/ipas-security-advisories-for-november-2020/">November 2020</a>. This advisory lists the Siemens IPC related products, that are affected by these vulnerabilities.</p>
<p>In this advisory we take a representative CVE from each advisory:</p>
<ul>
<li><p>“Intel CSME, SPS, TXE, AMT and DAL Advisory” Intel-SA-00391 is represented by CVE-2020-8745</p></li>
<li><p>“Intel RAPL Interface Advisory” Intel-SA-00389 is represented by CVE-2020-8694</p></li>
<li><p>“Intel Processor Advisory” Intel-SA-00381 is represented by CVE-2020-8698, and</p></li>
<li><p>“BIOS Advisory” Intel-SA-00358 is represented by CVE-2020-0590.</p></li>
</ul>
<p>Siemens has released updates for several affected products and is currently working on BIOS updates that include chipset microcode updates for further products.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-434534.pdfSSA-434534 V1.0: Memory Protection Bypass Vulnerability in SIMATIC S7-1200 and S7-1500 CPU Families2021-05-28T00:00:00+00:00<p>SIMATIC S7-1200 and S7-1500 CPU products contain a memory protection bypass vulnerability that could allow an attacker to write arbitrary data and code to protected memory areas or read sensitive data to launch further attacks.</p>
<p>Siemens has released updates for several affected products and strongly recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-119468.pdfSSA-119468 V1.0: Luxion KeyShot Vulnerabilities in Solid Edge2021-05-25T00:00:00+00:00<p>The Solid Edge installation package includes a specific version of the third-party product <a href="https://www.keyshot.com">KeyShot from Luxion</a>, which may not contain the latest security fixes provided by Luxion.</p>
<p>Siemens recommends to update KeyShot according to the information in the <a href="https://download.keyshot.com/cert/lsa-394129/lsa-394129.pdf">Luxion Security Advisory LSA-394129</a>.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdfSSA-622830 V1.2 (Last Update: 2021-05-17): Multiple File Parsing Vulnerabilities in JT2Go and Teamcenter Visualization before V13.1.02021-05-17T00:00:00+00:00<p>Siemens has released version V13.1.0 for JT2Go and Teamcenter Visualization to fix multiple vulnerabilities that could be triggered when the products read files in different file formats (JT, XML, CG4, CGM, PDF, RGB, SGI, TGA, PAR, PCX). If a user is tricked to opening of a malicious file with the affected products, this could lead to application crash, or potentially arbitrary code execution or data extraction on the target host system.</p>
<p>Siemens recommends to update to the latest versions and to limit opening of untrusted files from unknown sources in the affected products. Please refer to SSA-663999 [0] and SSA-695540 [1] for further information regarding later version updates.</p>
<p>Note: Previous versions of this advisory also contained the vulnerabilities CVE-2020-26989, CVE-2020-26990, and CVE-2020-28383 (now addressed in [0]) and CVE-2020-26991 (now addressed in [1]).</p>
<p>[0] <a href="https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf">https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf</a></p>
<p>[1] <a href="https://cert-portal.siemens.com/productcert/pdf/ssa-695540.pdf">https://cert-portal.siemens.com/productcert/pdf/ssa-695540.pdf</a></p>
https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdfSSA-663999 V1.1 (Last Update: 2021-05-17): Multiple File Parsing Vulnerabilities in JT2Go and Teamcenter Visualization before V13.1.0.12021-05-17T00:00:00+00:00<p>Siemens has released version V13.1.0.1 for JT2Go and Teamcenter Visualization to fix multiple vulnerabilities that could be triggered when the products read files in different file formats (BMP, TIFF, CGM, TGA, PCT, HPG, PLT, RAS, PAR, ASM, DXF, DWG). If a user is tricked to opening of a malicious file with the affected products, this could lead to application crash, or potentially arbitrary code execution or data extraction on the target host system.</p>
<p>Siemens recommends to update to the latest versions and to limit opening of untrusted files from unknown sources in the affected products.</p>
<p>Notes:</p>
<ul>
<li><p>Previous versions of this advisory incorrectly listed the following vulnerabilities as being fixed in V13.1.0.1: CVE-2020-26991, CVE-2020-26998, CVE-2020-26999, CVE-2020-27001 and CVE-2020-27002. Those were fixed in V13.1.0.2 and are therefore addressed in advisory SSA-695540 [0]</p></li>
<li><p>The vulnerability CVE-2020-28383 was incorrectly listed in SSA-622830 [1] as being fixed in V13.1.0.0. This was fixed in V13.1.0.1 and therefore added here</p></li>
<li><p>The Open Design Alliance [2] recently disclosed an additional vulnerability (CVE-2021-31784) which is also covered in this advisory</p></li>
</ul>
<p>[0] <a href="https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf">https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf</a></p>
<p>[1] <a href="https://cert-portal.siemens.com/productcert/pdf/ssa-695540.pdf">https://cert-portal.siemens.com/productcert/pdf/ssa-695540.pdf</a></p>
<p>[2] <a href="https://www.opendesign.com/security-advisories">https://www.opendesign.com/security-advisories</a></p>
https://cert-portal.siemens.com/productcert/pdf/ssa-695540.pdfSSA-695540 V1.0: ASM and PAR File Parsing Vulnerabilities in JT2Go and Teamcenter Visualization before V13.1.0.22021-05-17T00:00:00+00:00<p>Siemens has released version V13.1.0.2 for JT2Go and Teamcenter Visualization to fix multiple vulnerabilities that could be triggered when the products read files in ASM and PAR file formats. If a user is tricked to opening of a malicious file with the affected products, this could lead to application crash, or potentially arbitrary code execution or data extraction on the target host system.</p>
<p>Siemens recommends to update to the latest versions and to limit opening of untrusted files from unknown sources in the affected products.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-116379.pdfSSA-116379 V1.0: Denial-of-Service Vulnerability in OSPF Packet Handling of SCALANCE XM-400 and XR-500 Devices2021-05-11T00:00:00+00:00<p>SCALANCE XM-400 and XR-500 devices contain a vulnerability in the OSPF protocol implementation that could allow an unauthenticated remote attacker to create a permanent denial-of-service condition.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdfSSA-286838 V1.0: Multiple Vulnerabilities in SINAMICS Medium Voltage Products2021-05-11T00:00:00+00:00<p>SINAMICS medium voltage products, with Sm@rtServer enabled on SIMATIC comfort HMI Panels, are affected by multiple vulnerabilities that could allow an attacker, under certain conditions, to gain full remote access to the HMI. Note that by default Sm@rtServer is disabled, but it can be enabled on request by the system integrator.</p>
<p>Siemens has released updates for some of the affected products, and recommends to update them to the latest version without undue delay. For the remaining affected products, Siemens is attempting to provide updates and recommends countermeasures (see recommendations from section Workarounds and Mitigations) for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-324955.pdfSSA-324955 V1.0: SAD DNS Attack in Linux Based Products2021-05-11T00:00:00+00:00<p>A vulnerability made public under the name SAD DNS affects Domain Name System resolvers due to a vulnerability in the Linux kernel when handling ICMP packets. The Siemens products which are affected are listed below. For more information please see <a href="https://www.saddns.net/" class="uri">https://www.saddns.net/</a>.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-501073.pdfSSA-501073 V1.0: Vulnerabilities in Controllers CPU 1518 MFP using Intel CPUs (November 2020)2021-05-11T00:00:00+00:00<p>Intel has published information on vulnerabilities in Intel products in <a href="https://blogs.intel.com/technology/2020/11/ipas-security-advisories-for-november-2020/">November 2020</a>. This advisory lists the Siemens Controllers that are affected by these vulnerabilities.</p>
<p>In this advisory we take a representative CVE from each advisory:</p>
<ul>
<li><p>“Intel CSME, SPS, TXE, AMT and DAL Advisory” Intel-SA-00391 is represented by CVE-2020-8744</p></li>
<li><p>“BIOS Advisory” Intel-SA-00358 is represented by CVE-2020-0591.</p></li>
</ul>
<p>Siemens is currently working on BIOS updates that include chipset microcode updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-538778.pdfSSA-538778 V1.0: SmartVNC Vulnerabilities in SIMATIC HMI/WinCC Products2021-05-11T00:00:00+00:00<p>Multiple SmartVNC vulnerabilities in the affected products listed below could allow remote code execution and Denial-of-Service attacks under certain conditions.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest version.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-594364.pdfSSA-594364 V1.0: Denial-of-Service Vulnerability in SNMP Implementation of WinCC Runtime2021-05-11T00:00:00+00:00<p>A denial-of-service vulnerability in WinCC Runtime could allow an unauthenticated attacker with network access to cause a denial-of-service condition in the SNMP service by sending crafted SNMP packets to port 161/udp.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-676775.pdfSSA-676775 V1.0: Denial-of-Service Vulnerability in SIMATIC NET CP 343-1 Devices2021-05-11T00:00:00+00:00<p>A vulnerability in SIMATIC CP343-1 devices could allow an attacker to cause a Denial-of-Service condition on TCP port 102 of the affected devices by sending specially crafted packets.</p>
<p>Siemens recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-678983.pdfSSA-678983 V1.0: Vulnerabilities in Industrial PCs and CNC devices using Intel CPUs (November 2020)2021-05-11T00:00:00+00:00<p>Intel has published information on vulnerabilities in Intel products in <a href="https://blogs.intel.com/technology/2020/11/ipas-security-advisories-for-november-2020/">November 2020</a>. This advisory lists the Siemens IPC related products, that are affected by these vulnerabilities.</p>
<p>In this advisory we take a representative CVE from each advisory:</p>
<ul>
<li><p>“Intel CSME, SPS, TXE, AMT and DAL Advisory” Intel-SA-00391 is represented by CVE-2020-8745</p></li>
<li><p>“Intel RAPL Interface Advisory” Intel-SA-00389 is represented by CVE-2020-8694</p></li>
<li><p>“Intel Processor Advisory” Intel-SA-00381 is represented by CVE-2020-8698, and</p></li>
<li><p>“BIOS Advisory” Intel-SA-00358 is represented by CVE-2020-0590.</p></li>
</ul>
<p>Siemens has released updates for several affected products and is currently working on BIOS updates that include chipset microcode updates for further products.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdfSSA-723417 V1.0: Multiple Vulnerabilities in SCALANCE W1750D2021-05-11T00:00:00+00:00<p>Siemens SCALANCE W1750D is a brand-labeled device. Aruba has released a related security advisory <a href="https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-007.txt">ARUBA-PSA-2021-007</a> disclosing vulnerabilities in its Aruba Instant product line.</p>
<p>Siemens is preparing updates and recommends countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-752103.pdfSSA-752103 V1.0: Telnet Authentication Vulnerability in SINAMICS Medium Voltage Products2021-05-11T00:00:00+00:00<p>SINAMICS medium voltage products, with telnet enabled on SIMATIC comfort HMI Panels, are affected by a remote access vulnerability that could allow an attacker, under certain conditions, to gain full remote access to the HMI. Note that by default telnet is disabled, but it can be enabled on request by the panel operator.</p>
<p>Siemens has released updates for some of the affected products, and recommends to update them to the latest version without undue delay. For the remaining affected products, Siemens is attempting to provide updates and recommends countermeasures (see recommendations from section Workarounds and Mitigations) for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-940818.pdfSSA-940818 V1.0: UltraVNC Vulnerabilities in SIMATIC HMIs/WinCC Products2021-05-11T00:00:00+00:00<p>UltraVNC vulnerabilities in the affected products listed below could allow remote code execution, information disclosure and Denial-of-Service attacks under certain conditions.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-983548.pdfSSA-983548 V1.0: Multiple SPP File Parsing Vulnerabilities in Tecnomatix Plant Simulation2021-05-11T00:00:00+00:00<p>Siemens Tecnomatix Plant Simulation has released an update for version V16.0 that fixes multiple vulnerabilities that could be triggered when the application reads SPP files. If a user is tricked to open a malicious file using the affected application, this could lead to a crash, and potentially also to arbitrary code execution or data extraction on the target host system.</p>
<p>Siemens recommends to update to the latest version and to avoid opening of untrusted files from unknown sources.</p>
https://cert-portal.siemens.com/productcert/pdf/ssb-439005.pdfSSB-439005 V3.4 (Last Update: 2021-05-11): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP2021-05-11T00:00:00+00:00https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdfSSA-462066 V2.3 (Last Update: 2021-05-11): Vulnerability known as TCP SACK PANIC in Industrial Products2021-05-11T00:00:00+00:00<p>Multiple industrial products are affected by a vulnerability in the kernel known as TCP SACK PANIC. The vulnerability could allow a remote attacker to cause a denial of service condition.</p>
<p>Siemens has released updates for several affected products and recommends to update to the new versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-478893.pdfSSA-478893 V1.1 (Last Update: 2021-05-11): TightVNC Vulnerabilities in Industrial Products (Revoked)2021-05-11T00:00:00+00:00<p>Multiple TightVNC (V1.x) vulnerabilities could allow remote code execution and Denial-of-Service attacks under certain conditions.</p>
<p>Siemens has previously released this advisory containing a set of products that were considered to be affected. Through Siemens’ continuous investigation processes it was identified that all products previously advised are not affected by any vulnerability listed in this advisory.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-541018.pdfSSA-541018 V1.1 (Last Update: 2021-05-11): Embedded TCP/IP Stack Vulnerabilities (AMNESIA:33) in SENTRON PAC / 3VA Devices (Part 2)2021-05-11T00:00:00+00:00<p>Security researchers discovered and disclosed 33 vulnerabilities in several open-source TCP/IP stacks for embedded devices, also known as “AMNESIA:33” vulnerabilities.</p>
<p>This advisory describes the impact of two of these vulnerabilities (CVE-2020-13987, CVE-2020-17437) to Siemens products.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
<p>The impact of another “AMNESIA:33” vulnerability (CVE-2020-13988) is described in <a href="https://cert-portal.siemens.com/productcert/pdf/ssa-541017.pdf">Siemens Security Advisory SSA-541017</a>.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-646763.pdfSSA-646763 V1.3 (Last Update: 2021-05-11): DNSpooq - Dnsmasq Vulnerabilities in SCALANCE and RUGGEDCOM Devices2021-05-11T00:00:00+00:00<p>Security researchers discovered and disclosed seven vulnerabilities in the open-source DNS component “dnsmasq”, also known as “DNSpooq” vulnerabilities (CVE-2020-25681 through CVE-2020-25687). Three vulnerabilities (CVE-2020-25684 through CVE-2020-25686) affect the validation of DNS responses and impact several SCALANCE and RUGGEDCOM devices as listed below.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-794542.pdfSSA-794542 V1.1 (Last Update: 2021-05-11): Insecure Folder Permissions in SIMARIS Configuration2021-05-11T00:00:00+00:00<p>The installation of SIMARIS configuration causes insecure folder permissions that could allow vertical privilege escalation.</p>
<p>Siemens has released an update for SIMARIS and recommends to update to the latest version.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-936080.pdfSSA-936080 V1.1 (Last Update: 2021-05-11): Multiple Vulnerabilities in Third-Party Component libcurl2021-05-11T00:00:00+00:00<p>SIMATIC NET CM 1542-1, SCALANCE SC600 family and SIMATIC NET CP 343-1 Advanced devices are vulnerable to a vulnerability in the third party component libcurl that could allow an attacker to cause a Denial-of-Service condition on the affected devices.</p>
<p>Siemens has released an update for SCALANCE SC600. For the remaining affected product, Siemens is preparing further updates and recommends specific countermeasures until fixes are available.</p>
<p>The impact of additional libcurl vulnerabilities is described in <a href="https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf">Siemens Security Advisory SSA-436177</a>.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-163226.pdfSSA-163226 V1.0: CELL File Parsing Vulnerability in Tecnomatix RobotExpert2021-04-13T00:00:00+00:00<p>Siemens Tecnomatix RobotExpert version V16.1 fixes a vulnerability that could be triggered when the application reads CELL files. If a user is tricked to open a malicious file with the affected application, this could lead to a crash, and potentially also to arbitrary code execution or data extraction on the target host system.</p>
<p>Siemens recommends to update to the latest version and to avoid opening of untrusted files from unknown sources.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-185699.pdfSSA-185699 V1.0: Out of Bounds Write Vulnerabilities (NAME:WRECK) in the DNS Module of Nucleus Products2021-04-13T00:00:00+00:00<p>Security researchers discovered and disclosed 9 vulnerabilities in several DNS implementations, also known as “NAME:WRECK” vulnerabilities. The vulnerabilities described in this advisories are from this set.</p>
<p>The DNS client of affected products contains two out of bounds write vulnerabilities in the handling of DNS responses that could allow an attacker to cause a denial-of-service condition or to remotely execute code.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-187092.pdfSSA-187092 V1.0: Several Buffer-Overflow Vulnerabilities in Web Server of SCALANCE X-2002021-04-13T00:00:00+00:00<p>Several SCALANCE X-200 switches contain buffer overflow vulnerabilities in the web server.</p>
<p>In the most severe case an attacker could potentially remotely execute code.</p>
<p>Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-201384.pdfSSA-201384 V1.0: Predictable UDP Port Number Vulnerability (NAME:WRECK) in the DNS Module of Nucleus Products2021-04-13T00:00:00+00:00<p>Security researchers discovered and disclosed 9 vulnerabilities in several DNS implementations, also known as “NAME:WRECK” vulnerabilities. The vulnerability described in this advisories is from this set.</p>
<p>The DNS client of affected products contains a vulnerability related to the handling of UDP port numbers in DNS requests that could allow an attacker to poison the DNS cache or spoof DNS resolving.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-248289.pdfSSA-248289 V1.0: Denial-of-Service Vulnerabilities in the IPv6 Stack of Nucleus Products2021-04-13T00:00:00+00:00<p>The IPv6 stack of affected products contains two vulnerabilities when processing IPv6 headers which could allow an attacker to cause a denial-of-service condition.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-292794.pdfSSA-292794 V1.0: Multiple Denial-of-Service Vulnerabilities in SINEMA Remote Connect Server2021-04-13T00:00:00+00:00<p>The latest update for SINEMA Remote Connect Server fixes two Denial-of-Service vulnerabilities in the underlying third-party XML parser.</p>
<p>Siemens has released updates for the affected product and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdfSSA-497656 V1.0: Multiple NTP Vulnerabilities in TIM 4R-IE Devices2021-04-13T00:00:00+00:00<p>There are multiple vulnerabilities in the underlying NTP component of the affected TIM 4R-IE.</p>
<p>Siemens recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-574442.pdfSSA-574442 V1.0: Multiple PAR and DFT File Parsing Vulnerabilities in Solid Edge2021-04-13T00:00:00+00:00<p>Siemens has released a new version for Solid Edge to fix multiple vulnerabilities that could be triggered when the application reads files in different file formats (PAR, DFT extensions). If a user is tricked to open a malicious file with the affected application, this could lead to a crash, and potentially also to arbitrary code execution or data extraction on the target host system.</p>
<p>Siemens recommends to update to the latest version and to avoid opening of untrusted files from unknown sources.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-669158.pdfSSA-669158 V1.0: DNS Client Vulnerabilities in SIMOTICS CONNECT 4002021-04-13T00:00:00+00:00<p>SIMOTICS CONNECT 400 is affected by DNS Client vulnerabilities as initially reported in <a href="https://cert-portal.siemens.com/productcert/pdf/ssa-705111.pdf">Siemens Security Advisory SSA-705111</a> for the Mentor DNS Module.</p>
<p>Siemens is preparing updates and recommends countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-705111.pdfSSA-705111 V1.0: Vulnerabilities (NAME:WRECK) in DNS Module of Nucleus Products2021-04-13T00:00:00+00:00<p>Security researchers discovered and disclosed 9 vulnerabilities in several DNS implementations, also known as “NAME:WRECK” vulnerabilities. The vulnerabilities described in this advisories are from this set.</p>
<p>The DNS client of affected products contains multiple vulnerabilities related to the handling of DNS responses and requests. The most severe could allow an attacker to manipulate the DNS responses and cause a denial-of-service condition.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-788287.pdfSSA-788287 V1.0: Disclosure of Private Data2021-04-13T00:00:00+00:00<p>Due to SmartClient Installation technology (ClickOnce) a customer/integrator needs to create a customer specific Smartclient installer. The mentioned products delivered a trusted but yet expired codesigning certificate.</p>
<p>An attacker could have exploited the vulnerability by spoofing the code-signing certificate and signing a malicious executable resulting in having a trusted digital signature from a trusted provider.</p>
<p>The certificate was revoked immediately.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-983300.pdfSSA-983300 V1.0: Vulnerabilities in LOGO! Soft Comfort2021-04-13T00:00:00+00:00<p>Two vulnerabilities have been identified in the LOGO! Soft Comfort software. These could allow an attacker to take over a system with the affected software installed.</p>
<p>Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-296266.pdfSSA-296266 V1.1 (Last Update: 2021-04-13): Denial-of-Service Vulnerability in SCALANCE and RUGGEDCOM Devices2021-04-13T00:00:00+00:00<p>Some firmware versions of the SCALANCE and RUGGEDCOM devices listed below are affected by a vulnerability in the SSH authentication that could allow an attacker to cause a Denial-of-Service under certain conditions.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest version.</p>
https://cert-portal.siemens.com/productcert/pdf/ssb-439005.pdfSSB-439005 V3.3 (Last Update: 2021-04-13): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP2021-04-13T00:00:00+00:00https://cert-portal.siemens.com/productcert/pdf/ssa-455843.pdfSSA-455843 V1.6 (Last Update: 2021-04-13): WIBU Systems CodeMeter Runtime Vulnerabilities in Siemens and Siemens Energy Products2021-04-13T00:00:00+00:00<p>CISA and WIBU Systems disclosed six vulnerabilities in different versions of CodeMeter Runtime, a product provided by WIBU Systems and used in several Siemens and Siemens Energy products for license management.</p>
<p>The vulnerabilities are described in the section “Vulnerability Classification” below and got assigned the CVE IDs CVE-2020-14509, CVE-2020-14513, CVE-2020-14515, CVE-2020-14517, CVE-2020-14519, and CVE-2020-16233. Successful exploitation of these vulnerabilities could allow an attacker to alter and forge a license file, cause a denial-of-service condition, attain remote code execution, or prevent normal operation of the Siemens software that depends on CodeMeter Runtime.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdfSSA-462066 V2.2 (Last Update: 2021-04-13): Vulnerability known as TCP SACK PANIC in Industrial Products2021-04-13T00:00:00+00:00<p>Multiple industrial products are affected by a vulnerability in the kernel known as TCP SACK PANIC. The vulnerability could allow a remote attacker to cause a denial of service condition.</p>
<p>Siemens has released updates for several affected products and recommends to update to the new versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-534763.pdfSSA-534763 V1.4 (Last Update: 2021-04-13): Special Register Buffer Data Sampling (SRBDS) aka Crosstalk in Industrial Products2021-04-13T00:00:00+00:00<p>Security researchers published information on a vulnerability known as Crosstalk (<a href="https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00320.html">INTEL-SA-00320</a>). This vulnerability affects modern Intel processors to a varying degree.</p>
<p>Several Siemens Industrial Products contain processors that are affected by the vulnerability.</p>
<p>Siemens is preparing updates and recommends specific countermeasures until fixes are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-541017.pdfSSA-541017 V1.3 (Last Update: 2021-04-13): Embedded TCP/IP Stack Vulnerabilities (AMNESIA:33) in SIRIUS 3RW5 Modbus TCP and SENTRON PAC / 3VA Devices2021-04-13T00:00:00+00:00<p>Security researchers discovered and disclosed 33 vulnerabilities in several open-source TCP/IP stacks for embedded devices, also known as “AMNESIA:33” vulnerabilities.</p>
<p>This advisory describes the impact of one of these vulnerabilities (CVE-2020-13988) to Siemens products. Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
<p>The impact of additional “AMNESIA:33” vulnerabilities is described in <a href="https://cert-portal.siemens.com/productcert/pdf/ssa-541018.pdf">Siemens Security Advisory SSA-541018</a>.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-591405.pdfSSA-591405 V1.2 (Last Update: 2021-04-13): Web Vulnerabilities in SCALANCE S-600 Family2021-04-13T00:00:00+00:00<p>The firmware for SCALANCE S-600 family devices contains multiple web vulnerabilities. The vulnerabilities could allow an remote attacker to conduct Denial-of-Service attacks or perform Cross-Site Scripting attacks.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions, or to upgrade to a successor product.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-646763.pdfSSA-646763 V1.2 (Last Update: 2021-04-13): DNSpooq - Dnsmasq Vulnerabilities in SCALANCE and RUGGEDCOM Devices2021-04-13T00:00:00+00:00<p>Security researchers discovered and disclosed seven vulnerabilities in the open-source DNS component “dnsmasq”, also known as “DNSpooq” vulnerabilities (CVE-2020-25681 through CVE-2020-25687). Three vulnerabilities (CVE-2020-25684 through CVE-2020-25686) affect the validation of DNS responses and impact several SCALANCE and RUGGEDCOM devices as listed below.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-689942.pdfSSA-689942 V1.3 (Last Update: 2021-04-13): Denial-of-Service and DLL Hijacking Vulnerabilities in Multiple SIMATIC Software Products2021-04-13T00:00:00+00:00<p>Multiple SIMATIC Software products are affected by two vulnerabilities that could allow an attacker to manipulate project files that may lead to Remote Code Execution or Denial-of-Service attacks.</p>
<p>Siemens has released updates to some of the affected products and recommends that customers update to the latest version. Siemens is preparing further updates and recommends specific workarounds and mitigations until patches are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-715184.pdfSSA-715184 V1.1 (Last Update: 2021-04-13): Multiple File Parsing Vulnerabilities in Solid Edge2021-04-13T00:00:00+00:00<p>Siemens has released new versions for Solid Edge to fix multiple vulnerabilities that could be triggered when the application reads files in different file formats (PAR, DFT, XML extensions). If a user is tricked to open a malicious file with the affected application, this could lead to a crash, and potentially also to arbitrary code execution or data extraction on the target host system.</p>
<p>Siemens recommends to update to the latest version and to avoid opening of untrusted files from unknown sources. Please refer to <a href="https://cert-portal.siemens.com/productcert/pdf/ssa-574442.pdf">SSA-574442</a> for further information regarding latest version update.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-763427.pdfSSA-763427 V1.5 (Last Update: 2021-04-13): Authentication Bypass Vulnerability in SIMATIC NET CP Modules and TIM Devices2021-04-13T00:00:00+00:00<p>Siemens has released updates for Communication Processor (CP) module families CP 343-1/TIM 3V-IE/TIM 4R-IE/CP 443-1 to resolve an authentication bypass vulnerability that could allow unauthenticated users to perform administrative operations under certain conditions.</p>
<p>2021-04-13: Siemens has also added Profibus devices (CP 342-5 / CP 443-5) to this advisory. For these additional devices, the attacker must have network access to S7 Protocol Interface of the affected device and the configuration data of the CP must be stored on the CPU. Therefore, in this case the adapted CVSS Vector is CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H (9.6)</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdfSSA-841348 V1.7 (Last Update: 2021-04-13): Multiple Vulnerabilities in the UMC Stack2021-04-13T00:00:00+00:00<p>The latest update for the below listed products fixes two security vulnerabilities that could allow an attacker to cause a partial Denial-of-Service on the UMC component of the affected devices under certain circumstances, and one vulnerability that could allow an attacker to locally escalate privileges from a user with administrative privileges to execute code with SYSTEM level privileges.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-951513.pdfSSA-951513 V1.2 (Last Update: 2021-04-13): Clickjacking Vulnerability in SCALANCE S, SCALANCE X-300, X-200IRT, and X-200 Switch Families2021-04-13T00:00:00+00:00<p>Several SCALANCE X switches contain a vulnerability that could allow an attacker to perform administrative actions if the victim is tricked into clicking on a website controlled by the attacker. The attack only works if the victim has an authenticated session on the administrative interface of the switch.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-978220.pdfSSA-978220 V1.4 (Last Update: 2021-04-13): Denial-of-Service Vulnerability over SNMP in Multiple Industrial Products2021-04-13T00:00:00+00:00<p>Several industrial products are affected by a vulnerability that could allow remote attackers to conduct a Denial-of-Service (DoS) attack by sending specially crafted packets to port 161/udp (SNMP).</p>
<p>Siemens has released updates for several affected products and recommends to update to the new versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-979775.pdfSSA-979775 V1.1 (Last Update: 2021-04-13): Stack Overflow Vulnerability in SCALANCE and RUGGEDCOM Devices2021-04-13T00:00:00+00:00<p>Several firmware versions of the SCALANCE and RUGGEDCOM devices listed below are affected by a vulnerability in the passive listening feature that could allow an attacker to cause a reboot or, under specific circumstances, attain remote code execution of the affected devices.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdfSSA-231216 V1.0: Luxion KeyShot Vulnerabilities in Solid Edge2021-03-09T00:00:00+00:00<p>The Solid Edge installation package includes a specific version of the third-party product <a href="https://www.keyshot.com">KeyShot from Luxion</a>, which may not contain the latest security fixes provided by Luxion.</p>
<p>Siemens recommends to update KeyShot according to the information in the <a href="https://download.keyshot.com/cert/lsa-192169/lsa-192169.pdf">Luxion Security Advisory LSA-192169</a>.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-256092.pdfSSA-256092 V1.0: Multiple local Denial-of-Service Vulnerabilities in SIMATIC S7-PLCSIM V5.42021-03-09T00:00:00+00:00<p>Multiple vulnerabilities affecting SIMATIC S7-PLCSIM V5.4 could allow an attacker with local access to the system to craft special project files that may lead to denial-of-service attacks.</p>
<p>Siemens recommends specific workarounds and mitigations.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-296266.pdfSSA-296266 V1.0: Denial-of-Service Vulnerability in SCALANCE and RUGGEDCOM Devices2021-03-09T00:00:00+00:00<p>Some firmware versions of the SCALANCE and RUGGEDCOM devices listed below are affected by a vulnerability in the SSH authentication that could allow an attacker to cause a Denial-of-Service under certain conditions.</p>
<p>Siemens has released an update for the SCALANCE SC-600 family and recommends to update to the latest version. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-541018.pdfSSA-541018 V1.0: Embedded TCP/IP Stack Vulnerabilities (AMNESIA:33) in SENTRON PAC / 3VA Devices (Part 2)2021-03-09T00:00:00+00:00<p>Security researchers discovered and disclosed 33 vulnerabilities in several open-source TCP/IP stacks for embedded devices, also known as “AMNESIA:33” vulnerabilities.</p>
<p>This advisory describes the impact of two of these vulnerabilities (CVE-2020-13987, CVE-2020-17437) to Siemens products.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
<p>The impact of another “AMNESIA:33” vulnerability (CVE-2020-13988) is described in <a href="https://cert-portal.siemens.com/productcert/pdf/ssa-541017.pdf">Siemens Security Advisory SSA-541017</a>.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-599268.pdfSSA-599268 V1.0: Several Vulnerabilities in TCP Stack of SIMATIC MV400 family2021-03-09T00:00:00+00:00<p>Several vulnerabilities in the TCP stack of the SIMATIC MV400 family could allow an attacker to cause Denial-of-Service condition, or affect integrity of TCP connections.</p>
<p>Siemens has released an update for the SIMATIC MV400 family and recommends to update to the latest version</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-715184.pdfSSA-715184 V1.0: Multiple File Parsing Vulnerabilities in Solid Edge2021-03-09T00:00:00+00:00<p>Siemens has released new versions for Solid Edge to fix multiple vulnerabilities that could be triggered when the application reads files in different file formats (PAR, DFT, XML extensions). If a user is tricked to open a malicious file with the affected application, this could lead to a crash, and potentially also to arbitrary code execution or data extraction on the target host system.</p>
<p>Siemens recommends to update to the latest version and to avoid opening of untrusted files from unknown sources.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-731317.pdfSSA-731317 V1.0: Multiple vulnerabilities in SINEMA Remote Connect Web Based Management2021-03-09T00:00:00+00:00<p>The latest update for SINEMA Remote Connect Server fixes vulnerabilities in the web interface that could allow authenticated unpriviledged user accounts to access functionality unauthorized. Siemens has released updates for SINEMA Remote Connect Server and recommends specific countermeasures.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-783481.pdfSSA-783481 V1.0: Denial-of-Service Vulnerability in LOGO! 8 BM2021-03-09T00:00:00+00:00<p>A Denial-of-Service vulnerability has been identified in LOGO! 8 BM. This vulnerability could allow an attacker to crash a device, if a user is tricked into loading a malicious project file onto an affected device.</p>
<p>Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-936080.pdfSSA-936080 V1.0: Multiple Vulnerabilities in Third-Party Component libcurl2021-03-09T00:00:00+00:00<p>SIMATIC NET CM 1542-1 and SCALANCE SC600 family devices are vulnerable to a vulnerability in the third party component libcurl that could allow an attacker to cause a Denial-of-Service condition on the affected devices.</p>
<p>Siemens has released an update for SCALANCE SC600. For the remaining affected product, Siemens is preparing further updates and recommends specific countermeasures until fixes are available.</p>
<p>The impact of additional libcurl vulnerabilities is described in <a href="https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf">Siemens Security Advisory SSA-436177</a>.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-979775.pdfSSA-979775 V1.0: Stack Overflow Vulnerability in SCALANCE and RUGGEDCOM Devices2021-03-09T00:00:00+00:00<p>Several firmware versions of the SCALANCE and RUGGEDCOM devices listed below are affected by a vulnerability in the passive listening feature that could allow an attacker to cause a reboot or, under specific circumstances, attain remote code execution of the affected devices.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-293562.pdfSSA-293562 V3.1 (Last Update: 2021-03-09): Vulnerabilities in Industrial Products2021-03-09T00:00:00+00:00<p>Several industrial devices are affected by two vulnerabilities that could allow an attacker to cause a Denial-of-Service condition via PROFINET DCP network packets under certain circumstances. The precondition for this scenario is a direct layer 2 access to the affected products. PROFIBUS interfaces are not affected.</p>
<p>Siemens has released updates for several affected products and recommends to update to the new versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-312271.pdfSSA-312271 V1.6 (Last Update: 2021-03-09): Unquoted Search Path Vulnerabilities in Windows-based Industrial Software Applications2021-03-09T00:00:00+00:00<p>The latest update for affected products fix local privilege escalation vulnerabilities that could allow authorized local users with administrative privileges to execute custom code with SYSTEM level privileges.</p>
<p>Siemens has released updates for some of the affected products, and is working on further updates. For the remaining affected products, Siemens recommends specific countermeasures until fixes are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-346262.pdfSSA-346262 V2.9 (Last Update: 2021-03-09): Denial-of-Service in Industrial Products2021-03-09T00:00:00+00:00<p>Several industrial products are affected by a vulnerability that could allow remote attackers to conduct a Denial-of-Service (DoS) attack by sending specially crafted packets to port 161/udp (SNMP).</p>
<p>Siemens has released updates for several affected products, and recommends that customers update to the new version. Siemens is preparing further updates and recommends specific countermeasures until patches are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-398519.pdfSSA-398519 V1.6 (Last Update: 2021-03-09): Vulnerabilities in Intel CPUs (November 2019)2021-03-09T00:00:00+00:00<p>Intel has published information on vulnerabilities in Intel products in <a href="https://blogs.intel.com/technology/2019/11/ipas-november-2019-intel-platform-update-ipu/#gs.jdy72s">November 2019</a>. In this advisory Siemens only explicitly mentions the vulnerabilities from the “Intel® CPU Security Advisory” and one vulnerability from “Intel® CSME, Intel® SPS, Intel® TXE, Intel® AMT, Intel® PTT and Intel® DAL Advisory” and lists the Siemens IPC related products that are affected by these vulnerabilities. For further information about BIOS updates related to Intel CPU vulnerabilities see: <a href="https://support.industry.siemens.com/cs/ww/en/view/109747626" class="uri">https://support.industry.siemens.com/cs/ww/en/view/109747626</a>.</p>
<p>Several Siemens Industrial Products contain processors that are affected by the vulnerabilities. Siemens has released updates for several affected products and is currently working on BIOS updates that include chipset microcode updates for further products.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdfSSA-436177 V1.1 (Last Update: 2021-03-09): Multiple Vulnerabilities in SINEMA Remote Connect2021-03-09T00:00:00+00:00<p>The latest updates for SINEMA Remote Connect Client and Server fix multiple vulnerabilities. One of these vulnerabilities could allow an attacker to circumvent the authorization of the system for certain functionalities and to execute privileged functions.</p>
<p>Siemens has released firmware updates for SINEMA Remote Connect Client and Server.</p>
https://cert-portal.siemens.com/productcert/pdf/ssb-439005.pdfSSB-439005 V3.2 (Last Update: 2021-03-09): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP2021-03-09T00:00:00+00:00https://cert-portal.siemens.com/productcert/pdf/ssa-455843.pdfSSA-455843 V1.5 (Last Update: 2021-03-09): WIBU Systems CodeMeter Runtime Vulnerabilities in Siemens and Siemens Energy Products2021-03-09T00:00:00+00:00<p>CISA and WIBU Systems disclosed six vulnerabilities in different versions of CodeMeter Runtime, a product provided by WIBU Systems and used in several Siemens and Siemens Energy products for license management.</p>
<p>The vulnerabilities are described in the section “Vulnerability Classification” below and got assigned the CVE IDs CVE-2020-14509, CVE-2020-14513, CVE-2020-14515, CVE-2020-14517, CVE-2020-14519, and CVE-2020-16233. Successful exploitation of these vulnerabilities could allow an attacker to alter and forge a license file, cause a denial-of-service condition, attain remote code execution, or prevent normal operation of the Siemens software that depends on CodeMeter Runtime.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-541017.pdfSSA-541017 V1.2 (Last Update: 2021-03-09): Embedded TCP/IP Stack Vulnerabilities (AMNESIA:33) in SIRIUS 3RW5 Modbus TCP and SENTRON PAC / 3VA Devices2021-03-09T00:00:00+00:00<p>Security researchers discovered and disclosed 33 vulnerabilities in several open-source TCP/IP stacks for embedded devices, also known as “AMNESIA:33” vulnerabilities.</p>
<p>This advisory describes the impact of one of these vulnerabilities (CVE-2020-13988) to Siemens products. Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
<p>The impact of additional “AMNESIA:33” vulnerabilities is described in <a href="https://cert-portal.siemens.com/productcert/pdf/ssa-541018.pdf">Siemens Security Advisory SSA-541018</a>.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-593272.pdfSSA-593272 V1.2 (Last Update: 2021-03-09): SegmentSmack in Interniche IP-Stack based Industrial Devices2021-03-09T00:00:00+00:00<p>A vulnerability exists in affected products that could allow remote attackers to affect the availability of the devices under certain conditions.</p>
<p>The underlying TCP stack can be forced to make very computation expensive calls for every incoming packet which can lead to a Denial-of-Service.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-646763.pdfSSA-646763 V1.1 (Last Update: 2021-03-09): DNSpooq - Dnsmasq Vulnerabilities in SCALANCE and RUGGEDCOM Devices2021-03-09T00:00:00+00:00<p>Security researchers discovered and disclosed seven vulnerabilities in the open-source DNS component “dnsmasq”, also known as “DNSpooq” vulnerabilities (CVE-2020-25681 through CVE-2020-25687). Three vulnerabilities (CVE-2020-25684 through CVE-2020-25686) affect the validation of DNS responses and impact several SCALANCE and RUGGEDCOM devices as listed below.</p>
<p>Siemens is preparing updates and recommends countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-780073.pdfSSA-780073 V1.7 (Last Update: 2021-03-09): Denial-of-Service Vulnerability in PROFINET Devices via DCE-RPC Packets2021-03-09T00:00:00+00:00<p>Products that include the Siemens PROFINET-IO (PNIO) stack in versions prior V06.00 are potentially affected by a denial-of-service vulnerability when multiple legitimate diagnostic package requests are sent to the DCE-RPC interface.</p>
<p>Siemens has released updates for several affected products and recommends to update to the new versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
<p>Additionally, Siemens recommends other vendors of PROFINET devices to check if their products have incorporated a vulnerable version of the Siemens PNIO stack as part of the Siemens Development/Evaluation Kits.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-816980.pdfSSA-816980 V1.1 (Last Update: 2021-03-09): Multiple Web Vulnerabilities in SIMATIC MV400 Family2021-03-09T00:00:00+00:00<p>The SIMATIC MV400 product family is affected by two web vulnerabilities. The vulnerabilities could allow an authenticated user to escalate privileges, or might expose sensitive information to an attacker that is able to eavesdrop the communication.</p>
<p>Siemens has released an update for the SIMATIC MV400 family and recommends to update to the latest version.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdfSSA-841348 V1.6 (Last Update: 2021-03-09): Multiple Vulnerabilities in the UMC Stack2021-03-09T00:00:00+00:00<p>The latest update for the below listed products fixes two security vulnerabilities that could allow an attacker to cause a partial Denial-of-Service on the UMC component of the affected devices under certain circumstances, and one vulnerability that could allow an attacker to locally escalate privileges from a user with administrative privileges to execute code with SYSTEM level privileges.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-156833.pdfSSA-156833 V1.0: Zip-Slip Directory Traversal Vulnerability in SINEMA Server and SINEC NMS2021-02-09T00:00:00+00:00<p>There exists a directory traversal vulnerability which allows arbitrary file upload to an affected system. This type of vulnerability is also known as ‘Zip-Slip’. An authenticated attacker could exploit this vulnerability to gain arbitrary code execution by uploading a new or modifying an existing file to an affected system.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-362164.pdfSSA-362164 V1.0: Predictable Initial Sequence Numbers in Mentor Nucleus TCP stack2021-02-09T00:00:00+00:00<p>Some versions of Mentor Nucleus ReadyStart and Nucleus NET use Initial Sequence Numbers for TCP- Sessions that are predictable.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest version(s).</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdfSSA-379803 V1.0: Vulnerabilities in RUGGEDCOM ROX II2021-02-09T00:00:00+00:00<p>The latest update for ROX II contains multiple fixes for IPsec related vulnerabilities in Libreswan and NSS.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-428051.pdfSSA-428051 V1.0: Privilege Escalation Vulnerability in TIA Administrator2021-02-09T00:00:00+00:00<p>The latest update for TIA Administrator, installed together with TIA Portal and PCS neo, fixes a privilege escalation vulnerability that could allow local users to escalate privileges and execute code as local SYSTEM user.</p>
<p>Siemens has released an update for TIA Portal and recommends that customers update to the latest version. Siemens is preparing further updates and recommends specific countermeasures until fixes are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-536315.pdfSSA-536315 V1.0: Privilege escalation vulnerability in DIGSI 42021-02-09T00:00:00+00:00<p>A vertical privilege escalation vulnerability exists in DIGSI 4.</p>
<p>Siemens has released an update for DIGSI 4 and recommends to update to the latest version.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdfSSA-663999 V1.0: Multiple File Parsing Vulnerabilities in JT2Go and Teamcenter Visualization before V13.1.0.12021-02-09T00:00:00+00:00<p>Siemens has released version V13.1.0.1 for JT2Go and Teamcenter Visualization to fix multiple vulnerabilities that could be triggered when the products read files in different file formats (PAR, BMP, TIFF, CGM, TGA, PCT, HPG, PLT, RAS, ASM, DGN, DXF, DWG). If a user is tricked to opening of a malicious file with the affected products, this could lead to application crash, or potentially arbitrary code execution or data extraction on the target host system.</p>
<p>Siemens recommends to update to the latest versions and to limit opening of untrusted files from unknown sources in the affected products.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-686152.pdfSSA-686152 V1.0: Denial-of-Service Vulnerability in ARP Protocol of SCALANCE W780 and W7402021-02-09T00:00:00+00:00<p>A Denial-of-Service vulnerability was found affecting the ARP protocol on older firmware versions of the SCALANCE W780 and W740 (IEEE 802.11n) devices.</p>
<p>Siemens recommends to update to the latest version.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-794542.pdfSSA-794542 V1.0: Insecure Folder Permissions in SIMARIS configuration2021-02-09T00:00:00+00:00<p>The installation of SIMARIS configuration causes insecure folder permissions that could allow vertical privilege escalation.</p>
<p>Siemens is preparing updates and recommends specific countermeasures until fixes are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-944678.pdfSSA-944678 V1.0: Potential Password Protection Bypass in SIMATIC WinCC2021-02-09T00:00:00+00:00<p>A vulnerability in the SIMATIC WinCC Graphics Designer tool could allow an attacker that has physical access to a machine running the software to get access to the user’s private password-protected pictures.</p>
<p>Siemens has released an update for SIMATIC WinCC and recommends to update to the latest version. Siemens recommends specific countermeasures for PCS 7 as the affected feature is not officially supported.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-100232.pdfSSA-100232 V1.2 (Last Update: 2021-02-09): Denial-of-Service vulnerability in SCALANCE X Switches2021-02-09T00:00:00+00:00<p>A vulnerability in several SCALANCE X devices could allow an unauthenticated attacker with network access to an affected device to perform a denial-of-service.</p>
<p>Siemens has released an update for SCALANCE X-200IRT and recommends to update to the latest version. Siemens recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-102233.pdfSSA-102233 V1.5 (Last Update: 2021-02-09): SegmentSmack in VxWorks-based Industrial Devices2021-02-09T00:00:00+00:00<p>The products listed below contain a vulnerability that could allow remote attackers to affect the availability of the devices under certain conditions. The underlying TCP stack can be forced to make very computation expensive calls for every incoming packet which can lead to a Denial-of-Service.</p>
<p>Siemens has released an update for the SCALANCE X-200IRT switch family and recommends to update to the latest version. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-139628.pdfSSA-139628 V1.1 (Last Update: 2021-02-09): Vulnerabilities in Web Server for Scalance X Products2021-02-09T00:00:00+00:00<p>Several SCALANCE X switches contain vulnerabilities in the web server of the affected devices.</p>
<p>An unauthenticated attacker could reboot, cause denial-of-service conditions and potentially impact the system by other means through heap and buffer overflow vulnerabilities.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-274900.pdfSSA-274900 V1.1 (Last Update: 2021-02-09): Use of hardcoded key in Scalance X devices under certain conditions2021-02-09T00:00:00+00:00<p>Scalance X devices might not generate a unique random key after factory reset, and use a private key shipped with the firmware</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-349422.pdfSSA-349422 V1.5 (Last Update: 2021-02-09): Denial-of-Service in Industrial Real-Time (IRT) Devices2021-02-09T00:00:00+00:00<p>A vulnerability in the affected products could allow an unauthorized attacker with network access to perform a denial-of-service attack resulting in loss of real-time synchronization.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-398519.pdfSSA-398519 V1.5 (Last Update: 2021-02-09): Vulnerabilities in Intel CPUs (November 2019)2021-02-09T00:00:00+00:00<p>Intel has published information on vulnerabilities in Intel products in <a href="https://blogs.intel.com/technology/2019/11/ipas-november-2019-intel-platform-update-ipu/#gs.jdy72s">November 2019</a>. In this advisory Siemens only explicitly mentions the vulnerabilities from the “Intel® CPU Security Advisory” and one vulnerability from “Intel® CSME, Intel® SPS, Intel® TXE, Intel® AMT, Intel® PTT and Intel® DAL Advisory” and lists the Siemens IPC related products that are affected by these vulnerabilities. For further information about BIOS updates related to Intel CPU vulnerabilities see: <a href="https://support.industry.siemens.com/cs/ww/en/view/109747626" class="uri">https://support.industry.siemens.com/cs/ww/en/view/109747626</a>.</p>
<p>Several Siemens Industrial Products contain processors that are affected by the vulnerabilities. Siemens has released updates for several affected products and is currently working on BIOS updates that include chipset microcode updates for further products.</p>
https://cert-portal.siemens.com/productcert/pdf/ssb-439005.pdfSSB-439005 V3.1 (Last Update: 2021-02-09): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP2021-02-09T00:00:00+00:00https://cert-portal.siemens.com/productcert/pdf/ssa-455843.pdfSSA-455843 V1.4 (Last Update: 2021-02-09): WIBU Systems CodeMeter Runtime Vulnerabilities in Siemens and Siemens Energy Products2021-02-09T00:00:00+00:00<p>CISA and WIBU Systems disclosed six vulnerabilities in different versions of CodeMeter Runtime, a product provided by WIBU Systems and used in several Siemens and Siemens Energy products for license management.</p>
<p>The vulnerabilities are described in the section “Vulnerability Classification” below and got assigned the CVE IDs CVE-2020-14509, CVE-2020-14513, CVE-2020-14515, CVE-2020-14517, CVE-2020-14519, and CVE-2020-16233. Successful exploitation of these vulnerabilities could allow an attacker to alter and forge a license file, cause a denial-of-service condition, attain remote code execution, or prevent normal operation of the Siemens software that depends on CodeMeter Runtime.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-534763.pdfSSA-534763 V1.3 (Last Update: 2021-02-09): Special Register Buffer Data Sampling (SRBDS) aka Crosstalk in Industrial Products2021-02-09T00:00:00+00:00<p>Security researchers published information on a vulnerability known as Crosstalk (<a href="https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00320.html">INTEL-SA-00320</a>). This vulnerability affects modern Intel processors to a varying degree.</p>
<p>Several Siemens Industrial Products contain processors that are affected by the vulnerability.</p>
<p>Siemens is preparing updates and recommends specific countermeasures until fixes are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-541017.pdfSSA-541017 V1.1 (Last Update: 2021-02-09): Embedded TCP/IP Stack Vulnerabilities (AMNESIA:33) in SIRIUS 3RW5 Modbus TCP and SENTRON PAC / 3VA Devices2021-02-09T00:00:00+00:00<p>Security researchers discovered and disclosed 33 vulnerabilities in several open-source TCP/IP stacks for embedded devices, also known as “AMNESIA:33” vulnerabilities.</p>
<p>The Siemens products mentioned below are affected by one of these vulnerabilities (CVE-2020-13988).</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdfSSA-622830 V1.1 (Last Update: 2021-02-09): Multiple File Parsing Vulnerabilities in JT2Go and Teamcenter Visualization before V13.1.02021-02-09T00:00:00+00:00<p>Siemens has released version V13.1.0 for JT2Go and Teamcenter Visualization to fix multiple vulnerabilities that could be triggered when the products read files in different file formats (JT, XML, CG4, CGM, PDF, RGB, SGI, TGA, PAR, ASM, PCX). If a user is tricked to opening of a malicious file with the affected products, this could lead to application crash, or potentially arbitrary code execution or data extraction on the target host system.</p>
<p>Siemens recommends to update to the latest versions and to limit opening of untrusted files from unknown sources in the affected products. Please refer to <a href="https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf">SSA-663999</a> for further information regarding latest version update.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-646841.pdfSSA-646841 V1.2 (Last Update: 2021-02-09): Recoverable Password from Configuration Storage in SCALANCE X Switches2021-02-09T00:00:00+00:00<p>A vulnerability exists in several SCALANCE X switches that could allow external entities to reconstruct passwords for users of the affected devices if an attacker is able to obtain a backup of the device configuration.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdfSSA-841348 V1.5 (Last Update: 2021-02-09): Multiple Vulnerabilities in the UMC Stack2021-02-09T00:00:00+00:00<p>The latest update for the below listed products fixes two security vulnerabilities that could allow an attacker to cause a partial Denial-of-Service on the UMC component of the affected devices under certain circumstances, and one vulnerability that could allow an attacker to locally escalate privileges from a user with administrative privileges to execute code with SYSTEM level privileges.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-951513.pdfSSA-951513 V1.1 (Last Update: 2021-02-09): Clickjacking Vulnerability in SCALANCE X-300, X-200IRT, and X-200 Switch Families2021-02-09T00:00:00+00:00<p>Several SCALANCE X switches contain a vulnerability that could allow an attacker to perform administrative actions if the victim is tricked into clicking on a website controlled by the attacker. The attack only works if the victim has an authenticated session on the administrative interface of the switch.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-978220.pdfSSA-978220 V1.3 (Last Update: 2021-02-09): Denial-of-Service Vulnerability over SNMP in Multiple Industrial Products2021-02-09T00:00:00+00:00<p>Several industrial products are affected by a vulnerability that could allow remote attackers to conduct a Denial-of-Service (DoS) attack by sending specially crafted packets to port 161/udp (SNMP).</p>
<p>Siemens has released updates for several affected products and recommends to update to the new versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-520004.pdfSSA-520004 V1.0: Telnet Authentication Vulnerability in SIMATIC HMI Comfort Panels2021-01-28T00:00:00+00:00<p>SIMATIC HMI Panels are affected by a vulnerability that could allow a remote attacker to gain full access to the device(s), if the telnet service is enabled.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-646763.pdfSSA-646763 V1.0: DNSpooq - Dnsmasq Vulnerabilities in SCALANCE and RUGGEDCOM Devices2021-01-19T00:00:00+00:00<p>Security researchers discovered and disclosed seven vulnerabilities in the open-source DNS component “dnsmasq”, also known as “DNSpooq” vulnerabilities (CVE-2020-25681 through CVE-2020-25687). Three vulnerabilities (CVE-2020-25684 through CVE-2020-25686) affect the validation of DNS responses and impact several SCALANCE and RUGGEDCOM devices as listed below.</p>
<p>Siemens is preparing updates and recommends countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-646763.pdfSSA-646763 V1.0: DNSpooq - Dnsmasq Vulnerabilities in SCALANCE and RUGGEDCOM Devices2021-01-19T00:00:00+00:00<p>Security researchers discovered and disclosed seven vulnerabilities in the open-source DNS component “dnsmasq”, also known as “DNSpooq” vulnerabilities (CVE-2020-25681 through CVE-2020-25687). Three vulnerabilities (CVE-2020-25684 through CVE-2020-25686) affect the validation of DNS responses and impact several SCALANCE and RUGGEDCOM devices as listed below.</p>
<p>Siemens is preparing updates and recommends countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-139628.pdfSSA-139628 V1.0: Vulnerabilities in Web Server for Scalance X Products2021-01-12T00:00:00+00:00<p>Several SCALANCE X switches contain vulnerabilities in the web server of the affected devices.</p>
<p>An unauthenticated attacker could reboot, cause denial-of-service conditions and potentially impact the system by other means through heap and buffer overflow vulnerabilities.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest version(s). Siemens recommends countermeasures where fixes are not currently available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-274900.pdfSSA-274900 V1.0: Use of hardcoded key in Scalance X devices under certain conditions2021-01-12T00:00:00+00:00<p>Scalance X devices might not generate a unique random key after factory reset, and use a private key shipped with the firmware</p>
<p>Siemens has released updates for some devices, is working on updates for the remaining affected products and recommends specific countermeasures until fixes are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdfSSA-622830 V1.0: Multiple Vulnerabilities in JT2Go and Teamcenter Visualization2021-01-12T00:00:00+00:00<p>JT2Go and Teamcenter Visualization are affected by multiple vulnerabilities that could lead to arbitrary code execution or data extraction on the target host system. Siemens has released updates for both affected products and recommends to update to the latest versions. Siemens is also preparing further updates and recommends specific countermeasures until remaining fixes are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-979834.pdfSSA-979834 V1.0: Multiple vulnerabilities in Solid Edge2021-01-12T00:00:00+00:00<p>Solid Edge is affected by multiple vulnerabilities that could allow arbitrary code execution on an affected system. Siemens has released an update for Solid Edge and recommends to update to the latest version.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-102233.pdfSSA-102233 V1.4 (Last Update: 2021-01-12): SegmentSmack in VxWorks-based Industrial Devices2021-01-12T00:00:00+00:00<p>The products listed below contain a vulnerability that could allow remote attackers to affect the availability of the devices under certain conditions. The underlying TCP stack can be forced to make very computation expensive calls for every incoming packet which can lead to a Denial-of-Service.</p>
<p>Siemens is working on software updates for affected products and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-162506.pdfSSA-162506 V1.1 (Last Update: 2021-01-12): DHCP Client Vulnerability in SIMOTICS CONNECT 400, Desigo PXC/PXM, APOGEE MEC/MBC/PXC, APOGEE PXC Series, and TALON TC Series2021-01-12T00:00:00+00:00<p>SIMOTICS CONNECT 400, Desigo (Power PC-based), APOGEE MEC/MBC/PXC and TALON TC products are affected by a DHCP Client vulnerability as initially reported in <a href="https://cert-portal.siemens.com/productcert/pdf/ssa-434032.pdf">SSA-434032</a> for the Mentor Nucleus Networking Module.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-270778.pdfSSA-270778 V1.6 (Last Update: 2021-01-12): Denial-of-Service Vulnerability in SIMATIC PCS 7, SIMATIC WinCC and SIMATIC NET PC Software2021-01-12T00:00:00+00:00<p>A Denial-of-Service vulnerability was found in SIMATIC PCS 7, SIMATIC WinCC and SIMATIC NET PC software when encrypted communication is enabled. The vulnerability could allow an attacker with network access to cause a Denial-of-Service condition under certain circumstances (versions prior to SIMATIC WinCC V7.3 or SIMATIC PCS 7 V8.1 are not affected as encrypted communication is not an option).</p>
<p>Siemens has released updates for several affected products and recommends that customers update to the latest version(s). Siemens is preparing further updates and recommends specific countermeasures until fixes are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-312271.pdfSSA-312271 V1.5 (Last Update: 2021-01-12): Unquoted Search Path Vulnerabilities in Windows-based Industrial Software Applications2021-01-12T00:00:00+00:00<p>The latest update for affected products fix local privilege escalation vulnerabilities that could allow authorized local users with administrative privileges to execute custom code with SYSTEM level privileges.</p>
<p>Siemens has released updates for some of the affected products, and is working on further updates. For the remaining affected products, Siemens recommends specific countermeasures until fixes are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-455843.pdfSSA-455843 V1.3 (Last Update: 2021-01-12): WIBU Systems CodeMeter Runtime Vulnerabilities in Siemens and Siemens Energy Products2021-01-12T00:00:00+00:00<p>CISA and WIBU Systems disclosed six vulnerabilities in different versions of CodeMeter Runtime, a product provided by WIBU Systems and used in several Siemens and Siemens Energy products for license management.</p>
<p>The vulnerabilities are described in the section “Vulnerability Classification” below and got assigned the CVE IDs CVE-2020-14509, CVE-2020-14513, CVE-2020-14515, CVE-2020-14517, CVE-2020-14519, and CVE-2020-16233. Successful exploitation of these vulnerabilities could allow an attacker to alter and forge a license file, cause a denial-of-service condition, attain remote code execution, or prevent normal operation of the Siemens software that depends on CodeMeter Runtime.</p>
<p>Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-473245.pdfSSA-473245 V1.9 (Last Update: 2021-01-12): Denial-of-Service Vulnerability in Profinet Devices2021-01-12T00:00:00+00:00<p>A vulnerability in affected devices could allow an attacker to perform a denial-of-service attack if a large amount of specially crafted UDP packets are sent to the device.</p>
<p>Siemens has released updates for several affected products, and recommends that customers update to the new version. Siemens is preparing further updates and recommends specific countermeasures until patches are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-604937.pdfSSA-604937 V1.2 (Last Update: 2021-01-12): Multiple Web Server Vulnerabilities in Opcenter Execution Core2021-01-12T00:00:00+00:00<p>Opcenter Execution Core (formerly known as Camstar Enterprise Platform) contains a cross-site scripting (CVE-2020-7576), an SQL injection (CVE-2020-7577), a privilege escalation (CVE-2020-7578), and an information disclosure vulnerability (CVE-2020-28930) in various versions of the product.</p>
<p>Siemens has released an update for Opcenter Execution Core and recommends to update to the latest version.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-629512.pdfSSA-629512 V1.2 (Last Update: 2021-01-12): Local Privilege Escalation Vulnerability in TIA Portal2021-01-12T00:00:00+00:00<p>The latest updates for TIA Portal fix a vulnerability that could allow a local attacker to execute arbitrary code with SYSTEM privileges.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest version(s).</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-478893.pdfSSA-478893 V1.0: TightVNC Vulnerabilities in Industrial Products2020-12-08T00:00:00+00:00<p>Multiple TightVNC (V1.x) vulnerabilities in the affected products could allow remote code execution and Denial-of-Service attacks under certain conditions.</p>
<p>Siemens has released updates for several affected products, is working on updates for the remaining affected products and recommends specific countermeasures until fixes are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-480824.pdfSSA-480824 V1.0: Multiple Vulnerabilities in LOGO! 8 BM2020-12-08T00:00:00+00:00<p>The latest update for LOGO! 8 BM fixes multiple vulnerabilities. The most severe could allow an attacker with network access to gain full control over the device.</p>
<p>Siemens has released updates for the affected products and recommends that customers update to the latest version.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-541017.pdfSSA-541017 V1.0: Embedded TCP/IP Stack Vulnerabilities (AMNESIA:33) in SIRIUS 3RW5 Modbus TCP and SENTRON PAC Devices2020-12-08T00:00:00+00:00<p>Recently security researchers discovered and disclosed 33 vulnerabilities in several open-source TCP/IP stacks for embedded devices, also known as “AMNESIA:33” vulnerabilities.</p>
<p>The Siemens products mentioned below are affected by one of these vulnerabilities (CVE-2020-13988).</p>
<p>Siemens has released updates for SENTRON PAC devices, is working on updates for SIRIUS 3RW5 communication module Modbus TCP, and recommends specific countermeasures for vulnerable product versions.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-700697.pdfSSA-700697 V1.0: Denial-of-Service Vulnerability in Web Server of SIMATIC Controllers2020-12-08T00:00:00+00:00<p>SIMATIC ET 200SP Open Controller V20.8 and SIMATIC S7-1500 Software Controller V20.8 are affected by a denial-of-service vulnerability in the web server.</p>
<p>Siemens has released updates for the affected products and recommends to update to the latest version.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-712690.pdfSSA-712690 V1.0: Vulnerabilities in XHQ Operations Intelligence2020-12-08T00:00:00+00:00<p>Multiple vulnerabilities have been identified in the XHQ Operations Intelligence product line. These vulnerabilities could allow for data injection in the XHQ’s web interfaces.</p>
<p>Siemens recommends to update XHQ Operations Intelligence product line to the newest version.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-087240.pdfSSA-087240 V1.2 (Last Update: 2020-12-08): Vulnerabilities in SIEMENS LOGO!2020-12-08T00:00:00+00:00<p>Two vulnerabilities have been identified in SIEMENS LOGO!8 BM devices. The most severe vulnerability could allow an attacker to hijack existing web sessions.</p>
<p>Siemens has released updates for the affected products and recommends that customers update to the latest version.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-102144.pdfSSA-102144 V1.1 (Last Update: 2020-12-08): Code Execution Vulnerability in LOGO! Soft Comfort2020-12-08T00:00:00+00:00<p>A vulnerability was identified in LOGO! Soft Comfort. The vulnerability could allow an attacker to execute arbitrary code if the attacker tricks a legitimate user to open a manipulated project.</p>
<p>Siemens has released an update for the LOGO! Soft Comfort and recommends that customers update to the latest version.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-102233.pdfSSA-102233 V1.3 (Last Update: 2020-12-08): SegmentSmack in VxWorks-based Industrial Devices2020-12-08T00:00:00+00:00<p>The products listed below contain a vulnerability that could allow remote attackers to affect the availability of the devices under certain conditions. The underlying TCP stack can be forced to make very computation expensive calls for every incoming packet which can lead to a Denial-of-Service.</p>
<p>Siemens is working on software updates for affected products and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-181018.pdfSSA-181018 V1.6 (Last Update: 2020-12-08): Heap Overflow Vulnerability in SCALANCE X switches, RUGGEDCOM Win, RFID 181EIP, and SIMATIC RF182C2020-12-08T00:00:00+00:00<p>SCALANCE X switches, RUGGEDCOM Win, RFID 181EIP, and SIMATIC RF182C are affected by a vulnerability that could allow an unprivileged attacker located in the same local network segment (OSI Layer 2) to gain system privileges by sending a specially crafted DHCP response to a client’s DHCP request.</p>
<p>Siemens has released updates for several affected products and recommends to update to the new versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-312271.pdfSSA-312271 V1.4 (Last Update: 2020-12-08): Unquoted Search Path Vulnerabilities in Windows-based Industrial Software Applications2020-12-08T00:00:00+00:00<p>The latest update for affected products fix local privilege escalation vulnerabilities that could allow authorized local users with administrative privileges to execute custom code with SYSTEM level privileges.</p>
<p>Siemens has released updates for some of the affected products, and is working on further updates. For the remaining affected products, Siemens recommends specific countermeasures until fixes are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-381684.pdfSSA-381684 V1.3 (Last Update: 2020-12-08): Improper Password Protection during Authentication in SIMATIC S7-300 and S7-400 CPUs and Derived Products2020-12-08T00:00:00+00:00<p>A vulnerability has been identified in SIMATIC S7-300 and S7-400 CPU families and derived products, which could result in credential disclosure.</p>
<p>Siemens recommends countermeasures as there are currently no fixes available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssb-439005.pdfSSB-439005 V3.0 (Last Update: 2020-12-08): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP2020-12-08T00:00:00+00:00https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdfSSA-462066 V2.1 (Last Update: 2020-12-08): Vulnerability known as TCP SACK PANIC in Industrial Products2020-12-08T00:00:00+00:00<p>Multiple industrial products are affected by a vulnerability in the kernel known as TCP SACK PANIC. The vulnerability could allow a remote attacker to cause a denial of service condition.</p>
<p>Siemens has released updates for several affected products and recommends to update to the new versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-480230.pdfSSA-480230 V2.1 (Last Update: 2020-12-08): Denial-of-Service in Webserver of Industrial Products2020-12-08T00:00:00+00:00<p>A vulnerability in the affected devices could allow an unauthorized attacker with network access to the webserver of an affected device to perform a denial-of-service attack.</p>
<p>Siemens has released updates for several affected products and recommends to update to the new versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-534763.pdfSSA-534763 V1.2 (Last Update: 2020-12-08): Special Register Buffer Data Sampling (SRBDS) aka Crosstalk in Industrial Products2020-12-08T00:00:00+00:00<p>Security researchers published information on a vulnerability known as Crosstalk (<a href="https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00320.html">INTEL-SA-00320</a>). This vulnerability affects modern Intel processors to a varying degree.</p>
<p>Several Siemens Industrial Products contain processors that are affected by the vulnerability.</p>
<p>Siemens is preparing updates and recommends specific countermeasures until fixes are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-542525.pdfSSA-542525 V1.2 (Last Update: 2020-12-08): Authentication Vulnerabilities in SIMATIC HMI Products2020-12-08T00:00:00+00:00<p>SIMATIC HMI Products are affected by two vulnerabilities that could allow a remote attacker to discover user passwords and obtain access to the Sm@rt Server via a brute-force attack.</p>
<p>Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-542701.pdfSSA-542701 V1.2 (Last Update: 2020-12-08): Vulnerabilities in SIEMENS LOGO!2020-12-08T00:00:00+00:00<p>Multiple vulnerabilities have been identified in SIEMENS LOGO!8 BM devices. The most severe vulnerability could lead to an attacker reading and modifying the device configuration if the attacker has access to port 10005/tcp.</p>
<p>Siemens has released an update for the LOGO! 8 BM (incl. SIPLUS variants) and recommends that customers update to the latest version.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-616472.pdfSSA-616472 V1.7 (Last Update: 2020-12-08): ZombieLoad and Microarchitectural Data Sampling Vulnerabilities in Industrial Products2020-12-08T00:00:00+00:00<p>Security researchers published information on vulnerabilities known as ZombieLoad and Microarchitectural Data Sampling (MDS). These vulnerabilities affect many modern processors from different vendors to a varying degree.</p>
<p>Several Siemens Industrial Products contain processors that are affected by the vulnerabilities.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-689942.pdfSSA-689942 V1.2 (Last Update: 2020-12-08): Denial-of-Service and DLL Hijacking Vulnerabilities in Multiple SIMATIC Software Products2020-12-08T00:00:00+00:00<p>Multiple SIMATIC Software products are affected by two vulnerabilities that could allow an attacker to manipulate project files that may lead to Remote Code Execution or Denial-of-Service attacks.</p>
<p>Siemens has released updates to some of the affected products and recommends that customers update to the latest version. Siemens is preparing further updates and recommends specific workarounds and mitigations until patches are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-712518.pdfSSA-712518 V1.1 (Last Update: 2020-12-08): Information Disclosure Vulnerability (Kr00k) in Industrial Wi-Fi Products2020-12-08T00:00:00+00:00<p>An information disclosure vulnerability (CVE-2019-15126, also known as Kr00k) could allow an attacker to read a discrete set of traffic over the air after a Wi-Fi device state change.</p>
<p>Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-780073.pdfSSA-780073 V1.6 (Last Update: 2020-12-08): Denial-of-Service Vulnerability in PROFINET Devices via DCE-RPC Packets2020-12-08T00:00:00+00:00<p>Products that include the Siemens PROFINET-IO (PNIO) stack in versions prior V06.00 are potentially affected by a denial-of-service vulnerability when multiple legitimate diagnostic package requests are sent to the DCE-RPC interface.</p>
<p>Siemens has released updates for several affected products and recommends to update to the new versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
<p>Additionally, Siemens recommends other vendors of PROFINET devices to check if their products have incorporated a vulnerable version of the Siemens PNIO stack as part of the Siemens Development/Evaluation Kits.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-817401.pdfSSA-817401 V1.1 (Last Update: 2020-12-08): Missing Authentication Vulnerability in SIEMENS LOGO!2020-12-08T00:00:00+00:00<p>A missing authentication vulnerability has been identified in SIEMENS LOGO!8 BM devices. The vulnerability could lead to an attacker reading and modifying the device configuration and obtain project files from the devices if the attacker has access to port 135/tcp.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdfSSA-841348 V1.4 (Last Update: 2020-12-08): Multiple Vulnerabilities in the UMC Stack2020-12-08T00:00:00+00:00<p>The latest update for the below listed products fixes two security vulnerabilities that could allow an attacker to cause a partial Denial-of-Service on the UMC component of the affected devices under certain circumstances, and one vulnerability that could allow an attacker to locally escalate privileges from a user with administrative privileges to execute code with SYSTEM level privileges.</p>
<p>Siemens has released updates for several affected products and recommends that customers update to the latest version. Siemens is preparing further updates and recommends specific countermeasures until patches are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-431802.pdfSSA-431802 (Last Update: 2020-11-10): Multiple Vulnerabilities in SCALANCE W1750D2020-11-10T00:00:00+00:00<p>Siemens SCALANCE W1750D is a brandlabled device. Aruba has released a related security advisory (ARUBA-PSA-2016-004) [0] disclosing vulnerabilities in its Aruba Instant product line. The advisory contains multiple related vulnerabilities that are summarized in CVE-2016-2031.</p>
<p>This advisory is a reminder to customers that the PAPI protocol is not a secure protocol and that some device configurations must be taken to mitigate risks. Although this information was previously disclosed, an impending public disclosure by the Google Security Team (focused on Aruba Instant) will call out the vulnerable details of this protocol and bring it to the attention of the attacker community.</p>
<p>Siemens recommends specific countermeasures until fixes are available.</p>
<p>[0] <a href="https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2016-004.txt" class="uri">https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2016-004.txt</a></p>
https://cert-portal.siemens.com/productcert/pdf/ssa-492828.pdfSSA-492828 (Last Update: 2020-11-10): Denial-of-Service Vulnerability in SIMATIC S7-300 CPUs and SINUMERIK Controller2020-11-10T00:00:00+00:00<p>A vulnerability in S7-300 might allow an attacker to cause a Denial-of-Service condition on port 102 of the affected devices by sending specially crafted packets.</p>
<p>Siemens is preparing updates and recommends specific countermeasures until fixes are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-381684.pdfSSA-381684 (Last Update: 2020-11-10): Improper Password Protection during Authentication in SIMATIC S7-300 and S7-400 CPUs and Derived Products2020-11-10T00:00:00+00:00<p>A vulnerability has been identified in SIMATIC S7-300 and S7-400 CPU families and derived products, which could result in credential disclosure.</p>
<p>Siemens recommends countermeasures as there are currently no fixes available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-455843.pdfSSA-455843 (Last Update: 2020-11-10): WIBU Systems CodeMeter Runtime Vulnerabilities in Siemens and Siemens Energy Products2020-11-10T00:00:00+00:00<p>CISA and WIBU Systems disclosed six vulnerabilities in different versions of CodeMeter Runtime, a product provided by WIBU Systems and used in several Siemens and Siemens Energy products for license management.</p>
<p>The vulnerabilities are described in the section “Vulnerability Classification” below and got assigned the CVE IDs CVE-2020-14509, CVE-2020-14513, CVE-2020-14515, CVE-2020-14517, CVE-2020-14519, and CVE-2020-16233. Successful exploitation of these vulnerabilities could allow an attacker to alter and forge a license file, cause a denial-of-service condition, attain remote code execution, or prevent normal operation of the Siemens software that depends on CodeMeter Runtime.</p>
<p>Siemens is working on software updates for affected products and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdfSSA-841348 (Last Update: 2020-11-10): Multiple Vulnerabilities in the UMC Stack2020-11-10T00:00:00+00:00<p>The latest update for the below listed products fixes two security vulnerabilities that could allow an attacker to cause a partial Denial-of-Service on the UMC component of the affected devices under certain circumstances, and one vulnerability that could allow an attacker to locally escalate privileges from a user with administrative privileges to execute code with SYSTEM level privileges.</p>
<p>Siemens has released updates for several affected products and recommends that customers update to the latest version. Siemens is preparing further updates and recommends specific countermeasures until patches are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssb-439005.pdfSSB-439005 (Last Update: 2020-11-10): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP2020-11-10T00:00:00+00:00https://cert-portal.siemens.com/productcert/pdf/ssa-381684.pdfSSA-381684 (Last Update: 2020-10-13): Improper Password Protection during Authentication in SIMATIC S7-300 and S7-400 CPUs and Derived Products2020-10-13T00:00:00+00:00<p>A vulnerability has been identified in SIMATIC S7-300 and S7-400 CPU families and derived products, which could result in credential disclosure.</p>
<p>Siemens recommends countermeasures as there are currently no fixes available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-398519.pdfSSA-398519 (Last Update: 2020-10-13): Vulnerabilities in Intel CPUs (November 2019)2020-10-13T00:00:00+00:00<p>Intel has published information on vulnerabilities in Intel products in <a href="https://blogs.intel.com/technology/2019/11/ipas-november-2019-intel-platform-update-ipu/#gs.jdy72s">November 2019</a>. In this advisory Siemens only explicitly mentions the vulnerabilities from the “Intel® CPU Security Advisory” and one vulnerability from “Intel® CSME, Intel® SPS, Intel® TXE, Intel® AMT, Intel® PTT and Intel® DAL Advisory” and lists the Siemens IPC related products that are affected by these vulnerabilities. For further information about BIOS updates related to Intel CPU vulnerabilities see: <a href="https://support.industry.siemens.com/cs/ww/en/view/109747626" class="uri">https://support.industry.siemens.com/cs/ww/en/view/109747626</a>.</p>
<p>Several Siemens Industrial Products contain processors that are affected by the vulnerabilities. Siemens has released updates for several affected products and is currently working on BIOS updates that include chipset microcode updates for further products.</p>
https://cert-portal.siemens.com/productcert/pdf/ssb-439005.pdfSSB-439005 (Last Update: 2020-10-13): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP2020-10-13T00:00:00+00:00https://cert-portal.siemens.com/productcert/pdf/ssa-455843.pdfSSA-455843 (Last Update: 2020-10-13): WIBU Systems CodeMeter Runtime Vulnerabilities in Siemens and Siemens Energy Products2020-10-13T00:00:00+00:00<p>CISA and WIBU Systems disclosed six vulnerabilities in different versions of CodeMeter Runtime, a product provided by WIBU Systems and used in several Siemens and Siemens Energy products for license management.</p>
<p>The vulnerabilities are described in the section “Vulnerability Classification” below and got assigned the CVE IDs CVE-2020-14509, CVE-2020-14513, CVE-2020-14515, CVE-2020-14517, CVE-2020-14519, and CVE-2020-16233. Successful exploitation of these vulnerabilities could allow an attacker to alter and forge a license file, cause a denial-of-service condition, attain remote code execution, or prevent normal operation of the Siemens software that depends on CodeMeter Runtime.</p>
<p>Siemens is working on software updates for affected products and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdfSSA-462066 (Last Update: 2020-10-13): Vulnerability known as TCP SACK PANIC in Industrial Products2020-10-13T00:00:00+00:00<p>Multiple industrial products are affected by a vulnerability in the kernel known as TCP SACK PANIC. The vulnerability could allow a remote attacker to cause a denial of service condition.</p>
<p>Siemens has released updates for several affected products and recommends to update to the new versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-534763.pdfSSA-534763 (Last Update: 2020-10-13): Special Register Buffer Data Sampling (SRBDS) aka Crosstalk in Industrial Products2020-10-13T00:00:00+00:00<p>Security researchers published information on a vulnerability known as Crosstalk (<a href="https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00320.html">INTEL-SA-00320</a>). This vulnerability affects modern Intel processors to a varying degree.</p>
<p>Several Siemens Industrial Products contain processors that are affected by the vulnerability.</p>
<p>Siemens is preparing updates and recommends specific countermeasures until fixes are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-689071.pdfSSA-689071 (Last Update: 2020-10-13): DNSMasq Vulnerabilities in SCALANCE W1750D, SCALANCE M-800 / S615 and RUGGEDCOM RM12242020-10-13T00:00:00+00:00<p>Multiple vulnerabilities have been identified in SCALANCE W1750D, SCALANCE M-800 / S615 and RUGGEDCOM RM1224 devices. The highest scored vulnerability could allow a remote attacker to crash the DNS service or execute arbitrary code. The attacker must be able to craft malicious DNS responses and inject them into the network in order to exploit the vulnerability.</p>
<p>Siemens has released updates for the affected devices, recommends to update, and provides specific countermeasures for unpatched devices.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-251935.pdfSSA-251935 (Last Update: 2020-09-08): Multiple Privilege Escalation Vulnerabilities in SIMATIC RTLS Locating Manager2020-09-08T00:00:00+00:00<p>The latest update for SIMATIC RTLS Locating Manager fixes various vulnerabilities that could allow a low-privileged local user to escalate privileges.</p>
<p>Siemens recommends to apply the update of the SIMATIC RTLS Locating Manager.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-381684.pdfSSA-381684 (Last Update: 2020-09-08): Improper Password Protection during Authentication in SIMATIC S7-300 and S7-400 CPUs2020-09-08T00:00:00+00:00<p>A vulnerability has been identified in SIMATIC S7-300 and S7-400 CPU families, which could result in credential disclosure.</p>
<p>Siemens recommends countermeasures as there are currently no fixes available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-436520.pdfSSA-436520 (Last Update: 2020-09-08): XSS and CSRF Vulnerabilities in Polarion Subversion Webclient2020-09-08T00:00:00+00:00<p>Multiple cross-site scripting (XSS) vulnerabilities were found in the subversion webclient of Polarion. In addition, the webclient doesn’t have any cross-site request forgery (CSRF) protection. An attacker could inject client side script to induce the victim to issue an HTTP request that would lead to a state changing operation. Siemens recommends specific countermeasures as there are currently no fixes available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-455843.pdfSSA-455843 (Last Update: 2020-09-08): WIBU Systems CodeMeter Runtime Vulnerabilities in Siemens and Siemens Energy Products2020-09-08T00:00:00+00:00<p>CISA and WIBU Systems disclosed six vulnerabilities in different versions of CodeMeter Runtime, a product provided by WIBU Systems and used in several Siemens and Siemens Energy products for license management.</p>
<p>The vulnerabilities are described in the section “Vulnerability Classification” below and got assigned the CVE IDs CVE-2020-14509, CVE-2020-14513, CVE-2020-14515, CVE-2020-14517, CVE-2020-14519, and CVE-2020-16233. Successful exploitation of these vulnerabilities could allow an attacker to alter and forge a license file, cause a denial-of-service condition, attain remote code execution, or prevent normal operation of the Siemens software that depends on CodeMeter Runtime.</p>
<p>Siemens is working on software updates for affected products and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-534763.pdfSSA-534763 (Last Update: 2020-09-08): Special Register Buffer Data Sampling (SRBDS) aka Crosstalk in Industrial Products2020-09-08T00:00:00+00:00<p>Security researchers published information on a vulnerability known as Crosstalk (<a href="https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00320.html">INTEL-SA-00320</a>). This vulnerability affects modern Intel processors to a varying degree.</p>
<p>Several Siemens Industrial Products contain processors that are affected by the vulnerability.</p>
<p>Siemens is preparing updates and recommends specific countermeasures until fixes are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-542525.pdfSSA-542525 (Last Update: 2020-09-08): Authentication Vulnerabilities in SIMATIC HMI Products2020-09-08T00:00:00+00:00<p>SIMATIC HMI Products are affected by two vulnerabilities that could allow a remote attacker to discover user passwords and obtain access to the Sm@rt Server via a brute-force attack.</p>
<p>Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-102233.pdfSSA-102233 (Last Update: 2020-09-08): SegmentSmack in VxWorks-based Industrial Devices2020-09-08T00:00:00+00:00<p>The latest updates for the affected products fix a vulnerability that could allow remote attackers to affect the availability of the devices under certain conditions.</p>
<p>The underlying TCP stack can be forced to make very computation expensive calls for every incoming packet which can lead to a Denial-of-Service.</p>
<p>Siemens is working on software updates for affected products and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-270778.pdfSSA-270778 (Last Update: 2020-09-08): Denial-of-Service Vulnerability in SIMATIC PCS 7, SIMATIC WinCC and SIMATIC NET PC Software2020-09-08T00:00:00+00:00<p>A Denial-of-Service vulnerability was found in SIMATIC PCS 7, SIMATIC WinCC and SIMATIC NET PC software when encrypted communication is enabled. The vulnerability could allow an attacker with network access to cause a Denial-of-Service condition under certain circumstances (versions prior to SIMATIC WinCC V7.3 or SIMATIC PCS 7 V8.1 are not affected as encrypted communication is not an option).</p>
<p>Siemens has released updates for several affected products and recommends that customers update to the latest version(s). Siemens is preparing further updates and recommends specific countermeasures until patches are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-312271.pdfSSA-312271 (Last Update: 2020-09-08): Unquoted Search Path Vulnerabilities in Windows-based Industrial Software Applications2020-09-08T00:00:00+00:00<p>The latest update for affected products fix local privilege escalation vulnerabilities that could allow authorized local users with administrative privileges to execute custom code with SYSTEM level privileges.</p>
<p>Siemens has released updates for some of the affected products, and is working on further updates. For the remaining affected products, Siemens recommends specific countermeasures until fixes are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-377115.pdfSSA-377115 (Last Update: 2020-09-08): SegmentSmack in Linux IP-Stack based Industrial Devices2020-09-08T00:00:00+00:00<p>The latest updates for the affected products fix a vulnerability that could allow remote attackers to affect the availability of the devices under certain conditions.</p>
<p>The underlying TCP stack can be forced to make very computation expensive calls for every incoming packet which can lead to a Denial-of-Service.</p>
<p>Siemens has released updates for the affected products and recommends to update to the new versions.</p>
https://cert-portal.siemens.com/productcert/pdf/ssb-439005.pdfSSB-439005 (Last Update: 2020-09-08): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP2020-09-08T00:00:00+00:00https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdfSSA-462066 (Last Update: 2020-09-08): Vulnerability known as TCP SACK PANIC in Industrial Products2020-09-08T00:00:00+00:00<p>Multiple industrial products are affected by a vulnerability in the kernel known as TCP SACK PANIC. The vulnerability could allow a remote attacker to cause a denial of service condition.</p>
<p>Siemens has released updates for several affected products and recommends to update to the new versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-473245.pdfSSA-473245 (Last Update: 2020-09-08): Denial-of-Service Vulnerability in Profinet Devices2020-09-08T00:00:00+00:00<p>A vulnerability in affected devices could allow an attacker to perform a denial-of-service attack if a large amount of specially crafted UDP packets are sent to the device.</p>
<p>Siemens has released updates for several affected products, and recommends that customers update to the new version. Siemens is preparing further updates and recommends specific countermeasures until patches are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-480230.pdfSSA-480230 (Last Update: 2020-09-08): Denial-of-Service in Webserver of Industrial Products2020-09-08T00:00:00+00:00<p>A vulnerability in the affected devices could allow an unauthorized attacker with network access to the webserver of an affected device to perform a denial-of-service attack.</p>
<p>Siemens has released updates for several affected products and recommends to update to the new versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-780073.pdfSSA-780073 (Last Update: 2020-09-08): Denial-of-Service Vulnerability in PROFINET Devices via DCE-RPC Packets2020-09-08T00:00:00+00:00<p>Products that include the Siemens PROFINET-IO (PNIO) stack in versions prior V06.00 are potentially affected by a denial-of-service vulnerability when multiple legitimate diagnostic package requests are sent to the DCE-RPC interface.</p>
<p>Siemens has released updates for several affected products and recommends to update to the new versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
<p>Additionally, Siemens recommends other vendors of PROFINET devices to check if their products have incorporated a vulnerable version of the Siemens PNIO stack as part of the Siemens Development/Evaluation Kits.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdfSSA-841348 (Last Update: 2020-09-08): Multiple Vulnerabilities in the UMC Stack2020-09-08T00:00:00+00:00<p>The latest update for the below listed products fixes two security vulnerabilities that could allow an attacker to cause a partial Denial-of-Service on the UMC component of the affected devices under certain circumstances, and one vulnerability that could allow an attacker to locally escalate privileges from a user with administrative privileges to execute code with SYSTEM level privileges.</p>
<p>Siemens has released updates for several affected products and recommends that customers update to the latest version. Siemens is preparing further updates and recommends specific countermeasures until patches are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-388646.pdfSSA-388646 (Last Update: 2020-08-11): Local Privilege Escalation in Automation License Manager2020-08-11T00:00:00+00:00<p>The latest update for Automation License Manager (ALM) fixes a vulnerability that could allow local users to locally escalate privileges and modify files that should be protected against writing.</p>
<p>Siemens has released an update for ALM 6 and recommends that customers update to the latest version. Siemens recommends specific countermeasures for ALM 5 as currently there are no fixes available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-712518.pdfSSA-712518 (Last Update: 2020-08-11): Information Disclosure Vulnerability (Kr00k) in Industrial Wi-Fi Products2020-08-11T00:00:00+00:00<p>An information disclosure vulnerability (CVE-2019-15126, also known as Kr00k) could allow an attacker to read a discrete set of traffic over the air after a Wi-Fi device state change.</p>
<p>Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-809841.pdfSSA-809841 (Last Update: 2020-08-11): Buffer Overflow Vulnerability in Third-Party Component pppd2020-08-11T00:00:00+00:00<p>The latest update for SCALANCE M-800 / S615 and RUGGEDCOM RM1224 devices fixes a buffer overflow vulnerability in the third party component pppd that could allow an attacker with network access to an affected device to execute custom code on the device.</p>
<p>Siemens has released updates for affected devices and recommends specific countermeasures.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-102233.pdfSSA-102233 (Last Update: 2020-08-11): SegmentSmack in VxWorks-based Industrial Devices2020-08-11T00:00:00+00:00<p>The latest updates for the affected products fix a vulnerability that could allow remote attackers to affect the availability of the devices under certain conditions.</p>
<p>The underlying TCP stack can be forced to make very computation expensive calls for every incoming packet which can lead to a Denial-of-Service.</p>
<p>Siemens is working on software updates for affected products and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-293562.pdfSSA-293562 (Last Update: 2020-08-11): Vulnerabilities in Industrial Products2020-08-11T00:00:00+00:00<p>Several industrial devices are affected by two vulnerabilities that could allow an attacker to cause a Denial-of-Service condition via PROFINET DCP network packets under certain circumstances. The precondition for this scenario is a direct layer 2 access to the affected products. PROFIBUS interfaces are not affected.</p>
<p>Siemens has released updates for several affected products and recommends to update to the new versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-312271.pdfSSA-312271 (Last Update: 2020-08-11): Unquoted Search Path Vulnerabilities in Windows-based Industrial Software Applications2020-08-11T00:00:00+00:00<p>The latest update for affected products fix local privilege escalation vulnerabilities that could allow authorized local users with administrative privileges to execute custom code with SYSTEM level privileges.</p>
<p>Siemens has released updates for some of the affected products, and is working on further updates. For the remaining affected products, Siemens recommends specific countermeasures until fixes are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-346262.pdfSSA-346262 (Last Update: 2020-08-11): Denial-of-Service in Industrial Products2020-08-11T00:00:00+00:00<p>Several industrial products are affected by a vulnerability that could allow remote attackers to conduct a Denial-of-Service (DoS) attack by sending specially crafted packets to port 161/udp (SNMP).</p>
<p>Siemens has released updates for several affected products, and recommends that customers update to the new version. Siemens is preparing further updates and recommends specific countermeasures until patches are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-349422.pdfSSA-349422 (Last Update: 2020-08-11): Denial-of-Service in Industrial Real-Time (IRT) Devices2020-08-11T00:00:00+00:00<p>A vulnerability in the affected products could allow an unauthorized attacker with network access to perform a denial-of-service attack resulting in loss of real-time synchronization.</p>
<p>Siemens has released updates for several affected products, and recommends that customers update to the new version. Siemens is preparing further updates and recommends specific countermeasures until updates are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssb-439005.pdfSSB-439005 (Last Update: 2020-08-11): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP2020-08-11T00:00:00+00:00https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdfSSA-462066 (Last Update: 2020-08-11): Vulnerability known as TCP SACK PANIC in Industrial Products2020-08-11T00:00:00+00:00<p>Multiple industrial products are affected by a vulnerability in the kernel known as TCP SACK PANIC. The vulnerability could allow a remote attacker to cause a denial of service condition.</p>
<p>Siemens has released updates for several affected products and recommends to update to the new versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-473245.pdfSSA-473245 (Last Update: 2020-08-11): Denial-of-Service Vulnerability in Profinet Devices2020-08-11T00:00:00+00:00<p>A vulnerability in affected devices could allow an attacker to perform a denial-of-service attack if a large amount of specially crafted UDP packets are sent to the device.</p>
<p>Siemens has released updates for several affected products, and recommends that customers update to the new version. Siemens is preparing further updates and recommends specific countermeasures until patches are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-480230.pdfSSA-480230 (Last Update: 2020-08-11): Denial-of-Service in Webserver of Industrial Products2020-08-11T00:00:00+00:00<p>A vulnerability in the affected devices could allow an unauthorized attacker with network access to the webserver of an affected device to perform a denial-of-service attack.</p>
<p>Siemens has released updates for several affected products and recommends to update to the new versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-535640.pdfSSA-535640 (Last Update: 2020-08-11): Vulnerability in Industrial Products2020-08-11T00:00:00+00:00<p>Various industrial products use the Discovery Service of the OPC UA protocol stack by the OPC foundation <a href="https://github.com/OPCFoundation/UA-.NETStandard" class="uri">https://github.com/OPCFoundation/UA-.NETStandard</a> and could therefore be affected by the remote resource consumption attacks (CVE-2017-12069).</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-591405.pdfSSA-591405 (Last Update: 2020-08-11): Web Vulnerabilities in SCALANCE S-600 Family2020-08-11T00:00:00+00:00<p>The firmware for SCALANCE S-600 family devices contains multiple web vulnerabilities. The vulnerabilities could allow an remote attacker to conduct Denial-of-Service attacks or perform Cross-Site Scripting attacks.</p>
<p>Siemens recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-604937.pdfSSA-604937 (Last Update: 2020-08-11): Multiple Web Server Vulnerabilities in Opcenter Execution Core2020-08-11T00:00:00+00:00<p>Opcenter Execution Core (formerly known as Camstar Enterprise Platform) contains a Cross-Site-Scripting, an SQL injection and an information disclosure vulnerability.</p>
<p>Siemens recommends to update to the latest version of Opcenter Execution Core that fixes two vulnerabilities and recommends specific countermeasures for the remaining vulnerability.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-780073.pdfSSA-780073 (Last Update: 2020-08-11): Denial-of-Service Vulnerability in PROFINET Devices via DCE-RPC Packets2020-08-11T00:00:00+00:00<p>Products that include the Siemens PROFINET-IO (PNIO) stack in versions prior V06.00 are potentially affected by a denial-of-service vulnerability when multiple legitimate diagnostic package requests are sent to the DCE-RPC interface.</p>
<p>Siemens has released updates for several affected products, and recommends that customers update to the new version. Siemens is preparing further updates and recommends specific countermeasures until patches are available.</p>
<p>Additionally, Siemens recommends other vendors of PROFINET devices to check if their products have incorporated a vulnerable version of the Siemens PNIO stack as part of the Siemens Development/Evaluation Kits.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdfSSA-841348 (Last Update: 2020-08-11): Multiple Vulnerabilities in the UMC Stack2020-08-11T00:00:00+00:00<p>The latest update for the below listed products fixes two security vulnerabilities that could allow an attacker to cause a partial Denial-of-Service on the UMC component of the affected devices under certain circumstances, and one vulnerability that could allow an attacker to locally escalate privileges from a user with administrative privileges to execute code with SYSTEM level privileges.</p>
<p>Siemens has released updates for several affected products and recommends that customers update to the latest version. Siemens is preparing further updates and recommends specific countermeasures until patches are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-978220.pdfSSA-978220 (Last Update: 2020-08-11): Denial-of-Service Vulnerability over SNMP in Multiple Industrial Products2020-08-11T00:00:00+00:00<p>Several industrial products are affected by a vulnerability that could allow remote attackers to conduct a Denial-of-Service (DoS) attack by sending specially crafted packets to port 161/udp (SNMP).</p>
<p>Siemens has released updates for several affected products and recommends to update to the new versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-270778.pdfSSA-270778 (Last Update: 2020-07-14): Denial-of-Service Vulnerability in SIMATIC PCS 7, SIMATIC WinCC and SIMATIC NET PC Software2020-07-14T00:00:00+00:00<p>A Denial-of-Service vulnerability was found in SIMATIC PCS 7, SIMATIC WinCC and SIMATIC NET PC software when encrypted communication is enabled. The vulnerability could allow an attacker with network access to cause a Denial-of-Service condition under certain circumstances (versions prior to SIMATIC WinCC V7.3 or SIMATIC PCS 7 V8.1 are not affected as encrypted communication is not an option).</p>
<p>Siemens has released updates for several affected products and recommends that customers update to the latest version(s). Siemens is preparing further updates and recommends specific countermeasures until patches are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-293562.pdfSSA-293562 (Last Update: 2020-07-14): Vulnerabilities in Industrial Products2020-07-14T00:00:00+00:00<p>Several industrial devices are affected by two vulnerabilities that could allow an attacker to cause a Denial-of-Service condition via PROFINET DCP network packets under certain circumstances. The precondition for this scenario is a direct layer 2 access to the affected products. PROFIBUS interfaces are not affected.</p>
<p>Siemens has released updates for several affected products, is working on updates for the remaining affected products and recommends specific countermeasures until fixes are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-312271.pdfSSA-312271 (Last Update: 2020-07-14): Unquoted Search Path Vulnerabilities in Windows-based Industrial Software Applications2020-07-14T00:00:00+00:00<p>The latest update for affected products fix local privilege escalation vulnerabilities that could allow authorized local users with administrative privileges to execute custom code with SYSTEM level privileges.</p>
<p>Siemens has released updates for some of the affected products, and is working on further updates. For the remaining affected products, Siemens recommends specific countermeasures until fixes are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-346262.pdfSSA-346262 (Last Update: 2020-07-14): Denial-of-Service in Industrial Products2020-07-14T00:00:00+00:00<p>Several industrial products are affected by a vulnerability that could allow remote attackers to conduct a Denial-of-Service (DoS) attack by sending specially crafted packets to port 161/udp (SNMP).</p>
<p>Siemens has released updates for several affected products, and recommends that customers update to the new version. Siemens is preparing further updates and recommends specific countermeasures until patches are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-364335.pdfSSA-364335 (Last Update: 2020-07-14): Clear Text Transmission Vulnerability on SIMATIC HMI Panels2020-07-14T00:00:00+00:00<p>A clear text transmission vulnerability in SIMATIC HMI panels could allow an attacker to access sensitive information under certain circumstances.</p>
<p>Siemens recommends specific countermeasures to mitigate this vulnerability.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-398519.pdfSSA-398519 (Last Update: 2020-07-14): Vulnerabilities in Intel CPUs (November 2019)2020-07-14T00:00:00+00:00<p>Intel has published information on vulnerabilities in Intel products in <a href="https://blogs.intel.com/technology/2019/11/ipas-november-2019-intel-platform-update-ipu/#gs.jdy72s">November 2019</a>. In this advisory Siemens only explicitly mentions the vulnerabilities from the “Intel® CPU Security Advisory” and one vulnerability from “Intel® CSME, Intel® SPS, Intel® TXE, Intel® AMT, Intel® PTT and Intel® DAL Advisory” and lists the Siemens IPC related products that are affected by these vulnerabilities. For further information about BIOS updates related to Intel CPU vulnerabilities see: <a href="https://support.industry.siemens.com/cs/ww/en/view/109747626" class="uri">https://support.industry.siemens.com/cs/ww/en/view/109747626</a>.</p>
<p>Several Siemens Industrial Products contain processors that are affected by the vulnerabilities. Siemens has released updates for several affected products and is currently working on BIOS updates that include chipset microcode updates for further products.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-473245.pdfSSA-473245 (Last Update: 2020-07-14): Denial-of-Service Vulnerability in Profinet Devices2020-07-14T00:00:00+00:00<p>A vulnerability in affected devices could allow an attacker to perform a denial-of-service attack if a large amount of specially crafted UDP packets are sent to the device.</p>
<p>Siemens has released updates for several affected products, and recommends that customers update to the new version. Siemens is preparing further updates and recommends specific countermeasures until patches are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-508982.pdfSSA-508982 (Last Update: 2020-07-14): Denial-of-Service Vulnerability in SIMATIC S7-300 CPUs, SIMATIC TDC, and SINUMERIK Controller over Profinet2020-07-14T00:00:00+00:00<p>The latest firmware update for the S7-300 CPUs fixes a vulnerability that could allow an unauthenticated attacker with network access to cause a denial-of-service condition. SINUMERIK 840D sl Controller, which contains a S7-300 CPU, is also affected, as well as SIMATIC TDC.</p>
<p>Siemens has released updates for several affected products and recommends that customers update to the latest version(s).</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-573753.pdfSSA-573753 (Last Update: 2020-07-14): Remote Code Execution in Siemens LOGO! Web Server2020-07-14T00:00:00+00:00<p>The latest update for LOGO! 8 BM devices fixes a vulnerability that could allow remote code execution in the web server functionality.</p>
<p>Siemens provides a firmware update for the latest versions of LOGO! BM.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-589181.pdfSSA-589181 (Last Update: 2020-07-14): Denial-Of-Service in SIMATIC S7-200 SMART CPU Family Devices2020-07-14T00:00:00+00:00<p>The latest update for SIMATIC S7-200 SMART fixes a vulnerability that could allow an attacker to cause a permanent Denial-of-Service of an affected device by sending a large number of crafted packets.</p>
<p>Siemens has released an update for the SIMATIC S7-200 SMART CPU family and recommends that customers update to the latest version.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-604937.pdfSSA-604937 (Last Update: 2020-07-14): Multiple Web Server Vulnerabilities in Opcenter Execution Core2020-07-14T00:00:00+00:00<p>The latest update of Opcenter Execution Core fixes multiple vulnerabilities where the most severe could allow an attacker to perform a cross-site scripting (XSS) attack under certain conditions.</p>
<p>Siemens has released an update for the Opcenter Execution Core and recommends that customers update to the latest version. Siemens recommends specific countermeasures as there are currently no further fixes available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-631949.pdfSSA-631949 (Last Update: 2020-07-14): Ripple20 and Intel SPS Vulnerabilities in SPPA-T3000 Solutions2020-07-14T00:00:00+00:00<p>SPPA-T3000 solutions are affected by vulnerabilities that were recently dislosed by JSOF research lab (“<a href="https://www.jsof-tech.com/ripple20/">Ripple20</a>”) for the TCP/IP stack used in APC UPS systems, and by Intel for the Server Platform Services (<a href="https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00295.html">SPS</a>) used in SPPA-T3000 Application Server and Terminal Server hardware.</p>
<p>The advisory provides information to what amount SPAA-T3000 solutions are affected. Detailed information, including solution and mitigation measures, are available for SPPA-T3000 customers in the <a href="https://www.cp4ic.siemens.com/">Siemens Energy Customer Portal</a>.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-671286.pdfSSA-671286 (Last Update: 2020-07-14): Multiple Vulnerabilities in SCALANCE Products2020-07-14T00:00:00+00:00<p>The latest updates for the below mentioned products contain fixes for multiple vulnerabilities. The most severe could allow authenticated local users with physical access to the device to execute arbitrary commands on the device under certain conditions.</p>
<p>Siemens has released updates for the affected products and recommends that customers update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-689942.pdfSSA-689942 (Last Update: 2020-07-14): Denial-of-Service and DLL Hijacking Vulnerabilities in Multiple SIMATIC Software Products2020-07-14T00:00:00+00:00<p>Multiple SIMATIC Software products are affected by two vulnerabilities that could allow an attacker to manipulate project files that may lead to Remote Code Execution or Denial-of-Service attacks.</p>
<p>Siemens has released updates to some of the affected products and recommends that customers update to the latest version. Siemens is preparing further updates and recommends specific workarounds and mitigations until patches are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdfSSA-841348 (Last Update: 2020-07-14): Multiple Vulnerabilities in the UMC Stack2020-07-14T00:00:00+00:00<p>The latest update for the below listed products fixes two security vulnerabilities that could allow an attacker to cause a partial Denial-of-Service on the UMC component of the affected devices under certain circumstances, and one vulnerability that could allow an attacker to locally escalate privileges from a user with administrative privileges to execute code with SYSTEM level privileges.</p>
<p>Siemens has released updates for several affected products and recommends that customers update to the latest version. Siemens is preparing further updates and recommends specific countermeasures until patches are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-978220.pdfSSA-978220 (Last Update: 2020-07-14): Denial-of-Service Vulnerability over SNMP in Multiple Industrial Products2020-07-14T00:00:00+00:00<p>Several industrial products are affected by a vulnerability that could allow remote attackers to conduct a Denial-of-Service (DoS) attack by sending specially crafted packets to port 161/udp (SNMP).</p>
<p>Siemens has released updates for several affected products, and recommends that customers update to the new version. Siemens is preparing further updates and recommends specific countermeasures until patches are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssb-439005.pdfSSB-439005 (Last Update: 2020-07-14): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP2020-07-14T00:00:00+00:00https://cert-portal.siemens.com/productcert/pdf/ssa-686531.pdfSSA-686531 (Last Update: 2020-07-14): Hardware based manufacturing access on S7-1200 and S7-200 SMART2020-07-14T00:00:00+00:00<p>There is an access mode used during manufacturing of SIMATIC S7-1200 and S7-200 SMART CPUs that allows additional diagnostic functionality. Using this functionality requires physical access to the CPU during boot process.</p>
<p>If additional protection from unauthorized use is needed Siemens provides specific countermeasures via an update of the device boot loader.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-312271.pdfSSA-312271 (Last Update: 2020-06-09): Unquoted Search Path Vulnerabilities in Windows-based Industrial Software Applications2020-06-09T00:00:00+00:00<p>The latest update for affected products fix local privilege escalation vulnerabilities that could allow authorized local users with administrative privileges to execute custom code with SYSTEM level privileges.</p>
<p>Siemens has released updates for some of the affected products, and is working on further updates. For the remaining affected products, Siemens recommends specific countermeasures until fixes are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-689942.pdfSSA-689942 (Last Update: 2020-06-09): Denial-of-Service and DLL Hijacking Vulnerabilities in Multiple SIMATIC Software Products2020-06-09T00:00:00+00:00<p>Multiple SIMATIC Software products are affected by two vulnerabilities that could allow an attacker to manipulate project files that may lead to Remote Code Execution or Denial-of-Service attacks.</p>
<p>Siemens has released updates to some of the affected products and recommends that customers update to the latest version. Siemens is preparing further updates and recommends specific workarounds and mitigations until patches are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-817401.pdfSSA-817401 (Last Update: 2020-06-09): Missing Authentication Vulnerability in SIEMENS LOGO!2020-06-09T00:00:00+00:00<p>A missing authentication vulnerability has been identified in SIEMENS LOGO!8 BM devices. The vulnerability could lead to an attacker reading and modifying the device configuration and obtain project files from the devices if the attacker has access to port 135/tcp.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdfSSA-927095 (Last Update: 2020-06-09): UltraVNC Vulnerabilities in SINUMERIK Products2020-06-09T00:00:00+00:00<p>UltraVNC (V1.2.2.3 and below) vulnerabilities in the affected products could allow remote code execution, information disclosure and Denial-of-Service attacks under certain conditions.</p>
<p>Siemens has released updates for the affected products and recommends that customers update to the latest versions.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-352504.pdfSSA-352504 (Last Update: 2020-06-09): Urgent/11 TCP/IP Stack Vulnerabilities in Siemens Power Meters2020-06-09T00:00:00+00:00<p>Siemens low & high voltage power meters are affected by multiple security vulnerabilities due to the underlying Wind River VxWorks network stack. This stack is affected by eleven vulnerabilities known as the "URGENT/11".</p>
<p>The vulnerability could allow an attacker to execute a variety of exploits for the purpose of Denial-of-Service (DoS), data extraction, RCE, etc. targeting both availability and confidentiality of the devices and data.</p>
<p>Siemens is working on updates for the affected products, and recommends countermeasures until fixes are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdfSSA-462066 (Last Update: 2020-06-09): Vulnerability known as TCP SACK PANIC in Industrial Products2020-06-09T00:00:00+00:00<p>Multiple industrial products are affected by a vulnerability in the kernel known as TCP SACK PANIC. The vulnerability could allow a remote attacker to cause a denial of service condition.</p>
<p>Siemens has released updates for several affected products, and recommends that customers update to the latest version. Siemens is preparing further updates and recommends specific countermeasures until updates are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-480230.pdfSSA-480230 (Last Update: 2020-06-09): Denial-of-Service in Webserver of Industrial Products2020-06-09T00:00:00+00:00<p>A vulnerability in the affected devices could allow an unauthorized attacker with network access to the webserver of an affected device to perform a denial-of-service attack.</p>
<p>Siemens has released updates for several affected products, and recommends that customers update to the new version. Siemens is preparing further updates and recommends specific countermeasures until patches are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-352504.pdfSSA-352504 (Last Update: 2020-05-12): Urgent/11 TCP/IP Stack Vulnerabilities in Siemens Power Meters2020-05-12T00:00:00+00:00<p>Siemens low & high voltage power meters are affected by multiple security vulnerabilities due to the underlying Wind River VxWorks network stack. This stack is affected by eleven vulnerabilities known as the "URGENT/11".</p>
<p>The vulnerability could allow an attacker to execute a variety of exploits for the purpose of Denial-of-Service (DoS), data extraction, RCE, etc. targeting both availability and confidentiality of the devices and data.</p>
<p>Siemens is working on updates for the affected products, and recommends countermeasures until fixes are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-270778.pdfSSA-270778 (Last Update: 2020-05-12): Denial-of-Service Vulnerability in SIMATIC PCS 7, SIMATIC WinCC and SIMATIC NET PC Software2020-05-12T00:00:00+00:00<p>A Denial-of-Service vulnerability was found in SIMATIC PCS 7, SIMATIC WinCC and SIMATIC NET PC software when encrypted communication is enabled. The vulnerability could allow an attacker with network access to cause a Denial-of-Service condition under certain circumstances (versions prior to SIMATIC WinCC V7.3 or SIMATIC PCS 7 V8.1 are not affected as encrypted communication is not an option).</p>
<p>Siemens has released updates for several affected products and recommends that customers update to the latest version(s). Siemens is preparing further updates and recommends specific countermeasures until patches are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-377115.pdfSSA-377115 (Last Update: 2020-05-12): SegmentSmack in Linux IP-Stack based Industrial Devices2020-05-12T00:00:00+00:00<p>The latest updates for the affected products fix a vulnerability that could allow remote attackers to affect the availability of the devices under certain conditions.</p>
<p>The underlying TCP stack can be forced to make very computation expensive calls for every incoming packet which can lead to a Denial-of-Service.</p>
<p>Siemens has released updates for some products, and is working on updates for the remaining affected products.</p>
https://cert-portal.siemens.com/productcert/pdf/ssb-439005.pdfSSB-439005 (Last Update: 2020-05-12): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP2020-05-12T00:00:00+00:00https://cert-portal.siemens.com/productcert/pdf/ssa-530931.pdfSSA-530931 (Last Update: 2020-05-12): Denial-of-Service in Webserver of Industrial Products2020-05-12T00:00:00+00:00<p>A vulnerability in the affected products could allow an unauthorized attacker with network access to the webserver of an affected device to perform a denial-of-service attack.</p>
<p>Siemens has released updates for several affected products, and recommends that customers update to the new version. Siemens is preparing further updates and recommends specific countermeasures until patches are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-593272.pdfSSA-593272 (Last Update: 2020-05-12): SegmentSmack in Interniche IP-Stack based Industrial Devices2020-05-12T00:00:00+00:00<p>A vulnerability exists in affected products that could allow remote attackers to affect the availability of the devices under certain conditions.</p>
<p>The underlying TCP stack can be forced to make very computation expensive calls for every incoming packet which can lead to a Denial-of-Service.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-102233.pdfSSA-102233 (Last Update: 2020-04-14): SegmentSmack in VxWorks-based Industrial Devices2020-04-14T00:00:00+00:00<p>The latest updates for the affected products fix a vulnerability that could allow remote attackers to affect the availability of the devices under certain conditions. The underlying TCP stack can be forced to make very computation expensive calls for every incoming packet which can lead to a Denial-of-Service. Siemens is working on software updates for affected products.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-162506.pdfSSA-162506 (Last Update: 2020-04-14): DHCP Client Vulnerability in SIMOTICS CONNECT 400, Desigo PXC/PXM, APOGEE MEC/MBC/PXC, APOGEE PXC Series, and TALON TC Series2020-04-14T00:00:00+00:00<p>SIMOTICS CONNECT 400, Desigo (Power PC-based), APOGEE MEC/MBC/PXC and TALON TC products are affected by a DHCP Client vulnerability as initially reported in <a href="https://cert-portal.siemens.com/productcert/pdf/ssa-434032.pdf">SSA-434032</a> for the Mentor Nucleus Networking Module. Siemens has released updates for some products and is working on further updates. For the remaining affected products, Siemens recommends specific countermeasures until fixes are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-359303.pdfSSA-359303 (Last Update: 2020-04-14): Debug Port in TIM 3V-IE and 4R-IE Family Devices2020-04-14T00:00:00+00:00<p>The latest update for TIM 3V-IE family devices and TIM 4R-IE family devices fixes a vulnerability that could allow an unauthenticated attacker with network access to port 17185/udp to gain full control over the device. The devices are only vulnerable if the IP address is configured to 192.168.1.2. Siemens has released updates for the affected products and recommends that customers update to the new version.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-377115.pdfSSA-377115 (Last Update: 2020-04-14): SegmentSmack in Linux IP-Stack based Industrial Devices2020-04-14T00:00:00+00:00<p>The latest updates for the affected products fix a vulnerability that could allow remote attackers to affect the availability of the devices under certain conditions. The underlying TCP stack can be forced to make very computation expensive calls for every incoming packet which can lead to a Denial-of-Service. Siemens has released updates for some products, and is working on updates for the remaining affected products.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-593272.pdfSSA-593272 (Last Update: 2020-04-14): SegmentSmack in Interniche IP-Stack based Industrial Devices2020-04-14T00:00:00+00:00<p>A vulnerability exists in affected products that could allow remote attackers to affect the availability of the devices under certain conditions. The underlying TCP stack can be forced to make very computation expensive calls for every incoming packet which can lead to a Denial-of-Service.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-270778.pdfSSA-270778 (Last Update: 2020-04-14): Denial-of-Service Vulnerability in SIMATIC PCS 7, SIMATIC WinCC and SIMATIC NET PC Software2020-04-14T00:00:00+00:00<p>A Denial-of-Service vulnerability was found in SIMATIC PCS 7, SIMATIC WinCC and SIMATIC NET PC software when encrypted communication is enabled. The vulnerability could allow an attacker with network access to cause a Denial-of-Service condition under certain circumstances (versions prior to SIMATIC WinCC V7.3 or SIMATIC PCS 7 V8.1 are not affected as encrypted communication is not an option). Siemens has released updates for several affected products, and recommends that customers update to the latest version. Siemens is preparing further updates and recommends specific countermeasures until patches are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-398519.pdfSSA-398519 (Last Update: 2020-04-14): Vulnerabilities in Intel CPUs (November 2019)2020-04-14T00:00:00+00:00<p>Intel has published information on vulnerabilities in Intel products in <a href="https://blogs.intel.com/technology/2019/11/ipas-november-2019-intel-platform-update-ipu/#gs.jdy72s">November 2019</a>. In this advisory Siemens only explicitly mentions the vulnerabilities from the "Intel® CPU Security Advisory" and one vulnerability from "Intel® CSME, Intel® SPS, Intel® TXE, Intel® AMT, Intel® PTT and Intel® DAL Advisory" and lists the Siemens IPC related products that are affected by these vulnerabilities. For further information about BIOS updates related to Intel CPU vulnerabilities see: <a href="https://support.industry.siemens.com/cs/ww/en/view/109747626" class="uri">https://support.industry.siemens.com/cs/ww/en/view/109747626</a>. Several Siemens Industrial Products contain processors that are affected by the vulnerabilities. Siemens has released updates for several affected products and is currently working on BIOS updates that include chipset microcode updates for further products.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-431678.pdfSSA-431678 (Last Update: 2020-04-14): Denial-of-Service Vulnerability in SIMATIC S7 CPU Families2020-04-14T00:00:00+00:00<p>SIMATIC S7 CPU families are affected by a vulnerability that could allow remote attackers to perform a Denial-of-Service attack by sending a specially crafted HTTP request to the web server of an affected device. Siemens has released updates for several affected products, is working on updates for the remaining affected products and recommends specific countermeasures until fixes are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdfSSA-462066 (Last Update: 2020-04-14): Vulnerability known as TCP SACK PANIC in Industrial Products2020-04-14T00:00:00+00:00<p>Multiple industrial products are affected by a vulnerability in the kernel known as TCP SACK PANIC. The vulnerability could allow a remote attacker to cause a denial of service condition. Siemens has released updates for several affected products, and recommends that customers update to the latest version. Siemens is preparing further updates and recommends specific countermeasures until updates are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-473245.pdfSSA-473245 (Last Update: 2020-04-14): Denial-of-Service Vulnerability in Profinet Devices2020-04-14T00:00:00+00:00<p>A vulnerability in affected devices could allow an attacker to perform a denial-of-service attack if a large amount of specially crafted UDP packets are sent to the device. Siemens has released updates for several affected products, and recommends that customers update to the new version. Siemens is preparing further updates and recommends specific countermeasures until patches are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-629512.pdfSSA-629512 (Last Update: 2020-04-14): Local Privilege Escalation Vulnerability in TIA Portal2020-04-14T00:00:00+00:00<p>The latest updates for TIA Portal fix a vulnerability that could allow a local attacker to execute arbitrary code with SYSTEM privileges. Siemens has released updates for TIA Portal V15 and V16, and is working on updates for TIA Portal V14. Siemens recommends specific countermeasures as there are currently no fixes available for the latter.</p>
https://cert-portal.siemens.com/productcert/pdf/ssb-382508.pdfSSB-382508 (Last Update: 2020-04-14): ActiveX used in Industrial Products2020-04-14T00:00:00+00:00https://cert-portal.siemens.com/productcert/pdf/ssb-439005.pdfSSB-439005 (Last Update: 2020-04-14): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP2020-04-14T00:00:00+00:00https://cert-portal.siemens.com/productcert/pdf/ssa-589272.pdfSSA-589272 (Last Update: 2020-04-13): Security vulnerability in SIMATIC S7-400 V6 PN CPUs2020-04-13T00:00:00+00:00<p>When receiving specially crafted ICMP network packets, SIMATIC S7-400 V6 PN CPU products may go into defect mode. This could allow attackers to perform a Denial-of-Service attack on the CPUs.</p>
<p>Siemens has released updates for the affected products.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-617264.pdfSSA-617264 (Last Update: 2020-04-13): Multiple Security Vulnerabilities in SIMATIC S7-400 V5 PN CPUs2020-04-13T00:00:00+00:00<p>When receiving malformed network data, SIMATIC S7-400 V5 PN CPUs may go into defect mode. This would allow attackers to perform a Denial-of-Service attack on the CPUs.</p>
<p>Siemens will not publish a fix for this vulnerability as this product version is discontinued since October 2011 [1]. Version V6 is not affected by these specific problems. [1] <a href="https://support.industry.siemens.com/cs/ww/en/view/50252551" class="uri">https://support.industry.siemens.com/cs/ww/en/view/50252551</a></p>
https://cert-portal.siemens.com/productcert/pdf/ssa-780073.pdfSSA-780073 (Last Update: 2020-03-12): Denial-of-Service Vulnerability in PROFINET Devices via DCE-RPC Packets2020-03-12T00:00:00+00:00<p>Products that include the Siemens PROFINET-IO (PNIO) stack in versions prior V06.00 are potentially affected by a denial-of-service vulnerability when multiple legitimate diagnostic package requests are sent to the DCE-RPC interface.</p>
<p>Siemens has released updates for several affected products, and recommends that customers update to the new version. Siemens is preparing further updates and recommends specific countermeasures until patches are available.</p>
<p>Additionally, Siemens recommends other vendors of PROFINET devices to check if their products have incorporated a vulnerable version of the Siemens PNIO stack as part of the Siemens Development/Evaluation Kits.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-232418.pdfSSA-232418 (Last Update: 2020-03-12): Vulnerabilities in SIMATIC S7-1200 and SIMATIC S7-1500 CPU families2020-03-12T00:00:00+00:00<p>Two vulnerabilities have been identified in the SIMATIC S7-1200 and S7-1500 CPU families. One vulnerability could allow an attacker with network access to affected devices to modify the user program stored on these devices such that the source code differs from the actual running code. The other vulnerability could allow an attacker in a Man-in-the-Middle position to modify network traffic exchanged on port 102/tcp.</p>
<p>Siemens has released updates for several affected products, and recommends that customers update to the new version. Siemens is preparing further updates and recommends specific countermeasures until patches are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-508982.pdfSSA-508982 (Last Update: 2020-03-10): Denial-of-Service Vulnerability in SIMATIC S7-300 CPUs and SINUMERIK Controller over Profinet2020-03-10T00:00:00+00:00<p>The latest firmware update for the S7-300 CPUs fixes a vulnerability that could allow an unauthenticated attacker with network access to cause a denial-of-service condition. SINUMERIK 840D sl Controller, which contains a S7-300 CPU, is also affected.</p>
<p>Siemens is preparing further updates and recommends specific countermeasures until patches are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-270778.pdfSSA-270778 (Last Update: 2020-03-10): Denial-of-Service Vulnerability in SIMATIC PCS 7, SIMATIC WinCC and SIMATIC NET PC Software2020-03-10T00:00:00+00:00<p>A Denial-of-Service vulnerability was found in SIMATIC PCS 7, SIMATIC WinCC and SIMATIC NET PC software when encrypted communication is enabled. The vulnerability could allow an attacker with network access to cause a Denial-of-Service condition under certain circumstances (versions prior to SIMATIC WinCC V7.3 or SIMATIC PCS 7 V8.1 are not affected as encrypted communication is not an option).</p>
<p>Siemens has released updates for several affected products, and recommends that customers update to the latest version. Siemens is preparing further updates and recommends specific countermeasures until patches are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-398519.pdfSSA-398519 (Last Update: 2020-03-10): Vulnerabilities in Intel CPUs (November 2019)2020-03-10T00:00:00+00:00<p>Intel has published information on vulnerabilities in Intel products in <a href="https://blogs.intel.com/technology/2019/11/ipas-november-2019-intel-platform-update-ipu/#gs.jdy72s">November 2019</a>. In this advisory Siemens only explicitly mentions the vulnerabilities from the "Intel® CPU Security Advisory" and one vulnerability from "Intel® CSME, Intel® SPS, Intel® TXE, Intel® AMT, Intel® PTT and Intel® DAL Advisory" and lists the Siemens IPC related products that are affected by these vulnerabilities. For further information about BIOS updates related to Intel CPU vulnerabilities see: <a href="https://support.industry.siemens.com/cs/ww/en/view/109747626" class="uri">https://support.industry.siemens.com/cs/ww/en/view/109747626</a>.</p>
<p>Several Siemens Industrial Products contain processors that are affected by the vulnerabilities. Siemens has released updates for several affected products and is currently working on BIOS updates that include chipset microcode updates for further products.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-431678.pdfSSA-431678 (Last Update: 2020-03-10): Denial-of-Service Vulnerability in SIMATIC S7 CPU Families2020-03-10T00:00:00+00:00<p>S7-300/S7-400 and S7-1200 CPU families are affected by a vulnerability that could allow remote attackers to perform a Denial-of-Service attack by sending a specially crafted HTTP request to the web server of an affected device.</p>
<p>Siemens has released updates for several affected products, is working on updates for the remaining affected products and recommends specific countermeasures until fixes are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdfSSA-451445 (Last Update: 2020-03-10): Multiple Vulnerabilities in SPPA-T30002020-03-10T00:00:00+00:00<p>SPPA-T3000 Application Server and MS3000 Migration Server are affected by multiple vulnerabilities. Some of the vulnerabilities can allow an attacker to execute arbitrary code on the server. Exploitation of the vulnerabilities described in this advisory requires access to either Application- or Automation Highway. Both highways should not be exposed if the environment has been set up according to the recommended system configuration in the Siemens SPPA-T3000 security manual.</p>
<p>In this case Siemens considers the environmental score as CR:L/IR:L/AR:H/MAV:A for vulnerabilities related to the Application Server and CR:L/IR:L/AR:M/MAV:A for vulnerabilities related to the Migration Server.</p>
<p>Siemens provides a service pack to fix vulnerabilities on the Application Server and recommends configurations to mitigate the vulnerabilities in the Migration Server. Detailed information will be available for SPPA-T3000 customers in the Siemens Energy Customer Portal.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-750824.pdfSSA-750824 (Last Update: 2020-03-10): Denial-of-Service Vulnerability in Profinet Devices2020-03-10T00:00:00+00:00<p>SIMATIC S7-1500 CPU family devices are affected by a vulnerability that could allow an attacker to perform a Denial-of-Service attack if specially crafted UDP packets are sent to the device.</p>
<p>Siemens has released updates for the affected products and recommends that customers update to these new versions.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-780073.pdfSSA-780073 (Last Update: 2020-03-10): Denial-of-Service Vulnerability in PROFINET Devices via DCE-RPC Packets2020-03-10T00:00:00+00:00<p>Products that include the Siemens PROFINET-IO (PNIO) stack in versions prior V06.00 are potentially affected by a denial-of-service vulnerability when multiple legitimate diagnostic package requests are sent to the DCE-RPC interface.</p>
<p>Siemens has released updates for several affected products, and recommends that customers update to the new version. Siemens is preparing further updates and recommends specific countermeasures until patches are available.</p>
<p>Additionally, Siemens recommends other vendors of PROFINET devices to check if their products have incorporated a vulnerable version of the Siemens PNIO stack as part of the Siemens Development/Evaluation Kits.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-232418.pdfSSA-232418 (Last Update: 2020-03-10): Vulnerabilities in SIMATIC S7-1200 and SIMATIC S7-1500 CPU families2020-03-10T00:00:00+00:00<p>Two vulnerabilities have been identified in the SIMATIC S7-1200 and S7-1500 CPU families. One vulnerability could allow an attacker with network access to affected devices to modify the user program stored on these devices such that the source code differs from the actual running code. The other vulnerability could allow an attacker in a Man-in-the-Middle position to modify network traffic exchanged on port 102/tcp.</p>
<p>Siemens has released updates for several affected products, and recommends that customers update to the new version. Siemens is preparing further updates and recommends specific countermeasures until patches are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-273799.pdfSSA-273799 (Last Update: 2020-03-10): Vulnerability in SIMATIC products2020-03-10T00:00:00+00:00<p>A vulnerability has been identified in several SIMATIC products. The vulnerability could allow an attacker in a Man-in-the-Middle position to modify network traffic exchanged on port 102/tcp to PLCs of the SIMATIC S7-1200, SIMATIC S7-1500 and SIMATIC SoftwareController CPU families.</p>
<p>Siemens has released updates for several affected products, and recommends that customers update to the new version. Siemens is preparing further updates and recommends specific countermeasures until patches are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-349422.pdfSSA-349422 (Last Update: 2020-03-10): Denial-of-Service in Industrial Real-Time (IRT) Devices2020-03-10T00:00:00+00:00<p>A vulnerability in the affected products could allow an unauthorized attacker with network access to perform a denial-of-service attack resulting in loss of real-time synchronization.</p>
<p>Siemens has released updates for several affected products, and recommends that customers update to the new version. Siemens is preparing further updates and recommends specific countermeasures until updates are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-473245.pdfSSA-473245 (Last Update: 2020-03-10): Denial-of-Service Vulnerability in Profinet Devices2020-03-10T00:00:00+00:00<p>A vulnerability in affected devices could allow an attacker to perform a denial-of-service attack if a large amount of specially crafted UDP packets are sent to the device.</p>
<p>Siemens has released updates for several affected products, and recommends that customers update to the new version. Siemens is preparing further updates and recommends specific countermeasures until patches are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdfSSA-462066 (Last Update: 2020-03-10): Vulnerability known as TCP SACK PANIC in Industrial Products2020-03-10T00:00:00+00:00<p>Multiple industrial products are affected by a vulnerability in the kernel known as TCP SACK PANIC. The vulnerability could allow a remote attacker to cause a denial of service condition.</p>
<p>Siemens has released updates for several affected products, and recommends that customers update to the new version. Siemens is preparing further updates and recommends specific countermeasures until updates are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-307392.pdfSSA-307392 (Last Update: 2020-03-10): Denial-of-Service in OPC UA in Industrial Products2020-03-10T00:00:00+00:00<p>A vulnerability has been identified in the OPC UA server of several industrial products. The vulnerability could cause a Denial-of-Service condition on the service or the device.</p>
<p>Siemens has released updates for several affected products, and recommends that customers update to the new version. Siemens is preparing further updates and recommends specific countermeasures until patches are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-480230.pdfSSA-480230 (Last Update: 2020-03-10): Denial-of-Service in Webserver of Industrial Products2020-03-10T00:00:00+00:00<p>A vulnerability in the affected devices could allow an unauthorized attacker with network access to the webserver of an affected device to perform a denial-of-service attack.</p>
<p>Siemens has released updates for several affected products, and recommends that customers update to the new version. Siemens is preparing further updates and recommends specific countermeasures until patches are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-616472.pdfSSA-616472 (Last Update: 2020-03-10): ZombieLoad and Microarchitectural Data Sampling Vulnerabilities in Industrial Products2020-03-10T00:00:00+00:00<p>Security researchers published information on vulnerabilities known as ZombieLoad and Microarchitectural Data Sampling (MDS). These vulnerabilities affect many modern processors from different vendors to a varying degree.</p>
<p>Several Siemens Industrial Products contain processors that are affected by the vulnerabilities.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-731239.pdfSSA-731239 (Last Update: 2020-03-10): Vulnerabilities in SIMATIC S7-300 and S7-400 CPUs2020-03-10T00:00:00+00:00<p>Two vulnerabilities have been identified in SIMATIC S7-300 and S7-400 CPU families. One vulnerability could lead to a Denial-of-Service, the other vulnerability could result in credential disclosure.</p>
<p>Siemens recommends specific mitigations. Siemens will update this advisory when new information becomes available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-270778.pdfSSA-270778 (Last Update: 2020-02-11): Denial-of-Service Vulnerability in SIMATIC PCS 7, SIMATIC WinCC and SIMATIC NET PC Software2020-02-11T00:00:00+00:00<p>A Denial-of-Service vulnerability was found in SIMATIC PCS 7, SIMATIC WinCC and SIMATIC NET PC software when encrypted communication is enabled. The vulnerability could allow an attacker with network access to cause a Denial-of-Service condition under certain circumstances (versions prior to SIMATIC WinCC V7.3 or SIMATIC PCS 7 V8.1 are not affected as encrypted communication is not an option).</p>
<p>Siemens has released updates for several affected products, and recommends that customers update to the latest version. Siemens is preparing further updates and recommends specific countermeasures until patches are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-273799.pdfSSA-273799 (Last Update: 2020-02-11): Vulnerability in SIMATIC products2020-02-11T00:00:00+00:00<p>A vulnerability has been identified in several SIMATIC products. The vulnerability could allow an attacker in a Man-in-the-Middle position to modify network traffic exchanged on port 102/tcp to PLCs of the SIMATIC S7-1200, SIMATIC S7-1500 and SIMATIC SoftwareController CPU families.</p>
<p>Siemens has released updates for several affected products, and recommends that customers update to the new version. Siemens is preparing further updates and recommends specific countermeasures until patches are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-307392.pdfSSA-307392 (Last Update: 2020-02-11): Denial-of-Service in OPC UA in Industrial Products2020-02-11T00:00:00+00:00<p>A vulnerability has been identified in the OPC UA server of several industrial products. The vulnerability could cause a Denial-of-Service condition on the service or the device.</p>
<p>Siemens has released updates for several affected products, and recommends that customers update to the new version. Siemens is preparing further updates and recommends specific countermeasures until patches are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-349422.pdfSSA-349422 (Last Update: 2020-02-11): Denial-of-Service in Industrial Real-Time (IRT) Devices2020-02-11T00:00:00+00:00<p>A vulnerability in the affected products could allow an unauthorized attacker with network access to perform a denial-of-service attack resulting in loss of real-time synchronization.</p>
<p>Siemens has released updates for several affected products, and recommends that customers update to the new version. Siemens is preparing further updates and recommends specific countermeasures until updates are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-398519.pdfSSA-398519 (Last Update: 2020-02-11): Vulnerabilities in Intel CPUs (November 2019)2020-02-11T00:00:00+00:00<p>Intel has published information on vulnerabilities in Intel products in <a href="https://blogs.intel.com/technology/2019/11/ipas-november-2019-intel-platform-update-ipu/#gs.jdy72s">November 2019</a>. In this advisory Siemens only explicitly mentions the vulnerabilities from the "Intel® CPU Security Advisory" and one vulnerability from "Intel® CSME, Intel® SPS, Intel® TXE, Intel® AMT, Intel® PTT and Intel® DAL Advisory" and lists the Siemens IPC related products that are affected by these vulnerabilites. For further information about BIOS updates related to Intel CPU vulnerabilites see: <a href="https://support.industry.siemens.com/cs/ww/en/view/109747626" class="uri">https://support.industry.siemens.com/cs/ww/en/view/109747626</a>.</p>
<p>Several Siemens Industrial Products contain processors that are affected by the vulnerabilities and is currently working on BIOS updates that include chipset microcode updates.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-431678.pdfSSA-431678 (Last Update: 2020-02-11): Denial-of-Service Vulnerability in SIMATIC S7 CPU Families2020-02-11T00:00:00+00:00<p>S7-300/S7-400 and S7-1200 CPU families are affected by a vulnerability that could allow remote attackers to perform a Denial-of-Service attack by sending a specially crafted HTTP request to the web server of an affected device.</p>
<p>Siemens has released updates for several affected products, is working on updates for the remaining affected products and recommends specific countermeasures until fixes are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdfSSA-462066 (Last Update: 2020-02-11): Vulnerability known as TCP SACK PANIC in Industrial Products2020-02-11T00:00:00+00:00<p>Multiple industrial products are affected by a vulnerability in the kernel known as TCP SACK PANIC. The vulnerability could allow a remote attacker to cause a denial of service condition.</p>
<p>Siemens has released updates for several affected products, and recommends that customers update to the new version. Siemens is preparing further updates and recommends specific countermeasures until updates are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-473245.pdfSSA-473245 (Last Update: 2020-02-11): Denial-of-Service Vulnerability in Profinet Devices2020-02-11T00:00:00+00:00<p>A vulnerability in affected devices could allow an attacker to perform a denial-of-service attack if a large amount of specially crafted UDP packets are sent to the device.</p>
<p>Siemens has released updates for several affected products, and recommends that customers update to the new version. Siemens is preparing further updates and recommends specific countermeasures until patches are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-480230.pdfSSA-480230 (Last Update: 2020-02-11): Denial-of-Service in Webserver of Industrial Products2020-02-11T00:00:00+00:00<p>A vulnerability in the affected devices could allow an unauthorized attacker with network access to the webserver of an affected device to perform a denial-of-service attack.</p>
<p>Siemens has released updates for several affected products, and recommends that customers update to the new version. Siemens is preparing further updates and recommends specific countermeasures until patches are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-591405.pdfSSA-591405 (Last Update: 2020-02-11): Web Vulnerabilities in SCALANCE S-600 family2020-02-11T00:00:00+00:00<p>The firmware for SCALANCE S-600 family devices contains multiple web vulnerabilities. The vulnerabilities could allow an remote attacker to conduct Denial-of-Service attacks or perform Cross-Site Scripting attacks.</p>
<p>Siemens recommends to migrate to SCALANCE SC-600 Industrial Security Appliances.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-616472.pdfSSA-616472 (Last Update: 2020-02-11): ZombieLoad and Microarchitectural Data Sampling Vulnerabilities in Industrial Products2020-02-11T00:00:00+00:00<p>Security researchers published information on vulnerabilities known as ZombieLoad and Microarchitectural Data Sampling (MDS). These vulnerabilities affect many modern processors from different vendors to a varying degree.</p>
<p>Several Siemens Industrial Products contain processors that are affected by the vulnerabilities.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-750824.pdfSSA-750824 (Last Update: 2020-02-11): Denial-of-Service Vulnerability in Profinet Devices2020-02-11T00:00:00+00:00<p>SIMATIC S7-1500 CPU family devices are affected by a vulnerability that could allow an attacker to perform a Denial-of-Service attack if specially crafted UDP packets are sent to the device.</p>
<p>Siemens has released updates for several affected products, is working on updates for the remaining affected products and recommends specific countermeasures until fixes are available</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-780073.pdfSSA-780073 (Last Update: 2020-02-11): Denial-of-Service Vulnerability in PROFINET Devices via DCE-RPC Packets2020-02-11T00:00:00+00:00<p>Products that include the Siemens PROFINET-IO (PNIO) stack in versions prior V06.00 are potentially affected by a denial-of-service vulnerability when multiple legitimate diagnostic package requests are sent to the DCE-RPC interface.</p>
<p>Siemens has released updates for several affected products, and recommends that customers update to the new version. Siemens is preparing further updates and recommends specific countermeasures until patches are available.</p>
<p>Additionally, Siemens recommends other vendors of PROFINET devices to check if their products have incorporated a vulnerable version of the Siemens PNIO stack as part of the Siemens Development/Evaluation Kits.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-940889.pdfSSA-940889 (Last Update: 2020-02-11): Vulnerabilities in the embedded FTP server of SIMATIC CP 1543-12020-02-11T00:00:00+00:00<p>The latest update for SIMATIC CP 1543-1 contains two fixes for vulnerabilities within its embedded ProFTPD FTP server. The more severe of these vulnerabilities could allow for remote code execution and information disclosure without authentication.</p>
<p>Siemens has released updates for SIMATIC CP 1543-1 modules.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-951513.pdfSSA-951513 (Last Update: 2020-02-11): Clickjacking Vulnerability in SCALANCE X-300, X-200IRT, and X-200 Switch Families2020-02-11T00:00:00+00:00<p>Several SCALANCE X switches contain a vulnerability that could allow an attacker to perform administrative actions if the victim is tricked into clicking on a website controlled by the attacker. The attack only works if the victim has an authenticated session on the administrative interface of the switch.</p>
<p>Siemens has released updates (see below), which are recommended to be applied when possible. Additionally, specific countermeasures can also be found in this document.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-978220.pdfSSA-978220 (Last Update: 2020-02-11): Denial-of-Service Vulnerability over SNMP in Multiple Industrial Products2020-02-11T00:00:00+00:00<p>Several industrial products are affected by a vulnerability that could allow remote attackers to conduct a Denial-of-Service (DoS) attack by sending specially crafted packets to port 161/udp (SNMP).</p>
<p>Siemens has released updates for several affected products, and recommends that customers update to the new version. Siemens is preparing further updates and recommends specific countermeasures until patches are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssb-439005.pdfSSB-439005 (Last Update: 2020-02-11): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP2020-02-11T00:00:00+00:00https://cert-portal.siemens.com/productcert/pdf/ssa-087240.pdfSSA-087240 (Last Update: 2020-02-10): Vulnerabilities in SIEMENS LOGO!2020-02-10T00:00:00+00:00<p>Two vulnerabilities have been identified in SIEMENS LOGO!8 BM devices. The most severe vulnerability could allow an attacker to hijack existing web sessions.</p>
<p>Siemens provides LOGO!8 BM FS-05 with firmware version V1.81.2, which fixes the first vulnerability, and recommends specific mitigations for the second vulnerability.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-100232.pdfSSA-100232 (Last Update: 2020-02-10): Denial-of-Service vulnerability in SCALANCE X switches2020-02-10T00:00:00+00:00<p>A vulnerability in the affected devices could allow an unauthenticated attacker with network access to an affected device to perform a denial-of-service.</p>
<p>Siemens is preparing updates and recommends specific countermeasures until patches are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-110922.pdfSSA-110922 (Last Update: 2020-02-10): Web Vulnerability in TIM 1531 IRC2020-02-10T00:00:00+00:00<p>The latest update for TIM 1531 IRC fixes a security vulnerability that could allow unauthorized remote attackers to perform administrative operations on the device.</p>
<p>Siemens recommends updating as soon as possible.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-113131.pdfSSA-113131 (Last Update: 2020-02-10): Denial-of-Service Vulnerabilities in SIMATIC S7-400 CPUs2020-02-10T00:00:00+00:00<p>Two vulnerabilities have been identified in the SIMATIC S7-400 CPU family that could allow an attacker to cause a Denial-of-Service condition. In order to exploit the vulnerability, an attacker must have access to the affected devices on port 102/tcp via Ethernet, PROFIBUS or Multi Point Interfaces (MPI).</p>
<p>Siemens provides updates to address the vulnerability, and recommends specific mitigations.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-130874.pdfSSA-130874 (Last Update: 2020-02-10): Multiple Security Vulnerabilities in SCALANCE X Switches2020-02-10T00:00:00+00:00<p>A denial of service vulnerability was found in several Siemens Scalance X switches. Siemens addresses the vulnerability by two firmware upgrades.</p>
<p>The web server of the vulnerable switches is susceptible to a remote denial of service attack. If the attack is executed, it causes a reboot of the device and no data can be transferred over the device.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-134003.pdfSSA-134003 (Last Update: 2020-02-10): Web Vulnerability in SIMATIC S7-1200 Family2020-02-10T00:00:00+00:00<p>The latest firmware update for SIMATIC S7-1200 CPUs fixes a vulnerability that could allow an attacker to perform a CSRF (Cross-Site Request Forgery) attack under certain conditions.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-141614.pdfSSA-141614 (Last Update: 2020-02-10): Denial-of-Service in SIMOCODE pro V EIP2020-02-10T00:00:00+00:00<p>SIMOCODE pro V EIP is affected by a vulnerability that could allow remote attackers to conduct a Denial-of-Service (DoS) attack by sending specially crafted packets to port 161/udp (SNMP).</p>
<p>Siemens has released an update for SIMOCODE pro V EIP and recommends that customers update to the new version.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-168644.pdfSSA-168644 (Last Update: 2020-02-10): Spectre and Meltdown Vulnerabilities in Industrial Products2020-02-10T00:00:00+00:00<p>Security researchers published information on vulnerabilities known as Spectre and Meltdown. These vulnerabilities affect many modern processors from different vendors to a varying degree.</p>
<p>Several Industrial Products include affected processors and are affected by the vulnerabilities.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-176087.pdfSSA-176087 (Last Update: 2020-02-10): Unauthenticated Access to Critical Services in SCALANCE X-200 Switch Family2020-02-10T00:00:00+00:00<p>A potential vulnerability was discovered in the web server authentication of SCALANCE X-200 and X-200IRT switches that might allow attackers to perform administrative operations over the network without authentication. This issue only applies to switches using older firmware versions and has been fixed from firmware V4.5.0 (non-IRT) and V5.1.0 (IRT) on.</p>
<p>Siemens recommends upgrading to the current firmware versions V5.0.1 (non-IRT) and V5.1.2 (IRT).</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-179516.pdfSSA-179516 (Last Update: 2020-02-10): OpenSSL Vulnerability in Industrial Products2020-02-10T00:00:00+00:00<p>A vulnerability in OpenSSL affects several Siemens industrial products. Siemens has released updates for some affected products and is working on updates for others.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-180635.pdfSSA-180635 (Last Update: 2020-02-10): Denial-of-Service Vulnerabilities in SIMATIC S7-1500 CPU Family2020-02-10T00:00:00+00:00<p>Older versions of the S7-1500 CPU are affected by two Denial-of-Service vulnerabilities. Siemens has released updates for the currently supported hardware versions.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-233109.pdfSSA-233109 (Last Update: 2020-02-10): Web Vulnerabilities in SIMATIC Panels2020-02-10T00:00:00+00:00<p>The latest update for SIMATIC Panel software and SIMATIC WinCC (TIA Portal) fixes two web vulnerabilities. The most severe is a vulnerability which could allow an attacker with network access to the integrated webserver to download arbitrary files.</p>
<p>Siemens recommends to update to the newest version.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-234763.pdfSSA-234763 (Last Update: 2020-02-10): OpenSSL Vulnerabilities in Siemens Industrial Products2020-02-10T00:00:00+00:00<p>Vulnerabilities in OpenSSL (see <a href="https://www.openssl.org/news/secadv_20140605.txt" class="uri">https://www.openssl.org/news/secadv_20140605.txt</a>) affect several Siemens industrial products. Siemens has released updates for all affected products.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-240718.pdfSSA-240718 (Last Update: 2020-02-10): Insecure storage of HTTPS CA certificate in SIMATIC S7-1200 V2.x2020-02-10T00:00:00+00:00<p>For the convenience of the customer, a Certificate Authority (CA) for HTTPS connections is installed on the Siemens SIMATIC S7-1200 PLC. The user has the option to trust this CA which if selected installs the certificate into the browser’s certificate store. Once the user completes this step, the browser will trust any other S7-1200 V2.x PLC on the network.</p>
<p>A researcher has demonstrated the ability to obtain the private key of the S7-1200 CA ("SIMATIC CONTROLLER"). With this private key, an attacker is able to create his own certificate. Using this forged certificate, it is possible to spoof any SSL server certificate and conduct man-in-the-middle attacks on a user’s browser that is currently trusting this CA.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-253230.pdfSSA-253230 (Last Update: 2020-02-10): Vulnerabilities in SIMATIC S7-1500 CPU family2020-02-10T00:00:00+00:00<p>Siemens has released a firmware update for the SIMATIC S7-1500 CPU family which fixes two vulnerabilities. The more severe of these vulnerabilities could allow attackers to cause a Denial-of-Service under certain conditions.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-254686.pdfSSA-254686 (Last Update: 2020-02-10): Foreshadow / L1 Terminal Fault Vulnerabilities in Industrial Products2020-02-10T00:00:00+00:00<p>Security researchers published information on vulnerabilities known as Foreshadow and L1 Terminal Fault (L1TF). These vulnerabilities affect many modern processors from different vendors to a varying degree.</p>
<p>Several Siemens Industrial Products contain processors that are affected by the vulnerabilities.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdfSSA-268644 (Last Update: 2020-02-10): Spectre-NG (Variants 3a and 4) Vulnerabilities in Industrial Products2020-02-10T00:00:00+00:00<p>Security researchers published information on vulnerabilities known as Spectre-NG (Variants 3a and 4). These vulnerabilities affect many modern processors from different vendors to a varying degree.</p>
<p>Several Industrial Products include affected processors and are affected by the vulnerabilities.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-279823.pdfSSA-279823 (Last Update: 2020-02-10): Cross-Site Scripting vulnerability in the SIMATIC S7-1200 CPU family2020-02-10T00:00:00+00:00<p>Siemens SIMATIC S7-1200 CPUs, version 2 and higher, are capable of running an embedded web server. Web server functionality is disabled by default in the 1200 project configuration. However, if enabled, the web server is susceptible to Cross-Site Scripting (XSS). Siemens provides a firmware update which fixes this XSS vulnerability.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-293562.pdfSSA-293562 (Last Update: 2020-02-10): Vulnerabilities in Industrial Products2020-02-10T00:00:00+00:00<p>Several industrial devices are affected by two vulnerabilities that could allow an attacker to cause a Denial-of-Service condition via PROFINET DCP network packets under certain circumstances. The precondition for this scenario is a direct layer 2 access to the affected products. PROFIBUS interfaces are not affected.</p>
<p>Siemens has released updates for several affected products, is working on updates for the remaining affected products and recommends specific countermeasures until fixes are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-306710.pdfSSA-306710 (Last Update: 2020-02-10): Denial-of-Service Vulnerability in SIMATIC S7-300 CPU Family2020-02-10T00:00:00+00:00<p>Siemens has released a firmware update for the S7-300 CPU family which fixes a vulnerability that could allow remote attackers to perform a Denial-of-Service attack.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-310688.pdfSSA-310688 (Last Update: 2020-02-10): Denial-of-Service Vulnerability in SIMATIC S7-1500 CPU2020-02-10T00:00:00+00:00<p>The latest firmware update for the SIMATIC S7-1500 CPU family fixes a vulnerability which could allow an attacker to perform a Denial-of-Service attack under certain conditions. The attacker must have network access to the device to exploit this vulnerability.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-321046.pdfSSA-321046 (Last Update: 2020-02-10): Denial-of-Service Vulnerability in SCALANCE X-300/X408 Switch Family2020-02-10T00:00:00+00:00<p>The latest firmware update for the Siemens SCALANCE X-300 switch family and SCALANCE X 408 fixes two vulnerabilities. The vulnerabilities could allow attackers to cause a device reboot under certain conditions. An attacker must have network access to the device to exploit this vulnerability.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-346262.pdfSSA-346262 (Last Update: 2020-02-10): Denial-of-Service in Industrial Products2020-02-10T00:00:00+00:00<p>Several industrial products are affected by a vulnerability that could allow remote attackers to conduct a Denial-of-Service (DoS) attack by sending specially crafted packets to port 161/udp (SNMP).</p>
<p>Siemens has released updates for several affected products, and recommends that customers update to the new version. Siemens is preparing further updates and recommends specific countermeasures until patches are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-347726.pdfSSA-347726 (Last Update: 2020-02-10): Denial-of-Service Vulnerability in SIMATIC S7-1500, SIMATIC S7-1500 Software Controller and SIMATIC ET 200SP Open Controller2020-02-10T00:00:00+00:00<p>Versions of SIMATIC S7-1500, SIMATIC S7-1500 Software Controller and SIMATIC ET200SP Open Controller are affected by a denial-of-service vulnerability. An attacker with network access to the PLC can cause a Denial-of-Service condition on the network stack.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-377318.pdfSSA-377318 (Last Update: 2020-02-10): Multiple vulnerabilities in Intel Active Management Technology (AMT) of SIMATIC IPCs2020-02-10T00:00:00+00:00<p>There are multiple vulnerabilities in the Intel Management Engine used in multiple SIMATIC IPC devices that may allow arbitrary code execution, a partial denial of service or information disclosure. For additional information see: <a href="https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00141.html" class="uri">https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00141.html</a>.</p>
<p>Siemens provides updates for the affected devices.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-447396.pdfSSA-447396 (Last Update: 2020-02-10): Denial-of-Service in SCALANCE X-300, SCALANCE X408 and SCALANCE X4142020-02-10T00:00:00+00:00<p>A vulnerability has been identified in the integrated web server of SCALANCE X300, SCALANCE X408, and SCALANCE X414. The vulnerability could allow an attacker with network access to the device to cause a Denial-of-Service condition.</p>
<p>The vulnerability can be triggered with publicly available tools, including vulnerability scanners.</p>
<p>Siemens provides updates for SCALANCE X300, and SCALANCE X408, and provides mitigations for the SCALANCE X414.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-456423.pdfSSA-456423 (Last Update: 2020-02-10): Vulnerabilities in SIMATIC S7-1500 CPU family2020-02-10T00:00:00+00:00<p>The new firmware update for the SIMATIC S7-1500 CPU firmware fixes several vulnerabilities, which may have been exploitable via network by Web application attacks or Denial-of-Service attacks with specially crafted network packets on different ports.</p>
<p>Siemens addresses and fixes all of these issues by the new firmware update.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-470231.pdfSSA-470231 (Last Update: 2020-02-10): TPM Vulnerability in SIMATIC IPCs2020-02-10T00:00:00+00:00<p>Several SIMATIC IPCs include a version of Infineon's Trusted Platform Module (TPM) firmware that mishandles RSA key generation. This makes it easier for attackers to conduct cryptographic attacks against the key material.</p>
<p>Siemens has released updates for the affected Industrial PCs.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-487246.pdfSSA-487246 (Last Update: 2020-02-10): Vulnerabilities in SIMATIC HMI Devices2020-02-10T00:00:00+00:00<p>The latest updates for the affected products fix three vulnerabilities. The most severe of these vulnerabilities could allow an attacker to perform a Denial-of-Service attack against HMI panels under certain conditions.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-507847.pdfSSA-507847 (Last Update: 2020-02-10): Cross-Site Request Forgery Vulnerability in SIMATIC S7-1200 CPU Family Version 42020-02-10T00:00:00+00:00<p>The latest firmware update for S7-1200 CPU family version 4 fixes a Cross-Site Request Forgery vulnerability. Siemens recommends to update affected devices as soon as possible.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-542701.pdfSSA-542701 (Last Update: 2020-02-10): Vulnerabilities in SIEMENS LOGO!2020-02-10T00:00:00+00:00<p>Multiple vulnerabilities have been identified in SIEMENS LOGO!8 BM devices. The most severe vulnerability could lead to an attacker reading and modifying the device configuration if the attacker has access to port 10005/tcp.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-546832.pdfSSA-546832 (Last Update: 2020-02-10): Vulnerabilities in Medium Voltage SINAMICS and SIMOTION Products2020-02-10T00:00:00+00:00<p>The latest updates for medium voltage SINAMICS products fix two security vulnerabilities that could allow an attacker to cause a Denial-of-Service condition either via specially crafted PROFINET DCP broadcast packets or by sending specially crafted packets to port 161/udp (SNMP). Precondition for the PROFINET DCP scenario is a direct Layer 2 access to the affected products. PROFIBUS interfaces are not affected.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-584286.pdfSSA-584286 (Last Update: 2020-02-10): Denial-of-Service Vulnerability in SIMATIC S7-1200 CPU and SIMATIC S7-1500 CPU2020-02-10T00:00:00+00:00<p>A vulnerability was identified in SIMATIC S7-1200 and S7-1500 CPUs that could allow an attacker to cause a denial-of-service condition preventing HMI or engineering access to the PLC over port 102/tcp.</p>
<p>Siemens has released an update for the S7-1500 product and recommends that customers update to the new version. Siemens is preparing a further update for the S7-1200 product and recommends specific workarounds and mitigations until patches are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-592007.pdfSSA-592007 (Last Update: 2020-02-10): Denial-of-Service Vulnerability in Industrial Products2020-02-10T00:00:00+00:00<p>Several industrial controllers are affected by a security vulnerability that could allow an attacker to cause a Denial-of-Service condition via PROFINET DCP network packets under certain circumstances. Precondition for this scenario is a direct OSI Layer 2 access to the affected products. PROFIBUS interfaces are not affected.</p>
<p>Siemens has released updates for several affected products, is working on updates for the remaining affected products and recommends specific countermeasures until fixes are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-597212.pdfSSA-597212 (Last Update: 2020-02-10): Web Vulnerability in SIMATIC S7-1200 CPU Family2020-02-10T00:00:00+00:00<p>The latest firmware version V4.1 of the SIMATIC S7-1200 CPU fixes one vulnerability. The vulnerability could allow an attacker to redirect users to untrusted sites under certain conditions.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-623229.pdfSSA-623229 (Last Update: 2020-02-10): DROWN Vulnerability in Industrial Products2020-02-10T00:00:00+00:00<p>The disclosed attack called DROWN (Decrypting RSA with Obsolete and Weakened eNcryption), also known as CVE-2016-0800, could potentially allow the decryption of SSL/TLS sessions of some Siemens industrial products under certain conditions.</p>
<p>Siemens has released firmware updates and solutions to resolve the vulnerability</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-625789.pdfSSA-625789 (Last Update: 2020-02-10): Security Vulnerabilities in Siemens SIMATIC S7-1200 CPU2020-02-10T00:00:00+00:00<p>Security experts have examined the SIMATIC S7-1200 Programmable Logic Controller (PLC). This research has revealed some weaknesses in the SIMATIC S71200 CPU communication and authentication functions. Once the automation network is compromised it is possible to demonstrate the following weaknesses using a remote exploit: - Trigger CPU functions by record and playback of legitimate network communication - Place CPU in stop/defect state by causing a communications error A remote exploit is a type of attack that can be launched from one computer against another computer across a network. For example, a PC with access to the automation network could be used to launch a remote exploit against a PLC.</p>
<p>The weaknesses are closed with a firmware update V 2.0.3. For the second weakness (communications error), a temporary work-around is also available: if the Web server on the S7-1200 is disabled, the weakness cannot be exploited.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-635659.pdfSSA-635659 (Last Update: 2020-02-10): Heartbleed Vulnerability in Siemens Industrial Products2020-02-10T00:00:00+00:00<p>The "Heartbleed" vulnerability in the OpenSSL cryptographic software library (CVE-2014-0160) affects several Siemens industrial products.</p>
<p>Siemens has resolved the issue in all affected industrial products and provides updates which fix this vulnerability.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-654382.pdfSSA-654382 (Last Update: 2020-02-10): Vulnerabilities in SIMATIC S7-1200 CPU Familiy2020-02-10T00:00:00+00:00<p>The latest product release of the SIMATIC S7-1200 CPU fixes several vulnerabilities. The most severe of these vulnerabilities could allow an attacker to take over an authenticated web session if the session token can be predicted. The attacker must have network access to the device to exploit this vulnerability.</p>
<p>Further vulnerabilities resolved in this product release are discussed below.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-672373.pdfSSA-672373 (Last Update: 2020-02-10): Vulnerabilities in CP 1543-12020-02-10T00:00:00+00:00<p>The latest firmware update for SIMATIC CP 1543-1 devices fixes two vulnerabilities. One of these vulnerabilities could allow authorized users to escalate their privileges on the CP.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-724606.pdfSSA-724606 (Last Update: 2020-02-10): Denial-of-Service Vulnerabilities in SIMATIC S7-1200 CPU Family2020-02-10T00:00:00+00:00<p>Siemens SIMATIC S7-1200 PLCs, version 2 and higher, allow device management over TCP port 102 (ISO-TSAP) and retrieving status information over UDP port 161 (SNMP). It is possible to cause the device to go into defect mode by sending specially crafted packets to these ports.</p>
<p>Siemens addresses these issues with the newest product release.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-731239.pdfSSA-731239 (Last Update: 2020-02-10): Vulnerabilities in SIMATIC S7-300 and S7-400 CPUs2020-02-10T00:00:00+00:00<p>Two vulnerabilities have been identified in SIMATIC S7-300 and S7-400 CPU families. One vulnerability could lead to a Denial-of-Service, the other vulnerability could result in credential disclosure.</p>
<p>Siemens recommends specific mitigations. Siemens will update this advisory when new information becomes available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-742938.pdfSSA-742938 (Last Update: 2020-02-10): Open Ports in SINAMICS S/G Firmware2020-02-10T00:00:00+00:00<p>A potential vulnerability was discovered in the SINAMICS S/G converter family which might allow attackers to access administrative functions on the device without authentication.</p>
<p>Siemens addresses the issue by a firmware update.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-763427.pdfSSA-763427 (Last Update: 2020-02-10): Vulnerability in Communication Processor (CP) modules CP 343-1, TIM 3V-IE, TIM 4R-IE, and CP 443-12020-02-10T00:00:00+00:00<p>Siemens has released updates for Communication Processor (CP) module families CP 343-1/TIM 3V-IE/TIM 4R-IE/CP 443-1 to resolve an authentication bypass vulnerability that could allow unauthenticated users to perform administrative operations under certain conditions.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-774850.pdfSSA-774850 (Last Update: 2020-02-10): Vulnerabilities in SIEMENS LOGO!8 devices2020-02-10T00:00:00+00:00<p>Two vulnerabilities have been identified in SIEMENS LOGO!8 devices. The Session ID on the integrated webserver of LOGO!8 devices is not invalidated upon logout. The second vulnerability could allow an attacker with network access to port 10005/tcp to cause a Denial-of-Service condition by sending specifically crafted packages to the service.</p>
<p>Siemens provides a firmware update for the latest version of LOGO!8 devices. For older versions, the device needs to be upgraded (see table below).</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-804486.pdfSSA-804486 (Last Update: 2020-02-10): Multiple Vulnerabilities in SIMATIC Panels and SIMATIC WinCC (TIA Portal)2020-02-10T00:00:00+00:00<p>The latest update for SIMATIC Panel Software and SIMATIC WinCC (TIA Portal) fixes two vulnerabilities. The most severe is a vulnerability which could allow an attacker with network access to the integrated device to read and write variables via SNMP.</p>
<p>Siemens recommends to update to the newest version.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-818183.pdfSSA-818183 (Last Update: 2020-02-10): Denial-of-Service Vulnerability in SIMATIC S7-300 CPU Family2020-02-10T00:00:00+00:00<p>Siemens has released a firmware update for the SIMATIC S7-300 CPU family which fixes a vulnerability that could allow remote attackers to perform a Denial-of-Service attack under certain conditions.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-833048.pdfSSA-833048 (Last Update: 2020-02-10): Vulnerability in SIMATIC S7-1200 CPU Family2020-02-10T00:00:00+00:00<p>Siemens became aware that the discontinued products SIMATIC S7-1200 CPUs prior to version 4 could allow for the circumvention of user program block protection under certain conditions.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-850708.pdfSSA-850708 (Last Update: 2020-02-10): Authentication Bypass in SCALANCE X-200 Switch Family2020-02-10T00:00:00+00:00<p>A potential vulnerability was discovered in the web server’s authentication of SCALANCE X-200 switches that might allow attackers to hijack web sessions over the network without authentication. Siemens addresses the issue with a firmware update.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-874235.pdfSSA-874235 (Last Update: 2020-02-10): Intel Vulnerability in Siemens Industrial Products2020-02-10T00:00:00+00:00<p>Several Intel chipsets for Intel Core i5, Intel Core i7 and Intel XEON are susceptible to remote code execution vulnerability (CVE-2017-5689) [1]. As several Siemens Industrial Products use Intel technology, they are also affected. Siemens has released updates for the affected Industrial PCs.</p>
<p>[1] Intel Security Advisory – INTEL-SA-00075:<a href="https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&languageid=en-fr" class="uri">https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&languageid=en-fr</a></p>
https://cert-portal.siemens.com/productcert/pdf/ssa-892012.pdfSSA-892012 (Last Update: 2020-02-10): Web Vulnerabilities in SIMATIC S7-1200 CPU Family2020-02-10T00:00:00+00:00<p>The latest product release of the SIMATIC S7-1200 CPU fixes two vulnerabilities. The more severe of these vulnerabilities could allow an attacker to inject HTTP headers if unsuspecting users are tricked to click on a malicious link.</p>
<p>Another vulnerability resolved in this product release is discussed below.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-892715.pdfSSA-892715 (Last Update: 2020-02-10): ME, SPS and TXE Vulnerabilities in SIMATIC IPCs 2020-02-10T00:00:00+00:00<p>Intel has identified vulnerabilities in Intel Management Engine (ME), Intel Server Platform Services (SPS), and Intel Trusted Execution Engine (TXE). As several Siemens Industrial PCs use Intel technology, they are also affected.</p>
<p>Siemens has released updates for the affected Industrial PCs.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-914382.pdfSSA-914382 (Last Update: 2020-02-10): Denial-of-Service Vulnerability in SIMATIC S7-400 CPU Family2020-02-10T00:00:00+00:00<p>SIMATIC S7-400 CPUs are affected by a security vulnerability which could lead to a Denial-of-Service condition of the PLC if specially crafted packets are received and processed.</p>
<p>The affected SIMATIC S7-400 CPU hardware versions are in the product cancellation phase or already phased-out. Siemens recommends customers either upgrading to a new version or implementing specific countermeasures.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-944083.pdfSSA-944083 (Last Update: 2020-02-10): HTTP Header Injection in SIMATIC Panels and SIMATIC WinCC (TIA Portal)2020-02-10T00:00:00+00:00<p>The latest update for SIMATIC Panel software and SIMATIC WinCC (TIA Portal) fixes a vulnerability that could allow an attacker with network access to the web server to perform a HTTP header injection attack.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-954136.pdfSSA-954136 (Last Update: 2020-02-10): User Impersonation Vulnerability in SCALANCE X-200IRT Switch Family2020-02-10T00:00:00+00:00<p>The latest firmware update for the SCALANCE X-200IRT switch family fixes a vulnerability which could allow attackers to impersonate legitimate users of the web interface.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-982399.pdfSSA-982399 (Last Update: 2020-02-10): Missing Authentication in TIM 1531 IRC Modules2020-02-10T00:00:00+00:00<p>The latest update for TIM 1531 IRC fixes a vulnerability. The device was missing proper authentication when connecting on port 102/tcp, although configured.</p>
<p>An attacker needs to be able to connect to port 102/tcp of an affected device in order to exploit this vulnerability.</p>
<p>The vulnerability could allow an attacker to perform administrative operations.</p>
<p>Siemens has released updates for TIM 1531 IRC modules.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-987029.pdfSSA-987029 (Last Update: 2020-02-10): Denial-of-Service Vulnerability in SIMATIC S7-300 CPU Family2020-02-10T00:00:00+00:00<p>A vulnerability could allow attackers to perform a Denial-of-Service attack over the network without prior authentication against S7-300 CPUs under certain conditions.</p>
<p>Siemens recommends specific mitigations. Siemens will update this advisory when new information becomes available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-994726.pdfSSA-994726 (Last Update: 2020-02-10): GHOST Vulnerability in Siemens Industrial Products2020-02-10T00:00:00+00:00<p>The latest updates for the affected products fix the “GHOST” [1] vulnerability identified in glibc library (CVE-2015-0235).</p>
<p>Incorrect parsing within the glibc library functions “gethostbyname()” and “gethostbyname2()” could cause a Denial-of-Service of the targeted system.</p>
<p>[1] https://nvd.nist.gov/vuln/detail/CVE-2015-0235</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-443566.pdfSSA-443566 (Last Update: 2020-01-14): Authentication Bypass in SCALANCE X Switches Families2020-01-14T00:00:00+00:00<p>Several SCALANCE X switches are affected by an Authentication Bypass vulnerability. The vulnerability allows an unauthenticated attacker to violate access-control rules. The vulnerability can be exploited by sending a GET request to a specific uniform resource locator on the web configuration interface of the device.</p>
<p>The security vulnerability could be exploited by an attacker with network access to the affected systems. An attacker could use the vulnerability to obtain sensitive information or change the device configuration.</p>
<p>Siemens recommends to upgrade the SCALANCE X-300 and X408 switches to firmware version V4.1.3.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-629512.pdfSSA-629512 (Last Update: 2020-01-14): Local Privilege Escalation Vulnerability in TIA Portal2020-01-14T00:00:00+00:00<p>The latest update for TIA Portal fixes a vulnerability that could allow a local attacker to execute arbitrary code with SYSTEM privileges.</p>
<p>Siemens has released an update for TIA Portal V15, is working on updates for other versions of TIA Portal and recommends specific mitigations for vulnerable versions.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-880233.pdfSSA-880233 (Last Update: 2020-01-14): Incorrect Session Validation Vulnerability in SINEMA Server2020-01-14T00:00:00+00:00<p>The latest update for SINEMA Server fixes a vulnerability that could allow authenticated users with a low-privileged account to perform firmware updates (as well as other administrative operations) on connected devices. Therefore, Siemens recommends to update the affected products.</p>
https://cert-portal.siemens.com/productcert/pdf/ssb-382508.pdfSSB-382508 (Last Update: 2020-01-14): ActiveX used in Industrial Products2020-01-14T00:00:00+00:00https://cert-portal.siemens.com/productcert/pdf/ssa-242353.pdfSSA-242353 (Last Update: 2020-01-14): Access Control Vulnerability in SINAMICS PERFECT HARMONY GH1802020-01-14T00:00:00+00:00<p>A race condition in the restart behaviour of SINAMICS PERFECT HARMONY GH180 could allow an unauthorized attacker with physical access to the affected device to restart the HMI with disabled security controls, which could be used to launch further attacks against the affected device.</p>
<p>Siemens recommends customers to apply a configuration change on affected devices to resolve the issue. Detailed instructions are available through customer support.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-181018.pdfSSA-181018 (Last Update: 2020-01-14): Heap Overflow Vulnerability in SCALANCE X switches, RUGGEDCOM Win, RFID 181-EIP, and SIMATIC RF182C2020-01-14T00:00:00+00:00<p>SCALANCE X switches, RUGGEDCOM Win, RFID 181-EIP, and SIMATIC RF182C are affected by a vulnerability that could allow an unprivileged attacker located in the same local network segment (OSI Layer 2) to gain system privileges by sending a specially crafted DHCP response to a client's DHCP request.</p>
<p>Siemens has released updates for several affected products and recommends that customers update to the new version. Siemens is preparing further updates and recommends specific countermeasures until patches are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-480829.pdfSSA-480829 (Last Update: 2020-01-14): Cross-Site-Scripting Vulnerabilities in SCALANCE X Switches2020-01-14T00:00:00+00:00<p>Two cross-site-scripting (XSS) vulnerabilities were found in the web server of several SCALANCE X switches. Siemens recommends updating the firmware to the newest version as soon as possible.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-557804.pdfSSA-557804 (Last Update: 2020-01-14): Mirror Port Isolation Vulnerability in SCALANCE X Switches2020-01-14T00:00:00+00:00<p>A vulnerability was identified in several SCALANCE X switches that could allow an attacker to feed information into a network via the mirror port with the monitor barrier feature enabled.</p>
<p>The monitor barrier implementation in several SCALANCE X switches does allow traffic to be directed back into the mirroring network. This might allow an attacker to feed back information into the network that is mirrored.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-307392.pdfSSA-307392 (Last Update: 2020-01-14): Denial-of-Service in OPC UA in Industrial Products2020-01-14T00:00:00+00:00<p>A vulnerability has been identified in the OPC UA server of several industrial products. The vulnerability could cause a Denial-of-Service condition on the service or the device.</p>
<p>Siemens has released updates for several affected products, and recommends that customers update to the new version. Siemens is preparing further updates and recommends specific countermeasures until patches are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-480230.pdfSSA-480230 (Last Update: 2020-01-14): Denial-of-Service in Webserver of Industrial Products2020-01-14T00:00:00+00:00<p>A vulnerability in the affected devices could allow an unauthorized attacker with network access to the webserver of an affected device to perform a denial-of-service attack.</p>
<p>Siemens has released updates for several affected products, and recommends that customers update to the new version. Siemens is preparing further updates and recommends specific countermeasures until patches are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssb-439005.pdfSSB-439005 (Last Update: 2020-01-14): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP2020-01-14T00:00:00+00:00https://cert-portal.siemens.com/productcert/pdf/ssa-646841.pdfSSA-646841 (Last Update: 2020-01-14): Recoverable Password from Configuration Storage in SCALANCE X Switches2020-01-14T00:00:00+00:00<p>A vulnerability exists in several SCALANCE X switches that could allow external entities to reconstruct passwords for users of the affected devices if an attacker is able to obtain a backup of the device configuration.</p>
<p>Siemens has released updates for some of the affected devices and is working on updates for the remaining affected products and recommends specific countermeasures until fixes are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-473245.pdfSSA-473245 (Last Update: 2020-01-14): Denial-of-Service Vulnerability in Profinet Devices2020-01-14T00:00:00+00:00<p>A vulnerability in affected devices could allow an attacker to perform a denial-of-service attack if a large amount of specially crafted UDP packets are sent to the device.</p>
<p>Siemens has released updates for several affected products, and recommends that customers update to the new version. Siemens is preparing further updates and recommends specific countermeasures until patches are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-349422.pdfSSA-349422 (Last Update: 2020-01-14): Denial-of-Service in Industrial Real-Time (IRT) Devices2020-01-14T00:00:00+00:00<p>A vulnerability in the affected products could allow an unauthorized attacker with network access to perform a denial-of-service attack resulting in loss of real-time synchronization.</p>
<p>Siemens has released updates for several affected products, and recommends that customers update to the new version. Siemens is preparing further updates and recommends specific countermeasures until updates are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-878278.pdfSSA-878278 (Last Update: 2020-01-14): Denial-of-Service Vulnerability in SIMATIC WinAC RTX (F) 20102020-01-14T00:00:00+00:00<p>A vulnerability in SIMATIC WinAC RTX (F) 2010 controller software could allow an attacker to perform a denial-of-service attack if a large HTTP request is sent to the network port of the host where WinAC RTX is running.</p>
<p>Siemens has released SIMATIC WinAC RTX (F) 2010 incl. SP3 Update 1 that fixes the vulnerability, and recommends that customers update to this new version.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdfSSA-451445 (Last Update: 2019-12-10): Multiple Vulnerabilities in SPPA-T30002019-12-10T00:00:00+00:00<p>SPPA-T3000 Application Server and MS3000 Migration Server are affected by multiple vulnerabilities. Some of the vulnerabilities can allow an attacker to execute arbitrary code on the server. Exploitation of the vulnerabilities described in this advisory requires access to either Application- or Automation Highway. Both highways should not be exposed if the environment has been set up according to the recommended system configuration in the Siemens SPPA-T3000 security manual.</p>
<p>In this case Siemens consideres the environmental score as CR:L/IR:L/AR:H/MAV:A for vulnerabilities related to the Application Server and CR:L/IR:L/AR:M/MAV:A for vulnerabilities related to the Migration Server.</p>
<p>Siemens is working on updates and recommends specific countermeasures until fixes are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-273799.pdfSSA-273799 (Last Update: 2019-12-10): Vulnerability in SIMATIC products2019-12-10T00:00:00+00:00<p>A vulnerability has been identified in several SIMATIC products. The vulnerability could allow an attacker in a Man-in-the-Middle position to modify network traffic exchanged on port 102/tcp to PLCs of the SIMATIC S7-1200, SIMATIC S7-1500 and SIMATIC SoftwareController CPU families.</p>
<p>Siemens has released updates for several affected products, and recommends that customers update to the new version. Siemens is preparing further updates and recommends specific countermeasures until patches are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-525454.pdfSSA-525454 (Last Update: 2019-12-10): Vulnerabilities in XHQ Operations Intelligence2019-12-10T00:00:00+00:00<p>Multiple vulnerabilities have been identified in XHQ Operations Intelligence product line. These vulnerabilities could allow for data injection in XHQ's web interfaces.</p>
<p>Siemens recommends to update XHQ Operations Intelligence product line to the newest version.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-344983.pdfSSA-344983 (Last Update: 2019-12-10): Vulnerability in WPA2 Key Handling affecting SCALANCE W700 and SCALANCE W1700 Devices2019-12-10T00:00:00+00:00<p>The latest firmware updates for the SCALANCE W700 and W1700 wireless device families fix a vulnerability affecting WPA/WPA2 key handling. It might be possible to, by manipulating the EAPOL-Key frames, decrypt the Key Data field without the frame being authenticated.</p>
<p>This has impact on WPA/WPA2 architectures using TKIP encryption. The attacker must be in the wireless range of the device to perform the attack.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-618620.pdfSSA-618620 (Last Update: 2019-12-10): Vulnerabilities in Boot Loader (U-Boot) of RUGGEDCOM ROS Devices2019-12-10T00:00:00+00:00<p>The boot loader within RUGGEDCOM ROS contains two vulnerabilities in the loading process of the operating system kernel. The most severe of these vulnerabilities could allow an attacker with local access to the device to execute arbitrary code on an affected device.</p>
<p>Siemens recommends specific countermeasures to mitigate this issue.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-530931.pdfSSA-530931 (Last Update: 2019-12-10): Denial-of-Service in Webserver of Industrial Products2019-12-10T00:00:00+00:00<p>A vulnerability in the affected products could allow an unauthorized attacker with network access to the webserver of an affected device to perform a denial-of-service attack.</p>
<p>Siemens has released updates for several affected products, and recommends that customers update to the new version. Siemens is preparing further updates and recommends specific countermeasures until patches are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-686531.pdfSSA-686531 (Last Update: 2019-12-10): Hardware based manufacturing access on S7-1200 and S7-200 SMART2019-12-10T00:00:00+00:00<p>There is an access mode used during manufacturing of SIMATIC S7-1200 and S7-200 SMART CPUs that allows additional diagnostic functionality. Using this functionality requires physical access to the UART interface during boot process.</p>
<p>Siemens is working on a solution and recommends specific countermeasures until the solution is available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-232418.pdfSSA-232418 (Last Update: 2019-12-10): Vulnerabilities in SIMATIC S7-1200 and SIMATIC S7-1500 CPU families2019-12-10T00:00:00+00:00<p>Two vulnerabilities have been identified in the SIMATIC S7-1200 and S7-1500 CPU families. One vulnerability could allow an attacker with network access to affected devices to modify the user program stored on these devices such that the source code differs from the actual running code. The other vulnerability could allow an attacker in a Man-in-the-Middle position to modify network traffic exchanged on port 102/tcp.</p>
<p>Siemens has released updates for several affected products, and recommends that customers update to the new version. Siemens is preparing further updates and recommends specific countermeasures until patches are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-616472.pdfSSA-616472 (Last Update: 2019-12-10): ZombieLoad and Microarchitectural Data Sampling Vulnerabilities in Industrial Products2019-12-10T00:00:00+00:00<p>Security researchers published information on vulnerabilities known as ZombieLoad and Microarchitectural Data Sampling (MDS). These vulnerabilities affect many modern processors from different vendors to a varying degree.</p>
<p>Several Siemens Industrial Products contain processors that are affected by the vulnerabilities.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdfSSA-462066 (Last Update: 2019-12-10): Vulnerability known as TCP SACK PANIC in Industrial Products2019-12-10T00:00:00+00:00<p>Multiple industrial products are affected by a vulnerability in the kernel known as TCP SACK PANIC. The vulnerability could allow a remote attacker to cause a denial of service condition.</p>
<p>Siemens has released updates for several affected products, and recommends that customers update to the new version. Siemens is preparing further updates and recommends specific countermeasures until updates are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-189842.pdfSSA-189842 (Last Update: 2019-12-10): TCP URGENT/11 Vulnerabilities in RUGGEDCOM Win2019-12-10T00:00:00+00:00<p>RUGGEDCOM Win is affected by multiple security vulnerabilities. These vulnerabilities could allow an attacker to leverage various attacks, e.g. to execute arbitrary code over the network.</p>
<p>The vulnerabilities affect the underlying Wind River VxWorks network stack and were recently patched by Wind River.</p>
<p>Siemens is working on updates for the affected products, and recommends specific countermeasures until fixes are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-170686.pdfSSA-170686 (Last Update: 2019-12-10): Vulnerabilities in SCALANCE X-200 and X-200IRT Switch Families2019-12-10T00:00:00+00:00<p>Two vulnerabilities have been reported for the Siemens SCALANCE X-200 and X-200IRT switch families concerning a privilege escalation bug in the web interface and an authentication problem in the SNMPv3 implementation. Siemens has addressed both vulnerabilities by firmware upgrades.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-603476.pdfSSA-603476 (Last Update: 2019-12-10): Web Vulnerabilities in SIMATIC CP 343-1/CP 443-1 Modules and SIMATIC S7-300/S7-400 CPUs2019-12-10T00:00:00+00:00<p>SIMATIC CP 343-1 Advanced/CP-443-1 Advanced devices and SIMATIC S7-300/S7-400 CPUs are affected by two vulnerabilities. One of the vulnerabilities could allow remote attackers to perform operations as an authenticated user under certain conditions.</p>
<p>Siemens has released updates for SIMATIC CP 343-1 Advanced and SIMATIC CP 443-1 Advanced devices. Siemens recommends applying specific countermeasures for the remaining affected products. Siemens will update this advisory when new information becomes available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-530931.pdfSSA-530931 (Last Update: 2019-11-12): Denial-of-Service in Webserver of Industrial Products2019-11-12T00:00:00+00:00<p>A vulnerability in the affected products could allow an unauthorized attacker with network access to the webserver of an affected device to perform a denial-of-service attack.</p>
<p>Siemens has released updates for several affected products, and recommends that customers update to the new version. Siemens is preparing further updates and recommends specific countermeasures until patches are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssb-439005.pdfSSB-439005 (Last Update: 2019-11-12): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP2019-11-12T00:00:00+00:00https://cert-portal.siemens.com/productcert/pdf/ssa-686531.pdfSSA-686531 (Last Update: 2019-11-12): Hardware based manufacturing access on S7-12002019-11-12T00:00:00+00:00<p>There is an access mode used during manufacturing of S7-1200 CPUs that allows additional diagnostic functionality. Using this functionality requires physical access to the UART interface during boot process.</p>
<p>Siemens is working on a solution and recommends specific countermeasures until the solution is available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-473245.pdfSSA-473245 (Last Update: 2019-11-12): Denial-of-Service Vulnerability in Profinet Devices2019-11-12T00:00:00+00:00<p>A vulnerability in affected devices could allow an attacker to perform a denial-of-service attack if a large amount of specially crafted UDP packets are sent to the device.</p>
<p>Siemens has released updates for several affected products, and recommends that customers update to the new version. Siemens is preparing further updates and recommends specific countermeasures until patches are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-616472.pdfSSA-616472 (Last Update: 2019-11-12): ZombieLoad and Microarchitectural Data Sampling Vulnerabilities in Industrial Products2019-11-12T00:00:00+00:00<p>Security researchers published information on vulnerabilities known as ZombieLoad and Microarchitectural Data Sampling (MDS). These vulnerabilities affect many modern processors from different vendors to a varying degree.</p>
<p>Several Siemens Industrial Products contain processors that are affected by the vulnerabilities.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdfSSA-462066 (Last Update: 2019-11-12): Vulnerability known as TCP SACK PANIC in Industrial Products2019-11-12T00:00:00+00:00<p>Multiple industrial products are affected by a vulnerability in the kernel known as TCP SACK PANIC. The vulnerability could allow a remote attacker to cause a denial of service condition.</p>
<p>Siemens has released updates for several affected products, and recommends that customers update to the new version. Siemens is preparing further updates and recommends specific countermeasures until updates are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-434032.pdfSSA-434032 (Last Update: 2019-11-12): Vulnerability in Mentor Nucleus Networking Module2019-11-12T00:00:00+00:00<p>Mentor Nucleus by Mentor, a Siemens Business, is affected by one vulnerability. This vulnerability could allow an attacker to affect the integrity and availability of the device.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-121293.pdfSSA-121293 (Last Update: 2019-10-08): Code Upload Vulnerability in SIMATIC WinCC and SIMATIC PCS 72019-10-08T00:00:00+00:00<p>The latest update for SIMATIC WinCC fixes a vulnerability in the SIMATIC WinCC DataMonitor web application of the affected products that allows to upload arbitrary ASPX code.</p>
<p>An attacker has to be authenticated with a valid user account. The vulnerability is only relevant for scenarios where access via the web interface is feasible for an attacker while access to the directory structure is not.</p>
<p>Siemens has released updates for several affected products, and recommends that customers update to the new version. Siemens is preparing further updates and recommends specific countermeasures until patches are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-275839.pdfSSA-275839 (Last Update: 2019-10-08): Denial-of-Service Vulnerability in Industrial Products2019-10-08T00:00:00+00:00<p>Several industrial products are affected by a vulnerability that could allow an attacker to cause a Denial-of-Service condition via PROFINET DCP network packets under certain circumstances. Precondition for this scenario is a direct Layer 2 access to the affected products.</p>
<p>Siemens has released updates for several affected products, is working on updates for the remaining affected products and recommends specific countermeasures until fixes are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-293562.pdfSSA-293562 (Last Update: 2019-10-08): Vulnerabilities in Industrial Products2019-10-08T00:00:00+00:00<p>Several industrial devices are affected by two vulnerabilities that could allow an attacker to cause a Denial-of-Service condition via PROFINET DCP network packets under certain circumstances. The precondition for this scenario is a direct layer 2 access to the affected products. PROFIBUS interfaces are not affected.</p>
<p>Siemens has released updates for several affected products, is working on updates for the remaining affected products and recommends specific countermeasures until fixes are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-346262.pdfSSA-346262 (Last Update: 2019-10-08): Denial-of-Service in Industrial Products2019-10-08T00:00:00+00:00<p>Several industrial products are affected by a vulnerability that could allow remote attackers to conduct a Denial-of-Service (DoS) attack by sending specially crafted packets to port 161/udp (SNMP).</p>
<p>Siemens has released updates for several affected products, and recommends that customers update to the new version. Siemens is preparing further updates and recommends specific countermeasures until patches are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-349422.pdfSSA-349422 (Last Update: 2019-10-08): Denial-of-Service in Industrial Real-Time (IRT) Devices2019-10-08T00:00:00+00:00<p>A vulnerability in the affected products could allow an unauthorized attacker with network access to perform a denial-of-service attack resulting in loss of real-time synchronization.</p>
<p>Siemens has released updates for several affected products, and recommends that customers update to the new version. Siemens is preparing further updates and recommends specific countermeasures until updates are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdfSSA-462066 (Last Update: 2019-10-08): Vulnerability known as TCP SACK PANIC in Industrial Products2019-10-08T00:00:00+00:00<p>Multiple industrial products are affected by a vulnerability in the kernel known as TCP SACK PANIC. The vulnerability could allow a remote attacker to cause a denial of service condition.</p>
<p>Siemens has released updates for several affected products, and recommends that customers update to the new version. Siemens is preparing further updates and recommends specific countermeasures until updates are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-473245.pdfSSA-473245 (Last Update: 2019-10-08): Denial-of-Service Vulnerability in Profinet Devices2019-10-08T00:00:00+00:00<p>A vulnerability in affected devices could allow an attacker to perform a denial-of-service attack if a large amount of specially crafted UDP packets are sent to the device..</p>
<p>Siemens has released updates for several affected products, and recommends that customers update to the new version. Siemens is preparing further updates and recommends specific countermeasures until patches are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-480230.pdfSSA-480230 (Last Update: 2019-10-08): Denial-of-Service in Webserver of Industrial Products2019-10-08T00:00:00+00:00<p>A vulnerability in the affected devices could allow an unauthorized attacker with network access to the webserver of an affected device to perform a denial-of-service attack.</p>
<p>Siemens has released updates for several affected products, and recommends that customers update to the new version. Siemens is preparing further updates and recommends specific countermeasures until patches are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-592007.pdfSSA-592007 (Last Update: 2019-10-08): Denial-of-Service Vulnerability in Industrial Products2019-10-08T00:00:00+00:00<p>Several industrial controllers are affected by a security vulnerability that could allow an attacker to cause a Denial-of-Service condition via PROFINET DCP network packets under certain circumstances. Precondition for this scenario is a direct OSI Layer 2 access to the affected products. PROFIBUS interfaces are not affected.</p>
<p>Siemens has released updates for several affected products, is working on updates for the remaining affected products and recommends specific countermeasures until fixes are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdfSSA-608355 (Last Update: 2019-10-08): Processor Vulnerabilities Affecting SIMATIC WinAC RTX (F) 20102019-10-08T00:00:00+00:00<p>Security researchers published information on vulnerabilities known as Spectre, Meltdown, Spectre-NG, Foreshadow, L1 Terminal Fault (L1TF), ZombieLoad, and Microarchitectural Data Sampling (MDS). These vulnerabilities affect many modern processors from different vendors to a varying degree.</p>
<p>The latest release of SIMATIC WinAC RTX provides compatibility with the latest BIOS updates and operating system patches from Intel and Microsoft.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-697412.pdfSSA-697412 (Last Update: 2019-10-08): Multiple Vulnerabilities in SIMATIC WinCC, SIMATIC WinCC Runtime, SIMATIC PCS 7, SIMATIC TIA Portal2019-10-08T00:00:00+00:00<p>The latest update for SIMATIC WinCC fixes multiple vulnerabilities. The most severe could allow an attacker to execute arbitrary commands on an affected system under certain conditions.</p>
<p>Siemens has released updates for several affected products, and recommends that customers update to the new version. Siemens is preparing further updates and recommends specific countermeasures until patches are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-701708.pdfSSA-701708 (Last Update: 2019-10-08): Local Privilege Escalation in Industrial Products2019-10-08T00:00:00+00:00<p>In non-default configurations several industrial products are affected by a vulnerability that could allow local Microsoft Windows operating system users to escalate their privileges.</p>
<p>Siemens provides updates for several products and a temporary fix for the remaining affected products. Siemens is working on new versions for the remaining affected products and will update this advisory when new information becomes available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-878278.pdfSSA-878278 (Last Update: 2019-10-08): Denial-of-Service Vulnerability in SIMATIC WinAC RTX (F) 20102019-10-08T00:00:00+00:00<p>A vulnerability in SIMATIC WinAC RTX (F) 2010 controller software could allow an attacker to perform a denial-of-service attack if a large HTTP request is sent to the network port of the host where WinAC RTX is running.</p>
<p>Siemens recommends specific countermeasures to mitigate this issue.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-984700.pdfSSA-984700 (Last Update: 2019-10-08): Password Storage Vulnerability in SIMATIC IT UADM2019-10-08T00:00:00+00:00<p>A vulnerability has been identified in the SIMATIC IT Unified Architecture Discrete Manufacturing product that caused a password to be encrypted with a predicable encryption key. An authenticated attacker could potentially recover the password and gain access to the TeamCenter station connected to the instance.</p>
<p>Siemens provides updates to address the vulnerability, and recommends specific mitigations.</p>
https://cert-portal.siemens.com/productcert/pdf/ssb-439005.pdfSSB-439005 (Last Update: 2019-10-08): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP2019-10-08T00:00:00+00:00https://cert-portal.siemens.com/productcert/pdf/ssa-121293.pdfSSA-121293 (Last Update: 2019-09-10): Code Upload Vulnerability in SIMATIC WinCC and SIMATIC PCS 72019-09-10T00:00:00+00:00<p>The latest update for SIMATIC WinCC fixes a vulnerability in the SIMATIC WinCC DataMonitor web application of the affected products that allows to upload arbitrary ASPX code.</p>
<p>An attacker has to be authenticated with a valid user account. The vulnerability is only relevant for scenarios where access via the web interface is feasible for an attacker while access to the directory structure is not.</p>
<p>Siemens has released updates for several affected products, and recommends that customers update to the new version. Siemens is preparing further updates and recommends specific countermeasures until patches are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-189842.pdfSSA-189842 (Last Update: 2019-09-10): TCP URGENT/11 Vulnerabilities in RUGGEDCOM Win2019-09-10T00:00:00+00:00<p>RUGGEDCOM Win is affected by multiple security vulnerabilities. These vulnerabilities could allow an attacker to leverage various attacks, e.g. to execute arbitrary code over the network.</p>
<p>The vulnerabilities affect the underlying Wind River VxWorks network stack and were recently patched by Wind River.</p>
<p>Siemens is working on updates for the affected products, and recommends specific countermeasures until fixes are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-191683.pdfSSA-191683 (Last Update: 2019-09-10): Cross-Site Scripting Vulnerability in IE/WSN-PA Link WirelessHART Gateway2019-09-10T00:00:00+00:00<p>The Siemens IE/WSN-PA Link WirelessHART Gateway is affected by a Cross-Site Scripting vulnerability.</p>
<p>Siemens recommends specific countermeasures.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-250618.pdfSSA-250618 (Last Update: 2019-09-10): Denial-of-Service Vulnerability in SIMATIC TDC CP51M12019-09-10T00:00:00+00:00<p>A vulnerability could allow an attacker to cause a Denial-of-Service condition on the UDP communication by sending a specially crafted UDP packet to the SIMATIC TDC CP51M1 module.</p>
<p>Siemens has released an update for SIMATIC TDC CP51M1 module and recommends that customers update to the new version.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdfSSA-462066 (Last Update: 2019-09-10): Vulnerability known as TCP SACK PANIC in Industrial Products2019-09-10T00:00:00+00:00<p>Multiple industrial products are affected by a vulnerability in the kernel known as TCP SACK PANIC. The vulnerability could allow a remote attacker to cause a denial of service condition.</p>
<p>Siemens has released updates for several affected products, and recommends that customers update to the new version. Siemens is preparing further updates and recommends specific countermeasures until updates are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-616472.pdfSSA-616472 (Last Update: 2019-09-10): ZombieLoad and Microarchitectural Data Sampling Vulnerabilities in Industrial Products2019-09-10T00:00:00+00:00<p>Security researchers published information on vulnerabilities known as ZombieLoad and Microarchitectural Data Sampling (MDS). These vulnerabilities affect many modern processors from different vendors to a varying degree.</p>
<p>Several Siemens Industrial Products contain processors that are affected by the vulnerabilities.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-697412.pdfSSA-697412 (Last Update: 2019-09-10): Multiple Vulnerabilities in SIMATIC WinCC, SIMATIC WinCC Runtime, SIMATIC PCS 7, SIMATIC TIA Portal2019-09-10T00:00:00+00:00<p>The latest update for SIMATIC WinCC fixes multiple vulnerabilities. The most severe could allow an attacker to execute arbitrary commands on an affected system under certain conditions.</p>
<p>Siemens has released updates for several affected products, and recommends that customers update to the new version. Siemens is preparing further updates and recommends specific countermeasures until patches are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-834884.pdfSSA-834884 (Last Update: 2019-09-10): Vulnerability in SINETPLAN2019-09-10T00:00:00+00:00<p>A vulnerability has been identified in SINETPLAN that could allow local users to execute arbitrary application commands without proper authentication.</p>
<p>Siemens provides a solution that fixes the vulnerability and recommends that users apply the update.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-884497.pdfSSA-884497 (Last Update: 2019-09-10): Multiple Vulnerabilities in SINEMA Remote Connect Server2019-09-10T00:00:00+00:00<p>The latest update for SINEMA Remote Connect Server fixes four vulnearbilities in the web interface. Two of the vulnerabilities are missing protection mechanisms for password guessing and for Cross Site Request Forgery attacks, the third one is a missing authentication check, and the fourth one could allow an attacker with administrative privileges to obtain a device password hash.</p>
<p>Siemens has released updates and recommends to update to the newest version.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-100232.pdfSSA-100232 (Last Update: 2019-08-13): Denial-of-Service vulnerability in SCALANCE X switches2019-08-13T00:00:00+00:00<p>A vulnerability in the affected devices could allow an unauthenticated attacker with network access to an affected device to perform a denial-of-service.</p>
<p>Siemens is preparing updates and recommends specific countermeasures until patches are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-121293.pdfSSA-121293 (Last Update: 2019-08-13): Code Upload Vulnerability in SIMATIC WinCC and SIMATIC PCS 72019-08-13T00:00:00+00:00<p>The latest update for SIMATIC WinCC fixes a vulnerability in the SIMATIC WinCC DataMonitor web application of the affected products that allows to upload arbitrary ASPX code.</p>
<p>An attacker has to be authenticated with a valid user account. The vulnerability is only relevant for scenarios where access via the web interface is feasible for an attacker while access to the directory structure is not.</p>
<p>Siemens has released updates for several affected products, and recommends that customers update to the new version. Siemens is preparing further updates and recommends specific countermeasures until patches are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-232418.pdfSSA-232418 (Last Update: 2019-08-13): Vulnerabilities in SIMATIC S7-1200 and SIMATIC S7-1500 CPU families2019-08-13T00:00:00+00:00<p>Two vulnerabilities have been identified in the SIMATIC S7-1200 and the SIMATIC S7-1500 CPU families. One vulnerability could allow an attacker with network access to affected devices to modify the user program stored on these devices such that the source code differs from the actual running code. The other vulnerability could allow an attacker in a Man-in-the-Middle position to modify network traffic exchanged on port 102/tcp.</p>
<p>Siemens is working on updates and recommends that customers apply mitigations to reduce the risk until updates are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-530931.pdfSSA-530931 (Last Update: 2019-08-13): Denial-of-Service in Webserver of Industrial Products2019-08-13T00:00:00+00:00<p>A vulnerability in the affected products could allow an unauthorized attacker with network access to the webserver of an affected device to perform a denial-of-service attack.</p>
<p>Siemens has released updates for several affected products, and recommends that customers update to the new version. Siemens is preparing further updates and recommends specific countermeasures until patches are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-616472.pdfSSA-616472 (Last Update: 2019-08-13): ZombieLoad and Microarchitectural Data Sampling Vulnerabilities in Industrial Products2019-08-13T00:00:00+00:00<p>Security researchers published information on vulnerabilities known as ZombieLoad and Microarchitectural Data Sampling (MDS). These vulnerabilities affect many modern processors from different vendors to a varying degree.</p>
<p>Several Siemens Industrial Products contain processors that are affected by the vulnerabilities.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-671286.pdfSSA-671286 (Last Update: 2019-08-13): Multiple Vulnerabilities in SCALANCE Products2019-08-13T00:00:00+00:00<p>The latest update for SCALANCE SC-600 fixes multiple vulnerabilities. The most severe could allow authenticated local users with physical access to the device to execute arbitrary commands on the device under certain conditions.</p>
<p>Siemens has released updates for SCALANCE SC-600 devices.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-697412.pdfSSA-697412 (Last Update: 2019-08-13): Multiple Vulnerabilities in SIMATIC WinCC, SIMATIC WinCC Runtime, SIMATIC PCS 7, SIMATIC TIA Portal2019-08-13T00:00:00+00:00<p>The latest update for SIMATIC WinCC fixes multiple vulnerabilities. The most severe could allow an attacker to execute arbitrary commands on an affected system under certain conditions.</p>
<p>Siemens has released updates for several affected products, and recommends that customers update to the new version. Siemens is preparing further updates and recommends specific countermeasures until patches are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssb-439005.pdfSSB-439005 (Last Update: 2019-08-13): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP2019-08-13T00:00:00+00:00https://cert-portal.siemens.com/productcert/pdf/ssa-121293.pdfSSA-121293 (Last Update: 2019-07-09): Code Upload Vulnerability in SIMATIC WinCC and SIMATIC PCS72019-07-09T00:00:00+00:00<p>The latest update for SIMATIC WinCC fixes a vulnerability in the SIMATIC WinCC DataMonitor web application of the affected products that allows to upload arbitrary ASPX code.</p>
<p>An attacker has to be authenticated with a valid user account. The vulnerability is only relevant for scenarios where access via the web interface is feasible for an attacker while access to the directory structure is not.</p>
<p>Siemens has released updates for several affected products, and recommends that customers update to the new version. Siemens is preparing further updates and recommends specific countermeasures until patches are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-307392.pdfSSA-307392 (Last Update: 2019-07-09): Denial-of-Service in OPC UA in Industrial Products2019-07-09T00:00:00+00:00<p>A vulnerability has been identified in the OPC UA server of several industrial products. The vulnerability could cause a Denial-of-Service condition on the service or the device.</p>
<p>Siemens has released updates for several affected products, and recommends that customers update to the new version. Siemens is preparing further updates and recommends specific countermeasures until patches are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-480230.pdfSSA-480230 (Last Update: 2019-07-09): Denial-of-Service in Webserver of Industrial Products2019-07-09T00:00:00+00:00<p>A vulnerability in the affected devices could allow an unauthorized attacker with network access to the webserver of an affected device to perform a denial-of-service attack.</p>
<p>Siemens has released updates for several affected products, and recommends that customers update to the new version. Siemens is preparing further updates and recommends specific countermeasures until patches are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdfSSA-556833 (Last Update: 2019-07-09): TLS Vulnerabilities in SIMATIC RF6XXR2019-07-09T00:00:00+00:00<p>The latest update for SIMATIC RF6XXR fixes multiple vulnerabilities related to outdated TLS versions that are still supported by the product.</p>
<p>Siemens has released a fixed version for the SIMATIC RF6XXR and recommends updating.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-559174.pdfSSA-559174 (Last Update: 2019-07-09): Multiple Vulnerabilities in CP1604 and CP1616 devices2019-07-09T00:00:00+00:00<p>Multiple vulnerabilities have been identified in SIEMENS CP1604 and CP1616 devices. The most severe of these vulnerabilities could allow an attacker to extract internal communication data or cause a Denial-of-Service condition.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-616472.pdfSSA-616472 (Last Update: 2019-07-09): ZombieLoad and Microarchitectural Data Sampling Vulnerabilities in Industrial Products2019-07-09T00:00:00+00:00<p>Security researchers published information on vulnerabilities known as ZombieLoad and Microarchitectural Data Sampling (MDS). These vulnerabilities affect many modern processors from different vendors to a varying degree.</p>
<p>Several Siemens Industrial Products contain processors that are affected by the vulnerabilities.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-697412.pdfSSA-697412 (Last Update: 2019-07-09): Multiple Vulnerabilities in SIMATIC WinCC, SIMATIC WinCC Runtime, SIMATIC PCS 7, SIMATIC TIA Portal2019-07-09T00:00:00+00:00<p>The latest update for SIMATIC WinCC fixes multiple vulnerabilities. The most severe could allow an attacker to execute arbitrary commands on an affected system under certain conditions.</p>
<p>Siemens has released updates for several affected products, and recommends that customers update to the new version. Siemens is preparing further updates and recommends specific countermeasures until patches are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-721298.pdfSSA-721298 (Last Update: 2019-07-09): Missing Authentication Vulnerability in TIA Administrator (TIA Portal)2019-07-09T00:00:00+00:00<p>The latest update for TIA Administrator (TIA Portal) fixes a vulnerability that could allow local users to execute arbitary application commands without proper authentication.</p>
<p>Siemens has released an update for the affected software and provides workarounds and mitigations until the update can be applied.</p>
https://cert-portal.siemens.com/productcert/pdf/ssb-439005.pdfSSB-439005 (Last Update: 2019-07-09): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP2019-07-09T00:00:00+00:00https://cert-portal.siemens.com/productcert/pdf/ssa-646841.pdfSSA-646841 (Last Update: 2019-06-11): Recoverable Password from Configuration Storage in SCALANCE X Switches2019-06-11T00:00:00+00:00<p>A vulnerability exists in the affected devices that could allow external entities to reconstruct passwords for users of the affected devices if an attacker is able to obtain a backup of the device configuration.</p>
<p>Siemens has released updates for some of the affected devices and is working on updates for the remaining affected products and recommends specific countermeasures until fixes are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-774850.pdfSSA-774850 (Last Update: 2019-06-11): Vulnerabilities in SIEMENS LOGO!8 devices2019-06-11T00:00:00+00:00<p>Two vulnerabilities have been identified in SIEMENS LOGO!8 devices. The Session ID on the integrated webserver of LOGO!8 devices is not invalidated upon logout. The second vulnerability could allow an attacker with network access to port 10005/tcp to cause a Denial-of-Service condition by sending specifically crafted packages to the service.</p>
<p>Siemens provides a firmware update for the latest version of LOGO!8 devices. For older versions, the device needs to be upgraded (see table below).</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-816980.pdfSSA-816980 (Last Update: 2019-06-11): Multiple Web Vulnerabilities in SIMATIC Ident MV420 and MV440 families2019-06-11T00:00:00+00:00<p>The SIMATIC Ident MV420 and MV440 families are affected by two web vulnerabilities. The vulnerabilities could allow an authenticated user to escalate privileges, or might expose sensitive information to an attacker that is able to eavesdrop the communication.</p>
<p>Siemens provides mitigations.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-181018.pdfSSA-181018 (Last Update: 2019-06-11): Heap Overflow Vulnerability in SCALANCE X switches, RUGGEDCOM Win, RFID 181-EIP, and SIMATIC RF182C2019-06-11T00:00:00+00:00<p>SCALANCE X switches, RUGGEDCOM Win, RFID 181-EIP, and SIMATIC RF182C are affected by a vulnerability that could allow an unprivileged attacker located in the same local network segment (OSI Layer 2) to gain system privileges by sending a specially crafted DHCP response to a client's DHCP request.</p>
<p>Siemens has released updates for several affected products and recommends that customers update to the new version. Siemens is preparing further updates and recommends specific countermeasures until patches are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-254686.pdfSSA-254686 (Last Update: 2019-06-11): Foreshadow / L1 Terminal Fault Vulnerabilities in Industrial Products2019-06-11T00:00:00+00:00<p>Security researchers published information on vulnerabilities known as Foreshadow and L1 Terminal Fault (L1TF). These vulnerabilities affect many modern processors from different vendors to a varying degree.</p>
<p>Several Siemens Industrial Products contain processors that are affected by the vulnerabilities.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-307392.pdfSSA-307392 (Last Update: 2019-06-11): Denial-of-Service in OPC UA in Industrial Products2019-06-11T00:00:00+00:00<p>A vulnerability has been identified in the OPC UA server of several industrial products. The vulnerability could cause a Denial-of-Service condition on the service or the device.</p>
<p>Siemens has released updates for several affected products, and recommends that customers update to the new version. Siemens is preparing further updates and recommends specific countermeasures until patches are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-480230.pdfSSA-480230 (Last Update: 2019-06-11): Denial-of-Service in Webserver of Industrial Products2019-06-11T00:00:00+00:00<p>A vulnerability in the affected devices could allow an unauthorized attacker with network access to the webserver of an affected device to perform a denial-of-service attack.</p>
<p>Siemens has released updates for several affected products, and recommends that customers update to the new version. Siemens is preparing further updates and recommends specific countermeasures until patches are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-557804.pdfSSA-557804 (Last Update: 2019-06-11): Mirror Port Isolation Vulnerability in SCALANCE X switches2019-06-11T00:00:00+00:00<p>A vulnerability was identified in several SCALANCE X switches that could allow an attacker to feed information into a network via the mirror port with the monitor barrier feature enabled.</p>
<p>The monitor barrier implementation in various SCALANCE products does allow traffic to be directed back into the mirroring network. This might allow an attacker to feed back information into the network that is mirrored.</p>
https://cert-portal.siemens.com/productcert/pdf/ssb-439005.pdfSSB-439005 (Last Update: 2019-06-11): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP2019-06-11T00:00:00+00:00https://cert-portal.siemens.com/productcert/pdf/ssa-102144.pdfSSA-102144 (Last Update: 2019-05-14): Code Execution Vulnerability in LOGO! Soft Comfort2019-05-14T00:00:00+00:00<p>A vulnerability was identified in LOGO! Soft Comfort. The vulnerability could allow an attacker to execute arbitrary code if the attacker tricks a legitimate user to open a manipulated project.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-542701.pdfSSA-542701 (Last Update: 2019-05-14): Vulnerabilities in SIEMENS LOGO!2019-05-14T00:00:00+00:00<p>Multiple vulnerabilities have been identified in SIEMENS LOGO!8 BM devices. The most severe vulnerability could lead to an attacker reading and modifying the device configuration if the attacker has access to port 10005/tcp.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-549547.pdfSSA-549547 (Last Update: 2019-05-14): Multiple Vulnerabilites in SCALANCE W1750D2019-05-14T00:00:00+00:00<p>The latest update for SCALANCE W1750D fixes multiple vulnerabilities. The most severe could allow an unauthenticated attacker with access to the web interface of an affected device to execute arbitrary system commands within the underlying operating system.</p>
<p>Siemens has released updates for the affected devices.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-606525.pdfSSA-606525 (Last Update: 2019-05-14): Denial-of-Service Vulnerability in SINAMICS PERFECT HARMONY GH180 Ethernet Modbus Interface (G28)2019-05-14T00:00:00+00:00<p>SINAMICS PERFECT HARMONY GH180 Drives NXG I and NXG II control contains a denial-of-service vulnerability within the Ethernet Modbus interface (G28). An attacker with access to the Ethernet Modbus Interface could cause a Denial-of-Service condition exceeding the number of available connections.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-697412.pdfSSA-697412 (Last Update: 2019-05-14): Multiple Vulnerabilities in SIMATIC WinCC, SIMATIC WinCC Runtime, SIMATIC PCS 7, SIMATIC TIA Portal2019-05-14T00:00:00+00:00<p>The latest update for SIMATIC WinCC fixes multiple vulnerabilities. The most severe could allow an attacker to execute arbitrary commands on an affected system under certain conditions.</p>
<p>Siemens has released updates for several affected products, and recommends that customers update to the new version. Siemens is preparing further updates and recommends specific countermeasures until patches are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-705517.pdfSSA-705517 (Last Update: 2019-05-14): Remote Code Execution Vulnerability in SIMATIC WinCC and SIMATIC PCS 72019-05-14T00:00:00+00:00<p>A vulnerability was identified in SIMATIC WinCC and SIMATIC PCS 7, which could allow an unauthenticated attacker with access to the affected devices to execute arbitrary code. The vulnerability can be exploited if the affected systems do not have "Encrypted Communication" enabled.</p>
<p>Siemens provides versions of SIMATIC WinCC and SIMATIC PCS 7, that allow to enable a mode called "Encrypted Communication", which mitigates the vulnerability.</p>
<p>"Encrypted communication" is enabled by default starting with SIMATIC WinCC V7.5.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-804486.pdfSSA-804486 (Last Update: 2019-05-14): Multiple Vulnerabilities in SIMATIC Panels and SIMATIC WinCC (TIA Portal)2019-05-14T00:00:00+00:00<p>The latest update for SIMATIC Panel Software and SIMATIC WinCC (TIA Portal) fixes two vulnerabilities. The most severe is a vulnerability which could allow an attacker with network access to the integrated device to read and write variables via SNMP.</p>
<p>Siemens recommends to update to the newest version.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-865156.pdfSSA-865156 (Last Update: 2019-05-14): Denial-of-Service Vulnerability in SINAMICS PERFECT HARMONY GH180 Fieldbus Network2019-05-14T00:00:00+00:00<p>SINAMICS PERFECT HARMONY GH180 Drives NXG I and NXG II control contains a denial-of-service vulnerability within the Parameter Read/Write over Fieldbus network functionality. An attacker with access to the field bus network could cause a Denial-of-Service condition by sending specially crafted packets. By default, Parameter Read/Write over Fieldbus network is disabled, and this functionality must be specifically enabled to expose this vulnerability.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-902727.pdfSSA-902727 (Last Update: 2019-05-14): Multiple Vulnerabilities in Licensing Software for SISHIP Automation Solutions2019-05-14T00:00:00+00:00<p>Multiple vulnerabilities have been identified in the WibuKey Digital Rights Management (DRM) solution, which affect SISHIP Automation Solutions. Siemens recommends users to apply the updates to WibuKey Digital Rights Management (DRM) provided by WIBU SYSTEMS AG.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-113131.pdfSSA-113131 (Last Update: 2019-05-14): Denial-of-Service Vulnerabilities in S7-400 CPUs2019-05-14T00:00:00+00:00<p>Two vulnerabilities have been identified in the SIMATIC S7-400 CPU family that could allow an attacker to cause a Denial-of-Service condition. In order to exploit the vulnerability, an attacker must have access to the affected devices on port 102/tcp via Ethernet, PROFIBUS or Multi Point Interfaces (MPI).</p>
<p>Siemens provides updates to address the vulnerability, and recommends specific mitigations.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-307392.pdfSSA-307392 (Last Update: 2019-05-14): Denial-of-Service in OPC UA in Industrial Products2019-05-14T00:00:00+00:00<p>A vulnerability has been identified in the OPC UA server of several industrial products. The vulnerability could cause a Denial-of-Service condition on the service or the device.</p>
<p>Siemens has released updates for several affected products, and recommends that customers update to the new version. Siemens is preparing further updates and recommends specific countermeasures until patches are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-480230.pdfSSA-480230 (Last Update: 2019-05-14): Denial-of-Service in Webserver of Industrial Products2019-05-14T00:00:00+00:00<p>A vulnerability in the affected devices could allow an unauthorized attacker with network access to the webserver of an affected device to perform a denial-of-service attack.</p>
<p>Siemens has released updates for several affected products, and recommends that customers update to the new version. Siemens is preparing further updates and recommends specific countermeasures until patches are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-592007.pdfSSA-592007 (Last Update: 2019-05-14): Denial-of-Service Vulnerability in Industrial Products2019-05-14T00:00:00+00:00<p>Several industrial controllers are affected by a security vulnerability that could allow an attacker to cause a Denial-of-Service condition via PROFINET DCP network packets under certain circumstances. Precondition for this scenario is a direct OSI Layer 2 access to the affected products. PROFIBUS interfaces are not affected.</p>
<p>Siemens has released updates for several affected products, is working on updates for the remaining affected products and recommends specific countermeasures until fixes are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-141614.pdfSSA-141614 (Last Update: 2019-04-09): Denial-of-Service in SIMOCODE pro V EIP2019-04-09T00:00:00+00:00<p>SIMOCODE pro V EIP is affected by a vulnerability that could allow remote attackers to conduct a Denial-of-Service (DoS) attack by sending specially crafted packets to port 161/udp (SNMP).</p>
<p>Siemens has released an update for SIMOCODE pro V EIP and recommends that customers update to the new version.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-307392.pdfSSA-307392 (Last Update: 2019-04-09): Denial-of-Service in OPC UA in Industrial Products2019-04-09T00:00:00+00:00<p>A vulnerability has been identified in the OPC UA server of several industrial products. The vulnerability could cause a Denial-of-Service condition on the service or the device.</p>
<p>Siemens has released updates for several affected products, and recommends that customers update to the new version. Siemens is preparing further updates and recommends specific countermeasures until patches are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdfSSA-436177 (Last Update: 2019-04-09): Multiple Vulnerabilities in SINEMA Remote Connect2019-04-09T00:00:00+00:00<p>The latest updates for SINEMA Remote Connect Client and Server fix multiple vulnerabilities. One of these vulnerabilities could allow an attacker to circumvent the authorization of the system for certain functionalities and to execute privileged functions.</p>
<p>Siemens has released firmware updates for SINEMA Remote Connect Client and Server.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-451142.pdfSSA-451142 (Last Update: 2019-04-09): Multiple Vulnerabilities in RUGGEDCOM ROX II2019-04-09T00:00:00+00:00<p>The latest update for RUGGEDCOM ROX II fixes multiple vulnerabilities in third party component software. The most severe vulnerability could allow an attacker to run arbitrary code on the device.</p>
<p>Siemens has released firmware updates for RUGGEDCOM ROX II and recommends that customers update to the new version.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-480230.pdfSSA-480230 (Last Update: 2019-04-09): Denial-of-Service in Webserver of Industrial Products2019-04-09T00:00:00+00:00<p>A vulnerability in the affected devices could allow an unauthorized attacker with network access to the webserver of an affected device to perform a denial-of-service attack.</p>
<p>Siemens has released updates for several affected products, and recommends that customers update to the new version. Siemens is preparing further updates and recommends specific countermeasures until patches are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-179516.pdfSSA-179516 (Last Update: 2019-04-09): OpenSSL Vulnerability in Industrial Products2019-04-09T00:00:00+00:00<p>A vulnerability in OpenSSL affects several Siemens industrial products. Siemens has released updates for some affected products and is working on updates for others.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdfSSA-268644 (Last Update: 2019-04-09): Spectre-NG (Variants 3a and 4) Vulnerabilities in Industrial Products2019-04-09T00:00:00+00:00<p>Security researchers published information on vulnerabilities known as Spectre-NG (Variants 3a and 4). These vulnerabilities affect many modern processors from different vendors to a varying degree.</p>
<p>Several Industrial Products include affected processors and are affected by the vulnerabilities.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-844562.pdfSSA-844562 (Last Update: 2019-04-09): Multiple Vulnerabilities in Licensing Software for WinCC OA2019-04-09T00:00:00+00:00<p>Multiple vulnerabilities have been identified in the WibuKey Digital Rights Management (DRM) solution, which affect WinCC OA. Siemens recommends users to apply the updates to WibuKey Digital Rights Management (DRM) provided by WIBU SYSTEMS AG.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-901333.pdfSSA-901333 (Last Update: 2019-04-09): KRACK Attacks Vulnerabilities in Industrial Products2019-04-09T00:00:00+00:00<p>Multiple vulnerabilities affecting WPA/WPA2 implementations were identified by a researcher and publicly disclosed under the term "Key Reinstallation Attacks" (KRACK). These vulnerabilities could potentially allow an attacker within the radio range of the wireless network to decrypt, replay or inject forged network packets into the wireless communication.</p>
<p>Several Siemens Industrial products use WPA/WPA2 and are therefore affected by some of the vulnerabilities.</p>
https://cert-portal.siemens.com/productcert/pdf/ssb-439005.pdfSSB-439005 (Last Update: 2019-04-09): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP2019-04-09T00:00:00+00:00https://cert-portal.siemens.com/productcert/pdf/ssa-557804.pdfSSA-557804 (Last Update: 2019-03-12): Mirror Port Isolation Vulnerability in SCALANCE X switches2019-03-12T00:00:00+00:00<p>A vulnerability was identified in several SCALANCE X switches that could allow an attacker to feed information into a network via the mirror port with the monitor barrier feature enabled.</p>
<p>The monitor barrier implementation in various SCALANCE products does allow traffic to be directed back into the mirroring network. This might allow an attacker to feed back information into the network that is mirrored.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-168644.pdfSSA-168644 (Last Update: 2019-03-12): Spectre and Meltdown Vulnerabilities in Industrial Products2019-03-12T00:00:00+00:00<p>Security researchers published information on vulnerabilities known as Spectre and Meltdown. These vulnerabilities affect many modern processors from different vendors to a varying degree.</p>
<p>Several Industrial Products include affected processors and are affected by the vulnerabilities.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-170881.pdfSSA-170881 (Last Update: 2019-03-12): Vulnerabilities in SINUMERIK Controllers2019-03-12T00:00:00+00:00<p>The latest updates for SINUMERIK controllers fix multiple security vulnerabilities that could allow an attacker to cause Denial-of-Service conditions, escalate privileges, or to execute code from remote.</p>
<p>Siemens has released updates for several affected products, is working on updates for the remaining affected products and recommends specific countermeasures until fixes are available. Siemens recommends to update affected devices as soon as possible.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-254686.pdfSSA-254686 (Last Update: 2019-03-12): Foreshadow / L1 Terminal Fault Vulnerabilities in Industrial Products2019-03-12T00:00:00+00:00<p>Security researchers published information on vulnerabilities known as Foreshadow and L1 Terminal Fault (L1TF). These vulnerabilities affect many modern processors from different vendors to a varying degree.</p>
<p>Several Siemens Industrial Products contain processors that are affected by the vulnerabilities.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-346262.pdfSSA-346262 (Last Update: 2019-03-12): Denial-of-Service in Industrial Products2019-03-12T00:00:00+00:00<p>Several industrial products are affected by a vulnerability that could allow remote attackers to conduct a Denial-of-Service (DoS) attack by sending specially crafted packets to port 161/udp (SNMP).</p>
<p>Siemens has released updates for several affected products, and recommends that customers update to the new version. Siemens is preparing further updates and recommends specific countermeasures until patches are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-348629.pdfSSA-348629 (Last Update: 2019-03-12): Denial-of-Service Vulnerability in SIMATIC PCS 7, SIMATIC WinCC, SIMATIC WinCC Runtime Professional and SIMATIC NET PC Software2019-03-12T00:00:00+00:00<p>A Denial-of-Service vulnerability has been identified in SIMATIC PCS 7, SIMATIC WinCC, SIMATIC WinCC Runtime Professional and SIMATIC NET PC-Software.</p>
<p>Siemens has released updates for several affected products and recommends that customers update to the new version. Siemens is preparing further updates and recommends specific countermeasures until patches are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-584286.pdfSSA-584286 (Last Update: 2019-03-12): Denial-of-Service Vulnerability in SIMATIC S7-1200 CPU and SIMATIC S7-1500 CPU2019-03-12T00:00:00+00:00<p>A vulnerability was identified in SIMATIC S7-1200 and S7-1500 CPUs that could allow an attacker to cause a denial-of-service condition preventing HMI or engineering access to the PLC over port 102/tcp.</p>
<p>Siemens has released an update for the S7-1500 product and recommends that customers update to the new version. Siemens is preparing a further update for the S7-1200 product and recommends specific workarounds and mitigations until patches are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssb-439005.pdfSSB-439005 (Last Update: 2019-03-12): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP2019-03-12T00:00:00+00:00https://cert-portal.siemens.com/productcert/pdf/ssa-844562.pdfSSA-844562 (Last Update: 2019-02-25): Multiple Vulnerabilities in Licensing Software for WinCC OA2019-02-25T00:00:00+00:00<p>Multiple vulnerabilities have been identified in the WibuKey Digital Rights Management (DRM) solution, which affect WinCC OA. Siemens recommends users to apply the updates to WibuKey Digital Rights Management (DRM) provided by WIBU SYSTEMS AG.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-505225.pdfSSA-505225 (Last Update: 2019-02-12): Spectre Vulnerabilities in SIMATIC Industrial Thin Client V32019-02-12T00:00:00+00:00<p>SIMATIC Industrial Thin Clients V3 contain a processor which is affected by vulnerabilities known under the name Spectre V1 and Spectre V4. Siemens has released updates for the affected products and recommends to update to the latest version.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-275839.pdfSSA-275839 (Last Update: 2019-02-12): Denial-of-Service Vulnerability in Industrial Products2019-02-12T00:00:00+00:00<p>Several industrial products are affected by a vulnerability that could allow an attacker to cause a Denial-of-Service condition via PROFINET DCP network packets under certain circumstances. Precondition for this scenario is a direct Layer 2 access to the affected products.</p>
<p>Siemens has released updates for several affected products, is working on updates for the remaining affected products and recommends specific countermeasures until fixes are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-284673.pdfSSA-284673 (Last Update: 2019-02-12): Vulnerability in Industrial Products2019-02-12T00:00:00+00:00<p>Several industrial devices are affected by a vulnerability that could allow an attacker to cause a Denial-of-Service condition via PROFINET DCP network packets under certain circumstances. Precondition for this scenario is a direct Layer 2 access to the affected products. PROFIBUS interfaces are not affected.</p>
<p>Siemens has released updates for several affected products, is working on updates for the remaining affected products and recommends specific countermeasures until fixes are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-346262.pdfSSA-346262 (Last Update: 2019-02-12): Denial-of-Service in Industrial Products2019-02-12T00:00:00+00:00<p>Several industrial products are affected by a vulnerability that could allow remote attackers to conduct a Denial-of-Service (DoS) attack by sending specially crafted packets to port 161/udp (SNMP).</p>
<p>Siemens has released updates for several affected products, and recommends that customers update to the new version. Siemens is preparing further updates and recommends specific countermeasures until patches are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-179516.pdfSSA-179516 (Last Update: 2019-02-12): OpenSSL Vulnerability in Industrial Products2019-02-12T00:00:00+00:00<p>A vulnerability in OpenSSL affects several Siemens industrial products. Siemens has released updates for some affected products and is working on updates for others.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-168644.pdfSSA-168644 (Last Update: 2019-02-12): Spectre and Meltdown Vulnerabilities in Industrial Products2019-02-12T00:00:00+00:00<p>Security researchers published information on vulnerabilities known as Spectre and Meltdown. These vulnerabilities affect many modern processors from different vendors to a varying degree.</p>
<p>Several Industrial Products include affected processors and are affected by the vulnerabilities.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdfSSA-268644 (Last Update: 2019-02-12): Spectre-NG (Variants 3a and 4) Vulnerabilities in Industrial Products2019-02-12T00:00:00+00:00<p>Security researchers published information on vulnerabilities known as Spectre-NG (Variants 3a and 4). These vulnerabilities affect many modern processors from different vendors to a varying degree.</p>
<p>Several Industrial Products include affected processors and are affected by the vulnerabilities.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-347726.pdfSSA-347726 (Last Update: 2019-02-12): Denial-of-Service Vulnerability in SIMATIC S7-1500, SIMATIC S7-1500 Software Controller and SIMATIC ET 200SP Open Controller2019-02-12T00:00:00+00:00<p>Versions of SIMATIC S7-1500, SIMATIC S7-1500 Software Controller and SIMATIC ET 200 SP Open Controller are affected by a denial-of-service vulnerability. An attacker with network access to the PLC can cause a Denial-of-Service condition on the network stack.</p>
https://cert-portal.siemens.com/productcert/pdf/ssb-439005.pdfSSB-439005 (Last Update: 2019-02-12): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP2019-02-12T00:00:00+00:00https://cert-portal.siemens.com/productcert/pdf/ssa-377318.pdfSSA-377318 (Last Update: 2019-02-12): Multiple vulnerabilities in Intel Active Management Technology (AMT) of SIMATIC IPCs2019-02-12T00:00:00+00:00<p>There are multiple vulnerabilities in the Intel Management Engine used in multiple SIMATIC IPC devices that may allow arbitrary code execution, a partial denial of service or information disclosure. For additional information see: <a href="https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00141.html" class="uri">https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00141.html</a>.</p>
<p>Siemens provides updates for the affected devices.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-254686.pdfSSA-254686 (Last Update: 2019-02-12): Foreshadow / L1 Terminal Fault Vulnerabilities in Industrial Products2019-02-12T00:00:00+00:00<p>Security researchers published information on vulnerabilities known as Foreshadow and L1 Terminal Fault (L1TF). These vulnerabilities affect many modern processors from different vendors to a varying degree.</p>
<p>Several Siemens Industrial Products contain processors that are affected by the vulnerabilities.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-180635.pdfSSA-180635 (Last Update: 2019-01-08): Denial-of-Service Vulnerabilities in S7-1500 CPU2019-01-08T00:00:00+00:00<p>Older versions of the S7-1500 CPU are affected by two Denial-of-Service vulnerabilities. Siemens has released updates for the currently supported hardware versions.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-181018.pdfSSA-181018 (Last Update: 2019-01-08): Heap Overflow Vulnerability in SCALANCE X switches, RUGGEDCOM WiMAX, RFID 181-EIP, and SIMATIC RF182C2019-01-08T00:00:00+00:00<p>SCALANCE X switches, RUGGEDCOM WiMAX, RFID 181-EIP, and SIMATIC RF182C are affected by a vulnerability that could allow an unprivileged attacker located in the same local network segment (OSI Layer 2) to gain system privileges by sending a specially crafted DHCP response to a client's DHCP request.</p>
<p>Siemens has released updates for several affected products and recommends that customers update to the new version. Siemens is preparing further updates and recommends specific countermeasures until patches are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-293562.pdfSSA-293562 (Last Update: 2019-01-08): Vulnerabilities in Industrial Products2019-01-08T00:00:00+00:00<p>Several industrial devices are affected by two vulnerabilities that could allow an attacker to cause a Denial-of-Service condition via PROFINET DCP network packets under certain circumstances. The precondition for this scenario is a direct layer 2 access to the affected products. PROFIBUS interfaces are not affected.</p>
<p>Siemens has released updates for several affected products, is working on updates for the remaining affected products and recommends specific countermeasures until fixes are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-306710.pdfSSA-306710 (Last Update: 2019-01-08): Denial-of-Service Vulnerability in SIMATIC S7-300 CPU2019-01-08T00:00:00+00:00<p>Siemens has released a firmware update for the SIMATIC S7-300 CPU family which fixes a vulnerability that could allow remote attackers to perform a Denial-of-Service attack.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-346262.pdfSSA-346262 (Last Update: 2019-01-08): Denial-of-Service in Industrial Products2019-01-08T00:00:00+00:00<p>Several industrial products are affected by a vulnerability that could allow remote attackers to conduct a Denial-of-Service (DoS) attack by sending specially crafted packets to port 161/udp (SNMP).</p>
<p>Siemens has released updates for several affected products, and recommends that customers update to the new version. Siemens is preparing further updates and recommends specific countermeasures until patches are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-348629.pdfSSA-348629 (Last Update: 2019-01-08): Denial-of-Service Vulnerability in SIMATIC PCS 7, SIMATIC WinCC, SIMATIC WinCC Runtime Professional and SIMATIC NET PC Software2019-01-08T00:00:00+00:00<p>A Denial-of-Service vulnerability has been identified in SIMATIC PCS 7, SIMATIC WinCC, SIMATIC WinCC Runtime Professional and SIMATIC NET PC-Software.</p>
<p>Siemens has released updates for several affected products and recommends that customers update to the new version. Siemens is preparing further updates and recommends specific countermeasures until patches are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-535640.pdfSSA-535640 (Last Update: 2019-01-08): Vulnerability in Industrial Products2019-01-08T00:00:00+00:00<p>Various industrial products use the Discovery Service of the OPC UA protocol stack by the OPC foundation <a href="https://github.com/OPCFoundation/UA-.NETStandard" class="uri">https://github.com/OPCFoundation/UA-.NETStandard</a> and could therefore be affected by the remote resource consumption attacks (CVE-2017-12069).</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-559174.pdfSSA-559174 (Last Update: 2019-01-08): Multiple Vulnerabilities in CP1604 and CP1616 devices2019-01-08T00:00:00+00:00<p>Multiple vulnerabilities have been identified in SIEMENS CP1604 and CP1616 devices. The most severe of these vulnerabilities could allow an attacker to extract internal communication data or cause a Denial-of-Service condition.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-592007.pdfSSA-592007 (Last Update: 2019-01-08): Denial-of-Service Vulnerability in Industrial Products2019-01-08T00:00:00+00:00<p>Several industrial controllers are affected by a security vulnerability that could allow an attacker to cause a Denial-of-Service condition via PROFINET DCP network packets under certain circumstances. Precondition for this scenario is a direct OSI Layer 2 access to the affected products. PROFIBUS interfaces are not affected.</p>
<p>Siemens has released updates for several affected products, is working on updates for the remaining affected products and recommends specific countermeasures until fixes are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssb-439005.pdfSSB-439005 (Last Update: 2019-01-08): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP2019-01-08T00:00:00+00:00https://cert-portal.siemens.com/productcert/pdf/ssa-982399.pdfSSA-982399 (Last Update: 2018-12-17): Missing Authentication in TIM 1531 IRC Modules2018-12-17T00:00:00+00:00<p>The latest update for TIM 1531 IRC fixes a vulnerability. The devices was missing proper authentication when connecting on port 102/tcp, although configured.</p>
<p>An attacker needs to be able to connect to port 102/tcp of an affected device in order to exploit this vulnerability.</p>
<p>The vulnerability could allow an attacker to perform administrative operations.</p>
<p>Siemens has released updates for TIM 1531 IRC modules.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-181018.pdfSSA-181018 (Last Update: 2018-12-13): Heap Overflow Vulnerability in SCALANCE X switches, RUGGEDCOM WiMAX, RFID 181-EIP, and SIMATIC RF182C2018-12-13T00:00:00+00:00<p>SCALANCE X switches, RUGGEDCOM WiMAX, RFID 181-EIP, and SIMATIC RF182C are affected by a vulnerability that could allow an unprivileged attacker located in the same local network segment (OSI Layer 2) to gain system privileges by sending a specially crafted DHCP response to a client's DHCP request.</p>
<p>Siemens has released updates for several affected products and recommends that customers update to the new version. Siemens is preparing further updates and recommends specific countermeasures until patches are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-293562.pdfSSA-293562 (Last Update: 2018-12-13): Vulnerabilities in Industrial Products2018-12-13T00:00:00+00:00<p>Several industrial devices are affected by two vulnerabilities that could allow an attacker to cause a Denial-of-Service condition via PROFINET DCP network packets under certain circumstances. The precondition for this scenario is a direct layer 2 access to the affected products. PROFIBUS interfaces are not affected.</p>
<p>Siemens has released updates for several affected products, is working on updates for the remaining affected products and recommends specific countermeasures until fixes are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-348629.pdfSSA-348629 (Last Update: 2018-12-13): Denial-of-Service Vulnerability in SIMATIC PCS 7, SIMATIC WinCC, SIMATIC WinCC Runtime Professional and SIMATIC NET PC Software2018-12-13T00:00:00+00:00<p>A Denial-of-Service vulnerability has been identified in SIMATIC PCS 7, SIMATIC WinCC, SIMATIC WinCC Runtime Professional and SIMATIC NET PC-Software.</p>
<p>Siemens has released updates for several affected products and recommends that customers update to the new version. Siemens is preparing further updates and recommends specific countermeasures until patches are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-982399.pdfSSA-982399 (Last Update: 2018-12-13): Missing Authentication in TIM 1531 IRC Modules2018-12-13T00:00:00+00:00<p>TIM 1531 IRC is affected by a vulnerability. The devices are missing proper authentication when connecting on port 102/tcp, although configured.</p>
<p>An attacker needs to be able to connect to port 102/tcp of an affected device in order to exploit this vulnerability.</p>
<p>The vulnerability could allow an attacker to perform arbitrary administrative operations.</p>
<p>Siemens is working on updates for TIM 1531 IRC modules.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-170881.pdfSSA-170881 (Last Update: 2018-12-11): Vulnerabilities in SINUMERIK Controllers2018-12-11T00:00:00+00:00<p>The latest updates for SINUMERIK controllers fix multiple security vulnerabilities that could allow an attacker to cause Denial-of-Service conditions, escalate privileges, or to execute code from remote.</p>
<p>Siemens has released updates for several affected products, is working on updates for the remaining affected products and recommends specific countermeasures until fixes are available. Siemens recommends to update affected devices as soon as possible.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-254686.pdfSSA-254686 (Last Update: 2018-12-11): Foreshadow / L1 Terminal Fault Vulnerabilities in Industrial Products2018-12-11T00:00:00+00:00<p>Security researchers published information on vulnerabilities known as Foreshadow and L1 Terminal Fault (L1TF). These vulnerabilities affect many modern processors from different vendors to a varying degree.</p>
<p>Several Siemens Industrial Products contain processors that are affected by the vulnerabilities.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-293562.pdfSSA-293562 (Last Update: 2018-12-11): Vulnerabilities in Industrial Products2018-12-11T00:00:00+00:00<p>Several industrial devices are affected by two vulnerabilities that could allow an attacker to cause a Denial-of-Service condition via PROFINET DCP network packets under certain circumstances. Precondition for this scenario is a direct Layer 2 access to the affected products. PROFIBUS interfaces are not affected.</p>
<p>Siemens has released updates for several affected products, is working on updates for the remaining affected products and recommends specific countermeasures until fixes are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-346262.pdfSSA-346262 (Last Update: 2018-12-11): Denial-of-Service in Industrial Products2018-12-11T00:00:00+00:00<p>Several industrial products are affected by a vulnerability that could allow remote attackers to conduct a Denial-of-Service (DoS) attack by sending specially crafted packets to port 161/udp (SNMP).</p>
<p>Siemens has released updates for several affected products, and recommends that customers update to the new version. Siemens is preparing further updates and recommends specific countermeasures until patches are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssb-439005.pdfSSB-439005 (Last Update: 2018-12-11): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP2018-12-11T00:00:00+00:00https://cert-portal.siemens.com/productcert/pdf/ssa-674165.pdfSSA-674165 (Last Update: 2018-12-11): Vulnerability in McAfee MACC product for SINAMICS PERFECT HARMONY GH180 drives2018-12-11T00:00:00+00:00<p>McAfee has issued Security Bulletin SB10250 to address a vulnerabilty in McAfee Application and Change Control (MACC). SINAMICS PERFECT HARMONY GH180 Drives with HMIs produced between November 4th, 2015 and October 9th, 2018, use MACC as part of their software package, if option A30 was part of the order.</p>
<p>Siemens has analyzed the vulnerability and has determined that this vulnerability applies to these HMIs.</p>
<p>HMIs with this vulnerability can be compromised via local attack using removable USB storage devices to transfer malicious files. These file can be executed to compromise the HMI and by extension the drive system.</p>
<p>For compatibility reasons, Siemens advises the installation of MACC 8.2.0 instead of version 8.0.0, hotfix 5 as mentioned in SB10250.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdfSSA-268644 (Last Update: 2018-12-11): Spectre-NG (Variants 3a and 4) Vulnerabilities in Industrial Products2018-12-11T00:00:00+00:00<p>Security researchers published information on vulnerabilities known as Spectre-NG (Variants 3a and 4). These vulnerabilities affect many modern processors from different vendors to a varying degree.</p>
<p>Several Industrial Products include affected processors and are affected by the vulnerabilities.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-982399.pdfSSA-982399 (Last Update: 2018-12-11): Missing Authentication in TIM 1531 IRC Modules2018-12-11T00:00:00+00:00<p>The latest update for TIM 1531 IRC fixes a vulnerability. The devices was missing proper authentication when connecting on port 102/tcp, although configured.</p>
<p>An attacker needs to be able to connect to port 102/tcp of an affected device in order to exploit this vulnerability.</p>
<p>The vulnerability could allow an attacker to perform arbitrary administrative operations.</p>
<p>Siemens has released updates for TIM 1531 IRC modules.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-181018.pdfSSA-181018 (Last Update: 2018-12-11): Heap Overflow Vulnerability in SCALANCE X switches, RUGGEDCOM WiMAX, RFID 181-EIP, and SIMATIC RF182C2018-12-11T00:00:00+00:00<p>SCALANCE X switches, RUGGEDCOM WiMAX, RFID 181-EIP, and SIMATIC RF182C are affected by a vulnerability that could allow an unprivileged attacker located in the same local network segment (OSI Layer 2) to gain system privileges by sending a specially crafted DHCP response to a client's DHCP request.</p>
<p>Siemens has released updates for several affected products and recommends that customers update to the new version. Siemens is preparing further updates and recommends specific countermeasures until patches are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-348629.pdfSSA-348629 (Last Update: 2018-12-11): Denial-of-Service Vulnerability in SIMATIC PCS 7, SIMATIC WinCC, SIMATIC WinCC Runtime Professional and SIMATIC NET PC Software2018-12-11T00:00:00+00:00<p>A Denial-of-Service vulnerability has been identified in SIMATIC PCS 7, SIMATIC WinCC, SIMATIC WinCC Runtime Professional and SIMATIC NET PC-Software.</p>
<p>Siemens has released updates for several affected products and recommends that customers update to the new version. Siemens is preparing further updates and recommends specific countermeasures until patches are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssb-439005.pdfSSB-439005 (Last Update: 2018-11-27): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP2018-11-27T00:00:00+00:00https://cert-portal.siemens.com/productcert/pdf/ssa-113131.pdfSSA-113131 (Last Update: 2018-11-13): Denial-of-Service Vulnerabilities in S7-400 CPUs2018-11-13T00:00:00+00:00<p>Two vulnerabilities have been identified in the SIMATIC S7-400 CPU family that could allow an attacker to cause a Denial-of-Service condition. In order to exploit the vulnerability, an attacker must have access to the affected devices on port 102/tcp via Ethernet, PROFIBUS or Multi Point Interfaces (MPI).</p>
<p>Siemens provides updates to address the vulnerability, and recommends specific mitigations.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-233109.pdfSSA-233109 (Last Update: 2018-11-13): Web Vulnerabilities in SIMATIC Panels2018-11-13T00:00:00+00:00<p>The latest update for SIMATIC Panel software and SIMATIC WinCC (TIA Portal) fixes two web vulnerabilities. The most severe is a vulnerability which could allow an attacker with network access to the integrated webserver to download arbitrary files.</p>
<p>Siemens recommends to update to the newest version.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-242982.pdfSSA-242982 (Last Update: 2018-11-13): Cross-Site Scripting Vulnerability in SCALANCE S2018-11-13T00:00:00+00:00<p>A Cross-Site Scripting (XSS) vulnerability was found in the web server of SCALANCE S firewalls. Siemens provides firmware version V4.0.1.1, which fixes the vulnerability and recommends to update to the newest version.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-584286.pdfSSA-584286 (Last Update: 2018-11-13): Denial-of-Service Vulnerability in SIMATIC S7-1200 CPU and SIMATIC S7-1500 CPU2018-11-13T00:00:00+00:00<p>A vulnerability was identified in SIMATIC S7-1200 and S7-1500 CPUs that could allow an attacker to cause a denial-of-service condition preventing HMI or engineering access to the PLC over port 102/tcp.</p>
<p>Siemens has released an update for the S7-1500 product and recommends that customers update to the new version. Siemens is preparing a further update for the S7-1200 product and recommends specific workarounds and mitigations until patches are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-621493.pdfSSA-621493 (Last Update: 2018-11-13): Password Storage Vulnerability in SIMATIC STEP7 (TIA Portal)2018-11-13T00:00:00+00:00<p>The latest update for SIMATIC STEP7 (TIA Portal) fixes a vulnerability that could allow an attacker with local access to a project file to reconstruct certain passwords stored in the project.</p>
<p>Siemens recommends to update to the new version.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-886615.pdfSSA-886615 (Last Update: 2018-11-13): Vulnerability in SIMATIC IT Production Suite2018-11-13T00:00:00+00:00<p>The latest update for SIMATIC IT Production Suite fixes a vulnerability that could allow authorized users with knowledge of a valid user name and physical or network access to the affected system to bypass the application-level authentication.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-944083.pdfSSA-944083 (Last Update: 2018-11-13): HTTP Header Injection in SIMATIC Panels and SIMATIC WinCC (TIA Portal)2018-11-13T00:00:00+00:00<p>The latest update for SIMATIC Panel software and SIMATIC WinCC (TIA Portal) fixes a vulnerability that could allow an attacker with network access to the web server to perform a HTTP header injection attack.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-168644.pdfSSA-168644 (Last Update: 2018-11-13): Spectre and Meltdown Vulnerabilities in Industrial Products2018-11-13T00:00:00+00:00<p>Security researchers published information on vulnerabilities known as Spectre and Meltdown. These vulnerabilities affect many modern processors from different vendors to a varying degree.</p>
<p>Several Industrial Products include affected processors and are affected by the vulnerabilities.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-179516.pdfSSA-179516 (Last Update: 2018-11-13): OpenSSL Vulnerability in Industrial Products2018-11-13T00:00:00+00:00<p>A vulnerability in OpenSSL affects several Siemens industrial products. Siemens has released updates for some affected products and is working on updates for others.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-254686.pdfSSA-254686 (Last Update: 2018-11-13): Foreshadow / L1 Terminal Fault Vulnerabilities in Industrial Products2018-11-13T00:00:00+00:00<p>Security researchers published information on vulnerabilities known as Foreshadow and L1 Terminal Fault (L1TF). These vulnerabilities affect many modern processors from different vendors to a varying degree.</p>
<p>Several Siemens Industrial Products contain processors that are affected by the vulnerabilities.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdfSSA-268644 (Last Update: 2018-11-13): Spectre-NG (Variants 3a and 4) Vulnerabilities in Industrial Products2018-11-13T00:00:00+00:00<p>Security researchers published information on vulnerabilities known as Spectre-NG (Variants 3a and 4). These vulnerabilities affect many modern processors from different vendors to a varying degree.</p>
<p>Several Industrial Products include affected processors and are affected by the vulnerabilities.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-293562.pdfSSA-293562 (Last Update: 2018-11-13): Vulnerabilities in Industrial Products2018-11-13T00:00:00+00:00<p>Several industrial devices are affected by two vulnerabilities that could allow an attacker to cause a Denial-of-Service condition via PROFINET DCP network packets under certain circumstances. Precondition for this scenario is a direct Layer 2 access to the affected products. PROFIBUS interfaces are not affected.</p>
<p>Siemens has released updates for several affected products, is working on updates for the remaining affected products and recommends specific countermeasures until fixes are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-346262.pdfSSA-346262 (Last Update: 2018-11-13): Denial-of-Service in Industrial Products2018-11-13T00:00:00+00:00<p>Several industrial products are affected by a vulnerability that could allow remote attackers to conduct a Denial-of-Service (DoS) attack by sending specially crafted packets to port 161/udp (SNMP).</p>
<p>Siemens has released updates for several affected products, and recommends that customers update to the new version. Siemens is preparing further updates and recommends specific countermeasures until patches are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-348629.pdfSSA-348629 (Last Update: 2018-11-13): Denial-of-Service Vulnerability in SIMATIC PCS 7, SIMATIC WinCC, SIMATIC WinCC Runtime Professional and SIMATIC NET PC Software2018-11-13T00:00:00+00:00<p>A Denial-of-Service vulnerability has been identified in SIMATIC PCS 7, SIMATIC WinCC, SIMATIC WinCC Runtime Professional and SIMATIC NET PC-Software.</p>
<p>Siemens has released updates for several affected products and recommends that customers update to the new version. Siemens is preparing further updates and recommends specific countermeasures until patches are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-901333.pdfSSA-901333 (Last Update: 2018-11-13): KRACK Attacks Vulnerabilities in Industrial Products2018-11-13T00:00:00+00:00<p>Multiple vulnerabilities affecting WPA/WPA2 implementations were identified by a researcher and publicly disclosed under the term "Key Reinstallation Attacks" (KRACK). These vulnerabilities could potentially allow an attacker within the radio range of the wireless network to decrypt, replay or inject forged network packets into the wireless communication.</p>
<p>Several Siemens Industrial products use WPA/WPA2 and are therefore affected by some of the vulnerabilities.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-507847.pdfSSA-507847 (Last Update: 2018-10-09): Cross-Site Request Forgery Vulnerability in SIMATIC S7-1200 CPU Family Version 42018-10-09T00:00:00+00:00<p>The latest firmware update for S7-1200 CPU family version 4 fixes a Cross-Site Request Forgery vulnerability. Siemens recommends to update affected devices as soon as possible.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-493830.pdfSSA-493830 (Last Update: 2018-10-09): Privilege Escalation in ROX II2018-10-09T00:00:00+00:00<p>The latest update for ROX II fixes two vulnerabilities. One vulnerability could allow an attacker with a low-privileged user account to execute arbitrary commands. The other vulnerability could allow an attacker with a low-privileged user account to escalate his privileges.</p>
<p>Siemens recommends to update to the new version as soon as possible.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-464260.pdfSSA-464260 (Last Update: 2018-10-09): TLS ROBOT vulnerability in SCALANCE W1750D2018-10-09T00:00:00+00:00<p>The latest update for SCALANCE W1750D addresses a vulnerability known as <em>ROBOT Attack</em>. The vulnerability could allow an attacker to decrypt TLS traffic.</p>
<p>Siemens provides a firmware update and recommends users to update to the new version.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-254686.pdfSSA-254686 (Last Update: 2018-10-09): Foreshadow / L1 Terminal Fault Vulnerabilities in Industrial Products2018-10-09T00:00:00+00:00<p>Security researchers published information on vulnerabilities known as Foreshadow and L1 Terminal Fault (L1TF). These vulnerabilities affect many modern processors from different vendors to a varying degree.</p>
<p>Several Siemens Industrial Products contain processors that are affected by the vulnerabilities.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-347726.pdfSSA-347726 (Last Update: 2018-10-09): Denial-of-Service Vulnerability in SIMATIC S7-1500, SIMATIC S7-1500 Software Controller and SIMATIC ET 200SP Open Controller2018-10-09T00:00:00+00:00<p>Versions of SIMATIC S7-1500, SIMATIC S7-1500 Software Controller and SIMATIC ET 200 SP Open Controller are affected by a denial-of-service vulnerability. An attacker with network access to the PLC can cause a Denial-of-Service condition on the network stack.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-346262.pdfSSA-346262 (Last Update: 2018-10-09): Denial-of-Service in Industrial Products2018-10-09T00:00:00+00:00<p>Several industrial products are affected by a vulnerability that could allow remote attackers to conduct a Denial-of-Service (DoS) attack by sending specially crafted packets to port 161/udp (SNMP).</p>
<p>Siemens has released updates for several affected products, and recommends that customers update to the new version. Siemens is preparing further updates and recommends specific countermeasures until patches are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-546832.pdfSSA-546832 (Last Update: 2018-10-09): Vulnerabilities in Medium Voltage SINAMICS Products2018-10-09T00:00:00+00:00<p>The latest updates for medium voltage SINAMICS products fix two security vulnerabilities that could allow an attacker to cause a Denial-of-Service condition either via specially crafted PROFINET DCP broadcast packets or by sending specially crafted packets to port 161/udp (SNMP). Precondition for the PROFINET DCP scenario is a direct Layer 2 access to the affected products. PROFIBUS interfaces are not affected.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-348629.pdfSSA-348629 (Last Update: 2018-10-09): Denial-of-Service Vulnerability in SIMATIC PCS 7, SIMATIC WinCC, SIMATIC WinCC Runtime Professional and SIMATIC NET PC Software2018-10-09T00:00:00+00:00<p>A Denial-of-Service vulnerability has been identified in SIMATIC PCS 7, SIMATIC WinCC, SIMATIC WinCC Runtime Professional and SIMATIC NET PC-Software.</p>
<p>Siemens has released updates for several affected products and recommends that customers update to the new version. Siemens is preparing further updates and recommends specific countermeasures until patches are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-179516.pdfSSA-179516 (Last Update: 2018-10-09): OpenSSL Vulnerability in Industrial Products2018-10-09T00:00:00+00:00<p>A vulnerability in OpenSSL affects several Siemens industrial products. Siemens has released updates for some affected products and is working on updates for others.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-597741.pdfSSA-597741 (Last Update: 2018-10-09): Vulnerability in iOS App SIMATIC WinCC OA Operator2018-10-09T00:00:00+00:00<p>The SIMATIC WinCC OA Operator iOS app is affected by a security vulnerability which could allow an attacker to read unencrypted data from the application’s directory. Precondition for this scenario is that an attacker has physical access to the mobile device.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-979106.pdfSSA-979106 (Last Update: 2018-10-09): Vulnerabilities in SIMATIC STEP 7 (TIA Portal) and SIMATIC WinCC (TIA Portal)2018-10-09T00:00:00+00:00<p>The latest updates for SIMATIC STEP 7 (TIA Portal) and SIMATIC WinCC (TIA Portal) fix two vulnerabilities. These two vulnerabilities could either allow an attacker with local file write access to manipulate files and cause a Denial-of-service-condition, or execute code both on the manipulated installation and on devices that are configured using the manipulated installation.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-592007.pdfSSA-592007 (Last Update: 2018-10-09): Denial-of-Service Vulnerability in Industrial Products2018-10-09T00:00:00+00:00<p>Several industrial controllers are affected by a security vulnerability that could allow an attacker to cause a Denial-of-Service condition via PROFINET DCP network packets under certain circumstances. Precondition for this scenario is a direct OSI Layer 2 access to the affected products. PROFIBUS interfaces are not affected.</p>
<p>Siemens has released updates for several affected products, is working on updates for the remaining affected products and recommends specific countermeasures until fixes are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdfSSA-268644 (Last Update: 2018-10-09): Spectre-NG (Variants 3a and 4) Vulnerabilities in Industrial Products2018-10-09T00:00:00+00:00<p>Security researchers published information on vulnerabilities known as Spectre-NG (Variants 3a and 4). These vulnerabilities affect many modern processors from different vendors to a varying degree.</p>
<p>Several Industrial Products include affected processors and are affected by the vulnerabilities.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-346262.pdfSSA-346262 (Last Update: 2018-09-11): Denial-of-Service in Industrial Products2018-09-11T00:00:00+00:00<p>Several industrial products are affected by a vulnerability that could allow remote attackers to conduct a Denial-of-Service (DoS) attack by sending specially crafted packets to port 161/udp (SNMP).</p>
<p>Siemens has released updates for several affected products, and recommends that customers update to the new version. Siemens is preparing further updates and recommends specific countermeasures until patches are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-179516.pdfSSA-179516 (Last Update: 2018-09-11): OpenSSL Vulnerability in Industrial Products2018-09-11T00:00:00+00:00<p>A vulnerability in OpenSSL affects several Siemens industrial products. Siemens has released updates for some affected products and is working on updates for others.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-168644.pdfSSA-168644 (Last Update: 2018-09-11): Spectre and Meltdown Vulnerabilities in Industrial Products2018-09-11T00:00:00+00:00<p>Security researchers published information on vulnerabilities known as Spectre and Meltdown. These vulnerabilities affect many modern processors from different vendors to a varying degree.</p>
<p>Several Industrial Products include affected processors and are affected by the vulnerabilities.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdfSSA-268644 (Last Update: 2018-09-11): Spectre-NG (Variants 3a and 4) Vulnerabilities in Industrial Products2018-09-11T00:00:00+00:00<p>Security researchers published information on vulnerabilities known as Spectre-NG (Variants 3a and 4). These vulnerabilities affect many modern processors from different vendors to a varying degree.</p>
<p>Several Industrial Products include affected processors and are affected by the vulnerabilities.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-346256.pdfSSA-346256 (Last Update: 2018-09-11): Vulnerability in SIMATIC WinCC OA V3.14 and prior2018-09-11T00:00:00+00:00<p>The latest update for SIMATIC WinCC OA V3.14 fixes a vulnerability that could allow an unauthenticated remote user to escalate its privileges in the context of SIMATIC WinCC OA V3.14.</p>
<p>This vulnerability affects SIMATIC WinCC OA V3.14 and prior. SIMATIC WinCC OA V3.15 and V3.16 are not affected by this vulnerability.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-198330.pdfSSA-198330 (Last Update: 2018-09-11): Local Privilege Escalation in TD Keypad Designer2018-09-11T00:00:00+00:00<p>All versions of the TD Keypad Designer for printing customized lamination sheets for Text Display devices are affected by a DLL hijacking vulnerability that could allow a local low-privileged attacker to escalate his privileges.</p>
<p>Text Display devices and TD Keypad Designer have been discontinued in 2012 and were replaced by KTP Basic with option Express Design.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-447396.pdfSSA-447396 (Last Update: 2018-09-11): Denial-of-Service in SCALANCE X300, SCALANCE X408 and SCALANCE X4142018-09-11T00:00:00+00:00<p>A vulnerability has been identified in the integrated web server of SCALANCE X300, SCALANCE X408, and SCALANCE X414. The vulnerability could allow an attacker with network access to the device to cause a Denial-of-Service condition.</p>
<p>The vulnerability can be triggered with publicly available tools, including vulnerability scanners.</p>
<p>Siemens provides updates for SCALANCE X300, and SCALANCE X408, and provides mitigations for the SCALANCE X414.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-914382.pdfSSA-914382 (Last Update: 2018-09-11): Denial-of-Service Vulnerability in SIMATIC S7-4002018-09-11T00:00:00+00:00<p>SIMATIC S7-400 CPUs are affected by a security vulnerability which could lead to a Denial-of-Service condition of the PLC if specially crafted packets are received and processed.</p>
<p>The affected SIMATIC S7-400 CPU hardware versions are in the product cancellation phase or already phased-out. Siemens recommends customers either upgrading to a new version or implementing specific countermeasures.</p>
https://cert-portal.siemens.com/productcert/pdf/ssb-068644.pdfSSB-068644 (Last Update: 2018-08-17): General Customer Information for Speculative Side-Channel Vulnerabilities in Microprocessors2018-08-17T00:00:00+00:00<p>Security researchers published information on vulnerabilities known as Spectre, Meltdown, Spectre-NG, Lazy FP State Restore, Spectre V1.1, and L1 Terminal Fault/Foreshadow. These vulnerabilities affect many modern processors from different vendors to a varying degree.</p>
<p>Siemens is analyzing the impact of these vulnerabilities and of the mitigations released on its own products. If Siemens products are found to be affected, additional product-specific update information will be distributed either via the Siemens ProductCERT website or through Siemens’ customer service organizations if applicable.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-168644.pdfSSA-168644 (Last Update: 2018-08-07): Spectre and Meltdown Vulnerabilities in Industrial Products2018-08-07T00:00:00+00:00<p>Security researchers published information on vulnerabilities known as Spectre and Meltdown. These vulnerabilities affect many modern processors from different vendors to a varying degree.</p>
<p>Several Industrial Products include affected processors and are affected by the vulnerabilities.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-179516.pdfSSA-179516 (Last Update: 2018-08-07): OpenSSL Vulnerability in Industrial Products2018-08-07T00:00:00+00:00<p>A vulnerability in OpenSSL affects several Siemens industrial products. Siemens has released updates for some affected products and is working on updates for others.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-979106.pdfSSA-979106 (Last Update: 2018-08-07): Vulnerabilities in SIMATIC STEP 7 (TIA Portal) and SIMATIC WinCC (TIA Portal)2018-08-07T00:00:00+00:00<p>The latest updates for SIMATIC STEP 7 (TIA Portal) and SIMATIC WinCC (TIA Portal) fix two vulnerabilities. These two vulnerabilities could either allow an attacker with local file write access to manipulate files and cause a Denial-of-service-condition, or execute code both on the manipulated installation and on devices that are configured using the manipulated installation.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-920962.pdfSSA-920962 (Last Update: 2018-08-07): Vulnerabilities in Automation License Manager2018-08-07T00:00:00+00:00<p>The latest updates for Automation License Manager fix two vulnerabilities. One of them could allow an attacker to execute arbitrary code on the target device, the other one could allow an attacker to abuse the target system for basic network scanning.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-197012.pdfSSA-197012 (Last Update: 2018-07-03): Vulnerabilities in SICLOCK central plant clocks2018-07-03T00:00:00+00:00<p>SICLOCK TC devices are affected by multiple vulnerabilities that could allow an attacker to cause Denial-of-Service conditions, bypass the authentication, and modify the firmware of the device or the administrative client.</p>
<p>SICLOCK TC devices are in a phase out process. Siemens recommends mitigations to reduce the risk.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-168644.pdfSSA-168644 (Last Update: 2018-06-26): Spectre and Meltdown Vulnerabilities in Industrial Products2018-06-26T00:00:00+00:00<p>Security researchers published information on vulnerabilities known as Spectre and Meltdown. These vulnerabilities affect many modern processors from different vendors to a varying degree.</p>
<p>Several Industrial Products include affected processors and are affected by the vulnerabilities.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-181018.pdfSSA-181018 (Last Update: 2018-06-12): Heap Overflow Vulnerability in SCALANCE X switches, RUGGEDCOM WiMAX, RFID 181-EIP, and SIMATIC RF182C2018-06-12T00:00:00+00:00<p>SCALANCE X switches, RUGGEDCOM WiMAX, RFID 181-EIP, and SIMATIC RF182C are affected by a vulnerability that could allow an unprivileged attacker located in the same local network segment (OSI Layer 2) to gain system privileges by sending a specially crafted DHCP response to a client's DHCP request.</p>
<p>Siemens has released updates for several affected products and recommends that customers update to the new version. Siemens is preparing further updates and recommends specific countermeasures until patches are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-480829.pdfSSA-480829 (Last Update: 2018-06-12): Cross-Site-Scripting Vulnerabilities in SCALANCE X Switches2018-06-12T00:00:00+00:00<p>Two cross-site-scripting (XSS) vulnerabilities were found in the web server of SCALANCE X switches. Siemens recommends updating the firmware to the newest version as soon as possible.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-977428.pdfSSA-977428 (Last Update: 2018-06-12): Vulnerabilities in SCALANCE M8752018-06-12T00:00:00+00:00<p>Multiple vulnerabilities have been identified in the web interface of SCALANCE M875. The web interface of SCALANCE M875 could allow Cross-Site Request Forgery (CSRF), stored Cross-Site Scripting (XSS), or command injection attacks if an attacker is authenticated or tricks a legitimate authenticated user into accessing a malicious link.</p>
<p>Siemens recommends customers to upgrade their hardware, and provides mitigations until hardware upgrades can be applied.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-701708.pdfSSA-701708 (Last Update: 2018-06-12): Local Privilege Escalation in Industrial Products2018-06-12T00:00:00+00:00<p>In non-default configurations several industrial products are affected by a vulnerability that could allow local Microsoft Windows operating system users to escalate their privileges.</p>
<p>Siemens provides updates for several products and a temporary fix for the remaining affected products. Siemens is working on new versions for the remaining affected products and will update this advisory when new information becomes available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-275839.pdfSSA-275839 (Last Update: 2018-06-12): Denial-of-Service Vulnerability in Industrial Products2018-06-12T00:00:00+00:00<p>Several industrial products are affected by a vulnerability that could allow an attacker to cause a Denial-of-Service condition via PROFINET DCP network packets under certain circumstances. Precondition for this scenario is a direct Layer 2 access to the affected products.</p>
<p>Siemens has released updates for several affected products, is working on updates for the remaining affected products and recommends specific countermeasures until fixes are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-523365.pdfSSA-523365 (Last Update: 2018-06-12): Vulnerability in SIMATIC PCS 72018-06-12T00:00:00+00:00<p>The latest software update for SIMATIC PCS 7 fixes a vulnerability, which could allow an attacker to cause a Denial-of-Service (DoS) condition under certain circumstances.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-348629.pdfSSA-348629 (Last Update: 2018-06-12): Denial-of-Service Vulnerability in SIMATIC PCS 7, SIMATIC WinCC, SIMATIC WinCC Runtime Professional and SIMATIC NET PC Software2018-06-12T00:00:00+00:00<p>A Denial-of-Service vulnerability has been identified in SIMATIC PCS 7, SIMATIC WinCC, SIMATIC WinCC Runtime Professional and SIMATIC NET PC-Software.</p>
<p>Siemens has released updates for several affected products and recommends that customers update to the new version. Siemens is preparing further updates and recommends specific countermeasures until patches are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-931064.pdfSSA-931064 (Last Update: 2018-06-12): Authentication Bypass in SIMATIC Logon2018-06-12T00:00:00+00:00<p>The latest update for SIMATIC Logon fixes a security vulnerability that could allow attackers to circumvent user authentication under certain conditions.</p>
<p>SIMATIC WinCC, SIMATIC PCS 7, SIMATIC PDM, and SIMATIC IT Production Suite provide SIMATIC Logon as component of the product. Installing the SIMATIC Logon update fixes the vulnerability for all products mentioned below.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-168644.pdfSSA-168644 (Last Update: 2018-05-29): Spectre and Meltdown Vulnerabilities in Industrial Products2018-05-29T00:00:00+00:00<p>Security researchers published information on vulnerabilities known as Spectre and Meltdown. These vulnerabilities affect many modern processors from different vendors to a varying degree.</p>
<p>Several Industrial Products include affected processors and are affected by the vulnerabilities.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-914382.pdfSSA-914382 (Last Update: 2018-05-15): Denial-of-Service Vulnerability in SIMATIC S7-4002018-05-15T00:00:00+00:00<p>SIMATIC S7-400 CPUs are affected by a security vulnerability which could lead to a Denial-of-Service condition of the PLC if specially crafted packets are received and processed.</p>
<p>The affected SIMATIC S7-400 CPU hardware versions are in the product cancellation phase or already phased-out. Siemens recommends customers either upgrading to a new version or implementing specific countermeasures.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-346262.pdfSSA-346262 (Last Update: 2018-05-15): Denial-of-Service in Industrial Products2018-05-15T00:00:00+00:00<p>Several industrial products are affected by a vulnerability that could allow remote attackers to conduct a Denial-of-Service (DoS) attack by sending specially crafted packets to port 161/udp (SNMP).</p>
<p>Siemens has released updates for several affected products, and recommends that customers update to the new version. Siemens is preparing further updates and recommends specific countermeasures until patches are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-689071.pdfSSA-689071 (Last Update: 2018-05-09): DNSMasq Vulnerabilities in SCALANCE W1750D, SCALANCE M800 and SCALANCE S6152018-05-09T00:00:00+00:00<p>Multiple vulnerabilities have been identified in SCALANCE W1750D, SCALANCE M800, and SCALANCE S615 devices. The highest scored vulnerability could allow a remote attacker to crash the DNS service or execute arbitrary code. The attacker must be able to craft malicious DNS responses and inject them into the network in order to exploit the vulnerability. Siemens is working on updates for the affected devices, and recommends specific countermeasures until patches are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-346262.pdfSSA-346262 (Last Update: 2018-05-03): Denial-of-Service in Industrial Products2018-05-03T00:00:00+00:00<p>Several industrial products are affected by a vulnerability that could allow remote attackers to conduct a Denial-of-Service (DoS) attack by sending specially crafted packets to port 161/udp (SNMP).</p>
<p>Siemens has released updates for several affected products, and recommends that customers update to the new version. Siemens is preparing further updates and recommends specific countermeasures until patches are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-293562.pdfSSA-293562 (Last Update: 2018-05-03): Vulnerabilities in Industrial Products2018-05-03T00:00:00+00:00<p>Several industrial devices are affected by two vulnerabilities that could allow an attacker to cause a Denial-of-Service condition via PROFINET DCP network packets under certain circumstances. Precondition for this scenario is a direct Layer 2 access to the affected products. PROFIBUS interfaces are not affected.</p>
<p>Siemens has released updates for several affected products, is working on updates for the remaining affected products and recommends specific countermeasures until fixes are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-546832.pdfSSA-546832 (Last Update: 2018-05-03): Vulnerabilities in Medium Voltage SINAMICS Products2018-05-03T00:00:00+00:00<p>The latest updates for medium voltage SINAMICS products fix two security vulnerabilities that could allow an attacker to cause a Denial-of-Service condition either via specially crafted PROFINET DCP broadcast packets or by sending specially crafted packets to port 161/udp (SNMP). Precondition for the PROFINET DCP scenario is a direct Layer 2 access to the affected products. PROFIBUS interfaces are not affected.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-892715.pdfSSA-892715 (Last Update: 2018-04-18): ME, SPS and TXE Vulnerabilities in SIMATIC IPCs 2018-04-18T00:00:00+00:00<p>Intel has identified vulnerabilities in Intel Management Engine (ME), Intel Server Platform Services (SPS), and Intel Trusted Execution Engine (TXE). As several Siemens Industrial PCs use Intel technology, they are also affected.</p>
<p>Siemens has released updates for the affected Industrial PCs.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-597741.pdfSSA-597741 (Last Update: 2018-04-18): Vulnerability in iOS App SIMATIC WinCC OA Operator2018-04-18T00:00:00+00:00<p>The SIMATIC WinCC OA Operator iOS app is affected by a security vulnerability which could allow an attacker to read unencrypted data from the application’s directory. Precondition for this scenario is that an attacker has physical access to the mobile device.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-348629.pdfSSA-348629 (Last Update: 2018-04-18): Denial-of-Service Vulnerability in SIMATIC PCS 7, SIMATIC WinCC, SIMATIC WinCC Runtime Professional and SIMATIC NET PC Software2018-04-18T00:00:00+00:00<p>A Denial-of-Service vulnerability has been identified in SIMATIC PCS 7, SIMATIC WinCC, SIMATIC WinCC Runtime Professional and SIMATIC NET PC-Software.</p>
<p>Siemens has released updates for several affected products and recommends that customers update to the new version. Siemens is preparing further updates and recommends specific countermeasures until patches are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-168644.pdfSSA-168644 (Last Update: 2018-04-18): Spectre and Meltdown Vulnerabilities in Industrial Products2018-04-18T00:00:00+00:00<p>Security researchers published information on vulnerabilities known as Spectre and Meltdown. These vulnerabilities affect many modern processors from different vendors to a varying degree.</p>
<p>Several Industrial Products include affected processors and are affected by the vulnerabilities.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-901333.pdfSSA-901333 (Last Update: 2018-04-05): KRACK Attacks Vulnerabilities in Industrial Products2018-04-05T00:00:00+00:00<p>Multiple vulnerabilities affecting WPA/WPA2 implementations were identified by a researcher and publicly disclosed under the term "Key Reinstallation Attacks" (KRACK). These vulnerabilities could potentially allow an attacker within the radio range of the wireless network to decrypt, replay or inject forged network packets into the wireless communication.</p>
<p>Several Siemens Industrial products use WPA/WPA2 and are therefore affected by some of the vulnerabilities.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-689071.pdfSSA-689071 (Last Update: 2018-04-05): DNSMasq Vulnerabilities in SCALANCE W1750D, SCALANCE M800 and SCALANCE S6152018-04-05T00:00:00+00:00<p>Multiple vulnerabilities have been identified in SCALANCE W1750D, SCALANCE M800, and SCALANCE S615 devices. The highest scored vulnerability could allow a remote attacker to crash the DNS service or execute arbitrary code. The attacker must be able to craft malicious DNS responses and inject them into the network in order to exploit the vulnerability. Siemens is working on updates for the affected devices, and recommends specific countermeasures until patches are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-110922.pdfSSA-110922 (Last Update: 2018-03-27): Web Vulnerability in TIM 1531 IRC2018-03-27T00:00:00+00:00<p>The latest update for TIM 1531 IRC fixes a security vulnerability that could allow unauthorized remote attackers to perform administrative operations on the device.</p>
<p>Siemens recommends updating as soon as possible.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-592007.pdfSSA-592007 (Last Update: 2018-03-27): Denial-of-Service Vulnerability in Industrial Products2018-03-27T00:00:00+00:00<p>Several industrial controllers are affected by a security vulnerability that could allow an attacker to cause a Denial-of-Service condition via PROFINET DCP network packets under certain circumstances. Precondition for this scenario is a direct OSI Layer 2 access to the affected products. PROFIBUS interfaces are not affected.</p>
<p>Siemens has released updates for several affected products, is working on updates for the remaining affected products and recommends specific countermeasures until fixes are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-348629.pdfSSA-348629 (Last Update: 2018-03-27): Denial-of-Service Vulnerability in SIMATIC PCS 7, SIMATIC WinCC, SIMATIC WinCC Runtime Professional and SIMATIC NET PC Software2018-03-27T00:00:00+00:00<p>A Denial-of-Service vulnerability has been identified in SIMATIC PCS 7, SIMATIC WinCC, SIMATIC WinCC Runtime Professional and SIMATIC NET PC-Software.</p>
<p>Siemens has released updates for several affected products and recommends that customers update to the new version. Siemens is preparing further updates and recommends specific countermeasures until patches are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-592007.pdfSSA-592007 (Last Update: 2018-03-20): Denial-of-Service Vulnerability in Industrial Products2018-03-20T00:00:00+00:00<p>Several industrial controllers are affected by a security vulnerability that could allow an attacker to cause a Denial-of-Service condition via PROFINET DCP network packets under certain circumstances. Precondition for this scenario is a direct OSI Layer 2 access to the affected products. PROFIBUS interfaces are not affected.</p>
<p>Siemens has released updates for several affected products, is working on updates for the remaining affected products and recommends specific countermeasures until fixes are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-822928.pdfSSA-822928 (Last Update: 2018-03-20): Access Control Vulnerability in SIMATIC WinCC OA UI Mobile App for Android and iOS2018-03-20T00:00:00+00:00<p>The latest update for the Android app and iOS app SIMATIC WinCC OA UI fix a security vulnerability which could allow read and write access from one HMI project cache folder to other HMI project cache folders within the app's sandbox on the same mobile device. This includes HMI project cache folders of other configured WinCC OA servers. Precondition for this scenario is that an attacker tricks an app user to connect to an attacker-controlled WinCC OA server.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-168644.pdfSSA-168644 (Last Update: 2018-03-20): Spectre and Meltdown Vulnerabilities in Industrial Products2018-03-20T00:00:00+00:00<p>Security researchers published information on vulnerabilities known as Spectre and Meltdown. These vulnerabilities affect many modern processors from different vendors to a varying degree.</p>
<p>Several Industrial Products include affected processors and are affected by the vulnerabilities.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-168644.pdfSSA-168644 (Last Update: 2018-03-15): Spectre and Meltdown Vulnerabilities in Industrial Products2018-03-15T00:00:00+00:00<p>Security researchers published information on vulnerabilities known as Spectre and Meltdown. These vulnerabilities affect many modern processors from different vendors to a varying degree.</p>
<p>Several Industrial Products include affected processors and are affected by the vulnerabilities.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-470231.pdfSSA-470231 (Last Update: 2018-03-15): TPM Vulnerability in SIMATIC IPCs2018-03-15T00:00:00+00:00<p>Several SIMATIC IPCs include a version of Infineon's Trusted Platform Module (TPM) firmware that mishandles RSA key generation. This makes it easier for attackers to conduct cryptographic attacks against the key material.</p>
<p>Siemens has released updates for the affected Industrial PCs.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-293562.pdfSSA-293562 (Last Update: 2018-03-06): Vulnerabilities in Industrial Products2018-03-06T00:00:00+00:00<p>Several industrial devices are affected by two vulnerabilities that could allow an attacker to cause a Denial-of-Service condition via PROFINET DCP network packets under certain circumstances. Precondition for this scenario is a direct Layer 2 access to the affected products. PROFIBUS interfaces are not affected.</p>
<p>Siemens has released updates for several affected products, is working on updates for the remaining affected products and recommends specific countermeasures until fixes are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-892715.pdfSSA-892715 (Last Update: 2018-02-22): ME, SPS and TXE Vulnerabilities in SIMATIC IPCs 2018-02-22T00:00:00+00:00<p>Intel has identified vulnerabilities in Intel Management Engine (ME), Intel Server Platform Services (SPS), and Intel Trusted Execution Engine (TXE). As several Siemens Industrial PCs use Intel technology, they are also affected.</p>
<p>Siemens has released updates for the affected Industrial PCs.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-275839.pdfSSA-275839 (Last Update: 2018-02-22): Denial-of-Service Vulnerability in Industrial Products2018-02-22T00:00:00+00:00<p>Several industrial products are affected by a vulnerability that could allow an attacker to cause a Denial-of-Service condition via PROFINET DCP network packets under certain circumstances. Precondition for this scenario is a direct Layer 2 access to the affected products.</p>
<p>Siemens has released updates for several affected products, is working on updates for the remaining affected products and recommends specific countermeasures until fixes are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-127490.pdfSSA-127490 (Last Update: 2018-02-22): Vulnerabilities in SIMATIC WinCC Add-Ons2018-02-22T00:00:00+00:00<p>Multiple SIMATIC WinCC Add-Ons released in 2015 and earlier include a vulnerable version of Gemalto Sentinel LDK RTE. Gemalto Sentinel LDK RTE is affected by a vulnerability that could allow remote code execution. Siemens recommends to update the affected software component Gemalto Sentinel LDK RTE.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-346262.pdfSSA-346262 (Last Update: 2018-02-22): Denial-of-Service in Industrial Products2018-02-22T00:00:00+00:00<p>Several industrial products are affected by a vulnerability that could allow remote attackers to conduct a Denial-of-Service (DoS) attack by sending specially crafted packets to port 161/udp (SNMP).</p>
<p>Siemens has released updates for several affected products, and recommends that customers update to the new version. Siemens is preparing further updates and recommends specific countermeasures until patches are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-168644.pdfSSA-168644 (Last Update: 2018-02-22): Spectre and Meltdown Vulnerabilities in Industrial Products2018-02-22T00:00:00+00:00<p>Security researchers published information on vulnerabilities known as Spectre and Meltdown. These vulnerabilities affect many modern processors from different vendors to a varying degree.</p>
<p>Several Industrial Products include affected processors and are affected by the vulnerabilities.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-470231.pdfSSA-470231 (Last Update: 2018-02-22): TPM Vulnerability in SIMATIC IPCs2018-02-22T00:00:00+00:00<p>Several SIMATIC IPCs include a version of Infineon's Trusted Platform Module (TPM) firmware that mishandles RSA key generation. This makes it easier for attackers to conduct cryptographic attacks against the key material.</p>
<p>Siemens has released updates for the affected Industrial PCs.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-856721.pdfSSA-856721 (Last Update: 2018-02-22): Vulnerability in RUGGEDCOM Discovery Protocol (RCDP) of Industrial Communication Devices2018-02-22T00:00:00+00:00<p>The RUGGEDCOM RCDP protocol is not properly configured after commissioning of RUGGEDCOM ROS based devices and some SCALANCE X switch models and could allow unauthenticated remote users to perform administrative operations. An attacker must be in the same adjacent network and the RCDP daemon must be enabled in order to exploit the vulnerability.</p>
<p>Siemens has released updates for all affected products and recommends that customers update to the new versions.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-651454.pdfSSA-651454 (Last Update: 2018-01-25): Vulnerabilities in TeleControl Server Basic2018-01-25T00:00:00+00:00<p>The latest update for TeleControl Server Basic resolves three vulnerabilities. One of these vulnerabilities could allow an authenticated attacker with network access to escalate his privileges and perform administrative actions.</p>
<p>Siemens recommends updating to the new version.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-731239.pdfSSA-731239 (Last Update: 2018-01-24): Vulnerabilities in SIMATIC S7-300 and S7-400 CPUs2018-01-24T00:00:00+00:00<p>Two vulnerabilities have been identified in SIMATIC S7-300 and S7-400 CPU families. One vulnerability could lead to a Denial-of-Service, the other vulnerability could result in credential disclosure.</p>
<p>Siemens recommends specific mitigations. Siemens will update this advisory when new information becomes available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-901333.pdfSSA-901333 (Last Update: 2018-01-24): KRACK Attacks Vulnerabilities in Industrial Products2018-01-24T00:00:00+00:00<p>Multiple vulnerabilities affecting WPA/WPA2 implementations were identified by a researcher and publicly disclosed under the term "Key Reinstallation Attacks" (KRACK). These vulnerabilities could potentially allow an attacker within the radio range of the wireless network to decrypt, replay or inject forged network packets into the wireless communication.</p>
<p>Several Siemens Industrial products use WPA/WPA2 and are therefore affected by some of the vulnerabilities.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-284673.pdfSSA-284673 (Last Update: 2018-01-18): Vulnerability in Industrial Products2018-01-18T00:00:00+00:00<p>Several industrial devices are affected by a vulnerability that could allow an attacker to cause a Denial-of-Service condition via PROFINET DCP network packets under certain circumstances. Precondition for this scenario is a direct Layer 2 access to the affected products. PROFIBUS interfaces are not affected.</p>
<p>Siemens has released updates for several affected products, is working on updates for the remaining affected products and recommends specific countermeasures until fixes are available.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-701708.pdfSSA-701708 (Last Update: 2018-01-18): Local Privilege Escalation in Industrial Products2018-01-18T00:00:00+00:00<p>In non-default configurations several industrial products are affected by a vulnerability that could allow local Microsoft Windows operating system users to escalate their privileges.</p>
<p>Siemens provides updates for several products and a temporary fix for the remaining affected products. Siemens is working on new versions for the remaining affected products and will update this advisory when new information becomes available.</p>