We use cookies to personalise site content, social media features and to analyse our traffic. We also share information about your use of this site with our advertising and social media partners.
Siemens ProductCERT published eleven and updated 33 advisories/bulletins
Ladies and Gentlemen,
for your information:
The following new advisories/bulletins have just been published on the Siemens ProductCERT web site [1]:
SSA-316850: Unauthenticated File Access in SICAM A8000 Devices
* <
https://cert-portal.siemens.com/productcert/pdf/ssa-316850.pdf
>
SSA-350757: Improper Access Control Vulnerability in TIA Portal Affecting S7-1200 and S7-1500 CPUs Web Server (Incl. Related ET200 CPUs and SIPLUS variants)
* <
https://cert-portal.siemens.com/productcert/pdf/ssa-350757.pdf
>
SSA-392912: Multiple Denial Of Service Vulnerabilities in SCALANCE W1700 Devices
* <
https://cert-portal.siemens.com/productcert/pdf/ssa-392912.pdf
>
SSA-414513: Information Disclosure Vulnerability in Mendix
* <
https://cert-portal.siemens.com/productcert/pdf/ssa-414513.pdf
>
SSA-446448: Denial of Service Vulnerability in PROFINET Stack Integrated on Interniche Stack
* <
https://cert-portal.siemens.com/productcert/pdf/ssa-446448.pdf
>
SSA-557541: Denial-of-Service Vulnerability in SIMATIC S7-400 CPUs
* <
https://cert-portal.siemens.com/productcert/pdf/ssa-557541.pdf
>
SSA-655554: Multiple Vulnerabilities in SIMATIC Energy Manager before V7.3 Update 1
* <
https://cert-portal.siemens.com/productcert/pdf/ssa-655554.pdf
>
SSA-711829: Denial of Service Vulnerability in TIA Administrator
* <
https://cert-portal.siemens.com/productcert/pdf/ssa-711829.pdf
>
SSA-836527: Multiple Vulnerabilities in SCALANCE X-300 Switch Family Devices
* <
https://cert-portal.siemens.com/productcert/pdf/ssa-836527.pdf
>
SSA-870917: Improper Access Control Vulnerability in Mendix
* <
https://cert-portal.siemens.com/productcert/pdf/ssa-870917.pdf
>
SSA-998762: File Parsing Vulnerabilities in Simcenter Femap before V2022.1.2
* <
https://cert-portal.siemens.com/productcert/pdf/ssa-998762.pdf
>
Additionally, the following advisories / bulletins have just been updated on the Siemens ProductCERT web site [1]:
SSA-102233: SegmentSmack in VxWorks-based Industrial Devices
* <
https://cert-portal.siemens.com/productcert/pdf/ssa-102233.pdf
>
* Added solution for SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants)
SSA-114589: Multiple Vulnerabilities in Nucleus RTOS based APOGEE, TALON and Desigo PXC/PXM Products
* <
https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf
>
* Added solutions for APOGEE PXC Compact (BACnet), APOGEE PXC Modular (BACnet), TALON TC Compact (BACnet), and TALON TC Modular (BACnet) products
SSA-148641: XPath Constraint Vulnerability in Mendix Runtime
* <
https://cert-portal.siemens.com/productcert/pdf/ssa-148641.pdf
>
* Summary update; Default configuration for Mendix 9 is not affected; CVSS vector review
SSA-162506: DHCP Client Vulnerability in SIMOTICS CONNECT 400, Desigo PXC/PXM, APOGEE MEC/MBC/PXC, APOGEE PXC Series, and TALON TC Series
* <
https://cert-portal.siemens.com/productcert/pdf/ssa-162506.pdf
>
* Listed all affected Desigo PXC and PXM20 products explicitly. Added solution for APOGEE PXC Series (BACnet) and TALON TC Series (BACnet)
SSA-244969: OpenSSL Vulnerability in Industrial Products
* <
https://cert-portal.siemens.com/productcert/pdf/ssa-244969.pdf
>
* Added solution for RUGGEDCOM RCM1224 familiy, SCALANCE M-800 familiy, SCALANCE MUM-800 familiy, SCALANCE S615, SCALANCE X-300/X408 family, SIMATIC PCS neo, SIMATIC Process Historian OPC UA Server, SCALANCE W-1700 (11AC) family, SIMATIC CP 1543-1, and SIPLUS NET CP 1543-1
SSA-256353: Third-Party Component Vulnerabilities in RUGGEDCOM ROS
* <
https://cert-portal.siemens.com/productcert/pdf/ssa-256353.pdf
>
* Added acknowledgements
SSA-270778: Denial-of-Service Vulnerability in SIMATIC PCS 7, SIMATIC WinCC and SIMATIC NET PC Software
* <
https://cert-portal.siemens.com/productcert/pdf/ssa-270778.pdf
>
* Added solution for SIMATIC PCS 7 V8.2 and related components; added solution for SIMATIC NET PC Software V14 and clarified affected versions; added a note regarding shared components
SSA-273799: Message Integrity Protection Bypass Vulnerability in SIMATIC Products
* <
https://cert-portal.siemens.com/productcert/pdf/ssa-273799.pdf
>
* Added solution for SIMATIC NET PC Software V14 and clarified affected versions; Clarified no remediation planned
SSA-301589: Multiple File Parsing Vulnerabilities in Solid Edge, JT2Go and Teamcenter Visualization
* <
https://cert-portal.siemens.com/productcert/pdf/ssa-301589.pdf
>
* Added remediation for Teamcenter Visualization version line V13.2 and JT2Go
SSA-307392: Denial of Service in OPC UA in Industrial Products
* <
https://cert-portal.siemens.com/productcert/pdf/ssa-307392.pdf
>
* Added solution for SIMATIC NET PC Software V14 and clarified affected versions; no remediation planned for V15
SSA-309571: IPU 2021.1 Vulnerabilities in Siemens Industrial Products using Intel CPUs (June 2021)
* <
https://cert-portal.siemens.com/productcert/pdf/ssa-309571.pdf
>
* Added solution for SIMATIC IPC427E, SIMATIC IPC 477E, and SIMATIC IPC477E PRO
SSA-312271: Unquoted Search Path Vulnerabilities in Windows-based Industrial Software Applications
* <
https://cert-portal.siemens.com/productcert/pdf/ssa-312271.pdf
>
* Added solution for SIMATIC NET PC Software V14 and clarified affected versions
SSA-348629: Denial-of-Service Vulnerability in SIMATIC PCS 7, SIMATIC WinCC, SIMATIC WinCC Runtime Professional and SIMATIC NET PC Software
* <
https://cert-portal.siemens.com/productcert/pdf/ssa-348629.pdf
>
* Added solution for SIMATIC NET PC Software V14 and clarified affected versions; Clarified no remediation planned
SSB-439005: Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP
* <
https://cert-portal.siemens.com/productcert/pdf/ssb-439005.pdf
>
* Added CVE-2016-3189, CVE-2018-25032, CVE-2019-12900, CVE-2021-3772, CVE-2022-0001, CVE-2022-0002, CVE-2022-0644, CVE-2022-0778, CVE-2022-0847, CVE-2022-25236, CVE-2022-25313, CVE-2022-25314, CVE-2022-25315, CVE-2022-26488, CVE-2022-27666
SSA-462066: Vulnerability known as TCP SACK PANIC in Industrial Products
* <
https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf
>
* Updated remediation for SIMATIC CP 1623; Added solution for SIMATIC RF600R family and clarified list of affected devices
SSA-535640: Vulnerability in Industrial Products
* <
https://cert-portal.siemens.com/productcert/pdf/ssa-535640.pdf
>
* Added solution for SIMATIC NET PC Software V14 and clarified affected versions; Clarified no remediation planned
SSA-539476: Siemens SIMATIC NET CP, SINEMA and SCALANCE Products Affected by Vulnerabilities in Third-Party Component strongSwan
* <
https://cert-portal.siemens.com/productcert/pdf/ssa-539476.pdf
>
* Added solutions for SCALANCE S615, SCALANCE M-800 Family, SCALANCE MUM-800 Family, RUGGEDCOM RM1224 family, SIMATIC CP 1543-1, and SIPLUS NET CP 1543-1
SSA-560465: DHCP Client Vulnerability in VxWorks-based Industrial Products
* <
https://cert-portal.siemens.com/productcert/pdf/ssa-560465.pdf
>
* Clarified that no remediation is planned for some products; Clarified product names; Added SIMATIC RF180C; Added solution for SCALANCE X-300/X408 family
SSA-562051: Cross-Site Scripting Vulnerability in Polarion ALM
* <
https://cert-portal.siemens.com/productcert/pdf/ssa-562051.pdf
>
* Corrected list of affected versions; clarified difference between Polarion ALM and the freeware (WebClient for SVN)
SSA-593272: SegmentSmack in Interniche IP-Stack based Industrial Devices
* <
https://cert-portal.siemens.com/productcert/pdf/ssa-593272.pdf
>
* Cleanup due to template changes, no change of contents
SSA-599968: Denial-of-Service Vulnerability in Profinet Devices
* <
https://cert-portal.siemens.com/productcert/pdf/ssa-599968.pdf
>
* Added solution for SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) and SCALANCE W-1700 (11ac) family
SSA-661247: Apache Log4j Vulnerabilities (Log4Shell, CVE-2021-44228, CVE-2021-45046) - Impact to Siemens Products
* <
https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf
>
* Added solution for NX; confirmed that SIMATIC IT Report Manager is not affected; removed section "Products Under Investigation"
SSA-672373: Vulnerabilities in CP 1543-1 before V2.0.28
* <
https://cert-portal.siemens.com/productcert/pdf/ssa-672373.pdf
>
* Updated download link and revised summary section
SSA-676336: OpenSSH Vulnerabilities in SCALANCE X-200 and X-300/X408 Switches
* <
https://cert-portal.siemens.com/productcert/pdf/ssa-676336.pdf
>
* Added solution for SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants)
SSA-764417: Multiple Vulnerabilities in RUGGEDCOM Devices
* <
https://cert-portal.siemens.com/productcert/pdf/ssa-764417.pdf
>
* Added acknowledgements
SSA-772220: OpenSSL Vulnerabilities in Industrial Products
* <
https://cert-portal.siemens.com/productcert/pdf/ssa-772220.pdf
>
* No fix planned for SINAMICS Connect 300; Added solution for SCALANCE M-800 / S615 family, RUGGEDCOM RM1224, and SCALANCE W-1700 IEEE 802.11ac family; Added SIMATIC RF600R family
SSA-780073: Denial of Service Vulnerability in PROFINET Devices via DCE-RPC Packets
* <
https://cert-portal.siemens.com/productcert/pdf/ssa-780073.pdf
>
* Added solution for SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants)
SSA-787292: Denial-of-Service Vulnerability in SIMATIC RFID Readers
* <
https://cert-portal.siemens.com/productcert/pdf/ssa-787292.pdf
>
* Added solution for SIMATIC RF600R family and clarified list of affected devices
SSA-840188: Multiple Vulnerabilities in SIMATIC WinCC Affecting Other SIMATIC Software Products
* <
https://cert-portal.siemens.com/productcert/pdf/ssa-840188.pdf
>
* Added solution for SIMATIC WinCC V7.4; added solution for SIMATIC PCS 7 V8.2 and SIMATIC PCS 7 V9.0 and related components; added SIMATIC NET PC Software incl. solution for V17; added a note regarding shared components
SSA-913875: Frame Aggregation and Fragmentation Vulnerabilities in 802.11
* <
https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf
>
* Added solution for the SCALANCE W-1700 (11ac) family
SSA-914168: Multiple Vulnerabilities in SIMATIC WinCC Affecting Other SIMATIC Software Products
* <
https://cert-portal.siemens.com/productcert/pdf/ssa-914168.pdf
>
* Added solution for SIMATIC WinCC V7.4, SIMATIC PCS 7 V8.2 and SIMATIC PCS 7 V9.0
SSA-978220: Denial of Service Vulnerability over SNMP in Multiple Industrial Products
* <
https://cert-portal.siemens.com/productcert/pdf/ssa-978220.pdf
>
* Updated remediation for SIMATIC CP 1623
SSA-995338: Multiple Vulnerabilities in COMOS Web
* <
https://cert-portal.siemens.com/productcert/pdf/ssa-995338.pdf
>
* Updated remediation for COMOS V10.3
Close Player
Minimize Player Maximize Player
Our flexible community website is a platform that allows users to connect, share information, and collaborate on various topics of interest. The website offers a range of features such as discussion forums, messaging, user profiles, event calendars, and more. Users can customize their experience by creating and joining different groups or communities based on their interests or location. The website is designed to be user-friendly and adaptable to the needs and preferences of our diverse user base. Whether you are looking to network professionally, share hobbies and interests, or simply connect with like-minded individuals, our flexible community website has something for everyone. Join us today and become a part of our thriving online community!
Share this page with your family and friends.