SIEMENS CERT
03/08/2022
Intel has published information on vulnerabilities in Intel products in November 2020. This advisory lists the Siemens IPC related products, that are affected by these vulnerabilities. In this advisory we take a representative CVE from each advisory: “Intel CSME, SPS, TXE, AMT and DAL Advisory” Intel-SA-00391 is represented by CVE-2020-8745 …
SIEMENS CERT
03/08/2022
SSA-669737 V1.1 (Last Update: 2022-03-08): Improper Access Control Vulnerability in SICAM TOOLBOX II
SICAM TOOLBOX II contains a vulnerability that could allow an attacker access through a circumventable access control. Siemens is preparing updates and recommends countermeasures for products where updates are not, or not yet available.
SIEMENS CERT
03/08/2022
SIMOTICS CONNECT 400 is affected by DNS Client vulnerabilities as initially reported in Siemens Security Advisory SSA-705111 (https://cert-portal.siemens.com/productcert/pdf/ssa-705111.pdf) for the DNS Module in Nucleus RTOS. Siemens has released updates for the SIMOTICS CONNECT 400 and recommends to update to the latest version.
SIEMENS CERT
03/08/2022
On 2021-12-09, a vulnerability in Apache Log4j (a logging tool used in many Java-based applications) was disclosed, that could allow remote unauthenticated attackers to execute code on vulnerable systems. The vulnerability is tracked as CVE-2021-44228 and is also known as “Log4Shell”. On 2021-12-14 an additional denial of service vulnerability (CVE-2021-45046) …
SIEMENS CERT
03/08/2022
Security researchers discovered and disclosed 33 vulnerabilities in several open-source TCP/IP stacks for embedded devices, also known as “AMNESIA:33” vulnerabilities. This advisory describes the impact of two of these vulnerabilities (CVE-2020-13987, CVE-2020-17437) to Siemens products. Siemens has released updates for several affected products and recommends to update to the latest …
SIEMENS CERT
02/22/2022
Insyde has published information on vulnerabilities in Insyde BIOS in February 2022. This advisory lists the Siemens Industrial products affected by these vulnerabilities. Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available.
SIEMENS CERT
02/17/2022
Siemens Simcenter Femap versions before V2022.1.1 are affected by vulnerabilities that could be triggered when the application reads files in .NEU or .BDF format. If a user is tricked to open a malicious file with the affected application, an attacker could leverage the vulnerability to leak information or potentially perform …
SIEMENS CERT
02/17/2022
CISA and WIBU Systems disclosed six vulnerabilities in different versions of CodeMeter Runtime, a product provided by WIBU Systems and used in several Siemens products for license management. The vulnerabilities are described in the section “Vulnerability Classification” below and got assigned the CVE IDs CVE-2020-14509, CVE-2020-14513, CVE-2020-14515, CVE-2020-14517, CVE-2020-14519, and …