Bulletins

Several Siemens industrial products are affected by a vulnerability in OpenSSL, that could result in data being sent out unencrypted by the SSL/TLS record layer. Siemens has released updates for the affected products and recommends to update to the latest versions.

A vulnerability in the openSSL component (CVE-2022-0778, [0]) could allow an attacker to create a denial of service condition by providing specially crafted elliptic curve certificates to products that use a vulnerable version of openSSL. Siemens has released updates for several affected products and recommends to update to the latest …

Simcenter STAR-CCM+ contains an information disclosure vulnerability when using the Power-on-Demand public license server. An attacker could access a system’s host, user, and display name. Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available.

SIMATIC S7-400 CPU devices contain an input validation vulnerability that could allow an attacker to create a Denial-of-Service condition. A restart is needed to restore normal operations. Siemens has released an update for SIMATIC S7-410 V10 CPU family and SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants for both) …

SIMATIC eaSie contains multiple vulnerabilities that could allow an attacker to send arbitrary messages to the underlying message passing framework of the affected system or crash the attached application. Siemens has released an update for the SIMATIC eaSie Core Package and recommends to update to the latest version.

WIBU Systems published information about a denial-of-service vulnerability and an associated fix release version of CodeMeter Runtime, a product provided by WIBU Systems and used in several Siemens products for license management. The vulnerability is described in the section “Vulnerability Classification” below and got assigned the CVE ID CVE-2021-41057. Successful …