Skip to Content

SiePortal

Die integrierte Plattform für Produktauswahl, Einkauf und Support - und Verbindung von Industry Mall und Online Support

SiePortalEnglish

Suche

Home
Support Support
{{(apiData.Support | filter:{'rank':1}:true)[0].title}} Support
- Menü derzeit nicht verfügbar
- Menü derzeit nicht verfügbar
- Menü derzeit nicht verfügbar
- {{item.title}}

Produkte & Services
- Menü derzeit nicht verfügbar
- Menü derzeit nicht verfügbar
- {{item.title}}
Support Support
{{(apiData.Support | filter:{'rank':1}:true)[0].title}} Support
- Menü derzeit nicht verfügbar
- Menü derzeit nicht verfügbar
- {{item.title}}
MySiePortal MySiePortal
{{(apiData.MySiePortal | filter:{'rank':1}:true)[0].title}} MySiePortal
- Menü derzeit nicht verfügbar
- Menü derzeit nicht verfügbar
- {{item.title}}
Warenkorb ({{apiData.CartCount}})

Navigation

Siemens ProductCERT hat elf veröffentlicht und 33 Advisories/Bulletins aktualisiert

Erstellt von: ixo65 am: 12.04.2022 12:54 (0 Antworten)

Bewertung (0)

Dank 1

1 Einträge

12.04.2022 12:54	Bewerten (0)
ixo65 Großmeister Beigetreten: 18.12.2014 Letzter Bes: 15.11.2024 Beiträge: 34226 Bewertung: (4262)	Siemens ProductCERT hat elf veröffentlicht und 33 Advisories/Bulletins aktualisiert. Ladies and Gentlemen, for your information: The following new advisories/bulletins have just been published on the Siemens ProductCERT web site [1]: SSA-316850: Unauthenticated File Access in SICAM A8000 Devices * <https://cert-portal.siemens.com/productcert/pdf/ssa-316850.pdf> SSA-350757: Improper Access Control Vulnerability in TIA Portal Affecting S7-1200 and S7-1500 CPUs Web Server (Incl. Related ET200 CPUs and SIPLUS variants) * <https://cert-portal.siemens.com/productcert/pdf/ssa-350757.pdf> SSA-392912: Multiple Denial Of Service Vulnerabilities in SCALANCE W1700 Devices * <https://cert-portal.siemens.com/productcert/pdf/ssa-392912.pdf> SSA-414513: Information Disclosure Vulnerability in Mendix * <https://cert-portal.siemens.com/productcert/pdf/ssa-414513.pdf> SSA-446448: Denial of Service Vulnerability in PROFINET Stack Integrated on Interniche Stack * <https://cert-portal.siemens.com/productcert/pdf/ssa-446448.pdf> SSA-557541: Denial-of-Service Vulnerability in SIMATIC S7-400 CPUs * <https://cert-portal.siemens.com/productcert/pdf/ssa-557541.pdf> SSA-655554: Multiple Vulnerabilities in SIMATIC Energy Manager before V7.3 Update 1 * <https://cert-portal.siemens.com/productcert/pdf/ssa-655554.pdf> SSA-711829: Denial of Service Vulnerability in TIA Administrator * <https://cert-portal.siemens.com/productcert/pdf/ssa-711829.pdf> SSA-836527: Multiple Vulnerabilities in SCALANCE X-300 Switch Family Devices * <https://cert-portal.siemens.com/productcert/pdf/ssa-836527.pdf> SSA-870917: Improper Access Control Vulnerability in Mendix * <https://cert-portal.siemens.com/productcert/pdf/ssa-870917.pdf> SSA-998762: File Parsing Vulnerabilities in Simcenter Femap before V2022.1.2 * <https://cert-portal.siemens.com/productcert/pdf/ssa-998762.pdf> Additionally, the following advisories / bulletins have just been updated on the Siemens ProductCERT web site [1]: SSA-102233: SegmentSmack in VxWorks-based Industrial Devices * <https://cert-portal.siemens.com/productcert/pdf/ssa-102233.pdf> * Added solution for SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) SSA-114589: Multiple Vulnerabilities in Nucleus RTOS based APOGEE, TALON and Desigo PXC/PXM Products * <https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf> * Added solutions for APOGEE PXC Compact (BACnet), APOGEE PXC Modular (BACnet), TALON TC Compact (BACnet), and TALON TC Modular (BACnet) products SSA-148641: XPath Constraint Vulnerability in Mendix Runtime * <https://cert-portal.siemens.com/productcert/pdf/ssa-148641.pdf> * Summary update; Default configuration for Mendix 9 is not affected; CVSS vector review SSA-162506: DHCP Client Vulnerability in SIMOTICS CONNECT 400, Desigo PXC/PXM, APOGEE MEC/MBC/PXC, APOGEE PXC Series, and TALON TC Series * <https://cert-portal.siemens.com/productcert/pdf/ssa-162506.pdf> * Listed all affected Desigo PXC and PXM20 products explicitly. Added solution for APOGEE PXC Series (BACnet) and TALON TC Series (BACnet) SSA-244969: OpenSSL Vulnerability in Industrial Products * <https://cert-portal.siemens.com/productcert/pdf/ssa-244969.pdf> * Added solution for RUGGEDCOM RCM1224 familiy, SCALANCE M-800 familiy, SCALANCE MUM-800 familiy, SCALANCE S615, SCALANCE X-300/X408 family, SIMATIC PCS neo, SIMATIC Process Historian OPC UA Server, SCALANCE W-1700 (11AC) family, SIMATIC CP 1543-1, and SIPLUS NET CP 1543-1 SSA-256353: Third-Party Component Vulnerabilities in RUGGEDCOM ROS * <https://cert-portal.siemens.com/productcert/pdf/ssa-256353.pdf> * Added acknowledgements SSA-270778: Denial-of-Service Vulnerability in SIMATIC PCS 7, SIMATIC WinCC and SIMATIC NET PC Software * <https://cert-portal.siemens.com/productcert/pdf/ssa-270778.pdf> * Added solution for SIMATIC PCS 7 V8.2 and related components; added solution for SIMATIC NET PC Software V14 and clarified affected versions; added a note regarding shared components SSA-273799: Message Integrity Protection Bypass Vulnerability in SIMATIC Products * <https://cert-portal.siemens.com/productcert/pdf/ssa-273799.pdf> * Added solution for SIMATIC NET PC Software V14 and clarified affected versions; Clarified no remediation planned SSA-301589: Multiple File Parsing Vulnerabilities in Solid Edge, JT2Go and Teamcenter Visualization * <https://cert-portal.siemens.com/productcert/pdf/ssa-301589.pdf> * Added remediation for Teamcenter Visualization version line V13.2 and JT2Go SSA-307392: Denial of Service in OPC UA in Industrial Products * <https://cert-portal.siemens.com/productcert/pdf/ssa-307392.pdf> * Added solution for SIMATIC NET PC Software V14 and clarified affected versions; no remediation planned for V15 SSA-309571: IPU 2021.1 Vulnerabilities in Siemens Industrial Products using Intel CPUs (June 2021) * <https://cert-portal.siemens.com/productcert/pdf/ssa-309571.pdf> * Added solution for SIMATIC IPC427E, SIMATIC IPC 477E, and SIMATIC IPC477E PRO SSA-312271: Unquoted Search Path Vulnerabilities in Windows-based Industrial Software Applications * <https://cert-portal.siemens.com/productcert/pdf/ssa-312271.pdf> * Added solution for SIMATIC NET PC Software V14 and clarified affected versions SSA-348629: Denial-of-Service Vulnerability in SIMATIC PCS 7, SIMATIC WinCC, SIMATIC WinCC Runtime Professional and SIMATIC NET PC Software * <https://cert-portal.siemens.com/productcert/pdf/ssa-348629.pdf> * Added solution for SIMATIC NET PC Software V14 and clarified affected versions; Clarified no remediation planned SSB-439005: Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP * <https://cert-portal.siemens.com/productcert/pdf/ssb-439005.pdf> * Added CVE-2016-3189, CVE-2018-25032, CVE-2019-12900, CVE-2021-3772, CVE-2022-0001, CVE-2022-0002, CVE-2022-0644, CVE-2022-0778, CVE-2022-0847, CVE-2022-25236, CVE-2022-25313, CVE-2022-25314, CVE-2022-25315, CVE-2022-26488, CVE-2022-27666 SSA-462066: Vulnerability known as TCP SACK PANIC in Industrial Products * <https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf> * Updated remediation for SIMATIC CP 1623; Added solution for SIMATIC RF600R family and clarified list of affected devices SSA-535640: Vulnerability in Industrial Products * <https://cert-portal.siemens.com/productcert/pdf/ssa-535640.pdf> * Added solution for SIMATIC NET PC Software V14 and clarified affected versions; Clarified no remediation planned SSA-539476: Siemens SIMATIC NET CP, SINEMA and SCALANCE Products Affected by Vulnerabilities in Third-Party Component strongSwan * <https://cert-portal.siemens.com/productcert/pdf/ssa-539476.pdf> * Added solutions for SCALANCE S615, SCALANCE M-800 Family, SCALANCE MUM-800 Family, RUGGEDCOM RM1224 family, SIMATIC CP 1543-1, and SIPLUS NET CP 1543-1 SSA-560465: DHCP Client Vulnerability in VxWorks-based Industrial Products * <https://cert-portal.siemens.com/productcert/pdf/ssa-560465.pdf> * Clarified that no remediation is planned for some products; Clarified product names; Added SIMATIC RF180C; Added solution for SCALANCE X-300/X408 family SSA-562051: Cross-Site Scripting Vulnerability in Polarion ALM * <https://cert-portal.siemens.com/productcert/pdf/ssa-562051.pdf> * Corrected list of affected versions; clarified difference between Polarion ALM and the freeware (WebClient for SVN) SSA-593272: SegmentSmack in Interniche IP-Stack based Industrial Devices * <https://cert-portal.siemens.com/productcert/pdf/ssa-593272.pdf> * Cleanup due to template changes, no change of contents SSA-599968: Denial-of-Service Vulnerability in Profinet Devices * <https://cert-portal.siemens.com/productcert/pdf/ssa-599968.pdf> * Added solution for SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) and SCALANCE W-1700 (11ac) family SSA-661247: Apache Log4j Vulnerabilities (Log4Shell, CVE-2021-44228, CVE-2021-45046) - Impact to Siemens Products * <https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf> * Added solution for NX; confirmed that SIMATIC IT Report Manager is not affected; removed section "Products Under Investigation" SSA-672373: Vulnerabilities in CP 1543-1 before V2.0.28 * <https://cert-portal.siemens.com/productcert/pdf/ssa-672373.pdf> * Updated download link and revised summary section SSA-676336: OpenSSH Vulnerabilities in SCALANCE X-200 and X-300/X408 Switches * <https://cert-portal.siemens.com/productcert/pdf/ssa-676336.pdf> * Added solution for SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) SSA-764417: Multiple Vulnerabilities in RUGGEDCOM Devices * <https://cert-portal.siemens.com/productcert/pdf/ssa-764417.pdf> * Added acknowledgements SSA-772220: OpenSSL Vulnerabilities in Industrial Products * <https://cert-portal.siemens.com/productcert/pdf/ssa-772220.pdf> * No fix planned for SINAMICS Connect 300; Added solution for SCALANCE M-800 / S615 family, RUGGEDCOM RM1224, and SCALANCE W-1700 IEEE 802.11ac family; Added SIMATIC RF600R family SSA-780073: Denial of Service Vulnerability in PROFINET Devices via DCE-RPC Packets * <https://cert-portal.siemens.com/productcert/pdf/ssa-780073.pdf> * Added solution for SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) SSA-787292: Denial-of-Service Vulnerability in SIMATIC RFID Readers * <https://cert-portal.siemens.com/productcert/pdf/ssa-787292.pdf> * Added solution for SIMATIC RF600R family and clarified list of affected devices SSA-840188: Multiple Vulnerabilities in SIMATIC WinCC Affecting Other SIMATIC Software Products * <https://cert-portal.siemens.com/productcert/pdf/ssa-840188.pdf> * Added solution for SIMATIC WinCC V7.4; added solution for SIMATIC PCS 7 V8.2 and SIMATIC PCS 7 V9.0 and related components; added SIMATIC NET PC Software incl. solution for V17; added a note regarding shared components SSA-913875: Frame Aggregation and Fragmentation Vulnerabilities in 802.11 * <https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf> * Added solution for the SCALANCE W-1700 (11ac) family SSA-914168: Multiple Vulnerabilities in SIMATIC WinCC Affecting Other SIMATIC Software Products * <https://cert-portal.siemens.com/productcert/pdf/ssa-914168.pdf> * Added solution for SIMATIC WinCC V7.4, SIMATIC PCS 7 V8.2 and SIMATIC PCS 7 V9.0 SSA-978220: Denial of Service Vulnerability over SNMP in Multiple Industrial Products * <https://cert-portal.siemens.com/productcert/pdf/ssa-978220.pdf> * Updated remediation for SIMATIC CP 1623 SSA-995338: Multiple Vulnerabilities in COMOS Web * <https://cert-portal.siemens.com/productcert/pdf/ssa-995338.pdf> * Updated remediation for COMOS V10.3

Vorschlag Bedanken Zitat Antwort
Für diesen Beitrag bedanken sich 1 Benutzer Wit_Moderator

|

Teile diese Seite:

Teile diese Seite auf...

Folgen Sie uns auf