9/8/2020 12:39 PM | |
Joined: 12/18/2014 Last visit: 3/28/2024 Posts: 32630 Rating: (4044) |
The following new advisories/bulletins have just been published on the Siemens ProductCERT web site [1]: SSA-251935: Multiple Privilege Escalation Vulnerabilities in SIMATIC RTLS Locating Manager [2] SSA-381684: Improper Password Protection during Authentication in SIMATIC S7-300 and S7-400 CPUs [3] SSA-436520: XSS and CSRF Vulnerabilities in Polarion Subversion Webclient [4] SSA-455843: WIBU Systems CodeMeter Runtime Vulnerabilities in Siemens and Siemens Energy Products [5] SSA-534763: Special Register Buffer Data Sampling (SRBDS) aka Crosstalk in Industrial Products [6] SSA-542525: Authentication Vulnerabilities in SIMATIC HMI Products [7] SSA-568969: Insecure Storage of Sensitive Information in Spectrum Power TM 4 [8] SSA-709003: Privilege Escalation Vulnerability in License Management Utility (LMU) [9] SSA-770698: User Information Disclosure Vulnerability in Siveillance Video Client [10] Additionally, the following advisories / bulletins have just been updated on the Siemens ProductCERT web site [1]: SSA-102233: SegmentSmack in VxWorks-based Industrial Devices [11] Informed about successor products for SIMATIC RF180C and RF182C SSA-270778: Denial-of-Service Vulnerability in SIMATIC PCS 7, SIMATIC WinCC and SIMATIC NET PC Software [12] Added solution for SIMATIC WinCC (TIA Portal) V15.1 SSA-312271: Unquoted Search Path Vulnerabilities in Windows-based Industrial Software Applications [13] Added solution for SINAMICS Startdrive, SIMATIC STEP 7 (TIA Portal) V15, and SIMATIC WinCC Runtime Professional V15 SSA-377115: SegmentSmack in Linux IP-Stack based Industrial Devices [14] Added solution for SIMATIC RF18xC/CI SSB-439005: Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP [15] Added CVE-2020-8620, CVE-2020-8621, CVE-2020-8622, CVE-2020-8623, CVE-2020-8624, CVE-2020-16166 SSA-462066: Vulnerability known as TCP SACK PANIC in Industrial Products [16] Added solution for SIMATIC RF18xC/CI SSA-473245: Denial-of-Service Vulnerability in Profinet Devices [17] Added solution for EK-ERTEC 200P and S7-410 V8 SSA-480230: Denial-of-Service in Webserver of Industrial Products [18] Informed about successor products for SIMATIC RF180C and RFID 181EIP SSA-780073: Denial-of-Service Vulnerability in PROFINET Devices via DCE-RPC Packets [19] Informed about successor products for SIMATIC RF180C and RF182C SSA-841348: Multiple Vulnerabilities in the UMC Stack [20] Added solution for SIMATIC STEP 7 (TIA Portal) V15 [1] <https://www.siemens.com/cert/advisories/> [2] <https://cert-portal.siemens.com/productcert/pdf/ssa-251935.pdf> [3] <https://cert-portal.siemens.com/productcert/pdf/ssa-381684.pdf> [4] <https://cert-portal.siemens.com/productcert/pdf/ssa-436520.pdf> [5] <https://cert-portal.siemens.com/productcert/pdf/ssa-455843.pdf> [6] <https://cert-portal.siemens.com/productcert/pdf/ssa-534763.pdf> [7] <https://cert-portal.siemens.com/productcert/pdf/ssa-542525.pdf> [8] <https://cert-portal.siemens.com/productcert/pdf/ssa-568969.pdf> [9] <https://cert-portal.siemens.com/productcert/pdf/ssa-709003.pdf> [10] <https://cert-portal.siemens.com/productcert/pdf/ssa-770698.pdf> [11] <https://cert-portal.siemens.com/productcert/pdf/ssa-102233.pdf> [12] <https://cert-portal.siemens.com/productcert/pdf/ssa-270778.pdf> [13] <https://cert-portal.siemens.com/productcert/pdf/ssa-312271.pdf> [14] <https://cert-portal.siemens.com/productcert/pdf/ssa-377115.pdf> [15] <https://cert-portal.siemens.com/productcert/pdf/ssb-439005.pdf> [16] <https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf> [17] <https://cert-portal.siemens.com/productcert/pdf/ssa-473245.pdf> [18] <https://cert-portal.siemens.com/productcert/pdf/ssa-480230.pdf> [19] <https://cert-portal.siemens.com/productcert/pdf/ssa-780073.pdf> [20] <https://cert-portal.siemens.com/productcert/pdf/ssa-841348.pdf> If you want to unsubscribe from the advisory mailing list, please send a mail toproductcert@siemens.comwith subject "[Advisory Mailing List] Unsubscribe" and as sender the email address to unsubscribe. -- Best Regards, Siemens ProductCERT Siemens AG Otto-Hahn-Ring 6 81739 Muenchen, Germany mailto:productcert@siemens.com |
This contribution was helpful to1 thankful Users |
Follow us on