Firma Siemens informuje o nowych podatnościach w swoich produktach oraz aktualizuje starsze biuletyny (P23-041)

utworzone przez | kwi 11, 2023 | ICS

11 kwietnia 2023 r. firma Siemens opublikowała Poradniki bezpieczeństwa dotyczące luk w zabezpieczeniach wielu produktów. Uwzględniono krytyczne aktualizacje dla następujących elementów:

• Urządzenia SICAM A8000

• Rodziny przełączników SCALANCE X-200, X-200IRT i X-300

IDCVSSOpis/LinkWer.
SSA-9782207.5Denial of Service Vulnerability over SNMP in Multiple Industrial Products AKTUALIZACJAV1.8
SSA-8408008.0Code Injection Vulnerability in RUGGEDCOM ROS AKTUALIZACJAV1.3
SSA-8401889.9Multiple Vulnerabilities in SIMATIC WinCC Affecting Other SIMATIC Software Products AKTUALIZACJAV1.6
SSA-8381217.5Multiple Denial of Service Vulnerabilities in Industrial Products AKTUALIZACJAV1.3
SSA-8137469.8BadAlloc Vulnerabilities in SCALANCE X-200, X-200IRT, and X-300 Switch FamiliesV1.0
SSA-7925945.4Host Header Injection Vulnerability in Polarion ALM AKTUALIZACJAV1.1
SSA-7879415.3Denial of Service Vulnerability in RUGGEDCOM ROS V4 AKTUALIZACJAV1.2
SSA-7800737.5Denial of Service Vulnerability in PROFINET Devices via DCE-RPC Packets AKTUALIZACJAV2.3
SSA-7129297.5Denial of Service Vulnerability in OpenSSL (CVE-2022-0778) Affecting Industrial Products AKTUALIZACJAV1.9
SSA-7100089.1Multiple Web Vulnerabilities in SCALANCE Products AKTUALIZACJAV1.3
SSA-7000537.8Multiple File Parsing Vulnerabilities in Teamcenter Visualization and JT2Go AKTUALIZACJAV1.2
SSA-6994045.3Observable Response Discrepancy in Mendix Forgot Password ModuleV1.0
SSA-6917157.8Vulnerability in OPC Foundation Local Discovery Server Affecting Siemens ProductsV1.0
SSA-6763367.5OpenSSH Vulnerabilities in SCALANCE X-200 and X-300/X408 Switches AKTUALIZACJAV1.2
SSA-6428107.8JT File Parsing Vulnerability in JT Open and JT UtilitiesV1.0
SSA-6321645.3External Entity Injection Vulnerability in Polarion ALMV1.0
SSA-6299177.8Datalogics File Parsing Vulnerability in Teamcenter Visualization and JT2GoV1.0
SSA-6034766.3Web Vulnerabilities in SIMATIC NET CP 343-1/CP 443-1 Modules and SIMATIC S7-300/S7-400 CPUs AKTUALIZACJAV1.4
SSA-5920075.3Denial of Service Vulnerability in Industrial Products AKTUALIZACJAV2.0
SSA-5721647.8Luxion KeyShot Vulnerability in Solid EdgeV1.0
SSA-5669057.5Multiple Denial of Service Vulnerabilities in the Webserver of Industrial ProductsV1.0
SSA-5580149.8Third-Party Component Vulnerabilities in SCALANCE XCM332 before V2.2V1.0
SSA-5575417.5Denial-of-Service Vulnerability in SIMATIC S7-400 CPUs AKTUALIZACJAV1.2
SSA-5527028.8Privilege Escalation Vulnerability in the Web Interface of SCALANCE and RUGGEDCOM Products AKTUALIZACJAV1.5
SSA-5492347.5Denial-of-Service Vulnerability in SIMATIC NET CP Modules AKTUALIZACJAV1.3
SSA-5111826.2Use of Static TLS Certificate Known Hard Coded Private Keys in Adaptec Maxview ApplicationV1.0
SSA-4802307.5Denial of Service Vulnerability in Webserver of Industrial Products AKTUALIZACJAV2.6
SSA-4792496.7Weak Encryption Vulnerability in SCALANCE X-200IRT DevicesV1.0
SSA-4789606.5Missing CSRF Protection in the Web Server Login Page of Industrial Controllers AKTUALIZACJAV1.3
SSA-4724549.8Command Injection Vulnerability in CPCI85 Firmware of SICAM A8000 DevicesV1.0
SSA-4620667.5Vulnerability known as TCP SACK PANIC in Industrial Products AKTUALIZACJAV3.1
SSA-4596435.3Denial of Service Vulnerability in RUGGEDCOM ROS before V5.6.0 AKTUALIZACJAV1.2
SSA-4464485.3Denial of Service Vulnerability in PROFINET Stack Integrated on Interniche Stack AKTUALIZACJAV1.8
SSA-4135657.6Multiple Vulnerabilities in SCALANCE Products AKTUALIZACJAV1.2
SSA-4081057.5Buffer Overflow Vulnerabilities in OpenSSL 3.0 Affecting Siemens Products AKTUALIZACJAV1.1
SSA-3826537.5Multiple Denial of Service Vulnerabilities in Industrial Products AKTUALIZACJAV1.2
SSA-3494227.5Denial of Service Vulnerability in Industrial Real-Time (IRT) Devices AKTUALIZACJAV1.9
SSA-3229807.5Denial of Service Vulnerability in SIPROTEC 5 DevicesV1.0
SSA-3212927.5Denial of Service in the OPC Foundation Local Discovery Server (LDS) in Industrial Products AKTUALIZACJAV1.5
SSA-3100389.6Multiple Vulnerabilities in SCALANCE X Switch Devices AKTUALIZACJAV1.1
SSA-2707787.5Denial-of-Service Vulnerability in SIMATIC PCS 7, SIMATIC WinCC and SIMATIC NET PC Software AKTUALIZACJAV1.8
SSA-2563539.6Third-Party Component Vulnerabilities in RUGGEDCOM ROS AKTUALIZACJAV1.4
SSA-2449697.4OpenSSL Vulnerability in Industrial Products AKTUALIZACJAV2.0
SSA-1169247.3Path Traversal Vulnerability in TIA PortalV1.0
SSA-1022337.5SegmentSmack in VxWorks-based Industrial Devices AKTUALIZACJAV2.1