Firma Siemens informuje o nowych podatnościach w swoich produktach

utworzone przez | kwi 12, 2022 | ICS

W dniu 12 kwietnia 2022 r. firma Siemens opublikowała zalecenia dotyczące bezpieczeństwa dotyczące luk w zabezpieczeniach wielu produktów. Uwzględniono aktualizacje krytyczne.

IDKrytycznośćOpis
SSA-65555410Multiple Vulnerabilities in SIMATIC Energy Manager before V7.3 Update 1
SSA-66124710Apache Log4j Vulnerabilities (Log4Shell, CVE-2021-44228, CVE-2021-45046) – Impact to Siemens Products
SSA-8401889.9Multiple Vulnerabilities in SIMATIC WinCC Affecting Other SIMATIC Software Products
SSA-1145899.8Multiple Vulnerabilities in Nucleus RTOS based APOGEE, TALON and Desigo PXC/PXM Products
SSA-5604659.8DHCP Client Vulnerability in VxWorks-based Industrial Products
SSA-8365279.6Multiple Vulnerabilities in SCALANCE X-300 Switch Family Devices
SSA-2563539.6Third-Party Component Vulnerabilities in RUGGEDCOM ROS
SSA-9953388.8Multiple Vulnerabilities in COMOS Web
SSA-5356408.2Vulnerability in Industrial Products
SSA-9987627.8File Parsing Vulnerabilities in Simcenter Femap before V2022.1.2
SSA-3015897.8Multiple File Parsing Vulnerabilities in Solid Edge, JT2Go and Teamcenter Visualization
SSA-5575417.5Denial-of-Service Vulnerability in SIMATIC S7-400 CPUs
SSA-7118297.5Denial of Service Vulnerability in TIA Administrator
SSA-1022337.5SegmentSmack in VxWorks-based Industrial Devices
SSA-2707787.5Denial-of-Service Vulnerability in SIMATIC PCS 7, SIMATIC WinCC and SIMATIC NET PC Software
SSA-3073927.5Denial of Service in OPC UA in Industrial Products
SSA-3095717.5IPU 2021.1 Vulnerabilities in Siemens Industrial Products using Intel CPUs (June 2021)
SSA-3486297.5Denial-of-Service Vulnerability in SIMATIC PCS 7, SIMATIC WinCC, SIMATIC WinCC Runtime Professional and SIMATIC NET PC Software
SSA-4620667.5Vulnerability known as TCP SACK PANIC in Industrial Products
SSA-5394767.5Siemens SIMATIC NET CP, SINEMA and SCALANCE Products Affected by Vulnerabilities in Third-Party Component strongSwan
SSA-5932727.5SegmentSmack in Interniche IP-Stack based Industrial Devices
SSA-5999687.5Denial-of-Service Vulnerability in Profinet Devices
SSA-6763367.5OpenSSH Vulnerabilities in SCALANCE X-200 and X-300/X408 Switches
SSA-7800737.5Denial of Service Vulnerability in PROFINET Devices via DCE-RPC Packets
SSA-7872927.5Denial-of-Service Vulnerability in SIMATIC RFID Readers
SSA-9782207.5Denial of Service Vulnerability over SNMP in Multiple Industrial Products
SSA-3929127.4Multiple Denial Of Service Vulnerabilities in SCALANCE W1700 Devices
SSA-2449697.4OpenSSL Vulnerability in Industrial Products
SSA-1625067.1DHCP Client Vulnerability in SIMOTICS CONNECT 400, Desigo PXC/PXM, APOGEE MEC/MBC/PXC, APOGEE PXC Series, and TALON TC Series
SSA-1486416.8XPath Constraint Vulnerability in Mendix Runtime
SSA-3122716.7Unquoted Search Path Vulnerabilities in Windows-based Industrial Software Applications
SSA-6723736.6Vulnerabilities in CP 1543-1 before V2.0.28
SSA-5620516.5Cross-Site Scripting Vulnerability in Polarion ALM
SSA-9138756.5Frame Aggregation and Fragmentation Vulnerabilities in 802.11
SSA-3507576.4Improper Access Control Vulnerability in TIA Portal Affecting S7-1200 and S7-1500 CPUs Web Server (Incl. Related ET200 CPUs and SIPLUS variants)
SSA-9141686.3Multiple Vulnerabilities in SIMATIC WinCC Affecting Other SIMATIC Software Products
SSA-7722205.9OpenSSL Vulnerabilities in Industrial Products
SSA-3168505.3Unauthenticated File Access in SICAM A8000 Devices
SSA-4145135.3Information Disclosure Vulnerability in Mendix
SSA-4464485.3Denial of Service Vulnerability in PROFINET Stack Integrated on Interniche Stack
SSA-7644175.3Multiple Vulnerabilities in RUGGEDCOM Devices
SSA-2737993.7Message Integrity Protection Bypass Vulnerability in SIMATIC Products
SSA-8709173.1Improper Access Control Vulnerability in Mendix
SSB-439005n/aVulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP