Firma Siemens informuje o nowych podatnościach w swoich produktach-12-07-22

cert.pse-online.pl 2 lat temu

W dniu 12 lipca 2022 r. firma Siemens opublikowała zalecenia dotyczące bezpieczeństwa dotyczące luk w zabezpieczeniach wielu produktów. Uwzględniono aktualizacje krytyczne dla następujących elementów:

Opcenter Quality – wiele wersji

SCALANCE X Switch Devices – wiele wersji i platform

Urządzenia SIMATIC CP – wiele wersji i platform

Pakiet SIMATIC eaSie Core (6DL5424-0AX00-0AV8) – wersje przed V22.00

SSA-944952	9.6	Authentication Bypass Vulnerability in Opcenter Quality
SSA-910883	9.8	DHCP Client Vulnerability in SINAMICS PERFECT HARMONY GH180 Drives
SSA-865333	8.6	Memory Corruption Vulnerability in EN100 Ethernet Module
SSA-840800	8.0	Code Injection Vulnerability in RUGGEDCOM ROS
SSA-840188	9.9	Multiple Vulnerabilities in SIMATIC WinCC Affecting Other SIMATIC Software Products
SSA-838121	7.5	Multiple Denial of Service Vulnerabilities in Industrial Products
SSA-829738	7.8	Datalogics File Parsing Vulnerability in Teamcenter Visualization and JT2Go
SSA-712929	7.5	Denial of Service Vulnerability in OpenSSL (CVE-2022-0778) Affecting Industrial Products
SSA-711829	7.5	Denial of Service Vulnerability in TIA Administrator
SSA-678983	7.8	Vulnerabilities in Industrial PCs and CNC devices using Intel CPUs (November 2020)
SSA-610768	6.5	XML Entity Expansion Injection Vulnerability in Mendix Excel Importer Module
SSA-599506	7.2	Command Injection in RUGGEDCOM ROX
SSA-580125	10	Multiple Vulnerabilities in SIMATIC eaSie Core Package
SSA-557804	5.4	Mirror Port Isolation Vulnerability in SCALANCE X Switches
SSA-517377	10	Multiple Vulnerabilities in the SRCS VPN Feature in SIMATIC CP Devices
SSA-492173	6.5	Expression Injection Vulnerability in Mendix Applications
SSA-491621	7.5	Denial of Service Vulnerability in CPC80 Firmware of SICAM A8000 Devices
SSA-474231	7.8	File Parsing Vulnerability in Simcenter Femap before V2022.2
SSA-446448	5.3	Denial of Service Vulnerability in PROFINET Stack Integrated on Interniche Stack
SSA-439148	7.8	File Parsing Vulnerabilities in PADS Standard/Plus Viewer
SSB-439005		Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP
SSA-433782	4.9	Improper Access Control Vulnerability in Mendix
SSA-429204	7.8	Open Design Alliance Drawings SDK Vulnerabilities in JT2Go and Teamcenter Visualization
SSA-414513	5.3	Information Disclosure Vulnerability in Mendix
SSA-348662	8.0	Multiple Vulnerabilities in SIMATIC MV500 Devices before V3.3
SSA-321292	7.5	Denial of Service in the OPC Foundation Local Discovery Server (LDS) in Industrial Products
SSA-310038	9.6	Multiple Vulnerabilities in SCALANCE X Switch Devices
SSA-309571	7.5	IPU 2021.1 Vulnerabilities in Siemens Industrial Products using Intel CPUs (June 2021)
SSA-306654	8.4	Insyde BIOS Vulnerabilities in Siemens Industrial Products
SSA-285795	6.5	Denial of Service in OPC-UA in Industrial Products
SSA-244969	7.4	OpenSSL Vulnerability in Industrial Products
SSA-243317	7.8	File Parsing Vulnerability in Simcenter Femap and Parasolid
SSA-225578	6.3	Improper Access Control in SICAM GridEdge
SSA-220589	9.9	Hard Coded Default Credential Vulnerability in Teamcenter