Firma Siemens informuje o nowych podatnościach w swoich produktach oraz aktualizuje starsze biuletyny (P24-199)

cert.pse-online.pl 1 tydzień temu

11 czerwca 2024 r. firma Siemens opublikowała zalecenia dotyczące bezpieczeństwa dotyczące luk w zabezpieczeniach następujących produktów:

ID	CVSS	Opis/Link
SSA-900277	7.8	MODEL File Parsing Vulnerability in Tecnomatix Plant Simulation before V2302.0012 and V2024.0001
SSA-879734	7.5	Multiple Vulnerabilities in SCALANCE XM-400/XR-500 before V6.6.1
SSA-871704	7.8	Multiple Vulnerabilities in SICAM Products AKTUALIZACJA
SSA-832273	9.8	Multiple Vulnerabilities in Fortigate NGFW before V7.4.3 on RUGGEDCOM APE1808 devices AKTUALIZACJA
SSA-771940	7.8	X_T File Parsing Vulnerabilities in Teamcenter Visualization and JT2Go
SSA-753746	6.5	Denial of Service Vulnerabilities in SIMATIC WinCC Affecting Other SIMATIC Software Products AKTUALIZACJA
SSA-711309	7.5	Denial of Service Vulnerability in the OPC UA Implementations of SIMATIC Products AKTUALIZACJA
SSA-690517	9.1	Multiple Vulnerabilities in SCALANCE W700 802.11 AX Family
SSA-625862	9.8	Multiple Vulnerabilities in Third-Party Components in SIMATIC CP 1542SP-1 and CP 1543SP-1 before V2.3
SSA-620338	7.8	Buffer Overflow Vulnerability in SICAM AK3 / BC / TM
SSA-599968	7.5	Denial-of-Service Vulnerability in Profinet Devices AKTUALIZACJA
SSA-566905	7.5	Multiple Denial of Service Vulnerabilities in the Webserver of Industrial Products AKTUALIZACJA
SSA-540640	5.9	Improper Privilege Management Vulnerability in Mendix Runtime
SSA-482757	4.6	Missing Immutable Root of Trust in S7-1500 CPU devices AKTUALIZACJA
SSA-481506	8.2	Information Disclosure Vulnerability in SIMATIC S7-200 SMART Devices
SSA-446448	5.3	Denial of Service Vulnerability in PROFINET Stack Integrated on Interniche Stack AKTUALIZACJA
SSA-407785	7.8	Multiple X_T File Parsing Vulnerabilities in Parasolid and Teamcenter Visualization AKTUALIZACJA
SSA-398330	9.8	Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1 AKTUALIZACJA
SSA-353002	4.9	Multiple Vulnerabilities in SCALANCE XB-200 / XC-200 / XP-200 / XF-200BA / XR-300WG Family AKTUALIZACJA
SSA-341067	8.2	Multiple vulnerabilities in third-party components in ST7 ScadaConnect before V1.1
SSA-337522	9.8	Multiple Vulnerabilities in TIM 1531 IRC before V2.4.8
SSA-319319	3.3	Denial of Service Vulnerability in TIA Administrator
SSA-238730	5.6	Out-of-Bounds Write Vulnerabilities in SITOP UPS1600 before V2.5.4
SSA-196737	7.8	Multiple Vulnerabilities in SINEC Traffic Analyzer before V1.2
SSA-093430	10	Multiple Vulnerabilities in SIMATIC RTLS Locating Manager before V3.0 AKTUALIZACJA
SSA-035466	7.8	Incorrect Permission Assignment in SICAM PAS/PQS AKTUALIZACJA
SSA-024584	9.3	Authentication Bypass Vulnerability in PowerSys before V3.11