Firma Siemens informuje o nowych podatnościach w swoich produktach oraz aktualizuje starsze biuletyny (P25-273)

cert.pse-online.pl 1 tydzień temu

14 sierpnia 2025 r. firma Siemens opublikowała ostrzeżenia dotyczące luk w zabezpieczeniach wielu produktów. Aktualizacje dotyczyły następujących produktów:

Mendix SAML (zgodny z Mendix 9.24) – wersje starsze niż V3.6.21
Mendix SAML (zgodny z Mendix 10.12) – wersje starsze niż V4.0.3
Mendix SAML (zgodny z Mendix 10.21) – wersje starsze niż V4.1.2
Rodzina Desigo CC – wszystkie wersje
SENTRON Powermanager – wszystkie wersje

ID	CVSS	Tytuł
SSA-201595	8.2	Privilege Escalation Vulnerability in WIBU CodeMeter Runtime Affecting the Desigo CC Product Family and SENTRON Powermanager AKTUALIZACJA
SSA-711309	7.5	Denial of Service Vulnerability in the OPC UA Implementations of SIMATIC Products AKTUALIZACJA
SSA-395458	8.7	Account Hijacking Vulnerability in Mendix SAML Module
SSA-028723	9.8	Multiple OpenSSL Vulnerabilities in BFCClient Before V2.17 AKTUALIZACJA
SSA-994087	8.3	Multiple SQLite Vulnerabilities in RUGGEDCOM CROSSBOW Station Access Controller Before V5.7
SSA-978177	7.2	Vulnerability in Nozomi Guardian/CMC on RUGGEDCOM APE1808 Devices
SSA-914892	5.3	Race Condition Vulnerability in Basic Authentication Implementation of Mendix Runtime AKTUALIZACJA
SSA-908185	9.1	Mirror Port Isolation Vulnerability in RUGGEDCOM ROS Devices AKTUALIZACJA
SSA-894058	2.4	Improper Bandwidth Limitation of Network Packets Over Local USB Port Vulnerability in SIPROTEC 5
SSA-864900	6.7	Multiple Vulnerabilities in Fortigate NGFW on RUGGEDCOM APE1808 Devices AKTUALIZACJA
SSA-856721	8.8	Vulnerability in RUGGEDCOM Discovery Protocol (RCDP) of Industrial Communication Devices AKTUALIZACJA
SSA-840800	8.0	Code Injection Vulnerability in RUGGEDCOM ROS AKTUALIZACJA
SSA-800126	7.8	Deserialization Vulnerability in Siemens Engineering Platforms before V20 AKTUALIZACJA
SSA-794185	9.0	RADIUS Protocol Susceptible to Forgery Attacks (CVE-2024-3596) – Impact to SIPROTEC, SICAM and Related Products AKTUALIZACJA
SSA-787941	5.3	Denial of Service Vulnerability in RUGGEDCOM ROS devices AKTUALIZACJA
SSA-770902	7.5	Denial of Service Vulnerability in the Web Server of RUGGEDCOM ROS Devices AKTUALIZACJA
SSA-770770	9.8	Multiple Vulnerabilities in Fortigate NGFW Before V7.4.7 on RUGGEDCOM APE1808 Devices AKTUALIZACJA
SSA-769791	8.2	Local Arbitrary Code Execution Vulnerability in COMOS Before V10.6
SSA-767615	7.5	Information Disclosure Vulnerability in SIPROTEC 5 Devices AKTUALIZACJA
SSA-764417	6.7	Weak Encryption Vulnerability in RUGGEDCOM ROS Devices AKTUALIZACJA
SSA-707630	6.3	Multiple Vulnerabilities in SIMATIC RTLS Locating Manager Before V3.3
SSA-693808	8.2	Deserialization Vulnerability in Siemens Engineering Platforms
SSA-687955	6.8	Accessible Development Shell via Physical Interface in SIPROTEC 5 AKTUALIZACJA
SSA-674084	7.8	File Parsing Vulnerabilities in Simcenter Femap Before V2506
SSA-665108	4.1	Arbitrary File Upload Vulnerability in RUGGEDCOM ROX II
SSA-613116	9.1	Multiple Vulnerabilities in Third-Party Components in SINEC OS before V3.1
SSA-529291	6.2	Information Disclosure Vulnerabilities in SICAM Q100/Q200
SSA-517338	7.8	Multiple Vulnerabilities in SINEC Traffic Analyzer Before V3.0
SSA-493787	9.1	Arbitrary Code Execution Vulnerability in SIMATIC RTLS Locating Manager Before V3.2
SSA-493396	7.8	Deserialization Vulnerability in Siemens Engineering Platforms
SSA-460466	4.3	Denial of Service Vulnerability in TIA Project-Server and TIA Portal AKTUALIZACJA
SSA-446307	10	Authentication Bypass Vulnerability in BMC (CVE-2024-54085) affects SIMATIC IPC RS-828A AKTUALIZACJA
SSA-400089	7.5	Denial of Service Vulnerability in SIPROTEC 4 and SIPROTEC 4 Compact
SSA-398330	9.8	Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP >= V3.1.0 and < V3.1.5 AKTUALIZACJA
SSA-392859	7.3	Local Arbitrary Code Execution Vulnerability in Siemens Engineering Platforms before V20 AKTUALIZACJA
SSA-382999	7.1	Multiple Vulnerabilities in Opcenter Quality Before V2506
SSA-355557	9.1	Multiple Vulnerabilities in Third-Party Components in SINEC OS before V3.2
SSA-353002	4.9	Multiple Vulnerabilities in SCALANCE XB-200 / XC-200 / XP-200 / XF-200BA / XR-300WG Family AKTUALIZACJA
SSA-331739	8.2	Privilege Escalation Vulnerability in WIBU CodeMeter Runtime Affecting Siemens Products
SSA-282044	7.8	DLL Hijacking Vulnerability in Siemens Web Installer used by the Online Software Delivery
SSA-265688	9.1	Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 TM MFP V1.1 AKTUALIZACJA
SSA-256353	9.6	Third-Party Component Vulnerabilities in RUGGEDCOM ROS AKTUALIZACJA
SSA-186293	5.5	XML External Entity (XXE) Injection Vulnerability in SIMOTION SCOUT, SIMOTION SCOUT TIA and SINAMICS STARTER
SSA-177847	8.3	Improper VNC Password Check Vulnerability in SINUMERIK Controllers
SSA-170375	8.8	Multiple Vulnerabilities in RUGGEDCOM ROS Before V5.9 AKTUALIZACJA
SSA-097435	5.3	Usernames Disclosure Vulnerability in Mendix Runtime AKTUALIZACJA
SSA-094954	7.6	Authentication Bypass Vulnerability in BIST mode of RUGGEDCOM ROX II
SSA-082556	9.8	Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1.5 AKTUALIZACJA