Firma Siemens informuje o nowych podatnościach w swoich produktach oraz aktualizuje starsze biuletyny

cert.pse-online.pl 1 rok temu

W dniu 13 grudnia 2022 r. firma Siemens opublikowała zalecenia dotyczące bezpieczeństwa dotyczące luk w zabezpieczeniach wielu produktów.

ID	CVSS	Opis
SSA-951513	4.2	Clickjacking Vulnerability in SCALANCE S, SCALANCE X-300, X-200IRT, X-200RNA and X-200 Switch Families AKTUALIZACJA
SSA-930100	7.8	Privilege Escalation Vulnerability in Simcenter STAR-CCM+
SSA-849072	8.8	Several Vulnerabilities in SICAM PAS before V8.06
SSA-792594	5.4	Host Header Injection Vulnerability in Polarion ALM
SSA-764417	6.7	Weak Encryption Vulnerability in RUGGEDCOM ROS Devices AKTUALIZACJA
SSA-712929	7.5	Denial of Service Vulnerability in OpenSSL (CVE-2022-0778) Affecting Industrial Products AKTUALIZACJA
SSA-700053	7.8	Multiple File Parsing Vulnerabilities in Teamcenter Visualization and JT2Go
SSA-678983	7.8	Vulnerabilities in Industrial PCs and CNC devices using Intel CPUs (November 2020) AKTUALIZACJA
SSA-638652	7.4	Authentication Bypass Vulnerability in Mendix SAML Module AKTUALIZACJA
SSA-593272	7.5	SegmentSmack in Interniche IP-Stack based Industrial Devices AKTUALIZACJA
SSA-588101	7.8	Multiple File Parsing Vulnerabilities in Parasolid
SSA-572005	9.8	Vulnerabilities in the Web Server of SICAM P850 and SICAM P855 Devices AKTUALIZACJA
SSA-552874	5.3	Denial of Service Vulnerability in SIPROTEC 5 Devices
SSA-552702	8.8	Privilege Escalation Vulnerability in the Web Interface of SCALANCE and RUGGEDCOM Products AKTUALIZACJA
SSA-547714	5.4	Argument Injection Vulnerability in SIMATIC WinCC OA Ultralight Client AKTUALIZACJA
SSA-480829	5.8	Cross-Site Scripting Vulnerabilities in SCALANCE X Switches AKTUALIZACJA
SSA-478960	6.5	Missing CSRF Protection in the Web Server Login Page of Industrial Controllers AKTUALIZACJA
SSA-473245	7.5	Denial-of-Service Vulnerability in Profinet Devices AKTUALIZACJA
SSA-446448	5.3	Denial of Service Vulnerability in PROFINET Stack Integrated on Interniche Stack AKTUALIZACJA
SSA-443566	8.8	Authentication Bypass in SCALANCE X Switches Families AKTUALIZACJA
SSB-439005	n/a	Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP AKTUALIZACJA
SSA-436469	6.5	TCP Vulnerability in APOGEE/TALON Field Panels
SSA-413565	7.6	Multiple Vulnerabilities in SCALANCE Products
SSA-412672	9.8	Multiple OpenSSL and OpenSSH Vulnerabilities in SCALANCE X-200RNA Switch Devices before V3.2.7
SSA-408105	7.5	Buffer Overflow Vulnerabilities in OpenSSL 3.0 Affecting Siemens Products
SSA-382653	7.5	Multiple Denial of Service Vulnerabilities in Industrial Products
SSA-363821	8.8	Multiple Vulnerabilities in SCALANCE X-200RNA Switch Devices before V3.2.7
SSA-360681	7.8	Datalogics File Parsing Vulnerabilities in Teamcenter Visualization and JT2Go
SSA-333517	7.8	Multiple Vulnerabilities in SCALANCE SC-600 Family before V3.0
SSA-321292	7.5	Denial of Service in the OPC Foundation Local Discovery Server (LDS) in Industrial Products AKTUALIZACJA
SSA-313313	7.5	Denial of Service Vulnerability in the FTP Server of Nucleus RTOS AKTUALIZACJA
SSA-312271	8.8	Unquoted Search Path Vulnerability in Windows-based Industrial Software Applications AKTUALIZACJA
SSA-309571	7.5	IPU 2021.1 Vulnerabilities in Siemens Industrial Products using Intel CPUs (June 2021) AKTUALIZACJA
SSA-274900	9.1	Use of Hardcoded Key in SCALANCE X Devices Under Certain Conditions AKTUALIZACJA
SSA-274282	6.1	Cross Site Scripting Vulnerability in PLM Help Server V4.2
SSA-224632	8.1	Improper Access Control Vulnerability in Mendix Email Connector Module
SSA-223771	7.5	SISCO Stack Vulnerability in SIPROTEC 5 Devices
SSA-210822	8.1	Improper Access Control Vulnerability in Mendix Workflow Commons Module
SSA-180579	8.8	Privilege Management Vulnerability in APOGEE/TALON Field Panels
SSA-120378	7.8	Multiple File Parsing Vulnerabilities in Teamcenter Visualization and JT2Go AKTUALIZACJA