Skip to content

Security Updates

Critical updates from Microsoft, Siemens and other companies will be posted here when they become available. Check back often, as this page will update periodically. These updates address issues such as cyber security, bug fixes, new features and feature updates.

Click Here to get the Siemens ProductCERT updates sent directly to your inbox.

Siemens ProductCERT Updated: 5/11/22

The following new advisories/bulletins have just been published on the Siemens ProductCERT Website:

SSA-162616: File Parsing Vulnerabilities in Simcenter Femap before V2022.2
SSA-165073: Multiple Vulnerabilities in the Webinterface of SICAM P850 and SICAM P855 Devices
SSA-285795: Denial of Service in OPC-UA in Industrial Products
SSA-321292: Denial of Service in the OPC Foundation Local Discovery Server (LDS) in Industrial Products
SSA-363107: An Improper Initialization Vulnerability Affects SIMATIC WinCC Kiosk Mode
SSA-480937: Denial of Service Vulnerability in CP 44x-1 RNA before V1.5.18
SSA-553086: Multiple File Parsing Vulnerabilities in JT2Go and Teamcenter Visualization
SSA-626968: Multiple Webserver Vulnerabilities in Desigo PXC and DXR Devices
SSA-662649: Denial of Service Vulnerability in Desigo DXR and PXC Controllers
SSA-732250: Libcurl Vulnerabilities in Industrial Devices
SSA-736385: Memory Corruption Vulnerability in OpenV2G
SSA-789162: Vulnerabilities in Teamcenter
Additionally, the following advisories / bulletins have just been updated on the Siemens ProductCERT web site [1]
SSA-102233: SegmentSmack in VxWorks-based Industrial Devices
Added solution for SIMATIC CP 442-1 RNA and SIMATIC CP 443-1 RNA; added affected product SIMATIC CP 343-1 Advanced
SSA-114589: Multiple Vulnerabilities in Nucleus RTOS based APOGEE, TALON and Desigo PXC/PXM Products
Added solutions for APOGEE PXC Compact (P2 Ethernet), APOGEE PXC Modular (P2 Ethernet), Desigo PXC Products, Desigo PXM Products
SSA-162506: DHCP Client Vulnerability in SIMOTICS CONNECT 400, Desigo PXC/PXM, APOGEE MEC/MBC/PXC, APOGEE PXC Series, and TALON TC Series
Added solution for APOGEE PXC Series (P2)
SSA-244969: OpenSSL Vulnerability in Industrial Products
Removed Industrial Edge – Inventory App as it is not affected; Added solution for Industrial Edge – PROFINET IO Connector
SSB-439005: Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP
Added CVE-2018-5995, CVE-2021-28363, CVE-2021-4197, CVE-2021-45868, CVE-2022-0850, CVE-2022-1011, CVE-2022-1016, CVE-2022-1271, CVE-2022-22576, CVE-2022-27774, CVE-2022-27775, CVE-2022-27776
SSA-462066: Vulnerability known as TCP SACK PANIC in Industrial Products
Added solution for SIMATIC CP 442-1 RNA and SIMATIC CP 443-1 RNA
SSA-560465: DHCP Client Vulnerability in VxWorks-based Industrial Products
ERRATA: Removed solution for SCALANCE X-300/X408 family
SSA-629512: Local Privilege Escalation Vulnerability in TIA Portal
Added solution for TIA Portal V15
SSA-661247: Apache Log4j Vulnerabilities (Log4Shell, CVE-2021-44228, CVE-2021-45046) – Impact to Siemens Products
Added solution for Capital, COMOS, HES UDIS, Simcenter System Simulation Client for Git, Solid Edge CAM Pro, Solid Edge Wiring and Harness Design, VeSys; updated solution for SIMATIC IPC and SiPass V2.85; EnergyIP Prepay: clarified that fix release V3.8.0.12 is also valid for versions before V3.8
SSA-678983: Vulnerabilities in Industrial PCs and CNC devices using Intel CPUs (November 2020)
Added solution for SIMATIC IPC547G
SSA-756638: Vulnerabilities in Third-Party Component Mbed TLS of LOGO! CMR Family and SIMATIC RTU 3000 Family
Added solution for devices of SIMATIC RTU 3000 family
SSA-772220: OpenSSL Vulnerabilities in Industrial Products
Added solution for SIMATIC READER RF1xxC family and SIMATIC Reader RF360R and SIMATIC PCS 7 TeleControl
SSA-787292: Denial of Service Vulnerability in SIMATIC RFID Readers
Added solution for SIMATIC RF360R
SSA-840188: Multiple Vulnerabilities in SIMATIC WinCC Affecting Other SIMATIC Software Products
Added solution for SIMATIC WinCC V15
SSA-914168: Multiple Vulnerabilities in SIMATIC WinCC Affecting Other SIMATIC Software Products
 Added solution for SIMATIC WinCC V15

Update 4/22/2022

SSA-254054: Spring Framework Vulnerability (Spring4Shell or SpringShell, CVE-2022-22965) – Impact to Siemens Products
SSA-316850: Unauthenticated File Access in SICAM A8000 Devices
SSA-350757: Improper Access Control Vulnerability in TIA Portal Affecting S7-!@00 and S7-1500 CPUs Web Server (Incl. Related ET200 CPUs and SIPLUS variants)
SSA-392912: Multiple Denial of Service Vulnerabilities in SCALANCE W1700 Devices
SSA-414513: Information Disclosure Vulnerability in Mendix
SSA-446448: Denial of Service Vulnerability in PROFINET Stack Integrated on Interniche Stack
SSA-557541: Denial of Service Vulnerability in SIMATIC S7-400 CPUs
SSA-655554: Multiple Vulnerabilities in SIMATIC Energy Manager before V7.3 Update 1
SSA-711829: Denial of Service Vulnerability in TIA Administrator
SSA-836527: Multiple Vulnerabilities in SCALANCE X-300 Switch Family Devices
SSA-870917: Improper Access Control Vulnerability in Mendix
SSA-998762: File Parsing Vulnerabilities in Simcenter Femap before V2022.1.2
Additionally, the following advisories/bulletins have just been updated on the Siemens ProductCERT website:
SSA-102233: SegmentSmack in VxWorks-based Industrial Devices
Added solution for SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants)
SSA-114589: Multiple Vulnerabilities in Nucleus RTOS based APOGEE, TALON and Desigo PXC/PXM Products
Added solutions for APOGEE PXC Compact (BACnet), APOGEE PXC Modular (BACnet), TALON TC Compact (BACnet), and TALON TC Modular (BACnet) products
SSA-148641: XPath Constraint Vulnerability in Mendix Runtime
Summary update; Default configuration for Mendix 9 is not affected; CVSS vector review
SSA-162506: DHCP Client Vulnerability in SIMOTICS CONNECT 400, Desigo PXC/PXM, APOGEE MEC/MBC/PXC, APOGEE PXC Series, and TALON TC Series
Listed all affected Desigo PXC and PXM20 products explicitly. Added solution for APOGEE PXC Series (BACnet) and TALON TC Series (BACnet)
SSA-224969: OpenSSL Vulnerability in Industrial Products
Added solution for RUGGEDCOM RCM1224 family, SCALANCE M-800 family, SCALANCE MUM-800 family, SCALANCE S615, SCALANCE X-300/X408 family, SIMATIC PCS neo, SIMATIC Process Historian OPC UA Server, SCALANCE W-1700 (11AC) family, SIMATIC CP 1543-1, SIPLUS NET CP 1543-1
SSA-256353: Third-Party Component Vulnerabilities in RUGGEDCOM ROS
Added acknowledgements
SSA-270778: Denial of Service Vulnerability in SIMATIC PCS 7, SIMATIC WinCC and SIMATIC NET PC Software
Added solution for SIMATIC PCS 7 V8.2 and related components; added solution for SIMATIC NET PC Software V14 and clarified affected versions; added a note regarding shared components
SSA-273799: Message Integrity Protection Bypass Vulnerability in SIMATIC Products
Added solution for SIMATIC NET PC Software V14 and clarified affected versions; Clarified no remediation planned
SSA-301589: Multiple File Parsing Vulnerabilities in Solid Edge, JT2Go and Teamcenter Visualization
Added remediation for Teamcenter Visualization version line V13.2 and JT2Go
SSA-307392: Denial of Service in OPC UA in Industrial Products
Added solution for SIMATIC NET PC Software V14 and clarified affected versions; no remediation planned for V15
SSA-309571: IPU 2021.1 Vulnerabilities in Siemens Industrial Products using Intel CPUs (June 2021)
Added solution for SIMATIC IPC427E, SIMATIC IPC 477E, and SIMATIC IPC477E PRO
SSA-312271: Unquoted Search Path Vulnerabilities in Windows-based Industrial Software Applications
Added solution for SIMATIC NET PC Software V14 and clarified affected versions
SSA-348629: Denial of Service Vulnerability in SIMATIC PCS 7, SIMATIC WinCC, SIMATIC WinCC Runtime Professional and SIMATIC NET PC Software
Added solution for SIMATIC NET PC Software V14 and clarified affected versions; Clarified no remediation planned
SSB-439005: Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP
Added CVE-2016-3189, CVE-2018-25032, CVE-2019-12900, CVE-2021-3772, CVE-2022-0001, CVE-2022-0002, CVE-2022-0778, CVE-2022-0847, CVE-2002-25236, CVE-2022-25313, CVE-2002-25314, CVE-2002-25315, CE-2002-26488, CVE-2022-27666
SSA-462066: Vulnerability known as TCP SACK PANIC in Industrial Products
Updated remediation for SIMATIC CP 1623; Added solution for SIMATIC RF600R family and clarified list of affected devices
SSA-535640: Vulnerability in Industrial Products
Added solution for SIMATIC NET PC Software V14 and clarified affected version; Clarified no remediation planned
SSA-539476: Siemens SIMATIC NET CP, SINEMA and SCALANCE Products Affected by Vulnerabilities in Third-Party Component strongSwan
Added solutions for SCALANCE S615, SCALANCE M-800 Family, SCALANCE MUM-800 Family, RUGGEDCOM RM1224 Family, SIMATIC CP 1543-1, and SIPLUS NET CP 1543-1
SSA-560465: DHCP Client Vulnerability in VxWorks-based Industrial Products
Clarified that no remediation is planned for some products; Clarified product names; Added SIMATIC RF180C; Added solution for SCALANCE X-300/X408 family
SSA-562051: Cross-Site Scripting Vulnerability in Polarion ALM
Corrected list of affected versions; clarified difference between Plarion ALM and teh freeweare (WebClient for SVN)
SSA-593272: SegmentSmack in Interniche IP-Stack based Industrial Devices
Cleanup due to template changes, no change of contents
SSA-599968: Denial of Service Vulnerability in Profinet Devices
Added solution for SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) and SCALANCE W-1700 (11ac) family
SSA-661247: Apache Log4j Vulnerabilities (Log4Shell, CVE-2021-4428, CVE-2021-45046) – Impact to Siemens Products
Added solution for NX; confirmed that SIMATIC IT Report Manager is not affected; removed section “Products Under Investigation”
SSA-672373: Vulnerabilities in CP 1543-1 before V2.0.28
Updated download link and revised summary section
SSA-676336: OpenSSH Vulnerabilities in SCALANCE X-200 and X-300/X408 Switches
Added solution for SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants)
SSA-764417: Multiple Vulnerabilities in RUGGEDCOM Devices
Added acknowledgements
SSA-772220: OpenSSL Vulnerabilities in Industrial Products
No fix planned for SINAMICS Connect 300; Added solution for SCALANCE M-800 / S615 family, RUGGEDCOM RM1224, and SCALANCE W-1700 IEEE 802.11ac family; Added SIMATIC RF600R family
SSA-780073: Denial of Service Vulnerability in PROFINET Devices via DCE-RPC Packets
Added solution for SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants)
SSA-787292: Denial-of-Service Vulnerability in SIMATIC RFID Readers
Added solution for SIMATIC RF600R family and clarified list of affected devices
SSA-840188: Multiple Vulnerabilities in SIMATIC WinCC Affecting Other SIMATIC Software Products
Added solution for SIMATIC WinCC V7.4; added solution for SIMATIC PCS 7 V8.2 and SIMATIC PCS 7 V9.0 and related components; added SIMATIC NET PC Software incl. solution for V17; added a note regarding shared components
SSA-913875: Frame Aggregation and Fragmentation Vulnerabilities in 802.11
Added solution for the SCALANCE W-1700 (11ac) family
SSA-914168: Multiple Vulnerabilities in SIMATIC WinCC Affecting Other SIMATIC Software Products
Added solution for SIMATIC WinCC V7.4, SIMATIC PCS 7 V8.2 and SIMATIC PCS 7 V9.0
SSA-978220: Denial of Service Vulnerability over SNMP in Multiple Industrial Products
Updated remediation for SIMATIC CP 1623
SSA-995338: Multiple Vulnerabilities in COMOS Web
Updated remediation for COMOS V10.3

Update 3/10/2022

The following new advisories/bulletins have just been published on the Siemens ProductCERT web site :
SSA-134279: Vulnerability in Mendix Forgot Password Appstore Module
SSA-148641: XPath Constraint Vulnerability in Mendix Runtime
SSA-155599: File Parsing Vulnerabilities in COMOS
SSA-166747: Scene File Parsing Vulnerability in Simcenter STAR-CCM+ Viewer before V2022.1
SSA-223353: Multiple Vulnerabilities in Nucleus RTOS based SIMOTICS CONNECT 400
SSA-250085: Multiple Vulnerabilities in SINEC NMS
SSA-252466: Multiple Vulnerabilities in Climatix POL909 (AWM and AWB)
SSA-256353: Third-Party Component Vulnerabilities in RUGGEDCOM ROS
SSA-337210: Privilege Escalation Vulnerability in SINUMERIK MC
SSA-389290: Third-Party Component Vulnerabilities in SINEC INS
SSA-406691: Buffer Vulnerabilities in DHCP Function of RUGGEDCOM ROX Products
SSA-415938: Improper Access Control Vulnerability in Mendix
SSA-562051: Cross-Site Scripting Vulnerability in Polarion ALM
SSA-594438: Remote Control Execution and Denial-of-Service Vulnerability in Multiple RUGGEDCOM ROX products
SSA-764417: Multiple Vulnerabilities in RUGGEDCOM Devices
Additionally, the following advisories / bulletins have just been updated on the Siemens ProductCERT web site [1]:
SSA-244969: OpenSSL Vulnerability in Industrial Products
Added Solution for SINUMERIK Operate; Added Industrial Edge Products
SSA-306654: Insyde BIOS Vulnerabilities in Siemens Industrial Products
Corrected AV:L for all CVEs, added RUGGEDCOM APE1808 and SIMATIC IPC477E PRO
SSA-309571: IPU 2021.1 Vulnerabilities in Siemens Industrial Products using Intel CPUs (June 2021)
Added mitigation; clarified no remediation planned for SIMTIC S7-1500 CPU 1518 (F)-4 PN/DP MFP; added solution for SIMATIC IPC127E and SIMATIC ET 200SP Open Controller CPU 1515SP PC2
SSA-439005: Vulnerabilities in the additional GNU/Linus subsystem of the SIMATICSy-1500 CPU 1518(F)-4PN/DP MFP
Added CVE-2022-23308, CVE-2022-24407, CVE2022-24448, CVE-2022-25235
SSA-462066: Vulnerability known as TCP SACK PANIC In Industrial Products
Re-added SCALANCE S615 to the list of affected products
SSA-501073: Vulnerabilities in Controllers CPU 1518 MFP using Intel CPUs (November 2020)
Updated specific mitigations; clarified that no remediation is planned
SSA-534763: Special Register Buffer Data Sampling (SRBDS) aka Crosstalk in Industrial Products
Added solution for SIMATIC IPC3000 SMART V2 and clarified that no further fixes are planned
SSA-541018: Embedded TCP/IP Stack Vulnerabilities (AMNESIA:33) in SENTROL PAC/3VA Devices (Part 2)
Added download link of update version for SENTRON PAC2200
SSA-661247: Apache Log4j Vulnerabilities (Log4Shell, CVE-2021-44228, CVE-2021-45046)- Impact to Siemens Products
Added or updated solutions for Siveillance Command, Control Pro, Vantage; added solution for Tecnomatix Plant Simulation (installations with TCCS)
SSA-669158: DNC Client Vulnerabilities in SIMOTICS CONNECT 400
Added solution for CVE-2021-25677
SSA-669737: Improper Access Control Vulnerability in SICAM TOOLBOX II
Updated Acknowledgments; Improved Mitigation Description
SSA-678983: Vulnerabilities in Industrial PCs and CNC devices using Intel CPUs (November 2020)
Added solution for SIMATIC ET 200SP Open Controller CPU 1515SP PC2
SSA-703715: Information Disclosure Vulnerability in Climatix POL909 (AWM and AWB)
Added product: Climatix POL909 (AWB module)
SSA-838121: Multiple Denial of Service Vulnerabilities in Industrial Products
Added solution for SIMATIC S7-PLCSIM Advanced
SSA-840188: Multiple Vulnerabilities in SIMATIC WinCC Affecting Other SIMATIC Software Products
Added Mitigation to CVE-2021-40358
 
VMWARE SECURITY UPDATE

VMSA-2021-0010

The VMware Security Advisory will always list the specific supported products and versions that are affected. In this case it is vCenter Server 6.5, 6.7, and 7.0.


Update 2/11/2022

The following new advisories/bulletins have just been published on the Siemens ProductCERT web site :
SSA-244969: OpenSSL Vulnerability in Industrial Products
SSA-301589: Multiple File Parsing Vulnerabilities in Solid Edge, JT2Go and Teamcenter Visualization
SSA-539476: Siemens SIMATIC NET CP, SINEMA and SCALANCE Products Affected by Vulnerabilities in Third-Party Component strongSwan
SSA-609880: File Parsing Vulnerabilities in Simcenter Femap before V2022.1
SSA-654775: Open Redirect Vulnerability in SINEMA Remote Connect Server
SSA-669737: Improper Access Control Vulnerability in SICAM TOOLBOX II
SSA-831168: Cross-Site Scripting Vulnerability in Spectrum Power 4
SSA-838121: Multiple Denial of Service Vulnerabilities in Industrial Products
SSA-914168: Multiple Vulnerabilities in SIMATIC WinCC Affecting Other SIMATIC Software Products
SSA-978692: Apache Log4j Vulnerabilities – Impact to Siemens Energy Omnivise Fleet Management
Additionally, the following advisories / bulletins have just been updated on the Siemens ProductCERT web site
SSA-100232: Denial-of-Service vulnerability in SCALANCE X Switches
SSA-102233: SegmentSmack in VxWorks-based Industrial Devices
SSA-211752: Multiple NTP-Client Related Vulnerabilities in SIMATIC CP 443-1 OPC UA
SSA-293562: Denial of Service Vulnerabilities in PROFINET DCP Implementation of Industrial Products
SSA-307392: Denial of Service in OPC UA in Industrial Products
SSA-309571: IPU 2021.1 Vulnerabilities in Siemens Industrial Products using Intel CPUs (June 2021)
SSA-316383: NumberJack Vulnerability in LOGO! CMR and SIMATIC RTU 3000 devices
SSA-346262: Denial-of-Service in Industrial Products
SSA-349422: Denial-of-Service in Industrial Real-Time (IRT) Devices
SSB-439005: Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP
SSA-443566: Authentication Bypass in SCALANCE X Switches Families
SSA-462066: Vulnerability known as TCP SACK PANIC in Industrial Products
SSA-473245: Denial-of-Service Vulnerability in Profinet Devices
SSA-480230: Denial of service in Webserver of Industrial Products
SSA-541018: Embedded TCP/IP Stack Vulnerabilities (AMNESIA:33) in SENTRON PAC / 3VA Devices (Part 2)
SSA-593272: SegmentSmack in Interniche IP-Stack based Industrial Devices
SSA-599968: Denial-of-Service Vulnerability in Profinet Devices
SSA-661247: Apache Log4j Vulnerabilities (Log4Shell, CVE-2021-44228, CVE-2021-45046) – Impact to Siemens Products
SSA-675303: WIBU Systems CodeMeter Runtime Vulnerabilities in Siemens Products
SSA-714170: Apache Log4j Vulnerabilities (Log4Shell, CVE-2021-44228, CVE-2021-45046) – Impact to SPPA-T3000
SSA-772220: OpenSSL Vulnerabilities in Industrial Products
SSA-780073: Denial of Service Vulnerability in PROFINET Devices via DCE-RPC Packets
SSA-840188: Multiple Vulnerabilities in SIMATIC WinCC Affecting Other SIMATIC Software Products
SSA-913875: Frame Aggregation and Fragmentation Vulnerabilities in 802.11
SSA-978220: Denial of Service Vulnerability over SNMP in Multiple Industrial Products
SSA-995338: Multiple Vulnerabilities in COMOS Web
 
Update 01/04/2022

The following new advisories/bulletins have just been published on the Siemens ProductCERT web site :
SSA-044112: Multiple Vulnerabilities (NUCLEUS:13) in the TCP/IP Stack of Nucleus RTOS
SSA-114589: Multiple Vulnerabilities in Nucleus RTOS based APOGEE and TALON Products
SSA-145157: Multiple Vulnerabilities in SIMATIC RTLS Locating Manager before V2.12
SSA-328042: File Parsing Vulnerabilities in OBJ Translator in NX
SSA-338732: Information Disclosure Vulnerability in Mendix
SSA-537983: Local Code Execution Vulnerability in SENTRON powermanager V3
SSA-580693: WIBU Systems CodeMeter Runtime Denial-of-Service Vulnerability in Siemens Products
SSA-703715: Information Disclosure Vulnerability in Climatix POL909 (AWM)
SSA-740908: File Parsing Vulnerabilities in JT Translator in NX
SSA-755517: Path Traversal Vulnerability in Siveillance Video DLNA Server
SSA-779699: Two Incorrect Authorization Vulnerabilities in Mendix
SSA-840188: Multiple Vulnerabilities in SIMATIC WinCC Affecting Other SIMATIC Software Products
SSA-917476: Multiple Vulnerabilities in SCALANCE W1750D
SSA-185699: Out of Bounds Write Vulnerabilities (NAME:WRECK) in the DNS Module of Nucleus RTOS
SSA-201384: Predictable UDP Port Number Vulnerability (NAME:WRECK) in the DNS Module of Nucleus RTOS
SSA-248289: Denial of Service Vulnerabilities in the IPv6 Stack of Nucleus RTOS
SSA-312271: Unquoted Search Path Vulnerabilities in Windows-based Industrial Software Applications
SSA-324955: SAD DNS Attack in Linux Based Products
SSA-362164: Predictable Initial Sequence Numbers in the TCP/IP Stack of Nucleus RTOS
SSB-439005: Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP
SSA-675303: WIBU Systems CodeMeter Runtime Vulnerabilities in Siemens Products
SSA-705111: Multiple Vulnerabilities (NAME:WRECK) in the DNS Module of Nucleus RTOS
SSA-772220: OpenSSL Vulnerabilities in Industrial Products
 

Siemens ProductCERT Updated: 11/11/21




The following new advisories/bulletins have just been published on the Siemens ProductCERT web site :
SSA-044112: Multiple Vulnerabilities (NUCLEUS:13) in the TCP/IP Stack of Nucleus RTOS
SSA-114589: Multiple Vulnerabilities in Nucleus RTOS based APOGEE and TALON Products
SSA-145157: Multiple Vulnerabilities in SIMATIC RTLS Locating Manager before V2.12
SSA-328042: File Parsing Vulnerabilities in OBJ Translator in NX
SSA-338732: Information Disclosure Vulnerability in Mendix
SSA-537983: Local Code Execution Vulnerability in SENTRON powermanager V3
SSA-580693: WIBU Systems CodeMeter Runtime Denial-of-Service Vulnerability in Siemens Products
SSA-703715: Information Disclosure Vulnerability in Climatix POL909 (AWM)
SSA-740908: File Parsing Vulnerabilities in JT Translator in NX
SSA-755517: Path Traversal Vulnerability in Siveillance Video DLNA Server
SSA-779699: Two Incorrect Authorization Vulnerabilities in Mendix
SSA-840188: Multiple Vulnerabilities in SIMATIC WinCC Affecting Other SIMATIC Software Products
SSA-917476: Multiple Vulnerabilities in SCALANCE W1750D
SSA-185699: Out of Bounds Write Vulnerabilities (NAME:WRECK) in the DNS Module of Nucleus RTOS
SSA-201384: Predictable UDP Port Number Vulnerability (NAME:WRECK) in the DNS Module of Nucleus RTOS
SSA-248289: Denial of Service Vulnerabilities in the IPv6 Stack of Nucleus RTOS
SSA-312271: Unquoted Search Path Vulnerabilities in Windows-based Industrial Software Applications
SSA-324955: SAD DNS Attack in Linux Based Products
SSA-362164: Predictable Initial Sequence Numbers in the TCP/IP Stack of Nucleus RTOS
SSB-439005: Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP
SSA-675303: WIBU Systems CodeMeter Runtime Vulnerabilities in Siemens Products
SSA-705111: Multiple Vulnerabilities (NAME:WRECK) in the DNS Module of Nucleus RTOS
SSA-772220: OpenSSL Vulnerabilities in Industrial Products