Security Updates

Critical updates from Microsoft, Siemens and other companies will be posted here when they become available. Check back often, as this page will update periodically. These updates address issues such as cyber security, bug fixes, new features and feature updates.

Compromise of U.S. Water Treatment Facility

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert regarding increasing system security breaches. If you have concerns about your system’s security, please contact us at Pigler Automation.

VMWARE SECURITY UPDATE

VMSA-2021-0010

The VMware Security Advisory will always list the specific supported products and versions that are affected. In this case it is vCenter Server 6.5, 6.7, and 7.0.

Siemens ProductCERT Updated: 10/11/21




The following new advisories/bulletins have just been published on the Siemens ProductCERT web site :

SSA-109294: Scene File Parsing Vulnerability in Simcenter STAR-CCM+ Viewer
SSA-150692: Multiple Vulnerabilities in RUGGEDCOM ROX
SSA-208530: File parsing vulnerabilities in IFC adapter in NX
SSA-288459: Heap Overflow Vulnerability in RFID terminals
SSA-316383: NumberJack Vulnerability in LOGO! CMR family and SIMATIC RTU 3000 family
SSA-330339: Web Vulnerabilities in SINEC NMS
SSA-334944: Vulnerability in SINEMA Remote Connect Server
SSA-413407: Path Traversal Vulnerability in Teamcenter Active Workspace
SSA-453715: Deserialization Vulnerability in CCOM Communication Component of Desigo CC Family
SSA-500748: Denial-of-Service Vulnerabilities in SIPROTEC 5 Devices
SSA-535380: Command Injection Vulnerability in Siveillance OIS Affecting Several Building Management Systems
SSA-535997: Cleartext Storage of Sensitive Information in Multiple SIMATIC Products
SSA-549234: Denial-of-Service Vulnerability in SIMATIC NET CP Modules
SSA-676336: OpenSSH Vulnerabilities in SCALANCE X-200 and X-300/X408 Switches
SSA-692317: Authorization Bypass Vulnerability in Industrial Edge
SSA-756638: Vulnerabilities in Third-Party Component Mbed TLS of LOGO! CMR Family and SIMATIC RTU 3000 Family
SSA-835377: Missing Authentication Vulnerability in SINEMA Server
SSA-847986: Denial-of-Service Vulnerabilities in SIPROTEC 5 relays
SSA-944498: Buffer Overflow Vulnerability in Web Server of APOGEE and TALON Automation Devices
SSA-987403: Multiple Vulnerabilities in Teamcenter
SSA-997732: Modfem File Parsing Vulnerability in Simcenter Femap before V2021.2
Additionally, the following advisories / bulletins have just been updated on the Siemens ProductCERT web site:
SSA-100232: Denial-of-Service vulnerability in SCALANCE X Switches
SSA-102233: SegmentSmack in VxWorks-based Industrial Devices
SSA-139628: Vulnerabilities in Web Server for Scalance X Products
SSA-187092: Several Buffer-Overflow Vulnerabilities in Web Server of SCALANCE X-200
SSA-274900: Use of hardcoded key in Scalance X devices under certain conditions
SSA-312271: Unquoted Search Path Vulnerabilities in Windows-based Industrial Software Applications
SSA-324955: SAD DNS Attack in Linux Based Products
SSA-428051: Privilege Escalation Vulnerability in TIA Administrator
SSA-434534: Memory Protection Bypass Vulnerability in SIMATIC S7-1200 and S7-1500 CPU Families
SSA-434535: Memory Protection Bypass Vulnerability in SINAMICS PERFECT HARMONY GH180 Drives
SSA-434536: Memory Protection Bypass Vulnerability in SINUMERIK ONE and SINUMERIK MC
SSB-439005: Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP
SSA-462066: Vulnerability known as TCP SACK PANIC in Industrial Products
SSA-538778: SmartVNC Vulnerabilities in SIMATIC HMI/WinCC Products
SSA-599968: Denial-of-Service Vulnerability in Profinet Devices
SSA-661034: Incorrect Permission Assignment in Multiple SIMATIC Software Products
SSA-675303: WIBU Systems CodeMeter Runtime Vulnerabilities in Siemens Products
SSA-756744: OS Command Injection Vulnerability in SINEC NMS
SSA-772220: OpenSSL Vulnerabilities in Industrial Products
SSA-780073: Denial-of-Service Vulnerability in PROFINET Devices via DCE-RPC Packets
SSA-789208: Multiple Vulnerabilities (INFRA:HALT) in Interniche IP-Stack based Low Voltage Devices
SSA-830194: Missing Authentication Vulnerability in S7-1200 Devices
SSA-865327: Incorrect Authorization Vulnerability in Industrial Products
SSA-936080: Multiple Vulnerabilities in Third-Party Component libcurl
SSA-938030: DGN and PAR File Parsing Vulnerabilities in JT2Go and Teamcenter Visualization before V13.2.0.2
 

Siemens ProductCERT Updated: 09/16/21




The following new advisories/bulletins have just been published on the Siemens ProductCERT web site :

SSA-109294: Scene File Parsing Vulnerability in Simcenter STAR-CCM+ Viewer
SSA-150692: Multiple Vulnerabilities in RUGGEDCOM ROX
SSA-208530: File parsing vulnerabilities in IFC adapter in NX
SSA-288459: Heap Overflow Vulnerability in RFID terminals
SSA-316383: NumberJack Vulnerability in LOGO! CMR family and SIMATIC RTU 3000 family
SSA-330339: Web Vulnerabilities in SINEC NMS
SSA-334944: Vulnerability in SINEMA Remote Connect Server
SSA-413407: Path Traversal Vulnerability in Teamcenter Active Workspace
SSA-453715: Deserialization Vulnerability in CCOM Communication Component of Desigo CC Family
SSA-500748: Denial-of-Service Vulnerabilities in SIPROTEC 5 Devices
SSA-535380: Command Injection Vulnerability in Siveillance OIS Affecting Several Building Management Systems
SSA-535997: Cleartext Storage of Sensitive Information in Multiple SIMATIC Products
SSA-549234: Denial-of-Service Vulnerability in SIMATIC NET CP Modules
SSA-676336: OpenSSH Vulnerabilities in SCALANCE X-200 and X-300/X408 Switches
SSA-692317: Authorization Bypass Vulnerability in Industrial Edge
SSA-756638: Vulnerabilities in Third-Party Component Mbed TLS of LOGO! CMR Family and SIMATIC RTU 3000 Family
SSA-835377: Missing Authentication Vulnerability in SINEMA Server
SSA-847986: Denial-of-Service Vulnerabilities in SIPROTEC 5 relays
SSA-944498: Buffer Overflow Vulnerability in Web Server of APOGEE and TALON Automation Devices
SSA-987403: Multiple Vulnerabilities in Teamcenter
SSA-997732: Modfem File Parsing Vulnerability in Simcenter Femap before V2021.2
Additionally, the following advisories / bulletins have just been updated on the Siemens ProductCERT web site:
SSA-100232: Denial-of-Service vulnerability in SCALANCE X Switches
SSA-102233: SegmentSmack in VxWorks-based Industrial Devices
SSA-139628: Vulnerabilities in Web Server for Scalance X Products
SSA-187092: Several Buffer-Overflow Vulnerabilities in Web Server of SCALANCE X-200
SSA-274900: Use of hardcoded key in Scalance X devices under certain conditions
SSA-312271: Unquoted Search Path Vulnerabilities in Windows-based Industrial Software Applications
SSA-324955: SAD DNS Attack in Linux Based Products
SSA-428051: Privilege Escalation Vulnerability in TIA Administrator
SSA-434534: Memory Protection Bypass Vulnerability in SIMATIC S7-1200 and S7-1500 CPU Families
SSA-434535: Memory Protection Bypass Vulnerability in SINAMICS PERFECT HARMONY GH180 Drives
SSA-434536: Memory Protection Bypass Vulnerability in SINUMERIK ONE and SINUMERIK MC
SSB-439005: Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP
SSA-462066: Vulnerability known as TCP SACK PANIC in Industrial Products
SSA-538778: SmartVNC Vulnerabilities in SIMATIC HMI/WinCC Products
SSA-599968: Denial-of-Service Vulnerability in Profinet Devices
SSA-661034: Incorrect Permission Assignment in Multiple SIMATIC Software Products
SSA-675303: WIBU Systems CodeMeter Runtime Vulnerabilities in Siemens Products
SSA-756744: OS Command Injection Vulnerability in SINEC NMS
SSA-772220: OpenSSL Vulnerabilities in Industrial Products
SSA-780073: Denial-of-Service Vulnerability in PROFINET Devices via DCE-RPC Packets
SSA-789208: Multiple Vulnerabilities (INFRA:HALT) in Interniche IP-Stack based Low Voltage Devices
SSA-830194: Missing Authentication Vulnerability in S7-1200 Devices
SSA-865327: Incorrect Authorization Vulnerability in Industrial Products
SSA-936080: Multiple Vulnerabilities in Third-Party Component libcurl
SSA-938030: DGN and PAR File Parsing Vulnerabilities in JT2Go and Teamcenter Visualization before V13.2.0.2
 

Siemens ProductCERT Updated: 08/11/21




The following new advisories/bulletins have just been published on the Siemens ProductCERT web site :
SSA-816035: Code Execution Vulnerability in SINEMA Remote Connect Client
SSA-158827: Denial-of-Service Vulnerability in Automation License Manager
SSA-309571: IPU 2021.1 Vulnerabilities in Siemens Industrial Products using Intel CPUs (June 2021)
SSA-365397: Multiple File Parsing Vulnerabilities in JT2Go and Teamcenter Visualization before V13.2.0.1
SSA-553445: DNS “Name:Wreck” Vulnerabilities in Multiple Siemens Energy AGT and SGT solutions
SSA-679335: Multiple Vulnerabilities in Embedded FTP Server of SIMATIC NET CP Modules
SSA-756744: OS Command Injection Vulnerability in SINEC NMS
SSA-818688: Multiple Vulnerabilities in Solid Edge before SE2021MP7
SSA-830194: Missing Authentication Vulnerability in S7-1200 Devices
SSA-865327: Incorrect Authorization Vulnerability in Industrial Products
SSA-938030: DGN and PAR File Parsing Vulnerabilities in JT2Go and Teamcenter Visualization before V13.2.0.2
Additionally, the following advisories / bulletins have just been updated on the Siemens ProductCERT web site :
SSA-286838: Multiple Vulnerabilities in SINAMICS Medium Voltage Products
SSA-324955: SAD DNS Attack in Linux Based Products
SSB-439005: Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP
SSA-492828: Denial-of-Service Vulnerability in SIMATIC S7-300 CPUs and SINUMERIK Controller
SSA-541018: Embedded TCP/IP Stack Vulnerabilities (AMNESIA:33) in SENTRON PAC / 3VA Devices
SSA-599968: Denial-of-Service Vulnerability in Profinet Devices
SSA-678983: Vulnerabilities in Industrial PCs and CNC devices using Intel CPUs
SSA-723417: Multiple Vulnerabilities in SCALANCE W1750D
SSA-752103: Telnet Authentication Vulnerability in SINAMICS Medium Voltage Products
SSA-772220: OpenSSL Vulnerabilities in Industrial Products
SSA-844761: Multiple Vulnerabilities in SiNVR/SiVMS Video Server
SSA-941426: Multiple LLDP Vulnerabilities in Industrial Products
 

Siemens ProductCERT Updated: 05/12/21




The following new advisories/bulletins have just been published on the Siemens ProductCERT web site [1]

SSA-116379: Denial-of-Service Vulnerability in OSPF Packet Handling of SCALANCE XM-400 and XR-500 Devices [2]
SSA-286838: Multiple Vulnerabilities in SINAMICS Medium Voltage Products [3]
SSA-324955: SAD DNS Attack in Linux Based Products [4]

SSA-501073: Vulnerabilities in Controllers CPU 1518 MFP using Intel CPUs (November 2020) [5]
SSA-538778: SmartVNC Vulnerabilities in SIMATIC HMI/WinCC Products [6]

SSA-594364: Denial-of-Service Vulnerability in SNMP Implementation of WinCC Runtime [7]

SSA-676775: Denial-of-Service Vulnerability in SIMATIC NET CP 343-1 Devices [8]

SSA-678983: Vulnerabilities in Industrial PCs and CNC devices using Intel CPUs (November 2020) [9]

SSA-723417: Multiple Vulnerabilities in SCALANCE W1750D [10]
SSA-752103: Telnet Authentication Vulnerability in SINAMICS Medium Voltage Products [11]
SSA-854248: Information Disclosure Vulnerability in Mendix Excel Importer Module [12]
SSA-919955: Information Disclosure Vulnerability in Mendix Database Replication Module [13]

SSA-940818: UltraVNC Vulnerabilities in SIMATIC HMIs/WinCC Products [14]
SSA-983548: Multiple SPP File Parsing Vulnerabilities in Tecnomatix Plant Simulation [15]
Additionally, the following advisories / bulletins have just been updated on the Siemens ProductCERT web site [1]:

SSB-439005: Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP [16]

Added CVE-2020-13529, CVE-2020-36312, CVE-2021-20305, and clarification that the list of vulnerabilities is no longer maintained for versions below V2.8.4


SSA-462066: Vulnerability known as TCP SACK PANIC in Industrial Products [17]

Added affected products TIM 3V-IE, TIM 3V-IE Advanced, TIM 3V-IE DNP3, TIM 4R-IE and TIM 4R-IE DNP3

SSA-478893: TightVNC Vulnerabilities in Industrial Products (Revoked) [18] Errata – Revoked advisory
SSA-541018: Embedded TCP/IP Stack Vulnerabilities (AMNESIA:33) in SENTRON PAC / 3VA Devices (Part 2) [19] Added download link of update version for SENTRON PAC3220

SSA-646763: DNSpooq – Dnsmasq Vulnerabilities in SCALANCE and RUGGEDCOM Devices [20] Clarified that a solution for SCALANCE W1750D is not expected

SSA-794542: Insecure Folder Permissions in SIMARIS Configuration [21] Added solution

SSA-936080: Multiple Vulnerabilities in Third-Party Component libcurl [22] Added SIMATIC CP343-1 Advanced (incl. SIPLUS variants) to the list of affected products
 

Siemens ProductCERT Updated: 02/10/21

https://www.siemens.com/cert/advisories/The following new advisories/bulletins have just been published on the Siemens ProductCERT web site [1]:
SSA-156833: Zip-Slip Directory Traversal Vulnerability in SINEMA Server and SINEC NMS [2]
SSA-362164: Predictable Initial Sequence Numbers in Mentor Nucleus TCP stack [3]
SSA-379803: Vulnerabilities in RUGGEDCOM ROX II [4]
SSA-428051: Privilege Escalation Vulnerability in TIA Administrator [5]
SSA-536315: Privilege escalation vulnerability in DIGSI 4 [6]
SSA-663999: Multiple File Parsing Vulnerabilities in JT2Go and Teamcenter Visualization before V13.1.0.1 [7]
SSA-686152: Denial-of-Service Vulnerability in ARP Protocol of SCALANCE W780 and W740 [8]
SSA-794542: Insecure Folder Permissions in SIMARIS configuration [9]
SSA-944678: Potential Password Protection Bypass in SIMATIC WinCC [10]

Additionally, the following advisories / bulletins have just been updated on the Siemens ProductCERT web site [1]:
SSA-100232: Denial-of-Service vulnerability in SCALANCE X Switches [11] Added update information for SCALANCE X-200IRT switch family
SSA-102233: SegmentSmack in VxWorks-based Industrial Devices [12] Added update information for SCALANCE X-200IRT switch family
SSA-139628: Vulnerabilities in Web Server for Scalance X Products [13] Added update information for SCALANCE X-200IRT switch family
SSA-274900: Use of hardcoded key in Scalance X devices under certain conditions [14] Added update information for SCALANCE X-200IRT switch family
SSA-349422: Denial-of-Service in Industrial Real-Time (IRT) Devices [15] Added additional SIMATIC ET200ecoPN model (6ES7148-6JG00-0BB0) as not affected
SSA-398519: Vulnerabilities in Intel CPUs (November 2019) [16] Updated solution for SIMATIC IPC527G, SIMATIC Field PG M5, and SIMATIC Field PG M6
SSB-439005: Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP [17] Added CVE-2020-1971, CVE-2020-8694, CVE-2020-15437, CVE-2020-25704, CVE-2020-29361, CVE-2020-29362, CVE-2020-29363, CVE-2020-29369, CVE-2020-29660, CVE-2020-29661, CVE-2020-35448, CVE-2020-36221, CVE-2020-36222, CVE-2020-36223, CVE-2020-36224, CVE-2020-36225, CVE-2020-36226, CVE-2020-36227, CVE-2020-36228, CVE-2020-36229, CVE-2020-36230, CVE-2021-21120
SSA-455843: WIBU Systems CodeMeter Runtime Vulnerabilities in Siemens and Siemens Energy Products [18] Updated solution for SPPA S3000 (with fixes for the open CVEs)
SSA-534763: Special Register Buffer Data Sampling (SRBDS) aka Crosstalk in Industrial Products [19] Added solution for SIMATIC Field PG M5, and SIMATIC Field PG M6
SSA-541017: Embedded TCP/IP Stack Vulnerabilities (AMNESIA:33) in SIRIUS 3RW5 Modbus TCP and SENTRON PAC / 3VA Devices [20] Added additional affected products (SENTRON PAC2200, PAC3200T, 3VA COM100/800, 3VA DSP800) and related fix release information
SSA-622830: Multiple File Parsing Vulnerabilities in JT2Go and Teamcenter Visualization before V13.1.0 [21] Included fix information for CVE-2020-26989, CVE-2020-26990 and CVE-2020-26991, and reference to new advisory SSA-663999
SSA-646841: Recoverable Password from Configuration Storage in SCALANCE X Switches [22] Added solution for SCALANCE X-200IRT switch family
SSA-841348: Multiple Vulnerabilities in the UMC Stack [23] Added solution for SIMOCODE ES V15 and Soft Starter ES V15
SSA-886514: Persistent XSS Vulnerabilities in the Web Interface of Climatix POL908 and POL909 Modules [24] Added solution for POL909 (AWM Module)
SSA-951513: Clickjacking Vulnerability in SCALANCE X-300, X-200IRT, and X-200 Switch Families [25] Added solution for SCALANCE X-200IRT switch family
SSA-978220: Denial-of-Service Vulnerability over SNMP in Multiple Industrial Products [26] Added solution for SIMATIC NET CP 1626
 

Siemens ProductCERT Updated: 12/08/20

The following new advisories/bulletins have just been published on the Siemens ProductCERT web site [1]:
SSA-415783: Insecure SSL configuration in SICAM A8000 CP-8000, CP-8021 and CP-8022 [2]
SSA-478893: TightVNC Vulnerabilities in Industrial Products [3]
SSA-480824: Multiple Vulnerabilities in LOGO! 8 BM [4]
SSA-541017: Embedded TCP/IP Stack Vulnerabilities (AMNESIA:33) in SIRIUS 3RW5 Modbus TCP and SENTRON PAC Devices [5]
SSA-700697: Denial-of-Service Vulnerability in Web Server of SIMATIC Controllers [6]
SSA-712690: Vulnerabilities in XHQ Operations Intelligence [7]
Additionally, the following advisories / bulletins have just been updated on the Siemens ProductCERT web site [1]:
SSA-087240: Vulnerabilities in SIEMENS LOGO! [8]  Add solution for CVE-2017-12735.
SSA-102144: Code Execution Vulnerability in LOGO! Soft Comfort [9] Added solution
SSA-102233: SegmentSmack in VxWorks-based Industrial Devices [10] 
Updated information regarding successor products for SIMATIC RF180C and RF182C
SSA-181018: Heap Overflow Vulnerability in SCALANCE X switches, RUGGEDCOM Win, RFID 181EIP, and SIMATIC RF182C [11] Informed about successor products for SIMATIC RF182C and RFID 181EIP
SSA-312271: Unquoted Search Path Vulnerabilities in Windows-based Industrial Software Applications [12]  Added solution for SIMATIC S7-1500 Software Controller and SINAMICS STARTER
SSA-381684: Improper Password Protection during Authentication in SIMATIC S7-300 and S7-400 CPUs and Derived Products [13]  Upated the section ACKNOWLEDGMENTS
SSB-439005: Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP [14]  Added an initial set of vulnerabilities for V2.8.4, and the following for V2.6.1 and earlier: CVE-2020-25284, CVE-2020-25668, CVE-2020-25705, CVE-2020-27618, CVE-2020-27777
SSA-462066: Vulnerability known as TCP SACK PANIC in Industrial Products [15]
Added solution for SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP
SSA-480230: Denial-of-Service in Webserver of Industrial Products [16]
Updated information regarding successor products for SIMATIC RF182C and RFID 181EIP
SSA-534763: Special Register Buffer Data Sampling (SRBDS) aka Crosstalk in Industrial Products [17] Added solution for SIMATIC IPC427E, SIMATIC IPC477E, and SIMATIC IPC477E PRO
SSA-542525: Authentication Vulnerabilities in SIMATIC HMI Products [18]           
Added patch links for SIMATIC HMI Basic (2nd generation), Comfort (including SIPLUS variants) and Mobile Panels
SSA-542701: Vulnerabilities in SIEMENS LOGO! [19]  Add solution for LOGO! 8 BM
SSA-616472: ZombieLoad and Microarchitectural Data Sampling Vulnerabilities in Industrial Products [20] 
Remove wrong MLFB from SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP and Updates for SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP
SSA-689942: Denial-of-Service and DLL Hijacking Vulnerabilities in Multiple SIMATIC Software Products [21] Corrected affected version and patch link for SINAMICS STARTER
SSA-712518: Information Disclosure Vulnerability (Kr00k) in Industrial Wi-Fi Products [22] Added solution for SIMOTICS CONNECT 400
SSA-780073: Denial-of-Service Vulnerability in PROFINET Devices via DCE-RPC Packets [23] Added SIMOTION products; Updated information regarding successor products for SIMATIC RF180C and RF182C
SSA-817401: Missing Authentication Vulnerability in SIEMENS LOGO! [24]  Added additional mitigation for LOGO! V8.3
SSA-841348: Multiple Vulnerabilities in the UMC Stack [25]