Povzetek

Podjetje Siemens, eden vodilnih proizvajalcev na področju sistemske avtomatizacije v proizvodnji, je 12. 07. 2022 objavil 19 novih ter posodobil 15 varnostnih obvestil o ranljivosti v njihovih produktih. Kar 11 obvestil je označenih z oceno CVSS, ki je večja ali enaka 8. S pomočjo zlorabe ranljivosti lahko napadalci izvajajo napade onemogočanja (DoS), pridobijo dostop do zaupnih podatkov, izkoristijo ranljivosti dviga pravic (privilege escalation) ali pa sprožijo izvajanje kode na daljavo (RCE).

Uporabnikom svetujemo, da sledijo navodilom proizvajalca ter izvedejo potrebne ukrepe.

Ranljivosti

Oznaka	CVSS	Opis varnostnega obvestila
SSB-439005		Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP
SSA-433782	4.9	Improper Access Control Vulnerability in Mendix
SSA-446448	5.3	Denial of Service Vulnerability in PROFINET Stack Integrated on Interniche Stack
SSA-414513	5.3	Information Disclosure Vulnerability in Mendix
SSA-557804	5.4	Mirror Port Isolation Vulnerability in SCALANCE X Switches
SSA-225578	6.3	Improper Access Control in SICAM GridEdge
SSA-610768	6.5	XML Entity Expansion Injection Vulnerability in Mendix Excel Importer Module
SSA-492173	6.5	Expression Injection Vulnerability in Mendix Applications
SSA-285795	6.5	Denial of Service in OPC-UA in Industrial Products
SSA-599506	7.2	Command Injection in RUGGEDCOM ROX
SSA-244969	7.4	OpenSSL Vulnerability in Industrial Products
SSA-838121	7.5	Multiple Denial of Service Vulnerabilities in Industrial Products
SSA-712929	7.5	Denial of Service Vulnerability in OpenSSL (CVE-2022-0778) Affecting Industrial Products
SSA-711829	7.5	Denial of Service Vulnerability in TIA Administrator
SSA-491621	7.5	Denial of Service Vulnerability in CPC80 Firmware of SICAM A8000 Devices
SSA-321292	7.5	Denial of Service in the OPC Foundation Local Discovery Server (LDS) in Industrial Products
SSA-309571	7.5	IPU 2021.1 Vulnerabilities in Siemens Industrial Products using Intel CPUs (June 2021)
SSA-829738	7.8	Datalogics File Parsing Vulnerability in Teamcenter Visualization and JT2Go
SSA-678983	7.8	Vulnerabilities in Industrial PCs and CNC devices using Intel CPUs (November 2020)
SSA-474231	7.8	File Parsing Vulnerability in Simcenter Femap before V2022.2
SSA-439148	7.8	File Parsing Vulnerabilities in PADS Standard/Plus Viewer
SSA-429204	7.8	Open Design Alliance Drawings SDK Vulnerabilities in JT2Go and Teamcenter Visualization
SSA-243317	7.8	File Parsing Vulnerability in Simcenter Femap and Parasolid
SSA-840800	8	Code Injection Vulnerability in RUGGEDCOM ROS
SSA-348662	8	Multiple Vulnerabilities in SIMATIC MV500 Devices before V3.3
SSA-306654	8.4	Insyde BIOS Vulnerabilities in Siemens Industrial Products
SSA-865333	8.6	Memory Corruption Vulnerability in EN100 Ethernet Module
SSA-944952	9.6	Authentication Bypass Vulnerability in Opcenter Quality
SSA-310038	9.6	Multiple Vulnerabilities in SCALANCE X Switch Devices
SSA-910883	9.8	DHCP Client Vulnerability in SINAMICS PERFECT HARMONY GH180 Drives
SSA-840188	9.9	Multiple Vulnerabilities in SIMATIC WinCC Affecting Other SIMATIC Software Products
SSA-220589	9.9	Hard Coded Default Credential Vulnerability in Teamcenter
SSA-580125	10	Multiple Vulnerabilities in SIMATIC eaSie Core Package
SSA-517377	10	Multiple Vulnerabilities in the SRCS VPN Feature in SIMATIC CP Devices

Več informacij je na voljo na spletni strani Siemens ProductCERT: https://www.siemens.com/cert/advisories/

SI-CERT 2022-03 / Več ranljivosti v produktih podjetja Siemens

Povzetek

Ranljivosti

Preberite tudi

SI-CERT 2024-07 / Ranljivost OpenPrinting CUPS sistema v GNU/Linux

SI-CERT 2024-06 / Kritična ranljivost GeoServer (CVE-2024-36401)

SI-CERT 2024-05 / Ranljivost Check Point Remote Access VPN