Siemens has released security updates to address multiple vulnerabilities in the following products:

• Brownfield Connectivity - Client
• Tecnomatix Plant Simulation
• JT Open
• JT Utilities
• Parasolid
• Brownfield Connectivity - Gateway
• COMOS
• SIMATIC
• SiPass
• TIA Multiuser Server
• TIA Project-Server
• SCALANCE
• Simcenter Femap
• Solid Edge
• RUGGEDCOM
• Mendix Applications

An attacker could exploit these vulnerabilities and achieve the following:

• OS Command Injection
• Improper Certificate Validation
• Use of a Broken or Risky Cryptographic Algorithm
• Denial of Service (DoS)
• Remote code execution
• Improper Input Validation
• Uncontrolled Resource Consumption
• Buffer Overflow
• Privilege Escalation
• Sensitive Information Disclosure
• Improper Access Control

The CERT team encourages users to update affected products and review Siemens security advisory:

• https://cert-portal.siemens.com/productcert/html/ssa-953464.html
• https://cert-portal.siemens.com/productcert/html/ssa-847261.html
• https://cert-portal.siemens.com/productcert/html/ssa-836777.html
• https://cert-portal.siemens.com/productcert/html/ssa-744259.html
• https://cert-portal.siemens.com/productcert/html/ssa-693110.html
• https://cert-portal.siemens.com/productcert/html/ssa-686975.html
• https://cert-portal.siemens.com/productcert/html/ssa-658793.html
• https://cert-portal.siemens.com/productcert/html/ssa-640968.html
• https://cert-portal.siemens.com/productcert/html/ssa-617755.html
• https://cert-portal.siemens.com/productcert/html/ssa-565356.html
• https://cert-portal.siemens.com/productcert/html/ssa-491245.html
• https://cert-portal.siemens.com/productcert/html/ssa-450613.html
• https://cert-portal.siemens.com/productcert/html/ssa-252808.html