The official site for Saudi CERT
Siemens Updates
2844
Warning Date
Severity Level
Warning Number
Target Sector
13 October, 2021
● Critical
2021-3662
All
Description:
Siemens has released security updates to address several vulnerabilities in the following products:
- SINEC NMS
- All versions < V1.0 SP2 Update 1
- RUGGEDCOM ROX MX5000
- All versions < V2.14.1
- RUGGEDCOM ROX RX1400
- All versions < V2.14.1
- RUGGEDCOM ROX RX1500
- All versions < V2.14.1
- RUGGEDCOM ROX RX1501
- All versions < V2.14.1
- RUGGEDCOM ROX RX1510
- All versions < V2.14.1
- RUGGEDCOM ROX RX1511
- All versions < V2.14.1
- RUGGEDCOM ROX RX1512
- All versions < V2.14.1
- RUGGEDCOM ROX RX1524
- All versions < V2.14.1
- RUGGEDCOM ROX RX1536
- All versions < V2.14.1
- RUGGEDCOM ROX RX5000
- All versions < V2.14.1
- SINUMERIK 808D
- All versions
- SINUMERIK 828D
- All versions < V4.95
- SCALANCE W1750D
- All versions < V8.7.1.3
- SCALANCE W1750D
- All versions >= V8.7.1.3
- SIMATIC Process Historian 2013 and earlier
- All versions
- SIMATIC Process Historian 2014
- All versions < SP3 Update 6
- SIMATIC Process Historian 2019
- All versions
- SIMATIC Process Historian 2020
- All versions
Threats:
Attacker could exploit these vulnerabilities by doing the following:
- Path traversal attack
- Unauthorized modification
- Arbitrary File Deletion
- Execute arbitrary code
- Denial of service attack (DoS)
- Command injection
Best practice and Recommendations:
The CERT team encourages users to review Siemens security advisory and apply the necessary updates:
- https://cert-portal.siemens.com/productcert/txt/ssa-163251.txt
- https://cert-portal.siemens.com/productcert/txt/ssa-173565.txt
- https://cert-portal.siemens.com/productcert/txt/ssa-178380.txt
- https://cert-portal.siemens.com/productcert/txt/ssa-280624.txt
- https://cert-portal.siemens.com/productcert/txt/ssa-766247.txt
Rate the content
Share the page
