Siemens SINEC NMS Third-Party

🗓️ 09 May 2023 00:00:00Reported by Industrial Control Systems Cyber Emergency Response TeamType

ics🔗 www.cisa.gov👁 43 Views

Siemens SINEC NMS Third-Party components have multiple vulnerabilities including Expected Behavior Violation, Improper Validation of Syntactic Correctness of Input, Stack-based Buffer Overflow, and Use After Free

Reporter	Title	Published	Views	Family All 1471
IBM Security Bulletins	Security Bulletin: Due to use of Expat library, IBM Tivoli Network Manager (ITNM) is vulnerable to arbitrary code execution [CVE-2022-40674]	16 Jan 202316:43	–	ibm
IBM Security Bulletins	Security Bulletin: libcurl as used by IBM QRadar Wincollect agent is vulnerable to denial of service (CVE-2022-43552, CVE-2022-43551)	25 Jan 202319:11	–	ibm
IBM Security Bulletins	Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from Kubernetes, curl and systemd	19 Jun 202308:19	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in Curl affect PowerSC	15 Jun 202317:06	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities affect IBM Tivoli Monitoring included WebSphere Application Server and IBM HTTP Server used by WebSphere Application Server	30 Dec 202217:56	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Security Verify Access Appliance has multiple security vulnerabilities	14 Oct 202305:03	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities have been identified in IBM HTTP Server shipped with IBM Rational ClearCase (CVE-2022-43680, CVE-2013-0340, CVE-2017-9233)	13 Dec 202205:37	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in CloudPak for Watson AIOPs	30 Mar 202315:19	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in Linux Kernel, Golang Go, and cURL libcurl may affect IBM Spectrum Protect Plus	13 Dec 202219:27	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM HTTP Server used by WebSphere Application Server affect IBM Business Automation Workflow (CVE-2022-40674)	21 Oct 202206:57	–	ibm

Source	Link
cert-portal	www.cert-portal.siemens.com/productcert/csaf/ssa-892048.json
cert-portal	www.cert-portal.siemens.com/productcert/html/ssa-892048.html
cert-portal	www.cert-portal.siemens.com/productcert/pdf/ssa-892048.pdf
cert-portal	www.cert-portal.siemens.com/productcert/txt/ssa-892048.txt
raw	www.raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2023/icsa-23-131-05.json
cisa	www.cisa.gov/news-events/ics-advisories/icsa-23-131-05
cisa	www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01
cisa	www.cisa.gov/resources-tools/resources/ics-recommended-practices
cisa	www.cisa.gov/topics/industrial-control-systems
us-cert	www.us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf

09 May 2023 00:00Current

8.7High risk

Vulners AI Score8.7

CVSS 3.19.8

EPSS0.04325

SSVC