Siemens SCALANCE XM-400, XR-500

🗓️ 11 Jun 2024 00:00:00Reported by Industrial Control Systems Cyber Emergency Response TeamType

ics🔗 www.cisa.gov👁 35 Views

The document outlines that CISA will stop updating ICS security advisories for Siemens' SCALANCE XM-400/XR-500 after January 10, 2023 due to various vulnerabilities including inadequate encryption strength, double free, use-after-free, improper input validation, and improper certificate validation

Reporter	Title	Published	Views	Family All 872
IBM Security Bulletins	Security Bulletin:IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from openssl, pcre2 and Golang Go	31 Aug 202216:17	–	ibm
IBM Security Bulletins	Security Bulletin: IBM MQ for HP NonStop Server is affected by multiple OpenSSL vulnerabilities	7 Mar 202316:55	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to multiple OpenSSl denial of service vulnerabilities.	5 Jul 202320:58	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cognos Command Center is affected by multiple vulnerabilities	4 May 202320:23	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM SDK for Node.js and packaged modules affect IBM Business Automation Workflow Configuration Editor	1 Mar 202309:00	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Security Verify Access Appliance has multiple security vulnerabilities	14 Oct 202305:03	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in OpenSSL affects IBM Integrated Analytics System [CVE-2022-4304, CVE-2023-0215, CVE-2023-0286]	27 Sep 202411:53	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Spectrum Conductor openssl 1.1.1 End of Life	5 Oct 202320:31	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in OpenSSL affects IBM Rational ClearCase	3 Oct 202314:09	–	ibm
IBM Security Bulletins	Security Bulletin: AIX is vulnerable to arbitrary command execution (CVE-2022-1292 and CVE-2022-2068) or an attacker may obtain sensitive information (CVE-2022-2097) due to OpenSSL	19 Aug 202216:02	–	ibm

Source	Link
cert-portal	www.cert-portal.siemens.com/productcert/csaf/ssa-879734.json
cert-portal	www.cert-portal.siemens.com/productcert/html/ssa-879734.html
cert-portal	www.cert-portal.siemens.com/productcert/pdf/ssa-879734.pdf
cert-portal	www.cert-portal.siemens.com/productcert/txt/ssa-879734.txt
raw	www.raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2024/icsa-24-165-11.json
cisa	www.cisa.gov/news-events/ics-advisories/icsa-24-165-11
cisa	www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01
cisa	www.cisa.gov/resources-tools/resources/ics-recommended-practices
cisa	www.cisa.gov/topics/industrial-control-systems
us-cert	www.us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf

11 Jun 2024 00:00Current

8.6High risk

Vulners AI Score8.6

CVSS 25

CVSS 3.15.9

EPSS0.00509

SSVC