SCALANCE S602, SCALANCE S612, SCALANCE S623, SCALANCE S627-2M Security Vulnerabilities

Siemens SCALANCE X-200 and X-200IRT Families Improper Neutralization of Input During Web Page Generation (CVE-2022-40631)

A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.0), SCALANCE X201-3P IRT (All versions < V5.5.0), SCALANCE X201-3P IRT PRO (All versions < V5.5.0), SCALANCE X202-2IRT (All versions < V5.5.0), SCALANCE X202-2P IRT (All versions < V5.5.0), SCALANCE X202...

Siemens SCALANCE Improper Neutralization of Special Elements in Output Used By a Downstream Component (CVE-2022-36323)

Affected devices do not properly sanitize an input field. This could allow an authenticated remote attacker with administrative privileges to inject code or spawn a system root shell. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...

Siemens SCALANCE X Switches, RUGGEDCOM WiMAX, RFID 181-EIP, and SIMATIC RF182C Heap-Based Buffer Overflow (CVE-2018-4833)

A vulnerability has been identified in RFID 181EIP (All versions), RUGGEDCOM Win (V4.4, V4.5, V5.0, and V5.1), SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.3), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.4.1), SCALANCE X-200R...

Siemens Web Server of SCALANCE X200 Stack-Based Buffer Overflow (CVE-2021-25669)

A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < 5.5.1), SCALANCE X201-3P IRT (All versions < 5.5.1), SCALANCE X201-3P IRT PRO (All versions < 5.5.1), SCALANCE X202-2 IRT (All versions < 5.5.1), SCALANCE X202-2P IRT (incl. SIPLUS NET variant) (All versions &lt...

Siemens SCALANCE X-300 Switches Stack-Based Buffer Overflow (CVE-2022-25753)

A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V,...

Siemens SCALANCE Allocation of Resources Without Limits or Throttling (CVE-2022-36324)

Affected devices do not properly handle the renegotiation of SSL/TLS parameters. This could allow an unauthenticated remote attacker to bypass the TCP brute force prevention and lead to a denial of service condition for the duration of the attack. This plugin only works with Tenable.ot. Please...

Siemens SCALANCE Improper Neutralization of Script-Related HTML Tags in a Web Page (CVE-2022-36325)

Affected devices do not properly sanitize data introduced by an user when rendering the web interface. This could allow an authenticated remote attacker with administrative privileges to inject code and lead to a DOM-based XSS. This plugin only works with Tenable.ot. Please visit...

Siemens SCALANCE X-300 Switches Improper Neutralization of Script-Related HTML Tags in a Web Page (CVE-2022-25756)

A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V,...

(RHSA-2023:0334) Important: kernel security and bug fix update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): kernel: watch queue race condition can lead to privilege escalation (CVE-2022-2959) kernel: memory corruption in AX88179_178A based USB ethernet device. (CVE-2022-2964) kernel: i915:...

kernel security and bug fix update

An update is available for kernel. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The kernel packages contain the Linux kernel, the core of any Linux operating....

Important: kernel security and bug fix update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): kernel: watch queue race condition can lead to privilege escalation (CVE-2022-2959) kernel: memory corruption in AX88179_178A based USB ethernet device. (CVE-2022-2964) kernel: i915:...

kernel security and bug fix update

An update is available for kernel. This update affects Rocky Linux SIG Cloud 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The kernel packages contain the Linux kernel, the core of any Linux....

Important: kernel security and bug fix update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): kernel: watch queue race condition can lead to privilege escalation (CVE-2022-2959) kernel: memory corruption in AX88179_178A based USB ethernet device. (CVE-2022-2964) kernel: i915:...

libvirt bug fix and enhancement update

An update is available for libvirt. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The libvirt library contains a C API for managing and interacting with the...

Important: kernel security and bug fix update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): kernel: watch queue race condition can lead to privilege escalation (CVE-2022-2959) kernel: memory corruption in AX88179_178A based USB ethernet device. (CVE-2022-2964) kernel: i915: Incorrect...

Important: kernel security and bug fix update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): kernel: watch queue race condition can lead to privilege escalation (CVE-2022-2959) kernel: memory corruption in AX88179_178A based USB ethernet device. (CVE-2022-2964) kernel: i915: Incorrect...

Siemens Industrial Real-Time (IRT) Devices (Update F)

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....

Siemens OpenSSL Affected Industrial Products (Update E)

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....

Siemens SCALANCE and RUGGEDCOM Products (Update B)

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....

Siemens SCALANCE (Update A)

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....

Siemens TCP Event Service of SCALANCE And RUGGEDCOM Devices

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....

Siemens S7-1500 CPU devices have an unspecified vulnerability

SIMATIC drive controllers are designed for the automation of production machines and combine the functionality of SIMATIC S7-1500 CPUs and SINAMICS S120 drive controls.SIMATIC S7-1500 CPU products are designed for discrete and continuous control in industrial environments such as global...

kernel security and bug fix update

An update is available for kernel. This update affects Rocky Linux SIG Cloud 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The kernel packages contain the Linux kernel, the core of any Linux....

kernel security and bug fix update

An update is available for kernel. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The kernel packages contain the Linux kernel, the core of any Linux operating....

Important: kernel security and bug fix update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): kernel: memory corruption in AX88179_178A based USB ethernet device. (CVE-2022-2964) kernel: i915: Incorrect GPU TLB flush can lead to random memory access (CVE-2022-4139) For more details...

(RHSA-2023:0101) Important: kernel security and bug fix update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): kernel: memory corruption in AX88179_178A based USB ethernet device. (CVE-2022-2964) kernel: i915: Incorrect GPU TLB flush can lead to random memory access (CVE-2022-4139) For more details...

Important: kernel security and bug fix update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): kernel: memory corruption in AX88179_178A based USB ethernet device. (CVE-2022-2964) kernel: i915: Incorrect GPU TLB flush can lead to random memory access (CVE-2022-4139) For more details...

(RHSA-2023:0099) Moderate: virt:rhel and virt-devel:rhel security and bug fix update

Kernel-based Virtual Machine (KVM) offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the....

Moderate: virt:rhel and virt-devel:rhel security and bug fix update

Kernel-based Virtual Machine (KVM) offers a full virtualization solution for Linux on numerous hardware platforms. The virt:Rocky Linux module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting...

virt:rhel and virt-devel:rhel security and bug fix update

An update is available for libguestfs, libnbd, libtpms, libguestfs-winsupport, nbdkit, supermin, libiscsi, hivex, libvirt, netcf, perl-Sys-Virt, seabios, qemu-kvm, swtpm, virt-v2v, sgabios, libvirt-dbus, libvirt-python. This update affects Rocky Linux 8. A Common Vulnerability Scoring System...

Important: kernel security and bug fix update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): kernel: memory corruption in AX88179_178A based USB ethernet device. (CVE-2022-2964) kernel: i915: Incorrect GPU TLB flush can lead to random memory access (CVE-2022-4139) For more details...

Important: kernel security and bug fix update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): kernel: memory corruption in AX88179_178A based USB ethernet device. (CVE-2022-2964) kernel: i915: Incorrect GPU TLB flush can lead to random memory access (CVE-2022-4139) For more details...

Moderate: virt:rhel and virt-devel:rhel security and bug fix update

Kernel-based Virtual Machine (KVM) offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the....

Moderate: virt:rhel and virt-devel:rhel security and bug fix update

Kernel-based Virtual Machine (KVM) offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the....

Siemens SCALANCE X-200RNA Switch Devices

EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: Siemens Equipment: SCALANCE X-200RNA switch devices before V3.2.7 Vulnerabilities: Observable Timing Discrepancy; Race Condition; Improper Restriction of Operations...

Siemens SCALANCE X Switches (Update C)

EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SCALANCE X200, X200IRT, X300 Vulnerabilities: Use of Hard-coded Cryptographic Key 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled...

Siemens SCALANCE X Switches (Update B)

EXECUTIVE SUMMARY CVSS v3 5.8 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: SCALANCE X switches Vulnerabilities: Cross-site Scripting 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-18-163-02 Siemens SCALANCE X Switches that was...

Siemens SCALANCE SC-600 Family

EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SCALANCE SC-600 Family Vulnerability: Out-of-bounds Write, Use After Free, Allocation of Resources Without Limits or Throttling 2. RISK EVALUATION Successful exploitation of this...

Siemens SCALANCE X Switches (Update C)

EXECUTIVE SUMMARY CVSS v3 4.2 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SCALANCE X switches Vulnerability: Protection Mechanism Failure 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled ICSA-20-042-07 Siemens...

Siemens SCALANCE X Switches (Update B)

EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SCALANCE X Switches Vulnerability: Missing Authentication for Critical Function 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled...

Siemens Multiple Vulnerabilities in SCALANCE Products

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....

Siemens SCALANCE X-200RNA Switch Devices

EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity/public exploits available Vendor: Siemens Equipment: SCALANCE Vulnerabilities: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS), Uncontrolled Resource Consumption, Use of...

Siemens Products affected by OpenSSL 3.0

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....

CISA Releases Forty-One Industrial Control Systems Advisories

CISA has released forty-one (41) Industrial Control Systems (ICS) advisories on 15 December 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS...

Siemens SCALANCE X-200RNA Switch Devices Improper Access Control Vulnerability

The SCALANCE X-204RNA Industrial Ethernet Access Point enables non-PRP endpoint devices to connect to a separate parallel network as needed.A security vulnerability exists in Siemens SCALANCE X-200RNA Switch Devices due to a specific security header missing from the affected device's web server....

Siemens Industrial Product Denial of Service Vulnerability

SIMATIC Drive Controllers for the automation of production machines combine the functions of SIMATIC S7-1500 CPUs and SINAMICS S120 drive controls.SIMATIC ET 200SP Open Controller is the PC-based version of the SIMATIC S7-1500 controller and includes optional visualization and central I/O in...

Siemens Industrial Product Denial of Service Vulnerability (CNVD-2022-87982)

SIMATIC Drive Controllers for the automation of production machines combine the functions of SIMATIC S7-1500 CPUs and SINAMICS S120 drive controls.SIMATIC ET 200SP Open Controller is the PC-based version of the SIMATIC S7-1500 controller and includes optional visualization and central I/O in...

Siemens SCALANCE X-200RNA Switch Devices has an unspecified vulnerability

The SCALANCE X-204RNA Industrial Ethernet Access Point enables non-PRP endpoint devices to connect to a separate parallel network as needed.A security vulnerability exists in Siemens SCALANCE X-200RNA Switch Devices due to the web server of the affected device calculating session IDs and random...

Siemens SCALANCE X-200RNA Switch Devices Cross-Site Scripting Vulnerability

The SCALANCE X-204RNA Industrial Ethernet Access Point enables non-PRP endpoint devices to connect to a separate parallel network as needed.A cross-site scripting vulnerability exists in Siemens SCALANCE X-200RNA Switch Devices, which can be exploited by attackers to trigger malicious requests on.....

Siemens SCALANCE X-200RNA Switch Devices are not subject to control resource consumption vulnerabilities

The SCALANCE X-204RNA Industrial Ethernet Access Point enables non-PRP endpoint devices to connect to a separate parallel network as needed.An uncontrolled resource consumption vulnerability exists in Siemens SCALANCE X-200RNA Switch Devices, which can be exploited by an attacker to cause a denial....