CERT-In Advisory
CIAD-2024-0011
Multiple Vulnerabilities in Siemens Products
Original Issue Date: February 22, 2024
Severity Rating: High
Software Affected
- SINEC NMS before V2.0 SP1
- SCALANCE XCM-/XRM-300 before V2.4
- Scalance W1750D
- Location Intelligence before V4.3
- Polarion ALM
- TCP/IP Stack of CP343-1 Devices
- SIDIS Prime before V4.0.400
- Nozomi Guardian/CMC before 23.3.0 on RUGGEDCOM APE1808 devices
Overview
Multiple vulnerabilities have been reported in Siemens Products which could allow an attacker to execute arbitrary code, gain elevated privileges, disclose sensitive information or may perform denial of service (DoS) condition on the targeted system.
Description
Multiple vulnerabilities have been reported in Siemens products; details of which are provided below:
Solution
Apply appropriate fixes as mentioned in Siemens Security Advisory:
https://cert-portal.siemens.com/productcert/html/ssa-943925.html
https://cert-portal.siemens.com/productcert/html/ssa-806742.html#cves-section
https://cert-portal.siemens.com/productcert/html/ssa-716164.html
https://cert-portal.siemens.com/productcert/html/ssa-580228.html#cve-2024-23816
https://cert-portal.siemens.com/productcert/html/ssa-871717.html
https://cert-portal.siemens.com/productcert/html/ssa-516818.html
https://cert-portal.siemens.com/productcert/html/ssa-108696.html
https://cert-portal.siemens.com/productcert/html/ssa-665034.html
Vendor Information
Siemens
https://www.siemens.com/cert/advisories
References
Siemens
https://cert-portal.siemens.com/productcert/html/ssa-943925.html
https://cert-portal.siemens.com/productcert/html/ssa-806742.html#cves-section
https://cert-portal.siemens.com/productcert/html/ssa-716164.html
https://cert-portal.siemens.com/productcert/html/ssa-580228.html#cve-2024-23816
https://cert-portal.siemens.com/productcert/html/ssa-871717.html
https://cert-portal.siemens.com/productcert/html/ssa-516818.html
https://cert-portal.siemens.com/productcert/html/ssa-108696.html
https://cert-portal.siemens.com/productcert/html/ssa-665034.html
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Email: info@cert-in.org.in Phone: +91-11-22902657
Postal address
Indian Computer Emergency Response Team (CERT-In) Ministry of Electronics and Information Technology Government of India Electronics Niketan 6, CGO Complex, Lodhi Road, New Delhi - 110 003 India
|