CERT-In Advisory
CIAD-2024-0019
Multiple Vulnerabilities in Siemens Products
Original Issue Date: March 21, 2024
Severity Rating: High
Systems Affected
- RUGGEDCOM
- Solid Edge
- SENTRON
- Cerberus PRO
- Sinteso
- Siveillance Control
- SIMATIC
- SINEMA Remote Connect Client
Overview
Multiple vulnerabilities have been reported in Siemens Products which could allow an attacker to execute arbitrary code, bypass security restrictions or perform denial of service (DoS) conditions on the targeted system.
Description
Multiple vulnerabilities have been reported in Siemens products; details of which are provided below:
Solution
Apply appropriate fixes/workarounds as mentioned in Siemens Security Advisory:
https://cert-portal.siemens.com/productcert/html/ssa-832273.html
https://cert-portal.siemens.com/productcert/html/ssa-382651.html
https://cert-portal.siemens.com/productcert/html/ssa-918992.html
https://cert-portal.siemens.com/productcert/html/ssa-225840.html
https://cert-portal.siemens.com/productcert/html/ssa-145196.html
https://cert-portal.siemens.com/productcert/html/ssa-770721.html
https://cert-portal.siemens.com/productcert/html/ssa-653855.html
https://cert-portal.siemens.com/productcert/html/ssa-576771.html
Vendor Information
Siemens
https://cert-portal.siemens.com/productcert/html/ssa-832273.html
https://cert-portal.siemens.com/productcert/html/ssa-382651.html
https://cert-portal.siemens.com/productcert/html/ssa-918992.html
https://cert-portal.siemens.com/productcert/html/ssa-225840.html
https://cert-portal.siemens.com/productcert/html/ssa-145196.html
https://cert-portal.siemens.com/productcert/html/ssa-770721.html
https://cert-portal.siemens.com/productcert/html/ssa-653855.html
https://cert-portal.siemens.com/productcert/html/ssa-576771.html
References
Siemens
https://www.siemens.com/cert/advisories
CVE Name
CVE-2023-38545
CVE-2023-38546
CVE-2023-44250
CVE-2023-44487
CVE-2023-47537
CVE-2024-21762
CVE-2024-23113
CVE-2024-22044
CVE-2023-49125
CVE-2024-22039
CVE-2024-22040
CVE-2024-22041
CVE-2023-45793
CVE-2024-22045
CVE-2020-23064
CVE-2022-32257
CVE-2017-14491
CVE-2017-18509
CVE-2020-0338
CVE-2020-0417
CVE-2020-10768
CVE-2020-11301
CVE-2020-14305
CVE-2020-14381
CVE-2020-15436
CVE-2020-24587
CVE-2020-25705
CVE-2020-26555
CVE-2020-26558
CVE-2020-29660
CVE-2020-29661
CVE-2021-0302
CVE-2021-0305
CVE-2021-0325
CVE-2021-0326
CVE-2021-0327
CVE-2021-0328
CVE-2021-0329
CVE-2021-0330
CVE-2021-0331
CVE-2021-0333
CVE-2021-0334
CVE-2021-0336
CVE-2021-0337
CVE-2021-0339
CVE-2021-0341
CVE-2021-0390
CVE-2021-0391
CVE-2021-0392
CVE-2021-0393
CVE-2021-0394
CVE-2021-0396
CVE-2021-0397
CVE-2021-0399
CVE-2021-0400
CVE-2021-0429
CVE-2021-0431
CVE-2021-0433
CVE-2021-0434
CVE-2021-0435
CVE-2021-0436
CVE-2021-0437
CVE-2021-0438
CVE-2021-0443
CVE-2021-0444
CVE-2021-0471
CVE-2021-0473
CVE-2021-0474
CVE-2021-0476
CVE-2021-0478
CVE-2021-0480
CVE-2021-0481
(for full list of CVEs refer Security bulletin)
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Email: info@cert-in.org.in Phone: +91-11-22902657
Postal address
Indian Computer Emergency Response Team (CERT-In) Ministry of Electronics and Information Technology Government of India Electronics Niketan 6, CGO Complex, Lodhi Road, New Delhi - 110 003 India
|