Siemens release advisory for multiple products including 10 critical

Siemens has issued over 20 security advisories for May 2024 addressing vulnerabilities in various products. Several critical severity vulnerabilities have been resolved listed below. These flaws impact a broad range of Siemens products, including:

• Simatic
• Sinamics
• Sinumerik
• TIA Portal
• Parasolid
• Polarion ALM
• Tecnomatix Plant Simulation
• Sicam
• Teamcenter Visualization
• JT2Go
• Solid Edge
• Ruggedcom
• Simcenter Nastran

Please note that Siemens has not yet provided patches for some of the identified vulnerabilities. The users need to review individual products for patch availability.

Critical issues reported are:

• SSA-968170 (CVSS score 10) Remote Code Execution Vulnerability in SIMATIC STEP 7 V5.x and Derived Products
• SSA-953710 (CVSS score 10) Vulnerabilities in the Network Communication Stack in Desigo Fire Safety UL and Cerberus PRO UL Fire Protection Systems
• SSA-273900 (CVSS score 10) Multiple Vulnerabilities in SIMATIC CN 4100 before V3.0
• SSA-225840 (CVSS score 10) Vulnerabilities in the Network Communication Stack in Sinteso EN and Cerberus PRO EN Fire Protection Systems
• SSA-093430 (CVSS score 10) Multiple Vulnerabilities in SIMATIC RTLS Locating Manager before V3.0
• SSA-916916 (CVSS score 9.8) Security Vulnerabilities Fixed in RUGGEDCOM CROSSBOW V5.5
• SSA-832273 (CVSS score 9.8) Multiple Vulnerabilities in Fortigate NGFW before V7.4.3 on RUGGEDCOM APE1808 devices
• SSA-455250 (CVSS score 9.8) Multiple Vulnerabilities in Palo Alto Networks Virtual NGFW on RUGGEDCOM APE1808 devices
• SSA-398330 (CVSS score 9.8) Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
• SSA-240541 (CVSS score 9.0) WIBU Systems CodeMeter Heap Buffer Overflow Vulnerability in Industrial Products