Siemens releases January patch, including fixes for 7 critical issues
Take action: This is a very big package of fixes for a lot of Siemens products. It contains some very severe issues, so take your time to research them. Obvious first action is locking from the internet, but it may not be enough - there are seven critical issues, even one with highest possible severity. Make the effort to patch.
Learn More
Siemens has released it's January 2024 patch package and addresses a total of 17 advisories across multiple product families:
- User Management Component (UMC)
- SiNVR/SiVMS Video Server
- SIMATIC S7-1500 TM MFP
- Teamcenter Visualization and JT2Go
- Spectrum Power 7
- SIMATIC CN 4100
- Control Center Server (CCS)
- maxView Storage Manager
- Solid Edge
- SICAM A8000 Devices
- SICAM Q100
The following critical issues are addressed:
Simatic product line
- SSA-794697: Vulnerabilities in the Linux Kernel of the SIMATIC S7-1500 TM MFP V1.0 with a CVSS score of 9.8.
- SSA-777015: Multiple Vulnerabilities in SIMATIC CN 4100 before V2.7 with a CVSS score of 9.8.
- SSA-398330: Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1 with a CVSS score of 9.8.
Other product lines
- SSA-702935: Redfish Server Vulnerability in maxView Storage Manager with a CVSS score of 10.
- SSA-761844: Multiple Vulnerabilities in Control Center Server (CCS) with a CVSS score of 9.9.
- SSA-761617: Authentication Bypass and Information Disclosure Vulnerabilities in SiNVR/SiVMS Video Server" with a CVSS score of 9.8.
- SSA-570294: Multiple Vulnerabilities in SICAM Q100 Before V2.50 with a CVSS score of 9.9
