Siemens releses patch for critical CodeMeter Vulnerability
Take action: Although there is a critical severity issue, it's a planned effort, especially in locked down networks. Don't ignore it, but no need to panic.
Learn More
Siemens has released their patches forSeptember 2023, each addressing various vulnerabilities in their respective industrial products.
Siemens issued seven new advisories addressing a total of 45 vulnerabilities across their industrial product range.
- CodeMeter is impacted by critical vulnerability tracked as CVE-2023-3935, affecting Wibu Systems' CodeMeter software licensing and protection technology. This vulnerability impacts several Siemens products, including PSS, SIMATIC, SIMIT, SINEC, and SINEMA. Exploiting this flaw allows a remote, unauthenticated attacker to execute arbitrary code when the CodeMeter Runtime is configured as a server. When configured as a client, this bug can enable an authenticated local attacker to escalate privileges to root.
- QMS Automotive is impacted by 10 medium- and high-severity vulnerabilities, encompassing session hijacking, malicious file uploads, information exposure, DoS attacks, and arbitrary code execution.
- The RUGGEDCOM APE1808 product family faces nearly two dozen medium- and high-severity vulnerabilities associated with the BIOS provided by Insyde.
- Additional vulnerabilities affect Parasolid, Teamcenter Visualization, and JT2Go, all susceptible to remote code execution through specially crafted files. Moreover, numerous SIMATIC and SIPLUS products are affected by an ANSI C OPC UA SDK vulnerability that could potentially allow an unauthenticated, remote attacker to trigger a DoS condition using a specially crafted certificate. Siemens is also addressing the impact of the Intel CPU vulnerability named Downfall on affected SIMATIC industrial PCs, working on fixes for this issue.
