Summary
Siemens has released security updates to address vulnerabilities in some of its Siveillance Video series products, – video management solution (VMS) – Tecnomatix Plant Simulation – production simulation and optimization software – and SINEC INS – software for centralized management of industrial network services.
Risk
Vulnerability impact estimate on the reference community: HIGH/ORANGE (66.53/100)1.
Type
- Arbitrary Code Execution
- Security Restrictions Bypass
Affected products and/or versions
Siemens
- Siveillance Video 2022 R1, R2, R3
- Siveillance Video 2023 R1, R2, R3
- Tecnomatix Plant Simulation V2302, V2404
- SINEC INS
Mitigation Actions
It is recommended that mitigations be implemented following the instructions provided by the vendor for each affected product and reported in the security bulletins in the References section.
Unique Vulnerability Identifiers
The following are the CVEs for the “Critical” and “High” severity vulnerabilities only:
References
https://cert-portal.siemens.com/productcert/html/ssa-472448.html
https://cert-portal.siemens.com/productcert/html/ssa-824503.html
https://cert-portal.siemens.com/productcert/html/ssa-915275.html
