Siemens has released nine advisories addressing 27 vulnerabilities. The most important, with a “critical” severity rating, is CVE-2021-45106. Related to hardcoded credentials, exposes the database associated with the SICAM TOOLBOX II product.
High-severity security holes have also been fixed in SIMATIC, SINEMA and SCALANCE products, which all use the same third-party strongSwan component. While these flaws have been confirmed to allow DoS attacks, one of them may also allow remote code execution in certain circumstances.
Vulnerabilities that can be exploited using the weakness of DoS and RCE by tricking the targeted user into opening a specially crafted file have been patched or mitigated in Solid Edge, JT2Go, Teamcenter Visualization, and Simcenter Femap.
A high-severity OpenSSL flaw affecting many of its products. Patches are available for some products, for others the vendor has only made available mitigations and it does not plan on releasing updates.
Medium-severity issues have been addressed in SINEMA Remote Connect Server, Spectrum Power 4, and SIMATIC WinCC and PCS.
