Siemens Product Security Update Advisory

Jul 23 2024

Overview

Simens has released a security update that addresses a vulnerability in its supplied products. Users of affected products are advised to update to the latest version.

Affected Products

CVE-2024-39601, CVE-2024-37998

CPCI85 Central Processing/Communication version: ~ 5.40 (excluded)
SICORE Base system version: ~ 1.4.0 (excluded)

Resolved Vulnerabilities

Vulnerability that allows remote authenticated users or unauthenticated users with physical access to downgrade the device’s firmware (CVE-2024-39601)
Vulnerability that could allow administrator account passwords for affected applications to be reset without knowing the current password if automatic login is enabled (CVE-2024-37998)

Vulnerability Patches

Patches for the vulnerabilities have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

CVE-2024-39601, CVE-2024-37998

CPCI85 Central Processing/Communication versions: 5.40 or later
SICORE Base system versions: 1.4.0 or later

References

[1] CVE-2024-39601 Detail

https://nvd.nist.gov/vuln/detail/cve-2024-39601

[2] CVE-2024-37998 Detail

https://nvd.nist.gov/vuln/detail/cve-2024-37998

[3] SSA-071402

https://cert-portal.siemens.com/productcert/html/ssa-071402.html#cves-section

Siemens Product Security Update Advisory

Security Update Advisory for Microsoft Edge browser version 126.0.6478.182/183 (Chromium-based)

1Panel Security Update Advisory (CVE-2024-39907, CVE-2024-39911)

Tags:

Security Update Advisory for Microsoft Edge browser version 126.0.6478.182/183 (Chromium-based)

1Panel Security Update Advisory (CVE-2024-39907, CVE-2024-39911)