Siemens Product Family May 2024 Routine Security Update Advisory

Jun 07 2024

Overview

An update has been released to address vulnerabilities in the Siemens family of products. Users of affected versions are advised to update to the latest version.

Affected Products

CVE-2023-46284

Opcenter Quality prior to 2312
SIMATIC PCS neo prior to 4.1
SINEC NMS prior to 2.0 SP1
All versions of the Totally Integrated Automation Portal (TIA Portal) V14
All versions of Totally Integrated Automation Portal (TIA Portal) V15.1
All versions of Totally Integrated Automation Portal (TIA Portal) V16
Totally Integrated Automation Portal (TIA Portal) prior to V17 Update 7
Totally Integrated Automation Portal (TIA Portal) prior to V18 Update 3

CVE-2024-32058, CVE-2024-32064, CVE-2024-32060, CVE-2024-32065, CVE-2024-32057, CVE-2024-32063, CVE-2024-32055, CVE-2024-32061, CVE-2024-32066, CVE-2024-32062, CVE-2024-32059

PS/IGES Parasolid Translator Component prior to 27.1.215

CVE-2024-22039, CVE-2024-22041

Cerberus PRO UL Compact Panel FC922/924 prior to MP4
Cerberus PRO UL Engineering Tool prior to MP4
Cerberus PRO UL X300 Cloud Distribution prior to 4.3.0001
Desigo Fire Safety UL Compact Panel FC2025/2050 prior to MP4
Desigo Fire Safety UL Engineering Tool prior to MP4
Desigo Fire Safety UL X300 Cloud Distribution prior to 4.3.0001

CVE-2024-32639

Tecnomatix Plant Simulation prior to 2302.0011

CVE-2024-27945, CVE-2024-27941, CVE-2024-27944, CVE-2024-27942, CVE-2024-27940, CVE-2024-27943, CVE-2024-27939

RUGGEDCOM CROSSBOW prior to 5.5

CVE-2023-50236, CVE-2024-23813

Polarion ALM prior to 2404.0

CVE-2024-31485, CVE-2024-31484

CPC80 Central Processing/Communication prior to 16.41
CPCI85 Central Processing/Communication prior to 5.30
OPUPI0 AMQP/MQTT prior to 5.30
SICORE Base system prior to 1.3.0

CVE-2024-34086, CVE-2024-34085

JT2Go prior to 2312.0001
Teamcenter Visualization 14.1.x prior to 14.1.0.13
Teamcenter Visualization 14.2.x prior to 14.2.0.10
Teamcenter Visualization 14.3.x prior to 14.3.0.7
Teamcenter Visualization 2312.x prior to 2312.0001

CVE-2019-19300

All versions of Development/Evaluation Kits for PROFINET IO EK-ERTEC 200
All versions of Development/Evaluation Kits for PROFINET IO EK-ERTEC 200P
All versions of KTK ATE530S
All versions of SIDOOR ATD430W
All versions of SIDOOR ATE530S COATED
All versions of SIDOOR ATE531S
All versions of SIMATIC ET200AL IM157-1 PN
SIMATIC ET200ecoPN AI 8xRTD/TC, M12-L (6ES7144-6JF00-0BB0) versions: 5.1.1 (incl.) to 5.1.2 (excl.)
SIMATIC ET200ecoPN CM 4x IO-Link, M12-L (6ES7148-6JE00-0BB0) version at least 5.1.1
SIMATIC ET200ecoPN CM 8x IO-Link, M12-L (6ES7148-6JG00-0BB0) version 5.1.1 or later
SIMATIC ET200ecoPN CM 8x IO-Link, M12-L (6ES7148-6JJ00-0BB0) version at least 5.1.1
SIMATIC ET200ecoPN DI 8x24VDC, M12-L (6ES7141-6BG00-0BB0) : 5.1.1 (incl.) to 5.1.2 (excl.)
SIMATIC ET200ecoPN DI 16x24VDC, M12-L (6ES7141-6BH00-0BB0) : 5.1.1 (incl.) to 5.1.2 (excl.)
SIMATIC ET200ecoPN DIQ 16x24VDC/2A, M12-L (6ES7143-6BH00-0BB0) : 5.1.1 (incl.) to 5.1.3 (excl.)
SIMATIC ET200ecoPN DQ 8x24VDC/0.5A, M12-L (6ES7142-6BG00-0BB0) : 5.1.1 (incl.) to 5.1.2 (excl.)
SIMATIC ET200ecoPN DQ 8x24VDC/2A, M12-L (6ES7142-6BR00-0BB0) : 5.1.1 (incl.) to 5.1.2 (excl.)
SIMATIC ET200MP IM155-5 PN HF (incl. SIPLUS variants) version at least 4.2
All versions of the SIMATIC ET200SP IM155-6 MF HF
All versions of SIMATIC ET200SP IM155-6 PN HA (incl. SIPLUS variants)
At least version 4.2 of the SIMATIC ET200SP IM155-6 PN HF (incl. SIPLUS variants)
Version at least 4.2 of the SIMATIC ET200SP IM155-6 PN/2 HF (incl. SIPLUS variants)
Version at least 4.2 of the SIMATIC ET200SP IM155-6 PN/3 HF (incl. SIPLUS variants)
All versions of the SIMATIC ET200pro IM154-8 PN/DP CPU (6ES7154-8AB01-0AB0)
All versions of the SIMATIC ET200pro IM154-8F PN/DP CPU (6ES7154-8FB01-0AB0)
All versions of SIMATIC ET200pro IM154-8FX PN/DP CPU (6ES7154-8FX00-0AB0)
All versions of SIMATIC ET200S IM151-8 PN/DP CPU (6ES7151-8AB01-0AB0)
All versions of SIMATIC ET200S IM151-8F PN/DP CPU (6ES7151-8FB01-0AB0)
Versions 2.0 or below of the SIMATIC ET200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)
Versions of SIMATIC ET200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) 2.0 or below
All versions of SIMATIC MICRO-DRIVE PDCs
All versions of the SIMATIC PN/MF Coupler (6ES7158-3MU10-0XA0)
At least version 4.2 of the SIMATIC PN/PN Coupler (6ES7158-3AD10-0XA0)
All versions of SIMATIC S7-300 CPU 314C-2 PN/DP (6ES7314-6EH04-0AB0)
All versions of the SIMATIC S7-300 CPU 315-2 PN/DP (6ES7315-2EH14-0AB0)
All versions of SIMATIC S7-300 CPU 315F-2 PN/DP (6ES7315-2FJ14-0AB0)
All versions of SIMATIC S7-300 CPU 315T-3 PN/DP (6ES7315-7TJ10-0AB0)
All versions of SIMATIC S7-300 CPU 317-2 PN/DP (6ES7317-2EK14-0AB0)
All versions of SIMATIC S7-300 CPU 317F-2 PN/DP (6ES7317-2FK14-0AB0)
All versions of SIMATIC S7-300 CPU 317T-3 PN/DP (6ES7317-7TK10-0AB0)
All versions of SIMATIC S7-300 CPU 317TF-3 PN/DP (6ES7317-7UL10-0AB0)
All versions of SIMATIC S7-300 CPU 319-3 PN/DP (6ES7318-3EL01-0AB0)
All versions of SIMATIC S7-300 CPU 319F-3 PN/DP (6ES7318-3FL01-0AB0)
All versions of the SIMATIC S7-400 H V6 CPU family and below (incl. SIPLUS variants)
All versions of the SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants)
All versions of the SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants)
All versions of the SIMATIC S7-410 V10 CPU family (incl. SIPLUS variants)
Versions of the SIMATIC S7-1200 CPU family (incl. SIPLUS variants) up to or below 4.4.0
Versions prior to 2.0 of the SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)
Version prior to 20.8 of the SIMATIC S7-1500 Software Controller
All versions of the SIMATIC TDC CP51M1
All versions of the SIMATIC TDC CPU555
All versions of SIMATIC WinAC RTX 2010 (6ES7671-0RC08-0YA0)
All versions of SIMATIC WinAC RTX F 2010 (6ES7671-1RC08-0YA0)
All versions of SINAMICS S/G Control Unit w. PROFINET
All versions of SIPLUS ET 200S IM151-8 PN/DP CPU (6AG1151-8AB01-7AB0)
All versions of SIPLUS ET 200S IM151-8F PN/DP CPU (6AG1151-8FB01-2AB0)
At least version 4.2 of the SIPLUS NET PN/PN Coupler (6AG2158-3AD10-4XA0)
All versions of the SIPLUS S7-300 CPU 314C-2 PN/DP (6AG1314-6EH04-7AB0)
All versions of SIPLUS S7-300 CPU 315-2 PN/DP (6AG1315-2EH14-7AB0)
All versions of SIPLUS S7-300 CPU 315F-2 PN/DP (6AG1315-2FJ14-2AB0)
All versions of SIPLUS S7-300 CPU 317-2 PN/DP (6AG1317-2EK14-7AB0)
All versions of SIPLUS S7-300 CPU 317F-2 PN/DP (6AG1317-2FK14-2AB0)

CVE-2024-33490, CVE-2024-33491, CVE-2024-33492, CVE-2024-33493, CVE-2024-33489

Solid Edge 224.0 Update prior to 5

CVE-2024-34771, CVE-2024-34773

Solid Edge 224.0 Update prior to 2

CVE-2024-34772

Solid Edge 224.0 Update prior to 4

CVE-2022-45044

SIPROTEC 5 6MD84 (CP300) prior to 9.50
SIPROTEC 5 6MD85 (CP200) all versions
SIPROTEC 5 6MD85 (CP300) prior to 9.50
SIPROTEC 5 6MD86 (CP200) all versions
SIPROTEC 5 6MD86 (CP300) prior to 9.50
SIPROTEC 5 6MD89 (CP300) prior to 9.64
SIPROTEC 5 6MU85 (CP300) prior to 9.50
SIPROTEC 5 7KE85 (CP200) all versions
SIPROTEC 5 7KE85 (CP300) prior to 9.64
SIPROTEC 5 7SA82 (CP100) all versions
SIPROTEC 5 7SA82 (CP150) prior to 9.50
SIPROTEC 5 7SA84 (CP200) all versions
SIPROTEC 5 7SA86 (CP200) all versions
SIPROTEC 5 7SA86 (CP300) prior to 9.50
SIPROTEC 5 7SA87 (CP200) all versions
SIPROTEC 5 7SA87 (CP300) prior to 9.50
SIPROTEC 5 7SD82 (CP100) all versions
SIPROTEC 5 7SD82 (CP150) prior to 9.50
SIPROTEC 5 7SD84 (CP200) all versions
SIPROTEC 5 7SD86 (CP200) all versions
SIPROTEC 5 7SD86 (CP300) prior to 9.50
SIPROTEC 5 7SD87 (CP200) all versions
SIPROTEC 5 7SD87 (CP300) prior to 9.50
SIPROTEC 5 7SJ81 (CP100) prior to 8.89
SIPROTEC 5 7SJ81 (CP150) prior to 9.50
SIPROTEC 5 7SJ82 (CP100) prior to 8.89
SIPROTEC 5 7SJ82 (CP150) prior to 9.50
SIPROTEC 5 7SJ85 (CP200) all versions
SIPROTEC 5 7SJ85 (CP300) prior to 9.50
SIPROTEC 5 7SJ86 (CP200) all versions
SIPROTEC 5 7SJ86 (CP300) prior to 9.50
SIPROTEC 5 7SK82 (CP100) prior to 8.89
SIPROTEC 5 7SK82 (CP150) prior to 9.50
SIPROTEC 5 7SK85 (CP200) all versions
SIPROTEC 5 7SK85 (CP300) prior to 9.50
SIPROTEC 5 7SL82 (CP100) all versions
SIPROTEC 5 7SL82 (CP150) prior to 9.50
SIPROTEC 5 7SL86 (CP200) all versions
SIPROTEC 5 7SL86 (CP300) prior to 9.50
SIPROTEC 5 7SL87 (CP200) all versions
SIPROTEC 5 7SL87 (CP300) prior to 9.50
SIPROTEC 5 7SS85 (CP200) all versions
SIPROTEC 5 7SS85 (CP300) prior to 9.50
SIPROTEC 5 7ST85 (CP200) all versions
SIPROTEC 5 7ST85 (CP300) prior to 9.64
SIPROTEC 5 7ST86 (CP300) prior to 9.64
SIPROTEC 5 7SX82 (CP150) prior to 9.50
SIPROTEC 5 7SX85 (CP300) prior to 9.50
SIPROTEC 5 7UM85 (CP300) prior to 9.50
SIPROTEC 5 7UT82 (CP100) all versions
SIPROTEC 5 7UT82 (CP150) prior to 9.50
SIPROTEC 5 7UT85 (CP200) all versions
SIPROTEC 5 7UT85 (CP300) prior to 9.50
SIPROTEC 5 7UT86 (CP200) all versions
SIPROTEC 5 7UT86 (CP300) prior to 9.50
SIPROTEC 5 7UT87 (CP200) all versions
SIPROTEC 5 7UT87 (CP300) prior to 9.50
SIPROTEC 5 7VE85 (CP300) prior to 9.50
SIPROTEC 5 7VK87 (CP200) all versions
SIPROTEC 5 7VK87 (CP300) prior to 9.50
SIPROTEC 5 7VU85 (CP300) prior to 9.50
SIPROTEC 5 Communication Module ETH-BA-2EL (CP100 devices) prior to 8.89
SIPROTEC 5 Communication Module ETH-BA-2EL (CP150 and CP300 devices) prior to 9.50
All versions of SIPROTEC 5 Communication Module ETH-BA-2EL (CP200 devices)
SIPROTEC 5 Communication Module ETH-BB-2FO (CP100 devices) prior to 8.89
SIPROTEC 5 Communication Module ETH-BB-2FO (CP150 and CP300 devices) prior to 9.50
All versions of SIPROTEC 5 Communication Module ETH-BB-2FO (CP200 devices)
Versions of SIPROTEC 5 Communication Module ETH-BD-2FO prior to 9.50
SIPROTEC 5 Compact 7SX800 (CP050) prior to 9.50

CVE-2024-31980

Parasolid 35.1.x versions prior to 35.1.256
Parasolid 36.0.x versions prior to 36.0.210
Parasolid 36.1.x versions prior to 36.1.185

CVE-2022-25622

SIMATIC CFU DIQ (6ES7655-5PX31-1XX0) all versions
SIMATIC CFU PA (6ES7655-5PX11-0XX0) all versions
SIMATIC ET200AL IM157-1 PN all versions
SIMATIC ET200ecoPN, AI 8xRTD/TC, M12-L (6ES7144-6JF00-0BB0) versions: 5.1.1 (incl.) to 5.1.2 (excl.)
SIMATIC ET200ecoPN, CM 4x IO-Link, M12-L (6ES7148-6JE00-0BB0) version at least 5.1.1
SIMATIC ET200ecoPN, CM 8x IO-Link, M12-L (6ES7148-6JG00-0BB0): Version at least V5.1.1
SIMATIC ET200ecoPN, CM 8x IO-Link, M12-L (6ES7148-6JJ00-0BB0): Version at least V5.1.1
SIMATIC ET200ecoPN, DI 8x24VDC, M12-L (6ES7141-6BG00-0BB0): Versions from 5.1.1 (incl.) to 5.1.2 (excl.)
SIMATIC ET200ecoPN, DI 16x24VDC, M12-L (6ES7141-6BH00-0BB0) Version: 5.1.1 (incl.) to 5.1.2 (excl.)
SIMATIC ET200ecoPN, DIQ 16x24VDC/2A, M12-L (6ES7143-6BH00-0BB0) Version: 5.1.1 (incl.) to 5.1.3 (excl.)
SIMATIC ET200ecoPN, DQ 8x24VDC/0,5A, M12-L (6ES7142-6BG00-0BB0) Version: 5.1.1 (incl.) to 5.1.2 (excl.)
SIMATIC ET200ecoPN, DQ 8x24VDC/2A, M12-L (6ES7142-6BR00-0BB0) Version: 5.1.1 (incl.) to 5.1.2 (excl.)
SIMATIC ET200MP IM155-5 PN HF (incl. SIPLUS variants) version at least 4.2
SIMATIC ET200SP IM155-6 MF HF all versions
SIMATIC ET200SP IM155-6 PN HA (incl. SIPLUS variants) all versions
SIMATIC ET200SP IM155-6 PN HF (incl. SIPLUS variants) from version 4.2 at least
SIMATIC ET200SP IM155-6 PN/2 HF (incl. SIPLUS variants) from version 4.2 at least
SIMATIC ET200SP IM155-6 PN/3 HF (incl. SIPLUS variants): 4.version at least 2
SIMATIC ET 200pro IM154-8 PN/DP CPU (6ES7154-8AB01-0AB0) prior to 3.2.19
SIMATIC ET 200pro IM154-8F PN/DP CPU (6ES7154-8FB01-0AB0) prior to 3.2.19
SIMATIC ET 200pro IM154-8FX PN/DP CPU (6ES7154-8FX00-0AB0) prior to 3.2.19
SIMATIC ET 200S IM151-8 PN/DP CPU (6ES7151-8AB01-0AB0) prior to 3.2.19
SIMATIC ET 200S IM151-8F PN/DP CPU (6ES7151-8FB01-0AB0) prior to 3.2.19
SIMATIC PN/MF Coupler (6ES7158-3MU10-0XA0) all versions
SIMATIC PN/PN Coupler (6ES7158-3AD10-0XA0) at least 4.2
SIMATIC S7-300 CPU 314C-2 PN/DP (6ES7314-6EH04-0AB0) prior to 3.3.19
SIMATIC S7-300 CPU 315-2 PN/DP (6ES7315-2EH14-0AB0) prior to 3.2.19
SIMATIC S7-300 CPU 315F-2 PN/DP (6ES7315-2FJ14-0AB0) prior to 3.2.19
SIMATIC S7-300 CPU 317-2 PN/DP (6ES7317-2EK14-0AB0) prior to 3.2.19
SIMATIC S7-300 CPU 317F-2 PN/DP (6ES7317-2FK14-0AB0) prior to 3.2.19
SIMATIC S7-400 CPU 412-2 PN V7 (6ES7412-2EK07-0AB0) all versions
SIMATIC S7-400 CPU 414-3 PN/DP V7 (6ES7414-3EM07-0AB0) all versions
SIMATIC S7-400 CPU 414F-3 PN/DP V7 (6ES7414-3FM07-0AB0) all versions
SIMATIC S7-400 CPU 416-3 PN/DP V7 (6ES7416-3ES07-0AB0) all versions
SIMATIC S7-400 CPU 416F-3 PN/DP V7 (6ES7416-3FS07-0AB0) all versions
SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants) prior to 6.0.10
SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants) prior to 8.2.3
SIMATIC S7-410 V10 CPU family (incl. SIPLUS variants) prior to 10.1.1
SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) prior to 2.0.0
SIMATIC TDC CP51M1 prior to 1.1.0
SIMATIC TDC CPU555 prior to 1.2.1
SIMATIC WinAC RTX 2010 (6ES7671-0RC08-0YA0) all versions
SIMATIC WinAC RTX F 2010 (6ES7671-1RC08-0YA0) all versions
SINAMICS DCM (Ethernet interface) all versions
SINAMICS G110M (Ethernet interface) prior to 4.7.14
SINAMICS G115D (Ethernet interface) prior to 4.7.14
SINAMICS G120 (incl. SIPLUS variants) (Ethernet interface) prior to 4.7 SP14
SINAMICS G130 prior to 5.2.3.13
SINAMICS G150 prior to 5.2.3.13
SINAMICS S110 (Ethernet interface) all versions
SINAMICS S120 (incl. SIPLUS variants) prior to 5.2 SP3 HF13
SINAMICS S150 prior to 5.2.3.13
SINAMICS S210 (6SL5…) all versions
SINAMICS V90 (Ethernet interface) all versions
SIPLUS ET 200S IM151-8 PN/DP CPU (6AG1151-8AB01-7AB0) prior to 3.2.19
SIPLUS ET 200S IM151-8F PN/DP CPU (6AG1151-8FB01-2AB0) prior to 3.2.19
SIPLUS HCS4200 CIM4210 (6BK1942-1AA00-0AA0) all versions
SIPLUS HCS4200 CIM4210C (6BK1942-1AA00-0AA1) all versions
SIPLUS HCS4300 CIM4310 (6BK1943-1AA00-0AA0) all versions
SIPLUS NET PN/PN Coupler (6AG2158-3AD10-4XA0) 4.2 or later versions at least
SIPLUS S7-300 CPU 314C-2 PN/DP (6AG1314-6EH04-7AB0) prior to 3.3.19
SIPLUS S7-300 CPU 315-2 PN/DP (6AG1315-2EH14-7AB0) prior to 3.2.19
SIPLUS S7-300 CPU 315F-2 PN/DP (6AG1315-2FJ14-2AB0) prior to 3.2.19
SIPLUS S7-300 CPU 317-2 PN/DP (6AG1317-2EK14-7AB0) prior to 3.2.19
SIPLUS S7-300 CPU 317F-2 PN/DP (6AG1317-2FK14-2AB0) prior to 3.2.19
SIPLUS S7-400 CPU 414-3 PN/DP V7 (6AG1414-3EM07-7AB0) all versions
SIPLUS S7-400 CPU 416-3 PN/DP V7 (6AG1416-3ES07-7AB0) all versions

CVE-2023-49125

Solid Edge SE2023 223.0 Update prior to 11
Solid Edge SE2024 224.0 Update prior to 3

CVE-2024-32740, CVE-2024-32741, CVE-2024-32742

SIMATIC CN 4100 prior to 3.0

CVE-2024-33577

All versions of Simcenter Nastran 2306
All versions of Simcenter Nastran 2312
Any version of Simcenter Nastran prior to 2406.90

CVE-2024-22040, CVE-2024-22041

All versions of Cerberus PRO EN Engineering Tool
All versions of Cerberus PRO EN Fire Panel FC72x IP6
All versions of Cerberus PRO EN Fire Panel FC72x IP7
Any version of Cerberus PRO EN Fire Panel FC72x IP8 prior to SR4
All versions of Cerberus PRO EN X200 Cloud Distribution IP7
Cerberus PRO EN X200 Cloud Distribution IP8 prior to 4.3.5618
All versions of Cerberus PRO EN X300 Cloud Distribution IP7
Cerberus PRO EN X300 Cloud Distribution IP8 prior to 4.3.5617
All versions of Sinteso FS20 EN Engineering Tool
All versions of Sinteso FS20 EN Fire Panel FC20 MP6
All versions of Sinteso FS20 EN Fire Panel FC20 MP7
Any version of Sinteso FS20 EN Fire Panel FC20 MP8 prior to SR4
All versions of Sinteso FS20 EN X200 Cloud Distribution MP7
Sinteso FS20 EN X200 Cloud Distribution MP8 prior to 4.3.5618
All versions of Sinteso FS20 EN X300 Cloud Distribution MP7
Sinteso FS20 EN X300 Cloud Distribution MP8 prior to 4.3.5617
All versions of Sinteso Mobile

CVE-2024-22039

Cerberus PRO EN Engineering Tool prior to IP8
Cerberus PRO EN Fire Panel FC72x IP6 prior to SR3
Cerberus PRO EN Fire Panel FC72x IP7 prior to SR5
Cerberus PRO EN X200 Cloud Distribution IP7 prior to 3.0.6602
Cerberus PRO EN X200 Cloud Distribution IP8 prior to 4.0.5016
Cerberus PRO EN X300 Cloud Distribution IP7 prior to 3.2.6601
Cerberus PRO EN X300 Cloud Distribution IP8 prior to 4.2.5015
Sinteso FS20 EN Engineering Tool prior to MP8
Sinteso FS20 EN Fire Panel FC20 prior to MP6 SR3
Sinteso FS20 EN Fire Panel FC20 prior to MP7 SR5
Sinteso FS20 EN X200 Cloud Distribution prior to MP7 3.0.6602
Sinteso FS20 EN X200 Cloud Distribution prior to MP8 4.0.5016
Sinteso FS20 EN X300 Cloud Distribution prior to MP7 3.2.660
Sinteso FS20 EN X300 Cloud Distribution prior to MP8 4.2.501
Sinteso Mobile prior to 3.0.0

CVE-2022-24309

Mendix Applications using Mendix prior to 7.23.29
Mendix Applications using Mendix prior to 8.18.16
Versions prior to V9.13 with runtime customization setting *DataStorage.UseNewQueryHandler* set to False in Mendix Applications using Mendix

CVE-2024-33499, CVE-2024-30206, CVE-2024-30207, CVE-2024-30209

SIMATIC RTLS Locating Manager (6GT2780-0DA00) prior to 3.0.1.1
SIMATIC RTLS Locating Manager (6GT2780-0DA10) prior to 3.0.1.1
SIMATIC RTLS Locating Manager (6GT2780-0DA20) prior to 3.0.1.1
SIMATIC RTLS Locating Manager (6GT2780-0DA30) prior to 3.0.1.1
SIMATIC RTLS Locating Manager (6GT2780-1EA10) prior to 3.0.1.1
SIMATIC RTLS Locating Manager (6GT2780-1EA20) prior to 3.0.1.1
SIMATIC RTLS Locating Manager (6GT2780-1EA30) prior to 3.0.1.1

CVE-2024-32636, CVE-2024-32635

Parasolid prior to 35.1.256
Parasolid prior to 36.0.208
Parasolid prior to 36.1.173

Resolved Vulnerabilities

Out-of-bounds write vulnerability above the end of the allocated buffer when handling certain requests on ports 4002/tcp and 4004/tcp (CVE-2023-46284)

Memory corruption vulnerability while parsing specially crafted IGS files (CVE-2024-32058)

Out-of-bounds read vulnerability while parsing specially crafted IGS files (CVE-2024-32064, CVE-2024-32060, CVE-2024-32065, CVE-2024-32055, CVE-2024-32061, CVE-2024-32066, CVE-2024-32059)

Type confusion vulnerability while parsing specially crafted IGS files (CVE-2024-32057, CVE-2024-32063, CVE-2024-32062)

Buffer overflow vulnerability due to insufficient validation of HMAC values in the Network Communications Library (CVE-2024-22039)

Buffer overflow vulnerability when analyzing X.509 certificates in the Network Communications Library (CVE-2024-22041)

out-of-bounds write vulnerability while parsing specially crafted MODEL files (CVE-2024-32639)

File upload vulnerability in the root installation directory of the system when using the bulk import feature (CVE-2024-27945)

Vulnerability in not properly sanitizing input data before sending it to SQL Server (CVE-2024-27941)

Vulnerability on affected systems that could allow a privileged user to upload firmware files to the root installation directory of the system (CVE-2024-27944)

Vulnerability that could allow an unauthenticated client to disconnect an active user from the server (CVE-2024-27942)

Vulnerability that could allow an authenticated user to send arbitrary SQL commands to the SQL server (CVE-2024-27940)

Vulnerability on affected systems that could allow a privileged user to upload a common file to the root installation directory of the system (CVE-2024-27943)

A vulnerability on affected systems that could allow an unauthenticated user to upload arbitrary files (CVE-2024-27939)

Weak permissions on files and folders in the installation path, which could lead to elevation of privilege (CVE-2023-50236)

Vulnerability in the REST API endpoint to the doorconnector of the affected product lacking proper authentication (CVE-2024-23813)

Command injection vulnerability due to missing server-side input validation in the web interface (CVE-2024-31485)

Improper null termination vulnerability while parsing certain HTTP headers in affected device firmware (CVE-2024-31484)

Out-of-bounds write vulnerability when parsing specially crafted CGM files (CVE-2024-34086)

Stack overflow vulnerability while parsing specially crafted XML files (CVE-2024-34085)

Denial of service vulnerability in the Interniche-based TCP stack (CVE-2019-19300)

Out-of-bounds read beyond end of allocated structure vulnerability while parsing specially crafted PAR files (CVE-2024-33490, CVE-2024-33491, CVE-2024-33492, CVE-2024-33493, CVE-2024-34772)

Heap-based buffer overflow vulnerability while parsing specially crafted PAR files (CVE-2024-33489, CVE-2024-34771)

Stack overflow vulnerability while parsing a specially crafted PAR file (CVE-2024-34773)

Denial of service vulnerability within the SSL and TLS protocols on affected devices (CVE-2022-45044)

An out-of-bounds write vulnerability that occurs while parsing specially crafted X_T part files in affected applications (CVE-2024-31980)

Denial of Service Vulnerability in the PROFINET (PNIO) stack when integrated with the Interniche IP stack due to improper handling of internal resources for TCP segments with a minimum TCP header length smaller than defined (CVE-2022-25622)

Out-of-bounds read vulnerability that occurs past the end of an allocated structure while parsing a specially crafted file containing XT format (CVE-2023-49125)

Undocumented user and credential vulnerability in affected devices (CVE-2024-32740)

Vulnerability involving the privileged system user root and a hard-coded password used for the bootloader GRUB (CVE-2024-32741)

Unrestricted USB port vulnerability contained in affected devices (CVE-2024-32742)

Stack overflow vulnerability while parsing strings in the affected application (CVE-2024-33577)

Buffer overflow vulnerability in the network communication library on affected systems due to insufficient validation of HMAC values (CVE-2024-22040)

The network communication library in the affected system improperly handles memory buffers when parsing X.509 certificates (CVE-2024-22041)

the network communication library in the affected system does not validate the length of X.509 certificate attributes, resulting in a stack-based buffer overflow vulnerability (CVE-2024-22039)

When an entity has a user-readable connection, apps running on an affected version of Mendix Runtim do not enforce checks for XPath constraints parsing that connection (CVE-2022-24309)

Vulnerability to assign incorrect permissions to user management components (CVE-2024-33499)

Vulnerability in the Manager client that does not properly check the integrity of update files (CVE-2024-30206)

Vulnerability in communicating with symmetric encryption algorithms that use hard-coded keys (CVE-2024-30207)

Vulnerability to transfer client-side resources without proper cryptographic protection (CVE-2024-30209)

Out-of-bounds read vulnerability while parsing a specially crafted X_T file (CVE-2024-32636, CVE-2024-32635)

Vulnerability Patches

Vulnerability Patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.