Siemens Product Security Update Advisory

Oct 24 2024

Overview

An update has been released to address vulnerabilities in Siemens Products. Users of the affected versions are advised to update to the latest version.

Affected Products

CVE-2024-47901, CVE-2024-47902, CVE-2024-47904

InterMesh 7177 Hybrid 2.0 Subscriber versions: ~ 8.2.12 (excluded)
InterMesh 7707 Fire Subscriber versions: ~ 7.2.12 (excluded) * Only if IP interface is enabled

Resolved Vulnerabilities

Input is not validated in certain GET requests, which could allow remote attackers to execute arbitrary code with root privileges (CVE-2024-47901)

Vulnerability that could allow execution of operating system commands (such as ping) without authentication via GET requests (CVE-2024-47902)

Vulnerability that allows local attackers authenticated via the SUID binary to execute arbitrary commands with root privileges (CVE-2024-47904)

Vulnerability Patches

Vulnerability Patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

CVE-2024-47901, CVE-2024-47902, CVE-2024-47904

InterMesh 7177 Hybrid 2.0 Subscriber version: 8.2.12 or later version
InterMesh 7707 Fire Subscriber version: 7.2.12 or later version * Disable IP interface

Referenced Sites

[1] SSA-333468: Multiple Vulnerabilities in InterMesh Subscriber Devices

https://cert-portal.siemens.com/productcert/html/ssa-333468.html#cves-section

Siemens Product Security Update Advisory

Google Chrome Browser (130.0.6723.69/.70) Security Update Advisory

Nginx UI Security Update Advisory (CVE-2024-49368)

Tags:

Google Chrome Browser (130.0.6723.69/.70) Security Update Advisory

Nginx UI Security Update Advisory (CVE-2024-49368)