Vulnerabilities for Opcenter intelligence (...) - CXSECURITY.COM

Vulnerabilities for 'Opcenter intelligence'

2021-12-14

CVE-2021-45046

CWE-502

It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup (for example, $${ctx:loginId}) or a Thread Context Map pattern (%X, %mdc, or %MDC) to craft malicious input data using a JNDI Lookup pattern resulting in an information leak and remote code execution in some environments and local code execution in all environments. Log4j 2.16.0 (Java 8) and 2.12.2 (Java 7) fix this issue by removing support for message lookup patterns and disabling JNDI functionality by default.

2021-12-10

CVE-2021-44228

CWE-502

Apache Log4j2 2.0-beta9 through 2.12.1 and 2.13.0 through 2.15.0 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0, this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.

2020-07-14

CVE-2020-7588

CWE-20

A vulnerability has been identified in Opcenter Execution Discrete (All versions < V3.2), Opcenter Execution Foundation (All versions < V3.2), Opcenter Execution Process (All versions < V3.2), Opcenter Intelligence (All versions), Opcenter Quality (All versions < V11.3), Opcenter RD&L (V8.0), SIMATIC IT LMS (All versions), SIMATIC IT Production Suite (All versions), SIMATIC Notifier Server for Windows (All versions), SIMATIC PCS neo (All versions), SIMATIC STEP 7 (TIA Portal) V15 (All versions), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 2), SIMOCODE ES (All versions), Soft Starter ES (All versions). Sending a specially crafted packet to the affected service could cause a partial remote Denial-of-Service, that would cause the service to restart itself.

CVE-2020-7587

CWE-400

A vulnerability has been identified in Opcenter Execution Discrete (All versions < V3.2), Opcenter Execution Foundation (All versions < V3.2), Opcenter Execution Process (All versions < V3.2), Opcenter Intelligence (All versions), Opcenter Quality (All versions < V11.3), Opcenter RD&L (V8.0), SIMATIC IT LMS (All versions), SIMATIC IT Production Suite (All versions), SIMATIC Notifier Server for Windows (All versions), SIMATIC PCS neo (All versions), SIMATIC STEP 7 (TIA Portal) V15 (All versions), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 2), SIMOCODE ES (All versions), Soft Starter ES (All versions). Sending multiple specially crafted packets to the affected service could cause a partial remote Denial-of-Service, that would cause the service to restart itself. On some cases the vulnerability could leak random information from the remote service.

CVE-2020-7581

CWE-428

A vulnerability has been identified in Opcenter Execution Discrete (All versions < V3.2), Opcenter Execution Foundation (All versions < V3.2), Opcenter Execution Process (All versions < V3.2), Opcenter Intelligence (All versions), Opcenter Quality (All versions < V11.3), Opcenter RD&L (V8.0), SIMATIC Notifier Server for Windows (All versions), SIMATIC PCS neo (All versions), SIMATIC STEP 7 (TIA Portal) V15 (All versions), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 2), SIMOCODE ES (All versions), Soft Starter ES (All versions). A component within the affected application calls a helper binary with SYSTEM privileges during startup while the call path is not quoted.

>>> Vendor: Siemens 653 Products

Speedstream wireless router

Gigaset se361 wlan router

Speedstream 6520

Speedstream 5200

Gigaset wlan camera

Gigaset c450 ip

Gigaset c475 ip

Gigaset se461 wimax router

Simatic wincc flexible runtime

Simatic wincc runtime

Tecnomatix factorylink

Simatic hmi panels

Wincc flexible runtime

Wincc runtime advanced

Automation license manager

Scalance s firmware

Scalance x-300 firmware

Scalance x-300eec firmware

Scalance x308-2m firmware

Scalance x414-3e firmware

Scalance xr-300 firmware

Scalance x-300eec

Scalance x308-2m

Scalance x414-3e

Scalance xr-300

Simatic s7-400 cpu 412-2 pn

Simatic s7-400 cpu 414-3 pn/dp

Simatic s7-400 cpu 414f-3 pn/dp

Simatic s7-400 cpu 416-3 pn/dp

Simatic s7-400 cpu 416f-3 pn/dp

Simatic s7-400 cpu firmware

Synco ozw web server

Synco ozw web server firmware

Simatic s7-1200 plc

Sipass integrated

Simatic rf-manager

Simatic rf-manager 2008

Wincc tia portal

Scalance x204irt

Scalance x202-2irt

Scalance x202-2p irt

Scalance x201-3p irt

Scalance x200-4p irt

Scalance xf204irt

Scalance x200irt firmware

Openscape session border controller

Enterprise openscape branch

Scalance w744-1

Scalance w744-1pro

Scalance w746-1

Scalance w746-1pro

Scalance w747-1

Scalance w747-1rr

Scalance w784-1

Scalance w784-1rr

Scalance w786-1pro

Scalance w786-2pro

Scalance w786-2rr

Scalance w786-3pro

Scalance w788-1pro

Scalance w788-1rr

Scalance w788-2pro

Scalance w788-2rr

Scalance w700 series firmware

Scalance x-200rna

Scalance xf-200

Scalance x-200 series firmware

See all Products for Vendor Siemens

Copyright 2024, cxsecurity.com