Number: AV21-633
Date: 14 December 2021
On 13 and 14 December 2021 Siemens published Security Advisories to address vulnerabilities in the following products:
- Apache Log4j Vulnerability
- Capital VSTAR – all versions
- JT2G0 – versions prior to V13.2.0.5
- JT Utilities – versions prior to V13.1.1.0
- JTTK – versions prior to V11.1.1.0
- ModelSim Simulation – all versions
- POWER METER SICAM Q100 – multiple products and versions
- Questa Simulation – all versions
- SiPass integrated – multiple products and versions
- Simcenter STAR-CCM+ Viewer – versions prior to 2021.3.1
- SIMATIC – multiple products and versions
- SINUMERIK Edge – versions prior to V3.2
- Siveillance Identity – multiple products and versions
- Teamcenter Active Workspace – multiple products and versions
- Teamcenter Visualization – versions prior to V13.2.0.5
Exploitation of these vulnerabilities could lead to denial-of-service, disclosure of sensitive information, remote code execution, modification of data in transit, privilege escalation and unauthorized access.
The Cyber Centre encourages users and administrators to review the provided web links, perform the suggested mitigations and apply the necessary updates.
Apache Log4j Vulnerability
https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf
Siemens Security Publications
https://new.siemens.com/global/en/products/services/cert.html#SecurityPublications