SSA-761844 V1.1 (Last Update: 2024-01-09): Multiple Vulnerabilities in Control Center Server (CCS) | allinfosecnews.com

Jan. 9, 2024, midnight |

Siemens ProductCERT Security Advisories cert-portal.siemens.com

The advisory informs about multiple vulnerabilities in the Central Control Server (CCS) application, as initially reported in SSA-761617 (https://cert-portal.siemens.com/productcert/html/ssa-761617.html) on 2019-12-10 and SSA-844761 (https://cert-portal.siemens.com/productcert/html/ssa-844761.html) on 2020-03-10.

The vulnerabilities involve authentication bypass (CVE-2019-18337, CVE-2019-18341), path traversal (CVE-2019-18338, CVE-2019-19290), information disclosure (CVE-2019-13947, CVE-2019-18340, CVE-2019-19291), privilege escalation (CVE-2019-18342), SQL injection (CVE-2019-19292), cross-site scripting (CVE-2019-19293, CVE-2019-19294), and insufficient logging (CVE-2019-19295).

PKE has released an update for CCS that fixes the reported vulnerabilities, except for CVE-2019-18340. For details contact PKE ( …

authentication authentication bypass bypass countermeasures cross-site cve disclosure escalation information information disclosure injection insufficient logging latest logging path path traversal privilege privilege escalation scripting siemens sql sql injection update version vulnerabilities

More from cert-portal.siemens.com / Siemens ProductCERT Security Advisories

SSA-923361 V1.0: MODEL File Parsing Vulnerability in Tecnomatix Plant Simulation before V2302.0011 3 weeks, 5 days ago | cert-portal.siemens.com

application arbitrary code arbitrary code execution code +9

SSA-871704 V1.0: Multiple Vulnerabilities in SICAM Products 3 weeks, 5 days ago | cert-portal.siemens.com

code code execution device escalation +14

SSA-925850 V1.0: Improper Access Control in Polarion ALM 3 weeks, 5 days ago | cert-portal.siemens.com

access access control access controls apache +11

SSA-976324 V1.0: Multiple IGS File Parsing Vulnerabilities in PS/IGES Parasolid Translator Component before V27.1.215 3 weeks, 5 days ago | cert-portal.siemens.com

application crash file files +6

SSA-953710 V1.0: Vulnerabilities in the Network Communication Stack in Desigo Fire Safety UL and Cerberus … 3 weeks, 5 days ago | cert-portal.siemens.com

access attacker buffer buffer overflow +17

SSA-916916 V1.0: Security Vulnerabilities Fixed in RUGGEDCOM CROSSBOW V5.5 3 weeks, 5 days ago | cert-portal.siemens.com

application arbitrary files attacker attacks +18

SSA-935500 V1.1 (Last Update: 2024-05-14): Denial of Service Vulnerability in FTP Server of Nucleus RTOS … 3 weeks, 5 days ago | cert-portal.siemens.com

countermeasures fix fixes latest +6

SSA-962515 V1.0: Out of Bounds Read Vulnerability in Industrial Products 3 weeks, 5 days ago | cert-portal.siemens.com

attacker blue bsod crash +13

SSA-661579 V1.0: Multiple File Parsing Vulnerabilities in Teamcenter Visualization and JT2Go 3 weeks, 5 days ago | cert-portal.siemens.com

application crash file files +7

CyberSOC Technical Lead

@ Integrity360 | Sandyford, Dublin, Ireland

View on infosec-jobs.com

Cyber Security Strategy Consultant

@ Capco | New York City

View on infosec-jobs.com

Cyber Security Senior Consultant

@ Capco | Chicago, IL

View on infosec-jobs.com

Senior Security Researcher - Linux MacOS EDR (Cortex)

@ Palo Alto Networks | Tel Aviv-Yafo, Israel

View on infosec-jobs.com

Sr. Manager, NetSec GTM Programs

@ Palo Alto Networks | Santa Clara, CA, United States

View on infosec-jobs.com

SOC Analyst I

@ Fortress Security Risk Management | Cleveland, OH, United States

View on infosec-jobs.com