SSA-254054 V1.0: Spring Framework Vulnerability (Spring4Shell or SpringShell, CVE-2022-22965) - Impact to Siemens Products | allinfosecnews.com

April 19, 2022, midnight |

Siemens ProductCERT Security Advisories cert-portal.siemens.com

A vulnerability in Spring Framework was disclosed, that could allow remote unauthenticated attackers to execute code on vulnerable systems. The vulnerability is tracked as CVE-2022-22965 and is also known as “Spring4Shell” or “SpringShell”.

Siemens is currently investigating to determine which products are affected and is continuously updating this advisory as more information becomes available.

Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for …

attackers code cve cve-2022-22965 framework impact products siemens spring spring4shell spring framework springshell ssa systems unauthenticated vulnerability vulnerable

More from cert-portal.siemens.com / Siemens ProductCERT Security Advisories

SSA-750274 V1.0: Impact of CVE-2024-3400 on RUGGEDCOM APE1808 devices configured with Palo Alto Networks Virtual … 2 weeks, 4 days ago | cert-portal.siemens.com

addresses advisory alto countermeasures +22

SSA-222019 V1.0: X_T File Parsing Vulnerabilities in Parasolid 4 weeks ago | cert-portal.siemens.com

application applications attacker code +12

SSA-885980 V1.0: Multiple Vulnerabilities in Scalance W1750D 4 weeks ago | cert-portal.siemens.com

attacker buffer buffer overflow code +16

SSA-822518 V1.0: Multiple Vulnerabilities in Palo Alto Networks Virtual NGFW before V11.0.1 on RUGGEDCOM APE1808 … 4 weeks ago | cert-portal.siemens.com

advisory alto countermeasures customers +18

SSA-455250 V1.0: Multiple Vulnerabilities in Palo Alto Networks Virtual NGFW on RUGGEDCOM APE1808 devices 4 weeks ago | cert-portal.siemens.com

advisory alto countermeasures customers +18

SSA-265688 V1.0: Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 TM MFP V1.1 4 weeks ago | cert-portal.siemens.com

countermeasures fix fixes gnu +7

SSA-730482 V1.0: Denial of Service Vulnerability in SIMATIC WinCC 4 weeks ago | cert-portal.siemens.com

attacker box denial of service dialog +14

SSA-556635 V1.0: Multiple Vulnerabilities in Telecontrol Server Basic before V3.1.2.0 4 weeks ago | cert-portal.siemens.com

1.2.0 basic fixes server +4

SSA-128433 V1.0: Multiple Vulnerabilities in SINEC NMS before V2.0 SP2 4 weeks ago | cert-portal.siemens.com

latest nms siemens sinec +4

Product Regulatory Compliance Specialist

@ Avery Dennison | Oegstgeest, Netherlands

View on infosec-jobs.com

Cyber Security Analyst

@ FinClear | Melbourne, Australia

View on infosec-jobs.com

Senior Application Security Manager, United States-(Virtual)

@ Stanley Black & Decker | New Britain CT USA - 1000 Stanley Dr

View on infosec-jobs.com

Vice President - Information Security Management - FedRAMP

@ JPMorgan Chase & Co. | Chicago, IL, United States

View on infosec-jobs.com

Vice President, Threat Intelligence & AI

@ Arctic Wolf | Remote - Minnesota

View on infosec-jobs.com

Cybersecurity Analyst

@ Resource Management Concepts, Inc. | Dahlgren, Virginia, United States

View on infosec-jobs.com