Serial number: AV24-263
Date: May 14, 2024
On May 14, 2024, Siemens published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:
- Cerberus PRO UL Compact Panel FC922/924 – versions prior to MP4
- Cerberus PRO UL Engineering Tool – versions prior to MP4
- Cerberus PRO UL X300 Cloud Distribution – versions prior to V4.3.0001
- Desigo Fire Safety UL Compact Panel FC2025/2050 – versions prior to MP4
- Desigo Fire Safety UL Engineering Tool – versions prior to MP4
- Desigo Fire Safety UL X300 Cloud Distribution – versions prior to V4.3.0001
- RUGGEDCOM CROSSBOW – versions prior to V5.5
- SIMATIC CN 4100 – versions prior to V3.0
- SIMATIC RTLS Locating Manager – multiple platforms, versions prior to V3.0.1.1
The Cyber Centre encourages users and administrators to review the provided web links, perform the suggested mitigations and apply the necessary updates.
- SSA-953710: Vulnerabilities in the Network Communication Stack in Desigo Fire Safety UL and Cerberus PRO UL Fire Protection Systems
- SSA-916916: Security Vulnerabilities Fixed in RUGGEDCOM CROSSBOW V5.5
- SSA-273900: Multiple Vulnerabilities in SIMATIC CN 4100 before V3.0
- SSA-093430: Multiple Vulnerabilities in SIMATIC RTLS Locating Manager before V3.0
- Siemens Security Advisories