SSA-331112: Multiple Vulnerabilities in SINEC NMS Before V3.0 SP1 Key Information from the Webpage Screenshot: 1. Publication Date: - 2024-11-12 2. Last Update: - 2024-11-12 3. Current Version: - V1.0 4. CVSS v3.1 Base Score: - 8.4 5. CVSS v4.0 Base Score: - 8.3 6. Summary: - SINEC NMS before V3.0 SP1 is affected by multiple vulnerabilities. - Siemens has released a new version for SINEC NMS and recommends updating to the latest version. 7. Affected Products and Solution: - Affected Product and Versions: - SINEC NMS - All versions < V3.0 SP1 - Remediation: - Update to V3.0 SP1 or later version - https://support.industry.siemens.com/cs/www/en/view/109974917/ 8. Workarounds and Mitigations: - Product-specific remediations or mitigations can be found in the section "Affected Products and Solution." - Please follow the General Security Recommendations. 9. General Security Recommendations: - Siemens recommends protecting network access to devices with appropriate mechanisms. - To operate the devices in a protected IT environment, configure the environment according to Siemens' operational guidelines for Industrial Security. - Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity 10. Product Description: - This chapter describes all vulnerabilities (CVE-IDs) addressed in this security advisory. - Documents the product-specific impact of the individual vulnerabilities. 11. Vulnerability Description: - Un-/Collapse All 12. Additional Information: - For further inquiries on security vulnerabilities in Siemens products and solutions, please contact Siemens ProductCERT: https://www.siemens.com/cert/advisories 13. History Data: - V1.0 (2024-11-12): Publication Date 14. Terms of Use: - The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use