Bulletins

Multiple vulnerabilities in the affected products could allow an unauthorized attacker with network access to the webserver to perform a denial of service attack. Siemens has released a new version for SINAMICS S120 (incl. SIPLUS variants) and recommends to update to the latest version. Siemens recommends specific countermeasures for products …

SIMATIC MV500 before V3.3.5 is affected by multiple vulnerabilities. Siemens has released an update for SIMATIC MV500 and recommends to update to the latest version.

Solid Edge is affected by a file parsing vulnerability in Drawings SDK from Open Design Alliance. If a user is tricked to open a malicious DWG file with the affected application, an attacker could leverage the vulnerability to crash the application or execute arbitrary code. Siemens has released updates for …

Several Intel-CPU based SIMATIC IPCs are affected by an information exposure vulnerability (CVE-2022-40982) in the CPU that could allow an authenticated local user to potentially read other users’ data [1]. The issue is also known as “Gather Data Sampling” (GDS) or Downfall Attacks. For details refer to the chapter “Additional …

COMOS is affected by multiple vulnerabilities that could allow an attacker to execute arbitrary code or cause denial of service condition, data infiltration or perform access control violations. Siemens has released an update for COMOS and recommends to update to the latest version. Siemens recommends specific countermeasures for products where …

SINEC PNI before V2.0 is affected by multiple vulnerabilities. Siemens has released an update for SINEC PNI and recommends to update to the latest version.

Mendix Runtime contains a capture-replay flaw which could have an impact to apps built with the platform, if certain preconditions are met that depend on the app’s model and access control design. This could allow authenticated attackers to access or modify objects without proper authorization, or escalate privileges in the …