Bulletins

Siemens BFCClient contains multiple vulnerabilities in the integrated OpenSSL component that could allow an attacker to read memory contents, to change the application behaviour or to create a denial of service condition. Siemens has released a new version for BFCClient and recommends to update to the latest version.

Affected products do not properly restrict access permissions to a local Windows Named Pipe and do not properly sanitize user-controllable input sent to that Named Pipe. This could allow a local authenticated attacker to cause a type confusion and execute arbitrary code within the affected application and its privileges. Siemens …

Affected SIPROTEC 5 devices contain a development shell which is accessible via a physical interface which is not properly restricted. This could allow an unauthenticated attacker with physical access to an affected device to execute arbitrary commands on the device. Siemens has released new versions for several affected products and …

The SSH server on RUGGEDCOM ROS devices is configured to offer weak ciphers by default. This could allow an unauthorized attacker in a man-in-the-middle position to read and modify any data passed over the connection between legitimate clients and the affected device. Siemens has released new versions for the affected …

Simcenter Femap contains a file parsing vulnerability that could be triggered when the application reads files in STP or BMP file format. If a user is tricked to open a malicious file with the affected application, this could lead the application to crash or potentially lead to arbitrary code execution. …

An information disclosure vulnerability in SIPROTEC 5 devices could allow an unauthenticated, remote attacker to retrieve sensitive information of the device. Siemens has released new versions for the affected products and recommends to update to the latest versions.

COMOS before V10.6 is affected by a local arbitrary code execution vulnerability in the integrated Open Design Alliance Drawings SDK. Siemens has released a new version for COMOS and recommends to update to the latest version.