SIEMENS CERT
10/10/2023
The SCALANCE W1750D device contains multiple vulnerabilities that could allow an attacker to inject commands or exploit buffer overflow vulnerabilities which could lead to sensitive information disclosure, unauthenticated denial of service or unauthenticated remote code execution. Siemens has released updates for the affected products and recommends to update to the …
SIEMENS CERT
10/10/2023
The SCALANCE W1750D device is affected by Wi-Fi encryption bypass vulnerabilities (“Framing Frames”) that could allow an attacker to disclose sensitive information or to steal the victims session. Siemens has released updates for the affected products and recommends to update to the latest versions.
SIEMENS CERT
10/10/2023
Siemens Tecnomatix Plant Simulation contains multiple vulnerabilities that could be triggered when the application reads SPP and IGS files. If a user is tricked to open a malicious file using the affected application, this could lead to a crash, and potentially also to arbitrary code execution on the target host …
SIEMENS CERT
10/10/2023
SINEMA Server V14 improperly sanitizes certain SNMP configuration data retrieved from monitored devices. An attacker with access to a monitored device could perform a stored cross-site scripting (XSS) attack that may lead to arbitrary code execution with SYSTEM privileges on the application server. Siemens recommends to migrate to its successor …
SIEMENS CERT
10/10/2023
Nozomi Networks has published information on vulnerabilities in Nozomi Guardian/CMC before V22.6.2. This advisory lists the related Siemens Industrial products affected by these vulnerabilities. Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available. Customers are advised to consult and implement the …
SIEMENS CERT
10/10/2023
SCALANCE devices contain multiple vulnerabilities in MSPS based product lines that could allow authenticated remote attackers to execute custom code or create a XSS situation, as well as unauthenticated remote attackers to create a denial of service condition. Siemens has released updates for several affected products and recommends to update …
SIEMENS CERT
10/10/2023
The OPC UA implementations (ANSI C and C++) as used in several SIMATIC products contain a denial of service vulnerability that could allow an unauthenticated remote attacker to create a denial of service condition by sending a specially crafted certificate. Siemens has released updates for several affected products and recommends …
SIEMENS CERT
10/10/2023
A vulnerability in the openSSL component (CVE-2022-0778, [0]) could allow an attacker to create a denial of service condition by providing specially crafted elliptic curve certificates to products that use a vulnerable version of openSSL. Siemens has released updates for several affected products and recommends to update to the latest …