Bulletins

APOGEE PXC / TALON TC field panels (BACnet before V3.5.5 and P2 Ethernet before V2.8.20) contain multiple vulnerabilities: CVE-2022-45937: A privilege management vulnerability that could allow low privilege authenticated attackers to gain high privilege access. CVE-2020-28388: Predictable Initial Sequence Numbers in the TCP/IP Stack of Nucleus RTOS (real-time operating system) …

JT Open Toolkit, JT Utilities and Parasolid are affected by memory corruption vulnerabilities that could be triggered while parsing JT files. If a user is tricked to open a malicious JT file with any of the affected products, this could cause the application to crash or potentially lead to arbitrary …

A vulnerability in Nullsoft Scriptable Installer System (NSIS) software (CVE-2023-37378) used in Parasolid installers before V36 creates an “uninstall directory” with insufficient access control. This could allow an attacker to misuse the vulnerability, and potentially escalate privileges. Only systems where Parasolid is installed with a Parasolid installer is impacted. Siemens …

Siemens JT2Go, Teamcenter Visualization and Solid Edge are affected by multiple file parsing vulnerabilities. If a user is tricked to open a malicious file (crafted as ASM or TIFF file format) with any of the affected products, this could lead the application to crash or potentially lead to arbitrary code …

The RUGGEDCOM CROSSBOW server application before V5.4 contains multiple vulnerabilities that could allow an attacker to execute arbitrary database queries via SQL injection attacks, to create a denial of service condition, or to write arbitrary files to the application’s file system. Siemens has released an update for RUGGEDCOM CROSSBOW and …

Multiple DLL Hijacking vulnerabilities in Siemens Software Center (SSC) could allow a local attacker to execute code with elevated privileges. Siemens has released an update for the Siemens Software Center and recommends to update to the latest version.