SIEMENS CERT
07/11/2023
A vulnerability in the openSSL component (CVE-2022-0778, [0]) could allow an attacker to create a denial of service condition by providing specially crafted elliptic curve certificates to products that use a vulnerable version of openSSL. Siemens has released updates for several affected products and recommends to update to the latest …
SIEMENS CERT
07/11/2023
Multiple vulnerabilities have been identified in the Linux Kernel of the SIMATIC S7-1500 TM MFP V1.0. Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available.
SIEMENS CERT
07/11/2023
SiPass integrated versions before V2.90.3.8 contain a stack overflow vulnerability that could allow an unauthenticated remote attacker to crash the server application, creating a denial of service condition. Siemens has released an update for SiPass integrated and recommends to update to the latest version.
SIEMENS CERT
06/14/2023
SINAMICS PERFECT HARMONY GH180 is affected by multiple vulnerabilities in the integrated SCALANCE S615 device, as documented in SSA-419740 (https://cert-portal.siemens.com/productcert/html/ssa-419740.html). Siemens recommends to update the firmware of the integrated SCALANCE S615 device to the latest version. Siemens recommends specific countermeasures for products where the firmware update is not, or not …
SIEMENS CERT
06/13/2023
SIMATIC STEP 7 and PCS 7 contain a database management system that could allow remote users with low privileges to use embedded functions of the database (local or in a network share) that have impact on the server. An attacker with network access to the server network could leverage these …
SIEMENS CERT
06/13/2023
Solid Edge is affected by a file parsing vulnerability in Drawings SDK from Open Design Alliance. If a user is tricked to open a malicious DWG file with any of the affected products, this could lead the application to crash or potentially lead to arbitrary code execution. Siemens has released …
SIEMENS CERT
06/13/2023
A vulnerability in Xpedition Designer could allow an attacker with an unprivileged account to override or modify the service executable and subsequently gain elevated privileges. Siemens has released updates for the affected products and recommends to update to the latest versions.
SIEMENS CERT
06/13/2023
Siemens Teamcenter Visualization and JT2Go are affected by multiple file parsing vulnerabilities that could be triggered when the application reads malicious TIF, CGM or PDF files. If a user is tricked to open a malicious TIF, CGM or PDF file with the affected products, this could lead the application to …