SIEMENS CERT
01/10/2023
A vulnerability in the affected products could allow an unauthorized attacker with network access to perform a denial-of-service attack resulting in loss of real-time synchronization. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are …
SIEMENS CERT
01/10/2023
Affected SIMATIC firmware contains multiple vulnerabilities that could allow an unauthenticated attacker to perform a denial-of-service attack under certain conditions. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends countermeasures for products where updates are not, …
SIEMENS CERT
01/10/2023
SIMATIC S7 CPU families are affected by a vulnerability that could allow remote attackers to perform a denial of service attack by sending a specially crafted HTTP request to the web server of an affected device. Siemens has released updates for several affected products and recommends to update to the …
SIEMENS CERT
01/10/2023
The PROFINET (PNIO) stack, when integrated with the Interniche IP stack, contains a vulnerability that could allow an attacker to cause a denial of service condition on affected industrial products. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further …
SIEMENS CERT
01/10/2023
Siemens has released a new version for Automation License Manager that fixes multiple vulnerabilities which, when combined, could allow an attacker to modify and rename license files, extract licenses and overwrite arbitrary files on the target system potentially leading to privilege escalation and remote code execution. Siemens has released an …
SIEMENS CERT
01/10/2023
The Mendix SAML module is affected by a reflected cross-site scripting (XSS) vulnerability that could allow an attacker to extract sensitive information by tricking users into accessing a malicious link. Apps are only vulnerable in certain cases when non-default configuration is used. Siemens has released updates for the affected products …
SIEMENS CERT
01/10/2023
SIMATIC WinCC OA contains an argument injection vulnerability that could allow an authenticated remote attacker to inject arbitrary parameters, when starting the Ultralight Client via the web interface (e.g., open attacker chosen panels with the attacker’s credentials or start a Ctrl script). Siemens has released updates for several affected products …
SIEMENS CERT
01/10/2023
The products listed below do not properly authorize the change password function of the web interface. This could allow low privileged users to escalate their privileges. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific …