SIEMENS CERT
08/09/2022
Multiple SIMATIC software products are affected by a vulnerability that could allow an attacker to change the content of certain metafiles and subsequently manipulate parameters or behaviour of devices configured by the affected software products. Siemens has released updates for several affected products and recommends to update to the latest …
SIEMENS CERT
08/09/2022
On 2021-12-09, a vulnerability in Apache Log4j (a logging tool used in many Java-based applications) was disclosed, that could allow remote unauthenticated attackers to execute code on vulnerable systems. The vulnerability is tracked as CVE-2021-44228 and is also known as “Log4Shell”. On 2021-12-14 an additional denial of service vulnerability (CVE-2021-45046) …
SIEMENS CERT
08/09/2022
SSA-669737 V1.2 (Last Update: 2022-08-09): Improper Access Control Vulnerability in SICAM TOOLBOX II
SICAM TOOLBOX II contains a vulnerability that could allow an attacker access through a circumventable access control. Siemens recommends countermeasures for products where updates are not, or not yet available.
SIEMENS CERT
08/09/2022
SCALANCE devices contain multiple vulnerabilities in MSPS based product lines that could allow authenticated remote attackers to execute custom code or create a XSS situation, as well as unauthenticated remote attackers to create a denial of service condition. Siemens has released updates for several affected products and recommends to update …
SIEMENS CERT
08/09/2022
A vulnerability in the openSSL component (CVE-2022-0778, [0]) could allow an attacker to create a denial of service condition by providing specially crafted elliptic curve certificates to products that use a vulnerable version of openSSL. Siemens has released updates for several affected products and recommends to update to the latest …
SIEMENS CERT
08/09/2022
Vulnerabilities in third-party component cURL could allow an attacker to interfere with the affected products in various ways. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends countermeasures for products where updates are not, or not yet available.
SIEMENS CERT
08/09/2022
Teamcenter is affected by two security vulnerabilities in the File Service Cache service that could lead to command injection and denial of service issues. Siemens has released updates for the affected products and recommends to update to the latest versions.
SIEMENS CERT
08/09/2022
The SSH server on RUGGEDCOM ROS devices is configured to offer weak ciphers by default. This could allow an unauthorized attacker in a man-in-the-middle position to read and modify any data passed over the connection between legitimate clients and the affected device. Siemens recommends specific countermeasures for products where updates …