SIEMENS CERT
11/08/2022
RUGGEDCOM ROS-based devices are vulnerable to a denial of service attack (Slowloris). By sending partial HTTP requests nonstop, with none completed, the affected web servers will be waiting for the completion of each request, occupying all available HTTP connections. The web server recovers by itself once the attack ends. Siemens …
SIEMENS CERT
11/08/2022
Parasolid is affected by out of bounds read/write vulnerabilities that could be triggered when the application reads files in X_T format. If a user is tricked to open a malicious file with the affected applications, an attacker could leverage the vulnerability to perform remote code execution in the context of …
SIEMENS CERT
11/08/2022
The networking component (Nucleus NET) in Nucleus Real-Time Operating System (RTOS) use Initial Sequence Numbers for TCP-Sessions that are predictable. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not available.
SIEMENS CERT
11/08/2022
A security research [1] identified weaknesses in the IEEE 1735 recommended practice for encryption of Design IP, which could allow a sophisticated attacker access to unencrypted Design IP data in IEEE 1735-compliant products. This advisory addresses the specific details for the affected Siemens software products: Questa and ModelSim simulators. Siemens …
SIEMENS CERT
10/21/2022
The mobile server component of Siveillance Video 2022 R2 contains an authentication bypass vulnerability that could allow an unauthenticated remote attacker to access the application without a valid account. Siemens has released a hotfix for Siveillance Video 2022 R2 and recommends to apply the hotfix on all installations of the …
SIEMENS CERT
10/11/2022
A denial of service vulnerability has been identified in the Nucleus RTOS (real-time operating system) and reported in the Siemens Security Advisory SSA-313313: https://cert-portal.siemens.com/productcert/html/ssa-313313.html. The products listed below use affected versions of the Nucleus software and inherently contain the vulnerability. Siemens recommends specific countermeasures for products where updates are not, …
SIEMENS CERT
10/11/2022
OpenSSL has published a security advisory [0] about a vulnerability in OpenSSL versions 1.1.1 < 1.1.1l and 1.0.2 < 1.0.2za that allows an attacker to cause a denial of service (DoS) or to disclose private memory content. Siemens has released updates for several affected products and recommends to update to …
SIEMENS CERT
10/11/2022
SINEC NMS contains multiple vulnerabilities that could allow an attacker to execute arbitrary code on the system, arbitrary commands on the local database or achieve privilege escalation. Siemens has released an update for SINEC NMS to fix CVE-2022-24281 and recommends to update to the latest version. Siemens is preparing further …