Bulletins

COMOS before V10.6 is affected by a local arbitrary code execution vulnerability in the integrated Open Design Alliance Drawings SDK. Siemens has released a new version for COMOS and recommends to update to the latest version.

The basic authentication mechanism of Mendix Runtime contains a race condition vulnerability which could allow unauthenticated remote attackers to circumvent default account lockout measures. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where fixes are …

SCALANCE XB-200/XC-200/XP-200/XF-200BA/XR-300WG Family is affected by multiple vulnerabilities. CVE-2023-44318 and CVE-2023-44321 were previously published as part of SSA-699386. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens recommends countermeasures for products where fixes are not, or not yet available.

WIBU Systems published information about a privilege escalation vulnerability under a certain circumstances and associated fix releases of CodeMeter Runtime, a product provided by WIBU Systems and used in several Siemens industrial products. Siemens has released new versions for affected products and recommends to update to the latest versions. Siemens …

Multiple vulnerabilities affect the RUGGEDCOM Operating System (ROS). The common denominator to all vulnerabilities is the leak of confidential information. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where fixes are not, or not yet …

Summary The Cybersecurity and Infrastructure Security Agency (CISA) and U.S. Coast Guard (USCG) are issuing this Cybersecurity Advisory to present findings from a recent CISA and USCG hunt engagement. The purpose of this advisory is to highlight identified cybersecurity issues, thereby informing security defenders in other organizations of potential similar …

1. EXECUTIVE SUMMARY CVSS v3 7.0 ATTENTION : Exploitable from a local network Vendor : Mitsubishi Electric Equipment : CNC Series Vulnerability : Uncontrolled Search Path Element 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute malicious code by getting setup-launcher to load a malicious …