SIEMENS CERT
12/13/2022
The Siemens PLM Help Server V4.2 for documentation contains a reflected cross-site scripting vulnerability. This product has reached end of life, and security vulnerabilities are no longer patched. Siemens has released a new version of Documentation Server that resolves this vulnerability. See the chapter “Additional Information” below for more details.
SIEMENS CERT
12/13/2022
SCALANCE X devices might not generate a unique random key after factory reset, and use a private key shipped with the firmware. Siemens has released updates for the affected products and recommends to update to the latest versions.
SIEMENS CERT
12/13/2022
The Mendix Workflow Commons module improperly handles access control for some module entities. This could allow authenticated remote attackers to read or delete sensitive information. Mendix has released an update for the Mendix Workflow Commons module and recommends to update to the latest version. Note that the fix might slightly …
SIEMENS CERT
12/13/2022
Devices of the SIPROTEC 5 family contain a vulnerability related to secure client-initiated renegotiation. This could allow an unauthenticated attacker to cause a denial of service condition for the duration of the attack. Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet …
SIEMENS CERT
12/13/2022
The products listed below do not properly authorize the change password function of the web interface. This could allow low privileged users to escalate their privileges. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific …
SIEMENS CERT
12/13/2022
SIMATIC WinCC OA contains an argument injection vulnerability that could allow an authenticated remote attacker to inject arbitrary parameters, when starting the Ultralight Client via the web interface (e.g., open attacker chosen panels with the attacker’s credentials or start a Ctrl script). Siemens has released updates for several affected products …
SIEMENS CERT
12/13/2022
Two cross-site scripting (XSS) vulnerabilities were identified in the web server of several SCALANCE X switches. Siemens has released updates for the affected products and recommends to update to the latest versions.
SIEMENS CERT
12/13/2022
The web server login page of affected products does not apply proper origin checking. This could allow authenticated remote attackers to track the activities of other users via a login cross-site request forgery attack.. Siemens has released updates for several affected products and recommends to update to the latest versions. …