Bulletins

Teamcenter Active Workspace contains a path traversal vulnerability that could lead to access control violations. Siemens has released updates for the affected products and recommends to update to the latest versions.

Multiple vulnerabilities in SINEMA Remote Connect Server could allow an unauthorized remote attacker to retrieve or manipulate sensitive information from the affected software. In addition, the attacker could also cause a Denial-of-Service condition in devices controlled by the affected software. Siemens has released an update for the SINEMA Remote Connect …

The latest update for SINEMA Remote Connect Client fixes a vulnerability that could allow a local attacker to escalate privileges or even allow remote code execution under certain circumstances. Siemens has released a firmware update for SINEMA Remote Connect Client and proposes mitigations if an update is not possible.

Siemens has released version V13.2.0.1 for JT2Go and Teamcenter Visualization to fix multiple vulnerabilities that could be triggered when the products read files in different file formats (CGM, DGN, DXF, and DWG). If a user is tricked to open a malicious file with the affected products, this could lead the …

One of the DNS-related vulnerabilities that were reported as “Name:Wreck” may affect the following Siemens Energy products: Industrial Gas Turbines SGT-100, SGT-200, SGT-300 and SGT-400 with Allen Bradley control systems Aeroderivative Gas Turbines SGT-A20, SGT-A35 and SGT-A65 with FT125 control systems

SIMATIC CP 1543-1 and CP 1545-1 devices are affected by multiple vulnerabilities in ProFTPD, a third party component, that could allow a remote attacker to access sensitive information and execute arbitrary code. Siemens has released an update for SIMATIC NET CP 1543-1 and recommends to update to the latest version. …