SIEMENS CERT
10/11/2022
Session fixation and incorrect parameter parsing vulnerabilities were identified in the web server of SICAM P850 and SICAM P855 devices. Siemens has released updates for the affected products and recommends to update to the latest versions.
SIEMENS CERT
10/11/2022
LOGO! 8 BM (incl. SIPLUS variants) contains multiple web-related vulnerabilities. These could allow an attacker to execute code remotely, put the device into a denial of service state or retrieve parts of the memory. Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not …
SIEMENS CERT
10/11/2022
A denial of service vulnerability has been identified in the Nucleus RTOS (real-time operating system) and reported in the Siemens Security Advisory SSA-313313: https://cert-portal.siemens.com/productcert/html/ssa-313313.html. The products listed below use affected versions of the Nucleus software and inherently contain the vulnerability. Siemens recommends specific countermeasures for products where updates are not, …
SIEMENS CERT
10/11/2022
SINEC NMS contains multiple vulnerabilities that could allow an attacker to execute arbitrary code on the system, arbitrary commands on the local database or achieve privilege escalation. Siemens has released an update for SINEC NMS to fix CVE-2022-24281 and recommends to update to the latest version. Siemens is preparing further …
SIEMENS CERT
10/11/2022
A vulnerability in Spring Framework was disclosed, that could allow remote unauthenticated attackers to execute code on vulnerable systems. The vulnerability is tracked as CVE-2022-22965 and is also known as “Spring4Shell” or “SpringShell”. Siemens has released updates for the affected products and recommends to update to the latest versions.
SIEMENS CERT
10/11/2022
Solid Edge is affected by a heap overflow vulnerability that could be triggered when the application reads DWG files. If a user is tricked to open a malicious file with the affected application, an attacker could leverage the vulnerability to perform remote code execution in the context of the current …
SIEMENS CERT
10/11/2022
The Scalance W1750D device contains multiple vulnerabilities that could allow an attacker to inject commands or exploit multiple buffer overflow vulnerabilities that could lead to denial of service or unauthenticated remote code execution. Siemens has released updates for the SCALANCE W1750D and recommends to update to the latest version. Siemens …
SIEMENS CERT
10/11/2022
A vulnerability in the underlying third party component OPC UA ANSIC Stack (also called Legacy C-Stack) affects several industrial products. The vulnerability could cause a crash of the component that includes the vulnerable part of the stack. Siemens has released updates for several affected products and recommends to update to …