Bulletins

SIEMENS CERT
03/08/2022
Security researchers published information on a vulnerability known as Crosstalk (INTEL-SA-00320). This vulnerability affects modern Intel processors to a varying degree. Several Siemens Industrial Products contain processors that are affected by the vulnerability. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens …
SIEMENS CERT
03/08/2022
Intel has published information on vulnerabilities in Intel products in November 2020. This advisory lists the Siemens Controllers that are affected by these vulnerabilities. In this advisory we take a representative CVE from each advisory: “Intel CSME, SPS, TXE, AMT and DAL Advisory” Intel-SA-00391 is represented by CVE-2020-8744 “BIOS Advisory” …
SIEMENS CERT
03/08/2022
On 2021-12-09, a vulnerability in Apache Log4j (a logging tool used in many Java-based applications) was disclosed, that could allow remote unauthenticated attackers to execute code on vulnerable systems. The vulnerability is tracked as CVE-2021-44228 and is also known as “Log4Shell”. On 2021-12-14 an additional denial of service vulnerability (CVE-2021-45046) …
SIEMENS CERT
03/08/2022
Mendix Forgot Password Appstore module contains two vulnerabilities that could allow unauthorized users to take over accounts. Mendix has released an update for the Mendix Forgot Password Appstore module and recommends to update to the latest version.
SIEMENS CERT
03/08/2022
A XPath Constraint vulnerability in the Mendix Studio Pro was discovered, that can affect the running applications. The vulnerability, if acted upon by a malicious user, could allow them the ability to dump and modify sensitive data. Mendix has released updates for the affected product lines, recommends to update to …
SIEMENS CERT
03/08/2022
Climatix POL909 (AWM and AWB) contains an information disclosure vulnerability that could allow a man-in-the-middle attacker to read sensitive data, such as administrator credentials, or modify data in transit. Siemens has released an update for Climatix POL909 (AWM and AWB) and recommends to update to the latest version.
SIEMENS CERT
03/08/2022
COMOS uses Drawings SDK from Open Design Alliance that is affected by multiple vulnerabilities that could be triggered when the application reads files in DGN, DXF or DWG file formats. If a user is tricked to open a malicious file with the affected application, an attacker could leverage the vulnerability …
SIEMENS CERT
03/08/2022
Siemens Simcenter STAR-CCM+ Viewer is affected by a memory corruption vulnerability that could be triggered when the application reads scene (.sce) files. If a user is tricked to open a malicious file with the affected application, this could lead to a crash, and potentially also to arbitrary code execution or …