Bulletins

A vulnerability in the affected devices could allow an unauthorized attacker with network access to the webserver of an affected device to perform a denial-of-service attack. Siemens has released updates for several affected products, and recommends that customers update to the new version. Siemens is preparing further updates and recommends …

A vulnerability has been identified in the OPC UA server of several industrial products. The vulnerability could cause a Denial-of-Service condition on the service or the device. Siemens has released updates for several affected products, and recommends that customers update to the new version. Siemens is preparing further updates and …

Microsoft has released updates for several versions of Microsoft Windows, which fix a vulnerability in the Remote Desktop Service. The vulnerability could allow an unauthenticated remote attacker to execute arbitrary code on the target system if the system exposes the service to the network. Some Advanced Therapy products from Siemens …

The latest update for SIMATIC WinCC fixes a vulnerability in the SIMATIC WinCC DataMonitor web application of the affected products that allows to upload arbitrary ASPX code. An attacker has to be authenticated with a valid user account. The vulnerability is only relevant for scenarios where access via the web …

A vulnerability was identified in several SCALANCE X switches that could allow an attacker to feed information into a network via the mirror port with the monitor barrier feature enabled. The monitor barrier implementation in various SCALANCE products does allow traffic to be directed back into the mirroring network. This …

The latest update for the Siveillance VMS line fixes three security vulnerabilities that can cause remote privilege escalation. Siemens has released updates for the affected products and recommends to update affected devices as soon as possible.