Bulletins

Fortinet has published information on vulnerabilities in FortiOS. This advisory lists the related Siemens Industrial products. Siemens has released a new version for RUGGEDCOM APE1808 and recommends to update to the latest version.

Siemens Industrial Edge Devices contain a weak authentication vulnerability that could facilitate an unauthenticated remote attacker to circumvent authentication and impersonate a legitimate user. Siemens has released new versions for the affected products and recommends to update to the latest versions.

Mendix Studio Pro contains a vulnerability in the module installation process, that could allow an attacker to write or modify arbitrary files in directories outside a developer’s project directory. Siemens has released new versions for the affected products and recommends to update to the latest versions.

Solid Edge is affected by multiple file parsing vulnerabilities that could be triggered when the application reads specially crafted files in various formats such as PAR or CFG format. This could allow an attacker to crash the application or execute arbitrary code. Siemens has released a new version for Solid …

1. EXECUTIVE SUMMARY CVSS v4 7.1 ATTENTION : Exploitable remotely/low attack complexity Vendor : Hitachi Energy Equipment : Relion 670/650 and SAM600-IO series Vulnerability : Improper Check for Unusual or Exceptional Conditions 2. RISK EVALUATION An authenticated user with file access privilege via FTP access can cause the Relion 670/650 …

1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION : Exploitable remotely/low attack complexity Vendor : Mitsubishi Electric Equipment : MELSOFT Update Manager Vulnerabilities : Integer Underflow (Wrap or Wraparound), Protection Mechanism Failure 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code, disclose information, alter …