SIEMENS CERT
07/09/2024
Affected applications do not properly restrict the .NET BinaryFormatter when deserializing user-controllable input. This could allow an attacker to cause a type confusion and execute arbitrary code within the affected application. Siemens has released a new version for SIMATIC STEP 7 (TIA Portal) V18 and recommends to update to the …
SIEMENS CERT
07/09/2024
Fortinet has published information on vulnerabilities in FORTIOS. This advisory lists the related Siemens Industrial products. Siemens has released a new version of Fortigate NGFW for RUGGEDCOM APE1808 and recommends to update to the latest version. Siemens recommends to consult and implement the workarounds provided in Fortinet’s upstream security notifications.
SIEMENS CERT
07/09/2024
SINEMA Remote Connect Server before V3.2 HF1 is affected by multiple vulnerabilities. Siemens has released a new version for SINEMA Remote Connect Client and recommends to update to the latest version.
SIEMENS CERT
07/09/2024
Multiple versions of SIMATIC WinCC and SIMATIC PCS 7 do not properly handle certain requests to their web application (WinCC WebNavigator, PCS 7 Web Serser, and PCS 7 Web Diagnostics Server), which may lead to the leak of privileged information. This could allow an unauthenticated remote attacker to retrieve information …
SIEMENS CERT
07/09/2024
SINEMA Remote Connect Server before V3.2 HF1 is affected by multiple vulnerabilities. Siemens has released a new version for SINEMA Remote Connect Server and recommends to update to the latest version.
SIEMENS CERT
07/09/2024
Several industrial products contain an out of bounds read vulnerability that could allow an attacker to cause a Blue Screen of Death (BSOD) crash of the underlying Windows kernel, leading to denial of service condition. Siemens has released new versions for several affected products and recommends to update to the …
SIEMENS CERT
07/09/2024
Several Intel-CPU based SIMATIC IPCs are affected by an information exposure vulnerability (CVE-2022-40982) in the CPU that could allow an authenticated local user to potentially read other users’ data [1]. The issue is also known as “Gather Data Sampling” (GDS) or Downfall Attacks. For details refer to the chapter “Additional …
SIEMENS CERT
07/09/2024
The Mendix Encryption module versions V10.0.0 and V10.0.1 define a specific hard-coded default value for the EncryptionKey constant, which is used in projects where no individual EncryptionKey was specified. This could allow to an attacker to decrypt any encrypted project data, as the default encryption key can be considered compromised. …