SIEMENS CERT
06/13/2023
Multiple vulnerabilities have been identified in the Linux Kernel of the SIMATIC S7-1500 TM MFP V1.0. Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available.
SIEMENS CERT
06/13/2023
Several Desigo PXC/PXM devices contain a vulnerability that could allow unauthenticated remote attackers to upload malicious firmware without prior authentication. Siemens has released updates for the affected products and recommends to update to the latest versions.
SIEMENS CERT
06/13/2023
Multiple vulnerabilities have been identified in the BIOS of the SIMATIC S7-1500 TM MFP V1.0. Siemens is preparing updates and recommends countermeasures for products where updates are not, or not yet available.
SIEMENS CERT
06/13/2023
SSA-851884 V1.1 (Last Update: 2023-06-13): Authentication Bypass Vulnerability in Mendix SAML Module
The Mendix SAML module insufficiently verifies the SAML assertions. This could allow unauthenticated remote attackers to bypass authentication and get access to the application. Mendix has provided fix releases for the Mendix SAML module and recommends to update to the latest version. Note: For compatibility reasons, fix versions are introduced …
SIEMENS CERT
06/13/2023
Multiple vulnerabilities were identified in the webserver of Q200 devices. These include Cross Site Request Forgery (CSRF), session fixation, missing secure flags in HTTP cookies and memory corruption issues due to missing input validation that could lead to remote code execution. Siemens has released an update for POWER METER SICAM …
SIEMENS CERT
06/13/2023
SIMATIC WinCC V7 is affected by a vulnerability that could allow a local attacker to inject arbitrary code and escalate privileges, if a non-default installation path was chosen during installation. Siemens has released an update for SIMATIC WinCC and recommends to update to the latest version.
SIEMENS CERT
05/09/2023
The web server login page of affected products does not apply proper origin checking. This could allow authenticated remote attackers to track the activities of other users via a login cross-site request forgery attack.. Siemens has released updates for several affected products and recommends to update to the latest versions. …
SIEMENS CERT
05/09/2023
A vulnerability in the affected devices could allow an unauthorized attacker with network access to the webserver of an affected device to perform a denial of service attack. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products …