Bulletins

The installers used to install several Siemens products are affected by a DLL hijacking vulnerability. This could allow an attacker to execute arbitrary code when a legitimate user installs an application that uses the affected installer component. This vulnerability poses a risk only during setup and installation phase of the …

Polarion before V2506 contains a vulnerability that could allow authenticated remote attackers to conduct cross-site scripting attacks. Siemens has released new versions for the affected products and recommends to update to the latest versions.

The embedded web server on affected devices contains a buffer overflow vulnerability. This could allow remote attackers to cause a denial of service (device reboot) or possibly execute arbitrary code via a malformed URL. Siemens has released new versions for the affected products and recommends to update to the latest …

Multiple vulnerabilities have been identified in the additional GNU/Linux subsystem of the firmware version V3.1.5 for the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP (incl. SIPLUS variant). Siemens is preparing fix versions and recommends countermeasures for products where fixes are not, or not yet available.

SiPass integrated contains multiple vulnerabilities that could allow an unauthenticated remote attacker to exploit user accounts, manipulate data, impersonate users, or achieve arbitrary code execution on the SiPass integrated server. Siemens has released a new version for SiPass integrated and recommends to update to the latest version.

The Webhooks implementation of Siveillance Video Management Servers contains a vulnerability that could allow an authenticated remote attacker with read-only privileges to achieve full access to Webhooks API. Siemens has released new versions for the affected products and recommends to update to the latest versions.