Bulletins

SIMATIC S7 CPU families are affected by a vulnerability that could allow remote attackers to perform a Denial-of-Service attack by sending a specially crafted HTTP request to the web server of an affected device. Siemens has released updates for several affected products, is working on updates for the remaining affected …

JT2Go and Teamcenter Visualization are affected by multiple file parsing vulnerabilities in Drawings SDK from Open Design Alliance. If a user is tricked to open a malicious DWG file with any of the affected products, this could lead the application to crash or potentially lead to arbitrary code execution. Siemens …

A vulnerability made public under the name SAD DNS affects Domain Name System resolvers due to a vulnerability in the Linux kernel when handling ICMP packets. The Siemens products which are affected are listed below. For more information please see https://www.saddns.net/. Siemens has released updates for several affected products and …

The latest update of Mendix Excel Importer module fixes an XML Entity Expansion Injection vulnerability. Mendix has released an update for the Mendix Excel Importer module and recommends to update to the latest version.

Siemens has released updates for Teamcenter that fixes a security vulnerability related to unsecure storage of user credentials. This vulnerability affects Java EE Server Manager HTML Adaptor. This service is not installed by default and currently also obsoleted. Siemens has released updates for the affected products and recommends to update …

The SICAM GridEdge software contains a improper access control vulnerability. This could allow persons with local access to the host system to inject an SSH key. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates …