SIEMENS CERT
11/09/2021
Security researchers discovered and disclosed 9 vulnerabilities in several DNS implementations, also known as “NAME:WRECK” vulnerabilities. The vulnerability described in this advisory is from this set. The DNS client of of the networking component (Nucleus NET) in Nucleus Real-Time Operating System (RTOS) contains a vulnerability related to the handling of …
SIEMENS CERT
11/09/2021
The networking component (Nucleus NET) in Nucleus Real-Time Operating System (RTOS) use Initial Sequence Numbers for TCP-Sessions that are predictable. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not available.
SIEMENS CERT
11/09/2021
The Scalance W1750D device contains multiple vulnerabilities that could allow an attacker to execute code on the affected device(s), read arbitrary files, or create a denial-of-service condition. Siemens has released an update for the SCALANCE W1750D and recommends to update to the latest version. Siemens is preparing further updates and …
SIEMENS CERT
11/09/2021
A vulnerability made public under the name SAD DNS affects Domain Name System resolvers due to a vulnerability in the Linux kernel when handling ICMP packets. The Siemens products which are affected are listed below. For more information please see https://www.saddns.net/. Siemens has released updates for several affected products and …
SIEMENS CERT
10/12/2021
A vulnerability was identified in several SCALANCE X switches that could allow an attacker to feed information into a network via the mirror port with the monitor barrier feature enabled. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures …
SIEMENS CERT
10/12/2021
Multiple vulnerabilities in RUGGEDCOM ROX devices have been detected, ranging from command injection to filesystem traversal. An attacker could exploit these to gain root access to the affected devices. Siemens has released updates for the affected products and recommends to update to the latest versions.
SIEMENS CERT
10/12/2021
The latest update for SIMATIC Process Historian (PH) fixes an authentication vulnerability in the configuration interface of redundant PH instances that could enable the execution of admin operations on the database. The related vulnerable interface is restricted to local access on recent versions starting from SIMATIC Process Historian 2020. Siemens …
SIEMENS CERT
10/12/2021
A Denial-of-Service vulnerability found in SINUMERIK Controllers could allow an unauthenticated attacker with network access to the affected devices to cause system failure with total loss of availability. Siemens has released an update for the SINUMERIK 828D and recommends to update to the latest version. Siemens recommends specific countermeasures for …