Bulletins

Fortinet has published information on vulnerabilities in FORTIOS. This advisory lists the related Siemens Industrial products. Siemens has released a new version for RUGGEDCOM APE1808 and recommends to update to the latest version. Siemens is preparing further fix versions and recommends specific countermeasures for products where fixes are not, or …

Palo Alto Networks has published [1] information on vulnerabilities in PAN-OS. This advisory lists the related Siemens Industrial products affected by these vulnerabilities. Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available. Customers are advised to consult and implement the workarounds …

Questa and ModelSim (incl. OEM Editions) are affected by multiple vulnerabilities that could allow a local attacker to inject arbitrary code and escalate privileges. Siemens has released new versions for the affected products and recommends to update to the latest versions.

Energy Services from Siemens (previously known as Managed Applications and Services), sell solutions using Elspec G5 Digital Fault Recorder which contains default credentials with admin privileges. A client configuration with remote access could allow an attacker to gain remote control of the G5DFR component and tamper outputs from the device.

The Mendix OIDC SSO module grants read and write access to all tokens exclusively to the Administrator role and could result in privilege misuse by an adversary modifying the module during Mendix development. Siemens has released new versions for several affected products and recommends to update to the latest versions. …