Bulletins

The SCALANCE W700 devices are affected by Wi-Fi encryption bypass vulnerabilities (“Framing Frames”) that could allow an attacker to disclose sensitive information, to steal the victims session or to execute denial-of-service attacks. Siemens recommends countermeasures for products where fixes are not, or not yet available.

Solid Edge is affected by an out of bounds read vulnerability that could be triggered when the application reads files that contains XT parts. If a user is tricked to open a malicious file with the affected applications, an attacker could leverage the vulnerability to perform remote code execution in …

SINEC NMS before V2.0 SP1 is affected by multiple vulnerabilities. Siemens has released an update for SINEC NMS and recommends to update to the latest version.

SIMATIC STEP 7 and PCS 7 contain a database management system that could allow remote users to use embedded functions of the database (local or in a network share) that have impact on the server. An attacker with network access to the server network could leverage these embedded functions to …

Simcenter Femap contains multiple file parsing vulnerabilities that could be triggered when the application reads files in Catia MODEL file formats. If a user is tricked to open a malicious file with any of the affected products, this could lead the application to crash or potentially lead to arbitrary code …

Siveillance Control does not properly check the list of access groups that are assigned to an individual user. This could enable a locally logged on user to gain write privileges for objects where they only have read privileges. Siemens has released a new version for Siveillance Control and recommends to …