Bulletins

SINEC PNI before V2.0 is affected by multiple vulnerabilities. Siemens has released an update for SINEC PNI and recommends to update to the latest version.

Siemens OPC UA Modeling Editor (SiOME) is affected by an XML external entity (XXE) injection vulnerability that could allow an attacker to interfere with an application’s processing of XML data and read arbitrary files in the system. Siemens has released a new version for Siemens OPC UA Modelling Editor (SiOME) …

The SCALANCE W1750D device contains multiple vulnerabilities that could allow an attacker to inject commands or exploit buffer overflow vulnerabilities which could lead to sensitive information disclosure, unauthenticated denial of service or unauthenticated remote code execution. Siemens has released updates for the affected products and recommends to update to the …

Siemens Xpedition Layout Browser consists of a stack overflow vulnerability that could be triggered when the application reads a malicious file in PCB format. If a user is tricked to open a malicious file with the affected product, this could lead the application to crash or potentially lead to arbitrary …

SICAM PAS/PQS is affected by insecure permission assignments in application folders that could allow an authenticated local attacker to read and modify configuration data or to escalate privileges. Siemens has prepared a security patch and recommends to run it on affected systems to fix the permissions of the impacted folders. …

SINEC NMS before V2.0 is affected by a code injection and a stored cross-site scripting vulnerability. Siemens has released an update for SINEC NMS and recommends to update to the latest version.

The CPCI85 firmware of SICAM A8000 CP-8031 and CP-8050 contains a hard-coded ID in the SSH authorized_keys configuration file. An attacker with knowledge of the corresponding credential could login to the device via SSH. Only devices with activated debug support are affected. Siemens has released updates for the affected products …