SIEMENS CERT
10/10/2023
A vulnerability in the underlying third party component OPC UA ANSIC Stack (also called Legacy C-Stack) affects several industrial products. The vulnerability could cause a crash of the component that includes the vulnerable part of the stack. Siemens has released updates for the affected products and recommends to update to …
SIEMENS CERT
10/10/2023
The SCALANCE W1750D device contains multiple vulnerabilities in the integrated OpenSSL component that could allow an attacker to read memory contents, decrypt RSA-encrypted messages or create a denial of service condition. Siemens recommends specific countermeasures for products where updates are not, or not yet available.
SIEMENS CERT
10/10/2023
WIBU Systems published information about a heap buffer overflow vulnerability and associated fix releases of CodeMeter Runtime, a product provided by WIBU Systems and used in several Siemens industrial products for license management. The vulnerability is described in the section “Vulnerability Classification” below and got assigned the CVE ID CVE-2023-3935. …
SIEMENS CERT
10/10/2023
SINEC NMS and SINEMA Server V14 contain multiple vulnerabilities that could allow an attacker to execute arbitrary code on the system, arbitrary commands on the local database or achieve privilege escalation. Siemens has released several updates for SINEC NMS and recommends to update to the latest version. Siemens recommends specific …
SIEMENS CERT
10/10/2023
SINEMA Server V14 improperly sanitizes certain SNMP configuration data retrieved from monitored devices. An attacker with access to a monitored device could perform a stored cross-site scripting (XSS) attack that may lead to arbitrary code execution with SYSTEM privileges on the application server. Siemens recommends to migrate to its successor …
SIEMENS CERT
10/10/2023
The Mendix Forgot Password module contains a user enumeration vulnerability that could allow an attacker to retrieve valid users. Siemens has released updates for the affected products and recommends to update to the latest versions.
SIEMENS CERT
10/10/2023
A vulnerability was found in SIMATIC WinCC that could allow authenticated attackers to escape the Kiosk Mode. Siemens has released updates for the affected products and recommends to update to the latest versions.
SIEMENS CERT
10/10/2023
Simcenter Amesim contains a vulnerable SOAP endpoint that could allow an unauthenticated remote attacker to perform DLL injection and execute arbitrary code in the context of the affected application process. Siemens has released an update for Simcenter Amesim and recommends to update to the latest version.