Bulletins

A vulnerability in the openSSL component (CVE-2022-0778, [0]) could allow an attacker to create a denial of service condition by providing specially crafted elliptic curve certificates to products that use a vulnerable version of openSSL. Siemens has released updates for several affected products and recommends to update to the latest …

SCALANCE devices contain multiple vulnerabilities in MSPS based product lines that could allow authenticated remote attackers to execute custom code or create a XSS situation, as well as unauthenticated remote attackers to create a denial of service condition. Siemens has released updates for several affected products and recommends to update …

The Mendix SAML module insufficiently protects from packet capture replay. This could allow unauthorized remote attackers to bypass authentication and get access to the application. Mendix has provided fix releases for the Mendix SAML module and recommends to update to the latest version. Note: For compatibility reasons, fix versions still …

Multiple vulnerabilities affecting various third-party components of SINEC INS before V1.0 SP2 could allow an attacker to cause a denial of service condition, disclose sensitive data or violate the system integrity. Siemens has released an update for the SINEC INS and recommends to update to the latest version.

A vulnerability in the openSSL component (CVE-2022-0778, [0]) could allow an attacker to create a denial of service condition by providing specially crafted elliptic curve certificates to products that use a vulnerable version of openSSL. Siemens has released updates for several affected products and recommends to update to the latest …

A vulnerability was identified in the web server module used in the SICAM A8000 CP-8000, CP-8021 and CP-8022 devices’ protocol firmwares. AGPMT0 (AGP Master) DNPiT1 (DNP3 TCP/IP Server) DNPiT2 (DNP3 TCP/IP Client) DNPMT0 (DNP3 Master seriell) DNPST0 (DNP3 Slave seriell) ET83 (61850 Ed.1) ET85 (61850 Ed.2) MBCiT0 (MODBUS TCP/IP Client) …