SIEMENS CERT
06/14/2022
A vulnerability was found in SIMATIC WinCC that could allow authenticated attackers to escape the Kiosk Mode. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not, or not yet available.
SIEMENS CERT
06/14/2022
The products listed below contain a local privilege escalation vulnerability (CVE-2021-4034) found on polkit’s pkexec utility, that could allow an unprivileged user to gain administrative rights. Siemens has released updates for the affected products and recommends to update to the latest versions.
SIEMENS CERT
06/14/2022
A vulnerability made public under the name SAD DNS affects Domain Name System resolvers due to a vulnerability in the Linux kernel when handling ICMP packets. The Siemens products which are affected are listed below. For more information please see https://www.saddns.net/. Siemens has released updates for several affected products and …
SIEMENS CERT
06/14/2022
Siemens has released updates for JT2Go, Solid Edge and Teamcenter Visualization to fix multiple file parsing vulnerabilities. If a user is tricked to open a malicious file (crafted as PDF, DXF or PAR) with any of the affected products, this could lead the application to crash or potentially lead to …
SIEMENS CERT
06/14/2022
An information disclosure vulnerability in Mendix applications was discovered. The vulnerability could allow to read sensitive data. Siemens has released updates for several Mendix Applications and recommends to update to the latest versions. Siemens is preparing further updates and recommends countermeasures for products where updates are not, or not yet …
SIEMENS CERT
06/14/2022
A vulnerability in Xpedition Designer could allow an attacker with an unprivileged account to override or modify the service executable and subsequently gain elevated privileges. Siemens has released an update for the Xpedition Designer and recommends to update to the latest version.
SIEMENS CERT
06/14/2022
A vulnerability in Spring Framework was disclosed, that could allow remote unauthenticated attackers to execute code on vulnerable systems. The vulnerability is tracked as CVE-2022-22965 and is also known as “Spring4Shell” or “SpringShell”. Siemens is currently investigating to determine which products are affected and is continuously updating this advisory as …
SIEMENS CERT
06/14/2022
Several industrial products are affected by a vulnerability that could allow remote attackers to conduct a denial of service attack by sending specially crafted packets to port 161/udp (SNMP). Siemens has released updates for several affected products and recommends to update to the new versions. Siemens is preparing further updates …