SIEMENS CERT
02/14/2023
Siemens has released a new version for Brownfield Connectivity - Gateway that contains fixes for multiple vulnerabilities in the underlying Golang implementation. Successful exploitation of these vulnerabilities could lead to Denial of Service (DoS). Siemens has released an update for Brownfield Connectivity - Gateway and recommends to update to the …
SIEMENS CERT
02/14/2023
A vulnerability in the openSSL component (CVE-2022-0778, [0]) could allow an attacker to create a denial of service condition by providing specially crafted elliptic curve certificates to products that use a vulnerable version of openSSL. Siemens has released updates for several affected products and recommends to update to the latest …
SIEMENS CERT
02/14/2023
COMOS is affected by memory corruption vulnerability in the cache validation service that could allow an attacker to execute arbitrary code or cause denial of service condition. Siemens has released updates for the affected products and recommends to update to the latest versions.
SIEMENS CERT
02/14/2023
Intel has published information on vulnerabilities in Intel products in November 2022. This advisory lists the related Siemens Industrial products affected by these vulnerabilities that can be patched by applying the corresponding BIOS update (“2022.3 IPU – BIOS Advisory” Intel-SA-00688). Siemens is preparing updates and recommends specific countermeasures for products …
SIEMENS CERT
02/14/2023
SiPass integrated ACC (Advanced Central Controller) devices improperly sanitize user input on the telnet command line interface. This could allow an authenticated user to escalate privileges by injecting arbitrary commands that are executed with root privileges. Siemens has released updates for the affected products and recommends to update to the …
SIEMENS CERT
02/14/2023
TIA Project-Server formerly known as TIA Multiuser Server contains an untrusted search path vulnerability that could allow an attacker to escalate privileges, when tricking a legitimate user to start the service from an attacker controlled path. Siemens has released updates for several affected products and recommends to update to the …
SIEMENS CERT
01/10/2023
The Mendix SAML module is affected by a reflected cross-site scripting (XSS) vulnerability that could allow an attacker to extract sensitive information by tricking users into accessing a malicious link. Apps are only vulnerable in certain cases when non-default configuration is used. Siemens has released updates for the affected products …
SIEMENS CERT
01/10/2023
Solid Edge is affected by memory corruption vulnerability that could be triggered when the application read files in different file formats such as PAR, ASM, DFT. If a user is tricked to open a malicious file with the affected applications, an attacker could leverage the vulnerability to perform remote code …