SIEMENS CERT
10/11/2022
A vulnerability in the openSSL component (CVE-2022-0778, [0]) could allow an attacker to create a denial of service condition by providing specially crafted elliptic curve certificates to products that use a vulnerable version of openSSL. Siemens has released updates for several affected products and recommends to update to the latest …
SIEMENS CERT
10/11/2022
The products listed below contain a denial of service vulnerability in the TCP event interface that could allow an unauthenticated remote attacker to render the device unusable. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends …
SIEMENS CERT
10/11/2022
Multiple vulnerabilities were identified in the Apache HTTP Server software. These include NULL Pointer Dereferencing, Out-of-bounds Write and Server-Side Request Forgery related vulnerabilities. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not, or …
SIEMENS CERT
10/11/2022
Industrial Edge Management contains a vulnerability that could allow an unauthenticated attacker to spoof a trusted entity by interfering in the communication path between the Industrial Edge Management (IEM) and the Industrial Edge Hub (IEH) using a crafted certificate. An attacker could use this to inject malicious maintenance requests (e.g. …
SIEMENS CERT
09/13/2022
The boot loader within RUGGEDCOM ROS contains two vulnerabilities in the loading process of the operating system kernel. The more severe of these vulnerabilities could allow an attacker with local access to the device to execute arbitrary code on an affected device. Siemens recommends specific countermeasures to mitigate this issue.
SIEMENS CERT
09/13/2022
The default installation of the Windows version of the CoreShield One-Way Gateway (OWG) software sets insecure file permissions that could allow a local attacker to escalate privileges to local administrator. Siemens Mobility has released an update for the CoreShield OWG software and recommends to update to the latest version.
SIEMENS CERT
09/13/2022
Multiple vulnerabilities affecting various third-party components of SINEC INS before V1.0 SP2 could allow an attacker to cause a denial of service condition, disclose sensitive data or violate the system integrity. Siemens has released an update for the SINEC INS and recommends to update to the latest version.
SIEMENS CERT
09/13/2022
A vulnerability in the openSSL component (CVE-2022-0778, [0]) could allow an attacker to create a denial of service condition by providing specially crafted elliptic curve certificates to products that use a vulnerable version of openSSL. Siemens has released updates for several affected products and recommends to update to the latest …