SIEMENS CERT
10/11/2022
Industrial Edge Management contains a vulnerability that could allow an unauthenticated attacker to spoof a trusted entity by interfering in the communication path between the Industrial Edge Management (IEM) and the Industrial Edge Hub (IEH) using a crafted certificate. An attacker could use this to inject malicious maintenance requests (e.g. …
SIEMENS CERT
10/11/2022
JT Open Toolkit (JTTK) and Simcenter Femap are affected by an uninitialized pointer reference vulnerability that could be triggered while parsing JT files. If a user is tricked to open a malicious JT file with any of the affected products, this could cause the application to crash or potentially lead …
SIEMENS CERT
10/11/2022
Several SIMATIC HMI Panels are affected by a vulnerability that could allow an attacker to cause a permanent denial of service condition (requiring a device reboot) by sending specially crafted TCP packets. Siemens has released updates for the affected products and recommends to update to the latest versions.
SIEMENS CERT
10/11/2022
Desigo PXM devices contain multiple vulnerabilities in the webserver application that could allow an attacker to potentially access sensitive information, execute arbitrary commands, cause a denial of service condition, or perform remote code execution. Siemens has released updates for the affected products and recommends to update to the latest versions.
SIEMENS CERT
10/11/2022
Desigo CC and Cerberus DMS are based on SIMATIC WinCC OA and implement client-side only authentication for specific parts of their client-server communication. In this configuration, attackers could impersonate other users or exploit the client-server protocol without being authenticated, as documented for SIMATIC WinCC OA in SSA-111512 [1]. Siemens recommends …
SIEMENS CERT
10/11/2022
The FTP server of the networking component (Nucleus NET) in Nucleus Real-Time Operating System (RTOS) does not properly release memory resources that were reserved for incomplete connection attempts by FTP clients. This could allow a remote attacker to generate a denial of service condition on devices that incorporate a vulnerable …
SIEMENS CERT
10/11/2022
The Scalance W1750D device contains multiple vulnerabilities that could allow an attacker to inject commands or exploit multiple buffer overflow vulnerabilities that could lead to denial of service or unauthenticated remote code execution. Siemens has released updates for the SCALANCE W1750D and recommends to update to the latest version. Siemens …
SIEMENS CERT
10/11/2022
There is a cross-site scripting vulnerability that affects the SCALANCE switches. This vulnerability if used by a threat actor could result in the stealing of session cookies and session hijacking. Siemens has released updates for the affected products and recommends to update to the latest versions.