Bulletins

SCALANCE devices contain multiple vulnerabilities in MSPS based product lines that could allow authenticated remote attackers to execute custom code or create a XSS situation, as well as unauthenticated remote attackers to create a denial of service condition. Siemens has released updates for several affected products and recommends to update …

Siemens Teamcenter Visualization and JT2Go are affected by multiple file parsing vulnerabilities that could be triggered when the application reads a malicious file in CGM or RAS format. If a user is tricked to open a malicious file with the affected products, this could lead the application to crash or …

The Mendix Forgot Password module contains an observable response discrepancy issue that could allow an attacker to retrieve sensitive information. Siemens has released updates for the affected products and recommends to update to the latest versions.

A vulnerability was identified in OPC Foundation Local Discovery Server which also affects Siemens products that could allow an attacker to escalate privileges under certain circumstances. Siemens has released an update for SIMATIC WinCC and recommends to update to the latest version. Siemens is preparing further updates and recommends specific …

The latest update of the SCALANCE X-200 and X-300/X408 switches families fixes multiple OpenSSH vulnerabilities. The most severe of these vulnerabilities could allow a denial of service condition. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and …

A vulnerability in the third party component SISCO MMS-EASE could allow attackers to cause a denial of service condition with SIPROTEC 5 devices. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products …

The SCALANCE W1750D device contains multiple vulnerabilities in the integrated OpenSSL component that could allow an attacker to read memory contents, decrypt RSA-encrypted messages or create a denial of service condition. Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available.