SIEMENS CERT
05/10/2022
Devices of the LOGO! CMR family and the SIMATIC RTU 3000 family are affected by several vulnerabilities in the third party component Mbed TLS. They could allow an attacker with access to any of the interfaces of an affected device to impact the availability or to communicate with invalid certificates. …
SIEMENS CERT
05/10/2022
Multiple vulnerabilities were found in SIMATIC WinCC that ultimately could allow local or remote attackers to escalate privileges and read, write or delete critical files. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures …
SIEMENS CERT
05/10/2022
Multiple vulnerabilities were found in SIMATIC WinCC that ultimately could allow attackers to retrieve and brute force password hashes and access other systems. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products …
SIEMENS CERT
04/27/2022
A vulnerability in Spring Framework was disclosed, that could allow remote unauthenticated attackers to execute code on vulnerable systems. The vulnerability is tracked as CVE-2022-22965 and is also known as “Spring4Shell” or “SpringShell”. Siemens is currently investigating to determine which products are affected and is continuously updating this advisory as …
SIEMENS CERT
04/19/2022
A vulnerability in Spring Framework was disclosed, that could allow remote unauthenticated attackers to execute code on vulnerable systems. The vulnerability is tracked as CVE-2022-22965 and is also known as “Spring4Shell” or “SpringShell”. Siemens is currently investigating to determine which products are affected and is continuously updating this advisory as …
SIEMENS CERT
04/12/2022
A vulnerability in affected devices could allow an attacker to perform a denial-of-service attack if a large amount of Profinet Discovery and Configuration Protocol (DCP) reset packets is sent to the affected devices. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens …
SIEMENS CERT
04/12/2022
A vulnerability exists in affected products that could allow remote attackers to affect the availability of the devices under certain conditions. The underlying TCP stack can be forced to make very computation expensive calls for every incoming packet which can lead to a Denial-of-Service.
SIEMENS CERT
04/12/2022
Multiple vulnerabilities were identified in the web components of COMOS that could allow an attacker to conduct code injections, store data in undesired locations, execute arbitrary SQL statements, and run cross-site request forgery attacks. Siemens has released updates for several affected products and recommends to update to the latest versions. …