Bulletins

The latest update for SIMATIC Process Historian (PH) fixes an authentication vulnerability in the configuration interface of redundant PH instances that could enable the execution of admin operations on the database. The related vulnerable interface is restricted to local access on recent versions starting from SIMATIC Process Historian 2020. Siemens …

A Denial-of-Service vulnerability found in SINUMERIK Controllers could allow an unauthenticated attacker with network access to the affected devices to cause system failure with total loss of availability. Siemens has released an update for the SINUMERIK 828D and recommends to update to the latest version. Siemens recommends specific countermeasures for …

The latest update for RUGGEDCOM ROX devices fixes a vulnerability that could allow an unauthenticated attacker to cause a permanent Denial-of-Service condition under certain conditions. Siemens has released updates for the affected products and recommends to update to the latest versions.

The latest update for SINEC NMS fixes multiple vulnerabilities. The most severe could allow an authenticated remote attacker to execute arbitrary code on the system, with system privileges, under certain conditions. Siemens has released an update for SINEC NMS and recommends to update to the latest version.

Siemens has released a new version for Solid Edge that fixes multiple file parsing vulnerabilities which could be triggered when the application reads files in IFC, JT or OBJ formats. If a user is tricked to opening a malicious file using the affected application this could lead the application to …

Desigo CC, Desigo CC Compact and Cerberus DMS that use CCOM communication component hosted in IIS contain a deserialisation vulnerability that could allow an unauthenticated attacker to perform remote code execution. Only those systems that use Windows App and/or IE XBAP Web Client are affected. Regular installed clients and the …

The latest update for SIPROTEC 5 family devices fixes a vulnerability in the web interface which could allow unauthorized users to cause a Denial-of-Service situation by sending maliciously crafted web requests. Siemens has released an update for the SIPROTEC 5 and recommends to update to the latest version.