SIEMENS CERT
03/09/2021
Siemens has released new versions for Solid Edge to fix multiple vulnerabilities that could be triggered when the application reads files in different file formats (PAR, DFT, XML extensions). If a user is tricked to open a malicious file with the affected application, this could lead to a crash, and …
SIEMENS CERT
03/09/2021
The latest update for SINEMA Remote Connect Server fixes vulnerabilities in the web interface that could allow authenticated unpriviledged user accounts to access functionality unauthorized. Siemens has released updates for SINEMA Remote Connect Server and recommends specific countermeasures.
SIEMENS CERT
03/09/2021
A Denial-of-Service vulnerability has been identified in LOGO! 8 BM. This vulnerability could allow an attacker to crash a device, if a user is tricked into loading a malicious project file onto an affected device. Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or …
SIEMENS CERT
03/09/2021
Mendix Forgot Password Appstore module contains a vulnerability that could allow authorized users to take over accounts. Mendix has released an update for the Mendix Forgot Password Appstore module and recommends to update to the latest version.
SIEMENS CERT
03/09/2021
SIMATIC NET CM 1542-1 and SCALANCE SC600 family devices are vulnerable to a vulnerability in the third party component libcurl that could allow an attacker to cause a Denial-of-Service condition on the affected devices. Siemens has released an update for SCALANCE SC600. For the remaining affected product, Siemens is preparing …
SIEMENS CERT
03/09/2021
Several firmware versions of the SCALANCE and RUGGEDCOM devices listed below are affected by a vulnerability in the passive listening feature that could allow an attacker to cause a reboot or, under specific circumstances, attain remote code execution of the affected devices. Siemens has released updates for several affected products …
SIEMENS CERT
03/09/2021
Several industrial devices are affected by two vulnerabilities that could allow an attacker to cause a Denial-of-Service condition via PROFINET DCP network packets under certain circumstances. The precondition for this scenario is a direct layer 2 access to the affected products. PROFIBUS interfaces are not affected. Siemens has released updates …
SIEMENS CERT
03/09/2021
The latest update for affected products fix local privilege escalation vulnerabilities that could allow authorized local users with administrative privileges to execute custom code with SYSTEM level privileges. Siemens has released updates for some of the affected products, and is working on further updates. For the remaining affected products, Siemens …