SIEMENS CERT
01/12/2021
The products listed below contain a vulnerability that could allow remote attackers to affect the availability of the devices under certain conditions. The underlying TCP stack can be forced to make very computation expensive calls for every incoming packet which can lead to a Denial-of-Service. Siemens is working on software …
SIEMENS CERT
01/12/2021
Solid Edge is affected by multiple vulnerabilities that could allow arbitrary code execution on an affected system. Siemens has released an update for Solid Edge and recommends to update to the latest version.
SIEMENS CERT
01/12/2021
JT2Go and Teamcenter Visualization are affected by multiple vulnerabilities that could lead to arbitrary code execution or data extraction on the target host system. Siemens has released updates for both affected products and recommends to update to the latest versions. Siemens is also preparing further updates and recommends specific countermeasures …
SIEMENS CERT
01/12/2021
Scalance X devices might not generate a unique random key after factory reset, and use a private key shipped with the firmware Siemens has released updates for some devices, is working on updates for the remaining affected products and recommends specific countermeasures until fixes are available.
SIEMENS CERT
01/12/2021
Several SCALANCE X switches contain vulnerabilities in the web server of the affected devices. An unauthenticated attacker could reboot, cause denial-of-service conditions and potentially impact the system by other means through heap and buffer overflow vulnerabilities. Siemens has released updates for several affected products and recommends to update to the …
SIEMENS CERT
12/08/2020
A missing authentication vulnerability has been identified in SIEMENS LOGO!8 BM devices. The vulnerability could lead to an attacker reading and modifying the device configuration and obtain project files from the devices if the attacker has access to port 135/tcp.
SIEMENS CERT
12/08/2020
An information disclosure vulnerability (CVE-2019-15126, also known as Kr00k) could allow an attacker to read a discrete set of traffic over the air after a Wi-Fi device state change. Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available.
SIEMENS CERT
12/08/2020
Multiple SIMATIC Software products are affected by two vulnerabilities that could allow an attacker to manipulate project files that may lead to Remote Code Execution or Denial-of-Service attacks. Siemens has released updates to some of the affected products and recommends that customers update to the latest version. Siemens is preparing …