Bulletins

RUGGEDCOM ROS-based devices are vulnerable to a web-based code injection attack. To execute this attack, it is necessary to access the system via the Command Line Interface (CLI). Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products …

Simcenter Femap is affected by out of bounds write vulnerabilities that could be triggered when the application reads files in X_T format. If a user is tricked to open a malicious file with the affected applications, an attacker could leverage the vulnerability to perform remote code execution in the context …

A vulnerability was identified in RUGGEDCOM ROS devices with mirror port enabled, that could allow an attacker to inject information into the network via the mirror port. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends …

The web server in the CPCI85 firmware of SICAM A8000 CP-8031 and CP-8050 is affected by a path traversal vulnerability that could allow an authenticated remote attacker to traverse directories on the system, download arbitrary files and potentially escalate privileges to the administrator role. Siemens has released updates for the …

The SCALANCE W1750D device contains multiple vulnerabilities in the integrated OpenSSL component that could allow an attacker to read memory contents, decrypt RSA-encrypted messages or create a denial of service condition. Siemens recommends specific countermeasures for products where updates are not, or not yet available.

Several SIMATIC CP devices contain direct memory access vulnerabilities that could allow an attacker to execute code, access the PROFINET network without restrictions or perform denial of service attacks. Siemens recommends specific countermeasures for products where updates are not, or not yet available.