SIEMENS CERT
10/10/2023
SICAM PAS/PQS is affected by insecure permission assignments in application folders that could allow an authenticated local attacker to read and modify configuration data or to escalate privileges. Siemens has prepared a security patch and recommends to run it on affected systems to fix the permissions of the impacted folders. …
SIEMENS CERT
10/10/2023
The CPCI85 firmware of SICAM A8000 CP-8031 and CP-8050 contains a hard-coded ID in the SSH authorized_keys configuration file. An attacker with knowledge of the corresponding credential could login to the device via SSH. Only devices with activated debug support are affected. Siemens has released updates for the affected products …
SIEMENS CERT
10/10/2023
SINEC NMS before V2.0 is affected by a code injection and a stored cross-site scripting vulnerability. Siemens has released an update for SINEC NMS and recommends to update to the latest version.
SIEMENS CERT
10/10/2023
Siemens Xpedition Layout Browser consists of a stack overflow vulnerability that could be triggered when the application reads a malicious file in PCB format. If a user is tricked to open a malicious file with the affected product, this could lead the application to crash or potentially lead to arbitrary …
SIEMENS CERT
10/10/2023
WIBU Systems published information about a heap buffer overflow vulnerability and associated fix releases of CodeMeter Runtime, a product provided by WIBU Systems and used in several Siemens industrial products for license management. The vulnerability is described in the section “Vulnerability Classification” below and got assigned the CVE ID CVE-2023-3935. …
SIEMENS CERT
10/10/2023
SINEC NMS and SINEMA Server V14 contain multiple vulnerabilities that could allow an attacker to execute arbitrary code on the system, arbitrary commands on the local database or achieve privilege escalation. Siemens has released several updates for SINEC NMS and recommends to update to the latest version. Siemens recommends specific …
SIEMENS CERT
10/10/2023
A vulnerability in the underlying third party component OPC UA ANSIC Stack (also called Legacy C-Stack) affects several industrial products. The vulnerability could cause a crash of the component that includes the vulnerable part of the stack. Siemens has released updates for the affected products and recommends to update to …
SIEMENS CERT
10/10/2023
The Mendix Forgot Password module contains a user enumeration vulnerability that could allow an attacker to retrieve valid users. Siemens has released updates for the affected products and recommends to update to the latest versions.