Bulletins

SIMATIC STEP 7 and PCS 7 contain a database management system that could allow remote users to use embedded functions of the database (local or in a network share) that have impact on the server. An attacker with network access to the server network could leverage these embedded functions to …

Simcenter STAR-CCM+ contains a privilege escalation vulnerability which could allow a local attacker with an unprivileged account to override or modify the service executable and subsequently gain elevated privileges. Siemens has released an update for Simcenter STAR-CCM+ and recommends to update to the latest version.

Devices based on RUGGEDCOM ROX before V2.16 contain multiple high severity vulnerabilities, including the third-party vulnerabilities: CVE-2022-24903, CVE-2022-2068, CVE-2021-22946, CVE-2022-22576, CVE-2022-27781, CVE-2022-27782, CVE-2022-32207, CVE-2022-1292. Siemens has released updates for the affected products and recommends to update to the latest versions.

SIMATIC CN 4100 is vulnerable to improper access control and insecure default configurations that could allow an attacker to gain privilege escalation, and bypass network isolation. Siemens has released an update for SIMATIC CN 4100 and recommends to update to the latest version.

Insyde has published information on vulnerabilities in Insyde BIOS in February 2022. This advisory lists the Siemens Industrial products affected by these vulnerabilities. Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available.

A vulnerability was found in SIMATIC WinCC that could allow authenticated attackers to escape the Kiosk Mode. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not, or not yet available.