Bulletins

Multiple vulnerabilities have been identified in the Linux Kernel of the SIMATIC S7-1500 TM MFP V1.0. Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available.

Several Desigo PXC/PXM devices contain a vulnerability that could allow unauthenticated remote attackers to upload malicious firmware without prior authentication. Siemens has released updates for the affected products and recommends to update to the latest versions.

Multiple vulnerabilities have been identified in the BIOS of the SIMATIC S7-1500 TM MFP V1.0. Siemens is preparing updates and recommends countermeasures for products where updates are not, or not yet available.

The Mendix SAML module insufficiently verifies the SAML assertions. This could allow unauthenticated remote attackers to bypass authentication and get access to the application. Mendix has provided fix releases for the Mendix SAML module and recommends to update to the latest version. Note: For compatibility reasons, fix versions are introduced …

Multiple vulnerabilities were identified in the webserver of Q200 devices. These include Cross Site Request Forgery (CSRF), session fixation, missing secure flags in HTTP cookies and memory corruption issues due to missing input validation that could lead to remote code execution. Siemens has released an update for POWER METER SICAM …

SIMATIC WinCC V7 is affected by a vulnerability that could allow a local attacker to inject arbitrary code and escalate privileges, if a non-default installation path was chosen during installation. Siemens has released an update for SIMATIC WinCC and recommends to update to the latest version.

SCALANCE LPE9403 is affected by multiple vulnerabilities that could allow an attacker to impact its confidentiality, integrity and availability. Siemens has released an update for the SCALANCE LPE9403 and recommends to update to the latest version.