Bulletins

Insyde has published information on vulnerabilities in Insyde BIOS on November 8th 2022. These vulnerabilities also affect the RUGGEDCOM APE1808 product family. Siemens has released updates for the affected products and recommends to update to the latest versions.

The web server login page of affected products does not apply proper origin checking. This could allow authenticated remote attackers to track the activities of other users via a login cross-site request forgery attack.. Siemens has released updates for several affected products and recommends to update to the latest versions. …

Devices of the SIPROTEC 5 family contain a vulnerability related to secure client-initiated renegotiation. This could allow an unauthenticated attacker to cause a denial of service condition for the duration of the attack. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens …

QMS Automotive contains a vulnerability that stores user credentials in plantext within the user database. This could allow an attacker to read credentials from memory. Siemens has released an update for QMS Automotive and recommends to update to the latest version.

The ANSI C OPC UA implementation as used in several SIMATIC products contains a denial of service vulnerability that could allow an unauthenticated remote attacker to create a denial of service condition by sending a specially crafted certificate. Siemens has released updates for several affected products and recommends to update …

A vulnerability in the openSSL component (CVE-2022-0778, [0]) could allow an attacker to create a denial of service condition by providing specially crafted elliptic curve certificates to products that use a vulnerable version of openSSL. Siemens has released updates for several affected products and recommends to update to the latest …