SIEMENS CERT
12/13/2022
Polarion ALM contains a misconfiguration in its default Apache HTTP Server configuration that could allow an attacker to perform host header injection attacks. Siemens is preparing updates and recommends specific countermeasures for existing installations by checking for misconfigurations in configuration files.
SIEMENS CERT
12/13/2022
SICAM PAS/PQS before V8.06 is affected by three vulnerabilities which could lead to remote code execution, privilege escalation or the creation of a denial of service condition. Siemens has released several updates for SICAM PAS/PQS and recommends to update to the latest version.
SIEMENS CERT
12/13/2022
Simcenter STAR-CCM+ contains a privilege escalation vulnerability which could allow a local attacker with an unprivileged account to override or modify the service executable and subsequently gain elevated privileges. Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available.
SIEMENS CERT
11/08/2022
The SCALANCE W1750D device contains multiple vulnerabilities that could allow an attacker to inject commands or exploit buffer overflow vulnerabilities which could lead to denial of service, unauthenticated remote code execution or stored XSS. Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not …
SIEMENS CERT
11/08/2022
Siemens Teamcenter Visualization and JT2Go are affected by multiple file parsing vulnerabilities that could be triggered when the application reads malicious TIF, CGM or PDF files. If a user is tricked to open a malicious TIF, CGM or PDF file with the affected products, this could lead the application to …
SIEMENS CERT
11/08/2022
The web server login page of affected products does not apply proper origin checking. This could allow authenticated remote attackers to track the activities of other users via a login cross-site request forgery attack.. Siemens has released updates for several affected products and recommends to update to the latest versions. …
SIEMENS CERT
11/08/2022
There is a cross-site scripting vulnerability that affects the SCALANCE switches. This vulnerability if used by a threat actor could result in the stealing of session cookies and session hijacking. Siemens has released updates for the affected products and recommends to update to the latest versions.
SIEMENS CERT
11/08/2022
The networking component (Nucleus NET) in Nucleus Real-Time Operating System (RTOS) use Initial Sequence Numbers for TCP-Sessions that are predictable. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not available.