SIEMENS CERT
10/11/2022
A denial of service vulnerability has been identified in the Nucleus RTOS (real-time operating system) and reported in the Siemens Security Advisory SSA-313313: https://cert-portal.siemens.com/productcert/html/ssa-313313.html. The products listed below use affected versions of the Nucleus software and inherently contain the vulnerability. Siemens recommends specific countermeasures for products where updates are not, …
SIEMENS CERT
10/11/2022
LOGO! 8 BM (incl. SIPLUS variants) contains a vulnerability that could allow an attacker to install manipulated firmware packages. Siemens has released an update for the LOGO! 8 BM (incl. SIPLUS variants) and recommends to update to the latest version.
SIEMENS CERT
10/11/2022
The Scalance W1750D device contains multiple vulnerabilities that could allow an attacker to execute code on the affected device(s), read arbitrary files, or create a denial-of-service condition. Siemens has released updates for the affected products and recommends to update to the latest versions.
SIEMENS CERT
10/11/2022
Industrial Edge Management contains a vulnerability that could allow an unauthenticated attacker to spoof a trusted entity by interfering in the communication path between the Industrial Edge Management (IEM) and the Industrial Edge Hub (IEH) using a crafted certificate. An attacker could use this to inject malicious maintenance requests (e.g. …
SIEMENS CERT
10/11/2022
Desigo CC and Cerberus DMS are based on SIMATIC WinCC OA and implement client-side only authentication for specific parts of their client-server communication. In this configuration, attackers could impersonate other users or exploit the client-server protocol without being authenticated, as documented for SIMATIC WinCC OA in SSA-111512 [1]. Siemens recommends …
SIEMENS CERT
10/11/2022
A vulnerability in the openSSL component (CVE-2022-0778, [0]) could allow an attacker to create a denial of service condition by providing specially crafted elliptic curve certificates to products that use a vulnerable version of openSSL. Siemens has released updates for several affected products and recommends to update to the latest …
SIEMENS CERT
10/11/2022
The products listed below contain a denial of service vulnerability in the TCP event interface that could allow an unauthenticated remote attacker to render the device unusable. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends …