SIEMENS CERT
04/12/2022
An attacker could achieve privilege escalation on the web server of certain devices configured by SIMATIC STEP 7 (TIA Portal) due to incorrect handling of the webserver’s user management configuration during downloading. This only affects the S7-1200 and S7-1500 CPUs’ (incl. related ET200 CPUs and SIPLUS variants) web server, when …
SIEMENS CERT
04/12/2022
Vulnerabilities have been identified in devices of the SCALANCE W-1700 (11ac) family that could allow an attacker to cause various denial of service conditions. Siemens has released updates for the affected products and recommends to update to the latest versions.
SIEMENS CERT
04/12/2022
An information disclosure vulnerability in Mendix applications was discovered. The vulnerability could allow to read sensitive data. Siemens has released an update for the Mendix Applications using Mendix 9 and recommends to update to the latest version. Siemens recommends countermeasures for products where updates are not, or not yet available.
SIEMENS CERT
04/12/2022
The PROFINET (PNIO) stack, when integrated with the Interniche IP stack, contains a vulnerability that could allow an attacker to cause a denial of service condition on affected industrial products. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further …
SIEMENS CERT
04/12/2022
SIMATIC S7-400 CPU devices contain an input validation vulnerability that could allow an attacker to create a Denial-of-Service condition. A restart is needed to restore normal operations. Siemens has released an update for SIMATIC S7-410 V10 CPU family and SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants for both) …
SIEMENS CERT
04/12/2022
SIMATIC Energy Manager is affected by multiple vulnerabilities that could allow an attacker to gain local privilege escalation, local code execution or remote code execution. Siemens has released updates for the affected products and recommends to update to the latest versions.
SIEMENS CERT
04/12/2022
In conjunction with the installation of the affected products listed in the table below, a vulnerability in TIA Administrator occurs that could allow an unauthenticated attacker to perform a denial of service attack. Siemens has released a first update for one of the affected products and recommends to update to …
SIEMENS CERT
04/12/2022
Several SCALANCE X-300 switches contain multiple vulnerabilities. An unauthenticated attacker could reboot, cause denial of service conditions and potentially impact the system by other means through heap and buffer overflow vulnerabilities. Siemens has released updates for the affected products and recommends to update to the latest versions.