SIEMENS CERT
07/12/2022
SIMATIC MV500 devices before V3.3 are affected by multiple vulnerabilities that could allow attackers to hijack other users’ web based management sessions (CVE-2022-33137) or access data on the device without prior authentication (CVE-2022-33138). Siemens has released an update for the SIMATIC MV500 devices and recommends to update to the latest …
SIEMENS CERT
07/12/2022
Vulnerability in the underlying third party component OPC UA ANSIC Stack (also called Legacy C-Stack) affects several industrial products. The vulnerability could cause a crash of the component that includes the vulnerable part of the stack. Siemens has released updates for several affected products and recommends to update to the …
SIEMENS CERT
07/12/2022
Insyde has published information on vulnerabilities in Insyde BIOS in February 2022. This advisory lists the Siemens Industrial products affected by these vulnerabilities. Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available.
SIEMENS CERT
07/12/2022
Intel has published information on vulnerabilities in Intel products in June 2021. This advisory lists the related Siemens Industrial products affected by these vulnerabilities that can be patched by applying the corresponding BIOS update. In this advisory we summarize: “2021.1 IPU – Intel® CSME, SPS and LMS Advisory” Intel-SA-00459, “2021.1 …
SIEMENS CERT
07/12/2022
Several SCALANCE X switches contain multiple vulnerabilities. An unauthenticated attacker could reboot, cause denial-of-service conditions and potentially impact the system by other means through heap and buffer overflow vulnerabilities. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates …
SIEMENS CERT
07/12/2022
Multiple vulnerabilities were found in SIMATIC WinCC that ultimately could allow local or remote attackers to escalate privileges and read, write or delete critical files. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures …
SIEMENS CERT
07/12/2022
SSA-220589 V1.1 (Last Update: 2022-07-12): Hard Coded Default Credential Vulnerability in Teamcenter
Siemens has released updates for Teamcenter that fixes a security vulnerability related to unsecure storage of user credentials. This vulnerability affects Java EE Server Manager HTML Adaptor. This service is not installed by default and currently also obsoleted. Siemens has released updates for the affected products and recommends to update …
SIEMENS CERT
07/12/2022
The SICAM GridEdge software contains a improper access control vulnerability. This could allow persons with local access to the host system to inject an SSH key. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates …