SIEMENS CERT
11/08/2022
Parasolid is affected by out of bounds read/write vulnerabilities that could be triggered when the application reads files in X_T format. If a user is tricked to open a malicious file with the affected applications, an attacker could leverage the vulnerability to perform remote code execution in the context of …
SIEMENS CERT
10/21/2022
The mobile server component of Siveillance Video 2022 R2 contains an authentication bypass vulnerability that could allow an unauthenticated remote attacker to access the application without a valid account. Siemens has released a hotfix for Siveillance Video 2022 R2 and recommends to apply the hotfix on all installations of the …
SIEMENS CERT
10/11/2022
A vulnerability in the openSSL component (CVE-2022-0778, [0]) could allow an attacker to create a denial of service condition by providing specially crafted elliptic curve certificates to products that use a vulnerable version of openSSL. Siemens has released updates for several affected products and recommends to update to the latest …
SIEMENS CERT
10/11/2022
Multiple vulnerabilities were identified in the Apache HTTP Server software. These include NULL Pointer Dereferencing, Out-of-bounds Write and Server-Side Request Forgery related vulnerabilities. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not, or …
SIEMENS CERT
10/11/2022
Industrial Edge Management contains a vulnerability that could allow an unauthenticated attacker to spoof a trusted entity by interfering in the communication path between the Industrial Edge Management (IEM) and the Industrial Edge Hub (IEH) using a crafted certificate. An attacker could use this to inject malicious maintenance requests (e.g. …
SIEMENS CERT
10/11/2022
JT Open Toolkit (JTTK) and Simcenter Femap are affected by an uninitialized pointer reference vulnerability that could be triggered while parsing JT files. If a user is tricked to open a malicious JT file with any of the affected products, this could cause the application to crash or potentially lead …
SIEMENS CERT
10/11/2022
Session fixation and incorrect parameter parsing vulnerabilities were identified in the web server of SICAM P850 and SICAM P855 devices. Siemens has released updates for the affected products and recommends to update to the latest versions.
SIEMENS CERT
10/11/2022
SIMATIC S7-1200, S7-1500 CPUs and related products protect the built-in global private key in a way that cannot be considered sufficient any longer. The key is used for the legacy protection of confidential configuration data and the legacy PG/PC and HMI communication. This could allow attackers to discover the private …