SIEMENS CERT
11/09/2021
Security researchers discovered and disclosed 9 vulnerabilities in several DNS implementations, also known as “NAME:WRECK” vulnerabilities. The vulnerabilities described in this advisory are from this set. The DNS client of the networking component (Nucleus NET) in Nucleus Real-Time Operating System (RTOS) contains two out of bounds write vulnerabilities in the …
SIEMENS CERT
11/09/2021
The Scalance W1750D device contains multiple vulnerabilities that could allow an attacker to execute code on the affected device(s), read arbitrary files, or create a denial-of-service condition. Siemens has released an update for the SCALANCE W1750D and recommends to update to the latest version. Siemens is preparing further updates and …
SIEMENS CERT
11/09/2021
SSA-840188 V1.0: Multiple Vulnerabilities in SIMATIC WinCC Affecting Other SIMATIC Software Products
Multiple vulnerabilities were found in SIMATIC WinCC that ultimately could allow local attackers to escalate privileges and read, write or delete critical files. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products …
SIEMENS CERT
11/09/2021
Applications built with affected versions of Mendix Studio Pro do not properly control read or write access for certain client actions. This could allow authenticated attackers to manipulate the content of System.FileDocument objects or to retrieve the changedDate attribute of arbitrary objects. Mendix has released updates for the affected product …
SIEMENS CERT
11/09/2021
Siemens has released hotfixes for Siveillance Video DLNA Server, which fix a path traversal vulnerability that could allow an authenticated remote attacker to access sensitive information on the DLNA server. Siemens has released updates for the DLNA server and recommends to apply the update on all installations where DLNA server …
SIEMENS CERT
11/09/2021
Siemens NX is affected by two vulnerabilities that could be triggered when the application reads JT files. If a user is tricked to open a malicious file with the affected application, this could lead to an access violation, and potentially also to arbitrary code execution on the target host system. …
SIEMENS CERT
11/09/2021
Climatix POL909 (AWM module) contains an information disclosure vulnerability could allow an attacker in a man-in-the-middle position to read sensitive data, such as administrator credentials, or modify data in transit. Siemens has released an update for Climatix POL909 (AWM module) and recommends to update to the latest version.
SIEMENS CERT
11/09/2021
WIBU Systems published information about a denial-of-service vulnerability and an associated fix release version of CodeMeter Runtime, a product provided by WIBU Systems and used in several Siemens products for license management. The vulnerability is described in the section “