Bulletins

Affected SIMATIC firmware contains three vulnerabilities that could allow an unauthenticated attacker to perform a denial of service attack under certain conditions. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends countermeasures for products where updates are not, or not yet …

Multiple vulnerabilities were found in SIMATIC WinCC that ultimately could allow local or remote attackers to escalate privileges and read, write or delete critical files. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are …

The Solid Edge installation package includes a specific version of the third-party product KeyShot from Luxion : https://www.keyshot.com, which may not contain the latest security fixes provided by Luxion. Siemens recommends to update KeyShot according to the information in the Luxion Security Advisory LSA-610622: https://download.keyshot.com/cert/lsa-610622/lsa-610622.pdf.

Siemens Teamcenter Visualization and JT2Go are affected by multiple file parsing vulnerabilities that could be triggered when the application reads a malicious file in CGM or RAS format. If a user is tricked to open a malicious file with the affected products, this could lead the application to crash or …

A vulnerability in the third party component SISCO MMS-EASE could allow attackers to cause a denial of service condition with SIPROTEC 5 devices. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products …

There are multiple vulnerabilities in an underlying Link Layer Discovery Protocol (LLDP) third party library. Siemens has released updates for the affected products and recommends to update to the latest versions.

The Mendix SAML module insufficiently verifies the SAML assertions. This could allow unauthenticated remote attackers to bypass authentication and get access to the application. Mendix has provided fix releases for the Mendix SAML module and recommends to update to the latest version.