SIEMENS CERT
08/09/2022
SCALANCE devices contain multiple vulnerabilities in MSPS based product lines that could allow authenticated remote attackers to execute custom code or create a XSS situation, as well as unauthenticated remote attackers to create a denial of service condition. Siemens has released updates for several affected products and recommends to update …
SIEMENS CERT
08/09/2022
SSA-669737 V1.2 (Last Update: 2022-08-09): Improper Access Control Vulnerability in SICAM TOOLBOX II
SICAM TOOLBOX II contains a vulnerability that could allow an attacker access through a circumventable access control. Siemens recommends countermeasures for products where updates are not, or not yet available.
SIEMENS CERT
07/12/2022
Intel has published information on vulnerabilities in Intel products in November 2020. This advisory lists the Siemens IPC related products, that are affected by these vulnerabilities. In this advisory we take a representative CVE from each advisory: “Intel CSME, SPS, TXE, AMT and DAL Advisory” Intel-SA-00391 is represented by CVE-2020-8745 …
SIEMENS CERT
07/12/2022
An improper access control vulnerability in Mendix applications was discovered. In case of access to an active user session, the vulnerability could allow to change that user’s password bypassing password validations within a Mendix application. Siemens has released updates for the affected products and recommends to update to the latest …
SIEMENS CERT
07/12/2022
SSA-220589 V1.1 (Last Update: 2022-07-12): Hard Coded Default Credential Vulnerability in Teamcenter
Siemens has released updates for Teamcenter that fixes a security vulnerability related to unsecure storage of user credentials. This vulnerability affects Java EE Server Manager HTML Adaptor. This service is not installed by default and currently also obsoleted. Siemens has released updates for the affected products and recommends to update …
SIEMENS CERT
07/12/2022
The SICAM GridEdge software contains a improper access control vulnerability. This could allow persons with local access to the host system to inject an SSH key. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates …
SIEMENS CERT
07/12/2022
Simcenter Femap and Parasolid are affected by an out of bounds read vulnerability that could be triggered when the application reads files in NEU format. If a user is tricked to open a malicious file with the affected applications, an attacker could leverage the vulnerability to perform remote code execution …
SIEMENS CERT
07/12/2022
OpenSSL has published a security advisory [0] about a vulnerability in OpenSSL versions 1.1.1 < 1.1.1l and 1.0.2 < 1.0.2za that allows an attacker to cause a denial of service (DoS) or to disclose private memory content. Siemens has released updates for several affected products and recommends to update to …