Bulletins

Siemens has released a new version for Solid Edge that fixes multiple file parsing vulnerabilities which could be triggered when the application reads files in IFC, JT or OBJ formats. If a user is tricked to opening a malicious file using the affected application this could lead the application to …

The latest update for SIPROTEC 5 family devices fixes a vulnerability in the web interface which could allow unauthorized users to cause a Denial-of-Service situation by sending maliciously crafted web requests. Siemens has released an update for the SIPROTEC 5 and recommends to update to the latest version.

Siemens has released version V13.2.0.2 for JT2Go and Teamcenter Visualization to fix three vulnerabilities that could be triggered while parsing DGN or PAR files. If a user is tricked to open a malicious file with the affected products, this could lead the application to crash or potential arbitrary code execution. …

Products that include the Siemens PROFINET-IO (PNIO) stack in versMions prior V06.00 are potentially affected by a denial-of-service vulnerability when multiple legitimate diagnostic package requests are sent to the DCE-RPC interface. Siemens has released updates for several affected products and recommends to update to the new versions. Siemens is preparing …

The Siveillance Open Interface Services (OIS) application used for integration of different subsystems to several Siemens building management systems contains a command injection vulnerability that could allow a remote unauthenticated attacker to execute code on the affected system with root privileges. Siemens has released patches and updates for Siveillance OIS …

A cleartext vulnerability was found in the SIMATIC communication processors CP 1543-1 and CP 1545-1 that could allow an attacker to read sensitive information. Siemens has released an update for the SIMATIC CP 1543-1 (incl. SIPLUS variants) and recommends to update to the latest version. Siemens is preparing further updates …

A Denial of Service vulnerability was identified in different types of Communication Processors. An attacker could exploit this vulnerability causing the device to become un-operational until the device is restarted. Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available.