SIEMENS CERT
12/14/2021
SiPass integrated contains multiple vulnerabilities that could allow an unauthenticated remote attacker to access or modify several internal application resources. Siemens has released a tool, “SiPass integrated Component Manager”, to remediate the vulnerabilities on all maintained and supported versions of SiPass integrated and recommends to apply this tool.
SIEMENS CERT
12/14/2021
Siemens Simcenter STAR-CCM+ Viewer is affected by a vulnerability that could be triggered when the application reads scene (.sce) files. If a user is tricked to open a malicious file with the affected application, this could lead to a crash, and potentially also to arbitrary code execution or data extraction …
SIEMENS CERT
12/14/2021
SIMATIC eaSie PCS 7 Skill Package contains a path traversal vulnerability that could allow an authenticated remote attacker to read arbitrary files for the application server. Siemens has released an update for the SIMATIC eaSie PCS 7 Skill Package and recommends to update to the latest version.
SIEMENS CERT
12/14/2021
JT Open Toolkit (JTTK) before V11.0.3.0 contains multiple vulnerabilities that could be triggered when the affected product reads a maliciously crafted JT file. These vulnerabilities also affects JT Utilities before V13.0.3.0. If a user is tricked to open a malicious file with any of the affected products, this could lead …
SIEMENS CERT
12/14/2021
Multiple LibVNC vulnerabilities in the affected products listed below could allow remote code execution, information disclosure and Denial-of-Service attacks under certain conditions. Siemens has released updates for the affected products and recommends to update to the latest versions.
SIEMENS CERT
12/14/2021
JT Open Toolkit (JTTK) before V10.8.1.1 contains multiple vulnerabilities that could be triggered when it reads a maliciously crafted JT file. These vulnerabilities also affects JT Utilities before V12.8.1.1. If a user is tricked to open a malicious file with any of the affected products, this could lead the application …
SIEMENS CERT
12/14/2021
Recent security research identifies weaknesses in the IEEE 1735 recommended practice for encryption of Design IP, which could allow a sophisticated attacker access to unencrypted Design IP data in IEEE 1735-compliant products. This advisory addresses the specific details for the affected Siemens software products: Questa and ModelSim simulators. Siemens is …
SIEMENS CERT
12/14/2021
SSA-549234 V1.1 (Last Update: 2021-12-14): Denial-of-Service Vulnerability in SIMATIC NET CP Modules
A denial of service vulnerability was identified in different types of Communication Processors. An attacker could exploit this vulnerability causing the device to become un-operational until the device is restarted. Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available.