SIEMENS CERT
09/14/2021
Devices of the LOGO! CMR family and the SIMATIC RTU 3000 family are affected by several vulnerabilities in the third party component Mbed TLS. They could allow an attacker with access to any of the interfaces of an affected device to impact the availability or to communicate with invalid certificates. …
SIEMENS CERT
09/14/2021
Multiple industrial products are affected by a vulnerability in the kernel known as TCP SACK PANIC. The vulnerability could allow a remote attacker to cause a denial of service condition. Siemens has released updates for several affected products and recommends to update to the new versions. Siemens is preparing further …
SIEMENS CERT
09/14/2021
The latest update for SIPROTEC 5 relays fixes two vulnerabilities that could allow a remote attacker to cause a denial-of-service or potentially trigger a remote code execution under certain circumstances. Siemens has released an update for SIPROTEC 5 relays and recommends to update to the latest version.
SIEMENS CERT
09/14/2021
The latest update for SINEMA Server fixes a vulnerability that could allow an unauthenticated attacker to obtain encoded system configuration backup files under certain conditions. Siemens has released an update for the SINEMA Server and recommends to update to the latest version.
SIEMENS CERT
09/14/2021
Multiple SmartVNC vulnerabilities in the affected products listed below could allow remote code execution and Denial-of-Service attacks under certain conditions. Siemens has released updates for the affected products and recommends to update to the latest version.
SIEMENS CERT
09/14/2021
A vulnerability in affected devices could allow an attacker to perform a denial-of-service attack if a large amount of Profinet Discovery and Configuration Protocol (DCP) reset packets is sent to the affected devices. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens …
SIEMENS CERT
09/14/2021
Desigo CC, Desigo CC Compact and Cerberus DMS that use CCOM communication component hosted in IIS contain a deserialisation vulnerability that could allow an unauthenticated attacker to perform remote code execution. Only those systems that use Windows App and/or IE XBAP Web Client are affected. Regular installed clients and the …
SIEMENS CERT
09/14/2021
The latest update for SINEC NMS fixes a vulnerability that could allow an authenticated remote attacker to execute arbitrary code on the system, with system privileges, under certain conditions. Siemens has released an update for SINEC NMS and recommends to update to the latest version.