Bulletins

The latest update for ROX II contains multiple fixes for IPsec related vulnerabilities in Libreswan and NSS. Siemens has released updates for the affected products and recommends to update to the latest versions.

The latest update for TIA Administrator, installed together with TIA Portal and PCS neo, fixes a privilege escalation vulnerability that could allow local users to escalate privileges and execute code as local SYSTEM user. Siemens has released an update for TIA Portal and recommends that customers update to the latest …

A vertical privilege escalation vulnerability exists in DIGSI 4. Siemens has released an update for DIGSI 4 and recommends to update to the latest version.

Siemens has released version V13.1.0.1 for JT2Go and Teamcenter Visualization to fix multiple vulnerabilities that could be triggered when the products read files in different file formats (PAR, BMP, TIFF, CGM, TGA, PCT, HPG, PLT, RAS, ASM, DGN, DXF, DWG). If a user is tricked to opening of a malicious …

A Denial-of-Service vulnerability was found affecting the ARP protocol on older firmware versions of the SCALANCE W780 and W740 (IEEE 802.11n) devices. Siemens recommends to update to the latest version.

The installation of SIMARIS configuration causes insecure folder permissions that could allow vertical privilege escalation. Siemens is preparing updates and recommends specific countermeasures until fixes are available.

A vulnerability in the SIMATIC WinCC Graphics Designer tool could allow an attacker that has physical access to a machine running the software to get access to the user’s private password-protected pictures. Siemens has released an update for SIMATIC WinCC and recommends to update to the latest version. Siemens recommends …