SIEMENS CERT
05/11/2021
SSA-478893 V1.1 (Last Update: 2021-05-11): TightVNC Vulnerabilities in Industrial Products (Revoked)
Multiple TightVNC (V1.x) vulnerabilities could allow remote code execution and Denial-of-Service attacks under certain conditions. Siemens has previously released this advisory containing a set of products that were considered to be affected. Through Siemens’ continuous investigation processes it was identified that all products previously advised are not affected by any …
SIEMENS CERT
05/11/2021
Security researchers discovered and disclosed 33 vulnerabilities in several open-source TCP/IP stacks for embedded devices, also known as “AMNESIA:33” vulnerabilities. This advisory describes the impact of two of these vulnerabilities (CVE-2020-13987, CVE-2020-17437) to Siemens products. Siemens has released updates for several affected products and recommends to update to the latest …
SIEMENS CERT
05/11/2021
Security researchers discovered and disclosed seven vulnerabilities in the open-source DNS component “dnsmasq”, also known as “DNSpooq” vulnerabilities (CVE-2020-25681 through CVE-2020-25687). Three vulnerabilities (CVE-2020-25684 through CVE-2020-25686) affect the validation of DNS responses and impact several SCALANCE and RUGGEDCOM devices as listed below. Siemens has released updates for several affected products …
SIEMENS CERT
05/11/2021
The installation of SIMARIS configuration causes insecure folder permissions that could allow vertical privilege escalation. Siemens has released an update for SIMARIS and recommends to update to the latest version.
SIEMENS CERT
05/11/2021
SSA-936080 V1.1 (Last Update: 2021-05-11): Multiple Vulnerabilities in Third-Party Component libcurl
SIMATIC NET CM 1542-1, SCALANCE SC600 family and SIMATIC NET CP 343-1 Advanced devices are vulnerable to a vulnerability in the third party component libcurl that could allow an attacker to cause a Denial-of-Service condition on the affected devices. Siemens has released an update for SCALANCE SC600. For the remaining …
SIEMENS CERT
05/11/2021
Siemens SCALANCE W1750D is a brand-labeled device. Aruba has released a related security advisory ARUBA-PSA-2021-007 disclosing vulnerabilities in its Aruba Instant product line. Siemens is preparing updates and recommends countermeasures for products where updates are not, or not yet available.
SIEMENS CERT
05/11/2021
SINAMICS medium voltage products, with telnet enabled on SIMATIC comfort HMI Panels, are affected by a remote access vulnerability that could allow an attacker, under certain conditions, to gain full remote access to the HMI. Note that by default telnet is disabled, but it can be enabled on request by …
SIEMENS CERT
05/11/2021
The latest update of Mendix Excel Importer module fixes an infomation disclosure vulnerability. Mendix has released an update for the Mendix Excel Importer module and recommends to update to the latest version.