SIEMENS CERT
01/11/2022
Security researchers discovered and disclosed 9 vulnerabilities in several DNS implementations, also known as “NAME:WRECK” vulnerabilities. The vulnerabilities described in this advisory are from this set. The DNS client of the networking component (Nucleus NET) in Nucleus Real-Time Operating System (RTOS) contains two out of bounds write vulnerabilities in the …
SIEMENS CERT
01/11/2022
An information disclosure vulnerability in SIPROTEC 5 products could allow an unauthenticated attacker to read device information. Only devices with the hardware variants CP050, CP100 and CP300 are affected. The DIGSI engineering tool can be used to identify the hardware version of your devices. Siemens has released updates for the …
SIEMENS CERT
01/11/2022
Multiple vulnerabilities were identified in the COMOS Web component of COMOS. They could allow an attacker to conduct code injections, store data in undesired locations, execute arbitrary SQL statements, and run cross-site-request-forgery attacks. Siemens has released an update for COMOS and recommends to update to the latest version.
SIEMENS CERT
01/11/2022
Security researchers discovered and disclosed 14 vulnerabilities in the Interniche IP stack, also known as “INFRA:HALT” vulnerabilities [0]. This advisory describes the impact to Siemens low voltage products, which are only affected by four out of the 14 vulnerabilities. Siemens has released updates for several affected products and recommends to …
SIEMENS CERT
01/05/2022
On 2021-12-09, a vulnerability in Apache Log4j (a logging tool used in many Java-based applications) was disclosed, that could allow remote unauthenticated attackers to execute code on vulnerable systems. The vulnerability is tracked as CVE-2021-44228 and is also known as “Log4Shell”. On 2021-12-14 an additional denial of service vulnerability (CVE-2021-45046) …
SIEMENS CERT
12/28/2021
Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) contain a vulnerability (CVE-2021-44832) that could allow an attacker with permission to modify the logging configuration file to execute arbitrary code, when the JDBC Appender is used [1]. This advisory informs about the impact of CVE-2021-44832 to …
SIEMENS CERT
12/28/2021
On 2021-12-09, a vulnerability in Apache Log4j (a logging tool used in many Java-based applications) was disclosed, that could allow remote unauthenticated attackers to execute code on vulnerable systems. The vulnerability is tracked as CVE-2021-44228 and is also known as “Log4Shell”. On 2021-12-14 an additional denial of service vulnerability (CVE-2021-45046) …
SIEMENS CERT
12/27/2021
On 2021-12-09, a vulnerability in Apache Log4j (a logging tool used in many Java-based applications) was disclosed, that could allow remote unauthenticated attackers to execute code on vulnerable systems. The vulnerability is tracked as CVE-2021-44228 and is also known as “Log4Shell”. On 2021-12-14 an additional denial of service vulnerability (CVE-2021-45046) …