Bulletins

The latest update for the License Management Utility (LMU), which is used by multiple Siemens building technology products, fixes a vulnerability that could allow local users to escalate privileges and execute code as local SYSTEM user. Siemens has released an update version of LMU, recommends to install this update on …

The Siveillance Video Client contains an information disclosure vulnerability that could allow an attacker to obtain valid adminstrator login names and use this information to launch further attacks. Siemens recommends specific countermeasures and provides patches for released versions of the Siveillance Video Client.

The latest updates for the affected products fix a vulnerability that could allow remote attackers to affect the availability of the devices under certain conditions. The underlying TCP stack can be forced to make very computation expensive calls for every incoming packet which can lead to a Denial-of-Service. Siemens is …

A Denial-of-Service vulnerability was found in SIMATIC PCS 7, SIMATIC WinCC and SIMATIC NET PC software when encrypted communication is enabled. The vulnerability could allow an attacker with network access to cause a Denial-of-Service condition under certain circumstances (versions prior to SIMATIC WinCC V7.3 or SIMATIC PCS 7 V8.1 are …

The latest update for affected products fix local privilege escalation vulnerabilities that could allow authorized local users with administrative privileges to execute custom code with SYSTEM level privileges. Siemens has released updates for some of the affected products, and is working on further updates. For the remaining affected products, Siemens …

The latest updates for the affected products fix a vulnerability that could allow remote attackers to affect the availability of the devices under certain conditions. The underlying TCP stack can be forced to make very computation expensive calls for every incoming packet which can lead to a Denial-of-Service. Siemens has …