Bulletins

The products listed below contain a vulnerability that could allow remote attackers to affect the availability of the devices under certain conditions. The underlying TCP stack can be forced to make very computation expensive calls for every incoming packet which can lead to a Denial-of-Service. Siemens is working on software …

A vulnerability was identified in LOGO! Soft Comfort. The vulnerability could allow an attacker to execute arbitrary code if the attacker tricks a legitimate user to open a manipulated project. Siemens has released an update for the LOGO! Soft Comfort and recommends that customers update to the latest version.

Two vulnerabilities have been identified in SIEMENS LOGO!8 BM devices. The most severe vulnerability could allow an attacker to hijack existing web sessions. Siemens has released updates for the affected products and recommends that customers update to the latest version.

Multiple vulnerabilities have been identified in the XHQ Operations Intelligence product line. These vulnerabilities could allow for data injection in the XHQ’s web interfaces. Siemens recommends to update XHQ Operations Intelligence product line to the newest version.

A vulnerability in S7-300 might allow an attacker to cause a Denial-of-Service condition on port 102 of the affected devices by sending specially crafted packets. Siemens is preparing updates and recommends specific countermeasures until fixes are available.

Siemens SCALANCE W1750D is a brandlabled device. Aruba has released a related security advisory (ARUBA-PSA-2016-004) [0] disclosing vulnerabilities in its Aruba Instant product line. The advisory contains multiple related vulnerabilities that are summarized in CVE-2016-2031. This advisory is a reminder to customers that the PAPI protocol is not a secure …

The latest update for the below listed products fixes two security vulnerabilities that could allow an attacker to cause a partial Denial-of-Service on the UMC component of the affected devices under certain circumstances, and one vulnerability that could allow an attacker to locally escalate privileges from a user with administrative …