Bulletins

A race condition in the restart behaviour of SINAMICS PERFECT HARMONY GH180 could allow an unauthorized attacker with physical access to the affected device to restart the HMI with disabled security controls, which could be used to launch further attacks against the affected device. Siemens recommends customers to apply a …

The latest update for SINEMA Server fixes a vulnerability that could allow authenticated users with a low-privileged account to perform firmware updates (as well as other administrative operations) on connected devices. Therefore, Siemens recommends to update the affected products.

The latest update for TIA Portal fixes a vulnerability that could allow a local attacker to execute arbitrary code with SYSTEM privileges. Siemens has released an update for TIA Portal V15, is working on updates for other versions of TIA Portal and recommends specific mitigations for vulnerable versions.

Several SCALANCE X switches are affected by an Authentication Bypass vulnerability. The vulnerability allows an unauthenticated attacker to violate access-control rules. The vulnerability can be exploited by sending a GET request to a specific uniform resource locator on the web configuration interface of the device. The security vulnerability could be …

Microsoft has released updates for several versions of Microsoft Windows, which fix a vulnerability in the Remote Desktop Service. The vulnerability could allow an unauthenticated remote attacker to execute arbitrary code on the target system if the system exposes the service to the network. RAPIDPoint® 500 systems operating on Windows …