SIEMENS CERT
05/14/2024
A denial of service vulnerability has been identified in the Nucleus RTOS (real-time operating system) and reported in the Siemens Security Advisory SSA-313313: https://cert-portal.siemens.com/productcert/html/ssa-313313.html. The products listed below use affected versions of the Nucleus software and inherently contain the vulnerability. Siemens has released new versions for several affected products and …
SIEMENS CERT
05/14/2024
Siemens User Management Component (UMC) before V2.11.2 is affected by multiple vulnerabilities where the most severe could lead to a restart of the UMC server. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends …
SIEMENS CERT
05/14/2024
Several industrial products contain an out of bounds read vulnerability that could allow an attacker to cause a Blue Screen of Death (BSOD) crash of the underlying Windows kernel, leading to denial of service condition. Siemens has released new versions for several affected products and recommends to update to the …
SIEMENS CERT
05/14/2024
SIMATIC STEP 7 and PCS 7 contain a database management system that could allow remote users to use embedded functions of the database (local or in a network share) that have impact on the server. An attacker with network access to the server network could leverage these embedded functions to …
SIEMENS CERT
05/14/2024
PS/IGES Parasolid Translator Component contains multiple file parsing vulnerabilities that could be triggered when the application reads files in IGS file formats. If a user is tricked to open a malicious file with any of the affected products, this could lead the application to crash or potentially lead to arbitrary …
SIEMENS CERT
05/14/2024
Nozomi Networks has published information on vulnerabilities in Nozomi Guardian/CMC before 23.3.0. This advisory lists the related Siemens Industrial products affected by these vulnerabilities. Siemens has released a new version for RUGGEDCOM APE1808 and recommends to update to the latest version. Customers are advised to consult and implement the workarounds …
SIEMENS CERT
04/19/2024
Palo Alto Networks has published [1] information on CVE-2024-3400 in PAN-OS. This advisory addresses Siemens Industrial products affected by this vulnerability. Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available. Customers are advised to consult and implement the workarounds provided in …
SIEMENS CERT
04/09/2024
The OPC UA implementations (ANSI C and C++) as used in several SIMATIC products contain a denial of service vulnerability that could allow an unauthenticated remote attacker to create a denial of service condition by sending a specially crafted certificate. Siemens has released new versions for several affected products and …