Bulletins

RUGGEDCOM ROS-based V4 devices are vulnerable to a denial of service attack (Slowloris). By sending partial HTTP requests nonstop, with none completed, the affected web servers will be waiting for the completion of each request, occupying all available HTTP connections. The web server recovers by itself once the attack ends. …

Multiple vulnerabilities have been identified in the Linux Kernel of the SIMATIC S7-1500 TM MFP V1.0. Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available.

SICAM TOOLBOX II contains two vulnerabilities that could allow local attackers to execute code on the system with elevated privileges. Siemens has released an update for SICAM TOOLBOX II and recommends to update to the latest version.

Multiple DLL Hijacking vulnerabilities in Siemens Software Center (SSC) could allow a local attacker to execute code with elevated privileges. Siemens has released an update for the Siemens Software Center and recommends to update to the latest version.

JT Open Toolkit, JT Utilities and Parasolid are affected by memory corruption vulnerabilities that could be triggered while parsing JT files. If a user is tricked to open a malicious JT file with any of the affected products, this could cause the application to crash or potentially lead to arbitrary …

The RUGGEDCOM CROSSBOW server application before V5.4 contains multiple vulnerabilities that could allow an attacker to execute arbitrary database queries via SQL injection attacks, to create a denial of service condition, or to write arbitrary files to the application’s file system. Siemens has released an update for RUGGEDCOM CROSSBOW and …