SIEMENS CERT
07/11/2023
A vulnerability in the openSSL component (CVE-2022-0778, [0]) could allow an attacker to create a denial of service condition by providing specially crafted elliptic curve certificates to products that use a vulnerable version of openSSL. Siemens has released updates for several affected products and recommends to update to the latest …
SIEMENS CERT
07/11/2023
SiPass integrated versions before V2.90.3.8 contain a stack overflow vulnerability that could allow an unauthenticated remote attacker to crash the server application, creating a denial of service condition. Siemens has released an update for SiPass integrated and recommends to update to the latest version.
SIEMENS CERT
07/11/2023
SSA-930100 V1.1 (Last Update: 2023-07-11): Privilege Escalation Vulnerability in Simcenter STAR-CCM+
Simcenter STAR-CCM+ contains a privilege escalation vulnerability which could allow a local attacker with an unprivileged account to override or modify the service executable and subsequently gain elevated privileges. Siemens has released an update for Simcenter STAR-CCM+ and recommends to update to the latest version.
SIEMENS CERT
06/14/2023
SINAMICS PERFECT HARMONY GH180 is affected by multiple vulnerabilities in the integrated SCALANCE S615 device, as documented in SSA-419740 (https://cert-portal.siemens.com/productcert/html/ssa-419740.html). Siemens recommends to update the firmware of the integrated SCALANCE S615 device to the latest version. Siemens recommends specific countermeasures for products where the firmware update is not, or not …
SIEMENS CERT
06/13/2023
Several SINAMICS MV (medium voltage) products are affected by multiple vulnerabilities in the integrated SCALANCE S615 device, as documented in SSA-419740 (https://cert-portal.siemens.com/productcert/html/ssa-419740.html). Siemens recommends to update the firmware of the integrated SCALANCE S615 device to the latest version. Siemens recommends specific countermeasures for products where the firmware update is not, …
SIEMENS CERT
06/13/2023
SIMATIC STEP 7 and PCS 7 contain a database management system that could allow remote users with low privileges to use embedded functions of the database (local or in a network share) that have impact on the server. An attacker with network access to the server network could leverage these …
SIEMENS CERT
06/13/2023
Solid Edge is affected by a file parsing vulnerability in Drawings SDK from Open Design Alliance. If a user is tricked to open a malicious DWG file with any of the affected products, this could lead the application to crash or potentially lead to arbitrary code execution. Siemens has released …