Bulletins

The Scalance W1750D device contains multiple vulnerabilities that could allow an attacker to execute code on the affected device(s), read arbitrary files, or create a denial-of-service condition. Siemens has released updates for the affected products and recommends to update to the latest versions.

LOGO! 8 BM (incl. SIPLUS variants) contains a vulnerability that could allow an attacker to install manipulated firmware packages. Siemens has released an update for the LOGO! 8 BM (incl. SIPLUS variants) and recommends to update to the latest version.

A vulnerability in the openSSL component (CVE-2022-0778, [0]) could allow an attacker to create a denial of service condition by providing specially crafted elliptic curve certificates to products that use a vulnerable version of openSSL. Siemens has released updates for several affected products and recommends to update to the latest …

Simcenter Femap and Parasolid are affected by multiple file parsing vulnerabilities that could be triggered when the application reads files in X_T file formats. If a user is tricked to open a malicious file with the affected applications, an attacker could leverage the vulnerability to perform remote code execution in …

The default installation of the Windows version of the CoreShield One-Way Gateway (OWG) software sets insecure file permissions that could allow a local attacker to escalate privileges to local administrator. Siemens Mobility has released an update for the CoreShield OWG software and recommends to update to the latest version.

SCALANCE devices contain multiple vulnerabilities in MSPS based product lines that could allow authenticated remote attackers to execute custom code or create a XSS situation, as well as unauthenticated remote attackers to create a denial of service condition. Siemens has released updates for several affected products and recommends to update …

Several Siemens industrial products are affected by a vulnerability in OpenSSL, that could result in data being sent out unencrypted by the SSL/TLS record layer. Siemens has released updates for the affected products and recommends to update to the latest versions.