Bulletins

Affected SIMATIC firmware contains three vulnerabilities that could allow an unauthenticated attacker to perform a denial-of-service attack under certain conditions. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends countermeasures for products where updates are not, …

Siemens has released a new version for Teamcenter Visualization and JT2Go that fixes an out of bounds write vulnerability in APDFL library from Datalogics. If a user is tricked to open a malicious PDF file with the affected products, this could lead the application to crash or potentially lead to …

Siemens PADS Standard/Plus Viewer is affected by multiple memory corruption vulnerabilities that could be triggered when the application reads files in PCB format. If a user is tricked to open a malicious file with the affected application, an attacker could leverage the vulnerability to perform remote code execution in the …

A vulnerability in the openSSL component (CVE-2022-0778, [0]) could allow an attacker to create a denial of service condition by providing specially crafted elliptic curve certificates to products that use a vulnerable version of openSSL. Siemens has released updates for several affected products and recommends to update to the latest …

In conjunction with the installation of the affected products listed in the table below, a vulnerability in TIA Administrator occurs that could allow an unauthenticated attacker to perform a denial of service attack. Siemens has released updates for the affected products and recommends to update to the latest versions.

Intel has published information on vulnerabilities in Intel products in November 2020. This advisory lists the Siemens IPC related products, that are affected by these vulnerabilities. In this advisory we take a representative CVE from each advisory: “Intel CSME, SPS, TXE, AMT and DAL Advisory” Intel-SA-00391 is represented by CVE-2020-8745 …

The latest update of Mendix Excel Importer module fixes an XML Entity Expansion Injection vulnerability. Mendix has released an update for the Mendix Excel Importer module and recommends to update to the latest version.