SIEMENS CERT
09/08/2020
A Denial-of-Service vulnerability was found in SIMATIC PCS 7, SIMATIC WinCC and SIMATIC NET PC software when encrypted communication is enabled. The vulnerability could allow an attacker with network access to cause a Denial-of-Service condition under certain circumstances (versions prior to SIMATIC WinCC V7.3 or SIMATIC PCS 7 V8.1 are …
SIEMENS CERT
09/08/2020
The latest updates for the affected products fix a vulnerability that could allow remote attackers to affect the availability of the devices under certain conditions. The underlying TCP stack can be forced to make very computation expensive calls for every incoming packet which can lead to a Denial-of-Service. Siemens is …
SIEMENS CERT
09/08/2020
The Siveillance Video Client contains an information disclosure vulnerability that could allow an attacker to obtain valid adminstrator login names and use this information to launch further attacks. Siemens recommends specific countermeasures and provides patches for released versions of the Siveillance Video Client.
SIEMENS CERT
09/08/2020
The latest update for the License Management Utility (LMU), which is used by multiple Siemens building technology products, fixes a vulnerability that could allow local users to escalate privileges and execute code as local SYSTEM user. Siemens has released an update version of LMU, recommends to install this update on …
SIEMENS CERT
09/08/2020
SIMATIC HMI Products are affected by two vulnerabilities that could allow a remote attacker to discover user passwords and obtain access to the Sm@rt Server via a brute-force attack. Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available.
SIEMENS CERT
09/08/2020
Security researchers published information on a vulnerability known as Crosstalk (INTEL-SA-00320). This vulnerability affects modern Intel processors to a varying degree. Several Siemens Industrial Products contain processors that are affected by the vulnerability. Siemens is preparing updates and recommends specific countermeasures until fixes are available.
SIEMENS CERT
09/08/2020
CISA and WIBU Systems disclosed six vulnerabilities in different versions of CodeMeter Runtime, a product provided by WIBU Systems and used in several Siemens and Siemens Energy products for license management. The vulnerabilities are described in the section “Vulnerability Classification” below and got assigned the CVE IDs CVE-2020-14509, CVE-2020-14513, CVE-2020-14515, …
SIEMENS CERT
09/08/2020
Multiple cross-site scripting (XSS) vulnerabilities were found in the subversion webclient of Polarion. In addition, the webclient doesn’t have any cross-site request forgery (CSRF) protection. An attacker could inject client side script to induce the victim to issue an HTTP request that would lead to a state changing operation. Siemens …