Bulletins

The latest update for SINEMA Server fixes a vulnerability that could allow authenticated users with a low-privileged account to perform firmware updates (as well as other administrative operations) on connected devices. Therefore, Siemens recommends to update the affected products.

The latest update for TIA Portal fixes a vulnerability that could allow a local attacker to execute arbitrary code with SYSTEM privileges. Siemens has released an update for TIA Portal V15, is working on updates for other versions of TIA Portal and recommends specific mitigations for vulnerable versions.

Several SCALANCE X switches are affected by an Authentication Bypass vulnerability. The vulnerability allows an unauthenticated attacker to violate access-control rules. The vulnerability can be exploited by sending a GET request to a specific uniform resource locator on the web configuration interface of the device. The security vulnerability could be …

A vulnerability in the affected devices could allow an unauthorized attacker with network access to the webserver of an affected device to perform a denial-of-service attack. Siemens has released updates for several affected products, and recommends that customers update to the new version. Siemens is preparing further updates and recommends …

Microsoft has released updates for several versions of Microsoft Windows, which fix a vulnerability in the Remote Desktop Service. The vulnerability could allow an unauthenticated remote attacker to execute arbitrary code on the target system if the system exposes the service to the network. RAPIDPoint® 500 systems operating on Windows …

A vulnerability in SIMATIC WinAC RTX (F) 2010 controller software could allow an attacker to perform a denial-of-service attack if a large HTTP request is sent to the network port of the host where WinAC RTX is running. Siemens has released SIMATIC WinAC RTX (F) 2010 incl. SP3 Update 1 …