SIEMENS CERT
01/09/2024
The Video Server application in SiNVR/SiVMS solutions contains five vulnerabilities involving information disclosure (CVE-2019-19291, CVE-2019-19299), path traversal (CVE-2019-19296, CVE-2019-19297), and denial-of-service (CVE-2019-19298). PKE has released updates of the application that fixes the reported vulnerabilities, except for CVE-2019-19299. This update is not available under the former Siemens OEM brand name SiNVR. …
SIEMENS CERT
12/12/2023
Siemens User Management Component (UMC) before V2.11.2 is affected by multiple vulnerabilities where the most severe could lead to a restart of the UMC server. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures …
SIEMENS CERT
12/12/2023
Two vulnerabilities have been identified in the LOGO! Soft Comfort software. These could allow an attacker to take over a system with the affected software installed. Siemens has released an update for LOGO! Soft Comfort and recommends to update to the latest version.
SIEMENS CERT
12/12/2023
The know-how protection feature in Totally Integrated Automation Portal (TIA Portal) does not properly update the encryption of existing program blocks when a project file is updated. This could allow attackers with access to the project file to recover previous - yet unprotected - versions of the project without the …
SIEMENS CERT
12/12/2023
Several SIMATIC products are affected by a timing based side channel vulnerability in the OpenSSL RSA Decryption (CVE-2023-4304), as disclosed on 2023-02-07 at https://www.openssl.org/news/secadv/20230207.txt. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for …
SIEMENS CERT
12/12/2023
A vulnerability has been identified in the integrated S7-1500 CPU of SINUMERIK ONE and SINUMERIK MC products that could allow an attacker to cause a denial of service condition. In order to exploit the vulnerability, an attacker must have access to the affected devices on port 102/tcp. Siemens is preparing …
SIEMENS CERT
12/12/2023
SCALANCE M-800/S615 Family before V7.2.2 is affected by multiple vulnerabilities. Siemens has released updates for the affected products and recommends to update to the latest versions.
SIEMENS CERT
12/12/2023
SINEC INS before V1.0 SP2 Update 2 is affected by multiple vulnerabilities. Siemens has released an update for SINEC INS and recommends to update to the latest version.