SIEMENS CERT
11/14/2023
Simcenter Femap is affected by out of bounds write vulnerabilities that could be triggered when the application reads files in X_T format. If a user is tricked to open a malicious file with the affected applications, an attacker could leverage the vulnerability to perform remote code execution in the context …
SIEMENS CERT
11/14/2023
A vulnerability was identified in RUGGEDCOM ROS devices with mirror port enabled, that could allow an attacker to inject information into the network via the mirror port. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends …
SIEMENS CERT
11/14/2023
Solid Edge is affected by a file parsing vulnerability in Drawings SDK from Open Design Alliance. If a user is tricked to open a malicious DWG file with the affected application, an attacker could leverage the vulnerability to crash the application or execute arbitrary code. Siemens has released updates for …
SIEMENS CERT
11/14/2023
Several Intel-CPU based SIMATIC IPCs are affected by an information exposure vulnerability (CVE-2022-40982) in the CPU that could allow an authenticated local user to potentially read other users’ data [1]. The issue is also known as “Gather Data Sampling” (GDS) or Downfall Attacks. For details refer to the chapter “Additional …
SIEMENS CERT
11/14/2023
SIMATIC MV500 before V3.3.5 is affected by multiple vulnerabilities. Siemens has released an update for SIMATIC MV500 and recommends to update to the latest version.
SIEMENS CERT
11/14/2023
Insyde has published information on vulnerabilities in Insyde BIOS in February 2022. This advisory lists the Siemens Industrial products affected by these vulnerabilities. Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available.
SIEMENS CERT
11/14/2023
Several SIMATIC products are affected by a timing based side channel vulnerability in the OpenSSL RSA Decryption (CVE-2023-4304), as disclosed on 2023-02-07 at https://www.openssl.org/news/secadv/20230207.txt. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for …
SIEMENS CERT
11/14/2023
Mendix Studio Pro is vulnerable to an out of bounds write vulnerability in the integrated libwebp library (CVE-2023-4863), that could allow an attacker to execute code in the context of a victim user’s system. Siemens has released updates for the affected products and recommends to update to the latest versions.