SIEMENS CERT
10/10/2023
SCALANCE devices contain multiple vulnerabilities in MSPS based product lines that could allow authenticated remote attackers to execute custom code or create a XSS situation, as well as unauthenticated remote attackers to create a denial of service condition. Siemens has released updates for several affected products and recommends to update …
SIEMENS CERT
10/10/2023
The OPC UA implementations (ANSI C and C++) as used in several SIMATIC products contain a denial of service vulnerability that could allow an unauthenticated remote attacker to create a denial of service condition by sending a specially crafted certificate. Siemens has released updates for several affected products and recommends …
SIEMENS CERT
10/10/2023
A vulnerability in the openSSL component (CVE-2022-0778, [0]) could allow an attacker to create a denial of service condition by providing specially crafted elliptic curve certificates to products that use a vulnerable version of openSSL. Siemens has released updates for several affected products and recommends to update to the latest …
SIEMENS CERT
10/10/2023
Several SIMATIC CP devices contain direct memory access vulnerabilities that could allow an attacker to execute code, access the PROFINET network without restrictions or perform denial of service attacks. Siemens recommends specific countermeasures for products where updates are not, or not yet available.
SIEMENS CERT
09/14/2023
Spectrum Power 7 is affected by a vulnerability that could allow an authenticated local attacker to inject arbitrary code to the update script and escalate privileges. Siemens has released an update for Spectrum Power 7 and recommends to update to the latest version.
SIEMENS CERT
09/14/2023
The Administration Console of SIMATIC PCS neo leaks Windows admin credentials. An attacker with local Windows access to the Administration Console could get the credentials, and impersonate the admin user, thereby gaining admin access to other Windows systems. Siemens has released a security patch for the affected products and recommends …
SIEMENS CERT
09/12/2023
Insyde has published information on vulnerabilities in Insyde BIOS up to August 2023. These vulnerabilities also affect the RUGGEDCOM APE1808 product family. Siemens has released updates for the affected products and recommends to update to the latest versions.
SIEMENS CERT
09/12/2023
Several Intel-CPU based SIMATIC IPCs are affected by an information exposure vulnerability (CVE-2022-40982) in the CPU that could allow an authenticated local user to potentially read other users’ data [1]. The issue is also known as “Gather Data Sampling” (GDS) or Downfall Attacks. For details refer to the chapter “Additional …