Bulletins

SINEMA Server V14 improperly sanitizes certain SNMP configuration data retrieved from monitored devices. An attacker with access to a monitored device could perform a stored cross-site scripting (XSS) attack that may lead to arbitrary code execution with SYSTEM privileges on the application server. Siemens recommends to migrate to its successor …

The Mendix Forgot Password module contains a user enumeration vulnerability that could allow an attacker to retrieve valid users. Siemens has released updates for the affected products and recommends to update to the latest versions.

A vulnerability was found in SIMATIC WinCC that could allow authenticated attackers to escape the Kiosk Mode. Siemens has released updates for the affected products and recommends to update to the latest versions.

Simcenter Amesim contains a vulnerable SOAP endpoint that could allow an unauthenticated remote attacker to perform DLL injection and execute arbitrary code in the context of the affected application process. Siemens has released an update for Simcenter Amesim and recommends to update to the latest version.

Multiple SCALANCE devices are affected by several vulnerabilities that could allow an attacker to inject code, retrieve data as debug information as well as user CLI passwords or set the CLI to an irresponsive state. Siemens has released updates for the affected products and recommends to update to the latest …

The SCALANCE W1750D device is affected by Wi-Fi encryption bypass vulnerabilities (“Framing Frames”) that could allow an attacker to disclose sensitive information or to steal the victims session. Siemens has released updates for the affected products and recommends to update to the latest versions.