Bulletins

SIEMENS CERT
05/10/2022

SSA-736385 V1.0: Memory Corruption Vulnerability in OpenV2G

The open source software OpenV2G contains a buffer overflow vulnerability that could allow an attacker to trigger a memory corruption. Siemens has released an update for the OpenV2G and recommends to update to the latest version.
SIEMENS CERT
05/10/2022

SSA-787292 V1.2 (Last Update: 2022-05-10): Denial of Service Vulnerability in SIMATIC RFID Readers

The latest updates for SIMATIC RF products fix a vulnerability that could allow an unauthorized attacker to crash the OPC UA service of the affected devices. Siemens has released updates for the affected products and recommends to update to the latest versions.
SIEMENS CERT
05/10/2022

SSA-732250 V1.0: Libcurl Vulnerabilities in Industrial Devices

Vulnerabilities in third-party component cURL could allow an attacker to interfere with the affected products in various ways. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends countermeasures for products where updates are not, or not …
SIEMENS CERT
05/10/2022

SSA-662649 V1.0: Denial of Service Vulnerability in Desigo DXR and PXC Controllers

A vulnerability in Desigo DXR and PXC controllers has been identified that could allow an attacker to disable and reset a device to factory state using a denial of service attack. Siemens has released updates for the affected products and recommends to update to the latest versions.
SIEMENS CERT
04/27/2022

SSA-254054 V1.1 (Last Update: 2022-04-27): Spring Framework Vulnerability (Spring4Shell or SpringShell, CVE-2022-22965) - Impact to Siemens Products

A vulnerability in Spring Framework was disclosed, that could allow remote unauthenticated attackers to execute code on vulnerable systems. The vulnerability is tracked as CVE-2022-22965 and is also known as “Spring4Shell” or “SpringShell”. Siemens is currently investigating to determine which products are affected and is continuously updating this advisory as …
SIEMENS CERT
04/19/2022

SSA-254054 V1.0: Spring Framework Vulnerability (Spring4Shell or SpringShell, CVE-2022-22965) - Impact to Siemens Products

A vulnerability in Spring Framework was disclosed, that could allow remote unauthenticated attackers to execute code on vulnerable systems. The vulnerability is tracked as CVE-2022-22965 and is also known as “Spring4Shell” or “SpringShell”. Siemens is currently investigating to determine which products are affected and is continuously updating this advisory as …
SIEMENS CERT
04/12/2022

SSA-392912 V1.0: Multiple Denial Of Service Vulnerabilities in SCALANCE W1700 Devices

Vulnerabilities have been identified in devices of the SCALANCE W-1700 (11ac) family that could allow an attacker to cause various denial of service conditions. Siemens has released updates for the affected products and recommends to update to the latest versions.
SIEMENS CERT
04/12/2022

SSA-414513 V1.0: Information Disclosure Vulnerability in Mendix

An information disclosure vulnerability in Mendix applications was discovered. The vulnerability could allow to read sensitive data. Siemens has released an update for the Mendix Applications using Mendix 9 and recommends to update to the latest version. Siemens recommends countermeasures for products where updates are not, or not yet available.