Bulletins

Nozomi Networks has published information on vulnerabilities in Nozomi Guardian/CMC. This advisory lists the related Siemens Industrial products affected by these vulnerabilities. Siemens has released a new version for RUGGEDCOM APE1808 and recommends to update to the latest version.

Mendix RichText editor contain a cross-site scripting vulnerability. Siemens has released a new version for Mendix RichText and recommends to update to the latest version.

SIPROTEC 5 devices contain a null pointer dereference vulnerability in the web service. This could allow an attacker to send unauthenticated maliciously crafted http request that could cause denial of service condition of the device. Siemens has released new versions for the affected products and recommends to update to the …

Spectrum Power 4 before v4.70 SP12 Security Patch 2 contains multiple vulnerabilities that could allow an attacker to remotely execute code as application administrator or locally execute code as operating system administrator. Siemens has released a new version for Spectrum Power 4 and recommends to update to the latest version.

The web interface of RUGGEDCOM ROX II devices contain multiple Client-Side Enforcement of Server-Side Security vulnerabilities that could allow an attacker with a legitimate, highly privileged account on the web interface to get privileged code execution in the underlying OS of the affected products. Siemens has released new versions for …

Altair Grid Engine contain multiple vulnerabilities that could allow an attacker to escalate privileges and execute arbitrary code with superuser permissions. Siemens has released a new version for Altair Grid Engine and recommends to update to the latest version.

Solid Edge is affected by improper certificate validation while connecting to License Service endpoint. This could allow an unauthenticated remote attacker to perform man in the middle attacks. Siemens has released a new version for Solid Edge SE2025 and recommends to update to the latest version.