US CERT
11/17/2022
Summary Unpatched Pulse Secure VPN servers continue to be an attractive target for malicious actors. Affected organizations that have not applied the software patch to fix an arbitrary file reading vulnerability, known as CVE-2019-11510, can become compromised in an attack.[1] Although Pulse Secure [2] disclosed the vulnerability and provided software …
SIEMENS CERT
11/08/2022
The web server login page of affected products does not apply proper origin checking. This could allow authenticated remote attackers to track the activities of other users via a login cross-site request forgery attack.. Siemens has released updates for several affected products and recommends to update to the latest versions. …
SIEMENS CERT
11/08/2022
Siemens Teamcenter Visualization and JT2Go are affected by multiple file parsing vulnerabilities that could be triggered when the application reads malicious TIF, CGM or PDF files. If a user is tricked to open a malicious TIF, CGM or PDF file with the affected products, this could lead the application to …
SIEMENS CERT
11/08/2022
The networking component (Nucleus NET) in Nucleus Real-Time Operating System (RTOS) use Initial Sequence Numbers for TCP-Sessions that are predictable. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not available.
SIEMENS CERT
11/08/2022
SINEC NMS versions before V1.0.3 are affected by a vulnerability in the logback component (CVE-2021-42550) that could allow attackers with write access to the logback configuration file to execute arbitrary code on the system. Siemens has released an update for SINEC NMS and recommends to update to the latest version.
SIEMENS CERT
11/08/2022
A security research [1] identified weaknesses in the IEEE 1735 recommended practice for encryption of Design IP, which could allow a sophisticated attacker access to unencrypted Design IP data in IEEE 1735-compliant products. This advisory addresses the specific details for the affected Siemens software products: Questa and ModelSim simulators. Siemens …
SIEMENS CERT
11/08/2022
RUGGEDCOM ROS-based devices are vulnerable to a denial of service attack (Slowloris). By sending partial HTTP requests nonstop, with none completed, the affected web servers will be waiting for the completion of each request, occupying all available HTTP connections. The web server recovers by itself once the attack ends. Siemens …
SIEMENS CERT
11/08/2022
There is a cross-site scripting vulnerability that affects the SCALANCE switches. This vulnerability if used by a threat actor could result in the stealing of session cookies and session hijacking. Siemens has released updates for the affected products and recommends to update to the latest versions.