SIEMENS CERT
08/09/2022
Teamcenter is affected by XML External Entity Injection (XXE, CVE-2022-29801) and a stack based buffer overflow vulnerability (CVE-2022-24290). XXE impacts only Teamcenter versions before V13.1. Siemens has released updates for the affected products and recommends to update to the latest versions.
SIEMENS CERT
08/09/2022
Multiple vulnerabilities were found in SIMATIC WinCC that ultimately could allow attackers to retrieve and brute force password hashes and access other systems. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products …
SIEMENS CERT
08/09/2022
RUGGEDCOM ROS-based devices are vulnerable to a web-based code injection attack. To execute this attack, it is necessary to access the system via the Command Line Interface (CLI). Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products …
SIEMENS CERT
08/09/2022
Multiple SIMATIC software products are affected by a vulnerability that could allow an attacker to change the content of certain metafiles and subsequently manipulate parameters or behaviour of devices configured by the affected software products. Siemens has released updates for several affected products and recommends to update to the latest …
SIEMENS CERT
08/09/2022
On 2021-12-09, a vulnerability in Apache Log4j (a logging tool used in many Java-based applications) was disclosed, that could allow remote unauthenticated attackers to execute code on vulnerable systems. The vulnerability is tracked as CVE-2021-44228 and is also known as “Log4Shell”. On 2021-12-14 an additional denial of service vulnerability (CVE-2021-45046) …
SIEMENS CERT
08/09/2022
SSA-669737 V1.2 (Last Update: 2022-08-09): Improper Access Control Vulnerability in SICAM TOOLBOX II
SICAM TOOLBOX II contains a vulnerability that could allow an attacker access through a circumventable access control. Siemens recommends countermeasures for products where updates are not, or not yet available.
SIEMENS CERT
08/09/2022
SCALANCE devices contain multiple vulnerabilities in MSPS based product lines that could allow authenticated remote attackers to execute custom code or create a XSS situation, as well as unauthenticated remote attackers to create a denial of service condition. Siemens has released updates for several affected products and recommends to update …
SIEMENS CERT
08/09/2022
A vulnerability in the openSSL component (CVE-2022-0778, [0]) could allow an attacker to create a denial of service condition by providing specially crafted elliptic curve certificates to products that use a vulnerable version of openSSL. Siemens has released updates for several affected products and recommends to update to the latest …