SIEMENS CERT
12/13/2022
The Mendix Workflow Commons module improperly handles access control for some module entities. This could allow authenticated remote attackers to read or delete sensitive information. Mendix has released an update for the Mendix Workflow Commons module and recommends to update to the latest version. Note that the fix might slightly …
SIEMENS CERT
12/13/2022
The PROFINET (PNIO) stack, when integrated with the Interniche IP stack, contains a vulnerability that could allow an attacker to cause a denial of service condition on affected industrial products. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further …
SIEMENS CERT
12/13/2022
Parasolid is affected by out of bounds read/write vulnerabilities that could be triggered when the application reads files in X_B format. If a user is tricked to open a malicious file with the affected applications, an attacker could leverage the vulnerability to perform remote code execution in the context of …
SIEMENS CERT
12/13/2022
A vulnerability in the third party component SISCO MMS-EASE could allow attackers to cause a denial of service condition with SIPROTEC 5 devices. Siemens has released updates for the affected products and recommends to update to the latest versions.
SIEMENS CERT
12/13/2022
The Mendix Email Connector module improperly handles access control for some module entities. This could allow authenticated remote attackers to read and manipulate sensitive information. Mendix has released an update for the Mendix Email Connector module and recommends to update to the latest version.
SIEMENS CERT
12/13/2022
A vulnerability in affected devices could allow an attacker to perform a denial-of-service attack if a large amount of specially crafted UDP packets are sent to the device. Siemens has released updates for several affected products, and recommends that customers update to the new version. Siemens is preparing further updates …
SIEMENS CERT
12/13/2022
The web server login page of affected products does not apply proper origin checking. This could allow authenticated remote attackers to track the activities of other users via a login cross-site request forgery attack.. Siemens has released updates for several affected products and recommends to update to the latest versions. …
SIEMENS CERT
12/13/2022
SSA-638652 V1.2 (Last Update: 2022-12-13): Authentication Bypass Vulnerability in Mendix SAML Module
The Mendix SAML module insufficiently protects from packet capture replay. This could allow unauthorized remote attackers to bypass authentication and get access to the application. Mendix has provided fix releases for the Mendix SAML module and recommends to update to the latest version. Note: For compatibility reasons, fix versions are …