Bulletins

SCALANCE XM-400 and XR-500 devices contain a vulnerability in the OSPF protocol implementation that could allow an unauthenticated remote attacker to create a permanent denial-of-service condition. Siemens has released updates for the affected products and recommends to update to the latest versions.

SIMATIC NET CM 1542-1, SCALANCE SC600 family and SIMATIC NET CP 343-1 Advanced devices are vulnerable to a vulnerability in the third party component libcurl that could allow an attacker to cause a Denial-of-Service condition on the affected devices. Siemens has released an update for SCALANCE SC600. For the remaining …

The installation of SIMARIS configuration causes insecure folder permissions that could allow vertical privilege escalation. Siemens has released an update for SIMARIS and recommends to update to the latest version.

A vulnerability in SIMATIC CP343-1 devices could allow an attacker to cause a Denial-of-Service condition on TCP port 102 of the affected devices by sending specially crafted packets. Siemens recommends specific countermeasures for products where updates are not, or not yet available.

A denial-of-service vulnerability in WinCC Runtime could allow an unauthenticated attacker with network access to cause a denial-of-service condition in the SNMP service by sending crafted SNMP packets to port 161/udp. Siemens has released updates for the affected products and recommends to update to the latest versions.

The latest update of Mendix Excel Importer module fixes an infomation disclosure vulnerability. Mendix has released an update for the Mendix Excel Importer module and recommends to update to the latest version.

The latest update of Mendix Database Replication module fixes a infomation disclosure vulnerability. Mendix has released an update for the Mendix Database Replication module and recommends to update to the latest version.