SIEMENS CERT
07/12/2022
Intel has published information on vulnerabilities in Intel products in November 2020. This advisory lists the Siemens IPC related products, that are affected by these vulnerabilities. In this advisory we take a representative CVE from each advisory: “Intel CSME, SPS, TXE, AMT and DAL Advisory” Intel-SA-00391 is represented by CVE-2020-8745 …
SIEMENS CERT
07/12/2022
The latest update of Mendix Excel Importer module fixes an XML Entity Expansion Injection vulnerability. Mendix has released an update for the Mendix Excel Importer module and recommends to update to the latest version.
SIEMENS CERT
07/12/2022
RUGGEDCOM ROX devices are affected by a command injection vulnerability that could allow an attacker with administrative privileges to gain root access. Siemens has released updates for the affected products and recommends to update to the latest versions.
SIEMENS CERT
07/12/2022
SIMATIC eaSie PCS 7 Skill Package contains multiple vulnerabilities that could allow an attacker to send arbitrary messages to the underlying message passing framework of the affected system or crash the attached application. Siemens has released an update for the SIMATIC eaSie Core Package and recommends to update to the …
SIEMENS CERT
07/12/2022
The below referenced devices contain multiple vulnerabilities that could be exploited when the SINEMA Remote Connect Server (SRCS) VPN feature is used. The feature is not activated by default. The most severe could allow an attacker to execute arbitrary code with elevated privileges under certain circumstances. Siemens has released an …
SIEMENS CERT
06/21/2022
SIMATIC WinCC OA implements client-side only authentication, when neither server-side authentication (SSA) nor Kerberos authentication is enabled. In this configuration, attackers could impersonate other users or exploit the client-server protocol without being authenticated. Siemens recommends to enable server-side authentication (SSA) or Kerberos authentication for all WinCC OA projects, as documented …
SIEMENS CERT
06/14/2022
A vulnerability in Desigo DXR and PXC controllers has been identified that could allow an attacker to disable and reset a device to factory state using a denial of service attack. Siemens has released updates for the affected products and recommends to update to the latest versions.
SIEMENS CERT
06/14/2022
The products listed below contain a vulnerability that could allow remote attackers to affect the availability of the devices under certain conditions. The underlying TCP stack can be forced to make very computation expensive calls for every incoming packet which can lead to a Denial-of-Service. Siemens has released an update …