SIEMENS CERT
09/08/2020
SIMATIC HMI Products are affected by two vulnerabilities that could allow a remote attacker to discover user passwords and obtain access to the Sm@rt Server via a brute-force attack. Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available.
SIEMENS CERT
09/08/2020
A vulnerability in affected devices could allow an attacker to perform a denial-of-service attack if a large amount of specially crafted UDP packets are sent to the device. Siemens has released updates for several affected products, and recommends that customers update to the new version. Siemens is preparing further updates …
SIEMENS CERT
09/08/2020
A vulnerability in the affected devices could allow an unauthorized attacker with network access to the webserver of an affected device to perform a denial-of-service attack. Siemens has released updates for several affected products and recommends to update to the new versions. Siemens is preparing further updates and recommends specific …
SIEMENS CERT
09/08/2020
Products that include the Siemens PROFINET-IO (PNIO) stack in versions prior V06.00 are potentially affected by a denial-of-service vulnerability when multiple legitimate diagnostic package requests are sent to the DCE-RPC interface. Siemens has released updates for several affected products and recommends to update to the new versions. Siemens is preparing …
SIEMENS CERT
09/08/2020
The latest update for the below listed products fixes two security vulnerabilities that could allow an attacker to cause a partial Denial-of-Service on the UMC component of the affected devices under certain circumstances, and one vulnerability that could allow an attacker to locally escalate privileges from a user with administrative …
SIEMENS CERT
09/08/2020
The latest update for SIMATIC RTLS Locating Manager fixes various vulnerabilities that could allow a low-privileged local user to escalate privileges. Siemens recommends to apply the update of the SIMATIC RTLS Locating Manager.
SIEMENS CERT
09/08/2020
A vulnerability has been identified in SIMATIC S7-300 and S7-400 CPU families, which could result in credential disclosure. Siemens recommends countermeasures as there are currently no fixes available.
SIEMENS CERT
09/08/2020
Multiple cross-site scripting (XSS) vulnerabilities were found in the subversion webclient of Polarion. In addition, the webclient doesn’t have any cross-site request forgery (CSRF) protection. An attacker could inject client side script to induce the victim to issue an HTTP request that would lead to a state changing operation. Siemens …