SIEMENS CERT
01/10/2023
The Mendix Workflow Commons module improperly handles access control for some module entities. This could allow authenticated remote attackers to read or delete sensitive information. Mendix has released updates for several version lines of the Mendix Workflow Commons module and recommends to update to the latest version. Note that the …
SIEMENS CERT
01/10/2023
Siemens has released a new version for SINEC INS that fixes multiple vulnerabilities that could allow an attacker to read and write arbitrary files from the file system of the affected component and to ultimately execute arbitrary code on the device. In addition, this version also contains fixes for multiple …
SIEMENS CERT
01/10/2023
A vulnerability in the affected devices could allow an unauthorized attacker with network access to the webserver of an affected device to perform a denial of service attack. Siemens has released updates for several affected products and recommends to update to the new versions. Siemens is preparing further updates and …
SIEMENS CERT
01/10/2023
Affected models of the S7-1500 CPU product family do not contain an Immutable Root of Trust in Hardware. With this the integrity of the code executed on the device can not be validated during load-time. An attacker with physical access to the device could use this to replace the boot …
SIEMENS CERT
01/10/2023
The Mendix SAML module is affected by a reflected cross-site scripting (XSS) vulnerability that could allow an attacker to extract sensitive information by tricking users into accessing a malicious link. Apps are only vulnerable in certain cases when non-default configuration is used. Siemens has released updates for the affected products …
SIEMENS CERT
01/10/2023
SIMATIC WinCC OA contains an argument injection vulnerability that could allow an authenticated remote attacker to inject arbitrary parameters, when starting the Ultralight Client via the web interface (e.g., open attacker chosen panels with the attacker’s credentials or start a Ctrl script). Siemens has released updates for several affected products …
SIEMENS CERT
01/10/2023
The products listed below do not properly authorize the change password function of the web interface. This could allow low privileged users to escalate their privileges. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific …
SIEMENS CERT
01/10/2023
Several industrial controllers are affected by a security vulnerability that could allow an attacker to cause a denial of service condition via PROFINET DCP network packets under certain circumstances. Precondition for this scenario is a direct OSI Layer 2 access to the affected products. PROFIBUS interfaces are not affected. Siemens …