Bulletins

An attacker could trigger malicious actions via a cross-site scripting vulnerability by sending crafted links to an administrator user of Polarion ALM. Siemens has released an update for the Polarion Subversion Webclient and recommends to update to the latest version.

A vulnerability in Mendix Studio Pro was discovered, that, if acted upon by a malicious user, could allow to retrieve the status of a job run by another user in certain cases. Mendix has released updates for the affected product lines, recommends to update to the latest versions and to …

A vulnerability in the RUGGEDCOM ROX devices’ third party component, ISC DHCP, could allow an attacker to cause a buffer overrun due to a bug when reading a stored DHCP lease containing certain option information, eventually leading to a denial-of-service condition, or cause a remote-code execution. Siemens has released updates …

Multiple vulnerabilities affect various third-party components of the RUGGEDCOM ROS, and a cross-site scripting exploit. If exploited, an attacker could cause a denial-of-service, act as a man-in-the-middle or retrieval of sensitive information or gain privileged functions. Siemens is preparing updates and recommends countermeasures for products where updates are not, or …

Siemens Simcenter STAR-CCM+ Viewer is affected by a memory corruption vulnerability that could be triggered when the application reads scene (.sce) files. If a user is tricked to open a malicious file with the affected application, this could lead to a crash, and potentially also to arbitrary code execution or …

Multiple vulnerabilities (also known as “NUCLEUS:13”) have been identified in the Nucleus RTOS (real-time operating system), originally reported in the Siemens Security Advisory SSA-044112: https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf. SIMOTICS CONNECT 400 devices are affected by some of the vulnerabilities as documented below. Siemens has released an update for the SIMOTICS CONNECT 400 and …

SINEC NMS contains multiple vulnerabilities that could allow an attacker to execute arbitrary code on the system, arbitrary commands on the local database or achieve privilege escalation. Siemens recommends specific countermeasures for products where updates are not, or not yet available.