Bulletins

A vulnerability was identified in the CPC80 firmware of SICAM A8000 devices. It could allow an unauthenticated remote attacker to cause a permanent denial of service condition. Siemens has released updates for the affected products and recommends to update to the latest versions.

Intel has published information on vulnerabilities in Intel products in June 2021. This advisory lists the related Siemens Industrial products affected by these vulnerabilities that can be patched by applying the corresponding BIOS update. In this advisory we summarize: “2021.1 IPU – Intel® CSME, SPS and LMS Advisory” Intel-SA-00459, “2021.1 …

An expression injection vulnerability was discovered in the Workflow processing of Mendix Runtime, that can affect the running applications. The vulnerability could allow a malicious user to leak sensitive information if the Workflow visual language of Mendix is used. Mendix has released updates for the affected product lines, recommends to …

The below referenced devices contain multiple vulnerabilities that could be exploited when the SINEMA Remote Connect Server (SRCS) VPN feature is used. The feature is not activated by default. The most severe could allow an attacker to execute arbitrary code with elevated privileges under certain circumstances. Siemens has released an …

A vulnerability was identified in several SCALANCE X switches that could allow an attacker to feed information into a network via the mirror port with the monitor barrier feature enabled. Siemens has released updates for the affected products and recommends to update to the latest versions.

SIMATIC WinCC OA implements client-side only authentication, when neither server-side authentication (SSA) nor Kerberos authentication is enabled. In this configuration, attackers could impersonate other users or exploit the client-server protocol without being authenticated. Siemens recommends to enable server-side authentication (SSA) or Kerberos authentication for all WinCC OA projects, as documented …

Teamcenter Active Workspace is affected by a cross site scripting vulnerability. Siemens has released updates for the affected products and recommends to update to the latest versions.