Bulletins

A vulnerability in the affected devices could allow an unauthorized attacker with network access to the webserver of an affected device to perform a denial of service attack. Siemens has released updates for several affected products and recommends to update to the new versions. Siemens is preparing further updates and …

SINEMA Remote Connect Server is affected by multiple vulnerabilities, including A cross-site scripting vulnerability in an error message pop up window (CVE-2022-29034) Several authentication bypass, privilege escalation and integrity check vulnerabilities (CVE-2022-32251 through -32261) A command injection vulnerability in the file upload service (CVE-2022-32262) A chosen-plaintext attack against HTTP over …

OpenSSL has published a security advisory [0] about a vulnerability in OpenSSL versions 1.1.1 < 1.1.1l and 1.0.2 < 1.0.2za that allows an attacker to cause a denial of service (DoS) or to disclose private memory content. Siemens has released updates for several affected products and recommends to update to …

The products listed below contain a vulnerability that could allow remote attackers to affect the availability of the devices under certain conditions. The underlying TCP stack can be forced to make very computation expensive calls for every incoming packet which can lead to a Denial-of-Service. Siemens has released an update …

The latest updates for TIA Portal fix a vulnerability that could allow a local attacker to execute arbitrary code with SYSTEM privileges. Update: The previously provided fixes only correctly set the permissions on English Windows versions. Siemens is preparing updates and recommends specific countermeasures for products where updates are not, …

Multiple vulnerabilities (also known as “NUCLEUS:13”) have been identified in the Nucleus RTOS (real-time operating system) and reported in the Siemens Security Advisory SSA-044112: https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf. The products listed below use affected versions of the Nucleus software and inherently contain these vulnerabilities. Siemens has released updates for several affected products and …

OpenSSL has published a security advisory [0] about a vulnerability in OpenSSL versions 1.1.1 < 1.1.1k, that allows an unauthenticated attacker to cause a Denial-of-Service (DoS) if a maliciously crafted renegotiation message is sent . Siemens has released updates for several affected products and recommends to update to the latest …