Bulletins

The Mendix Workflow Commons module improperly handles access control for some module entities. This could allow authenticated remote attackers to read or delete sensitive information. Mendix has released updates for several version lines of the Mendix Workflow Commons module and recommends to update to the latest version. Note that the …

Two vulnerabilities have been identified in the SIMATIC S7-400 CPU family that could allow an attacker to cause a denial of service condition. In order to exploit the vulnerabilities, an attacker must have access to the affected devices on port 102/tcp via Ethernet, PROFIBUS or Multi Point Interfaces (MPI). Siemens …

A vulnerability exists in affected products that could allow remote attackers to affect the availability of the devices under certain conditions. The underlying TCP stack can be forced to make very computation expensive calls for every incoming packet which can lead to a Denial-of-Service. Siemens has released updates for several …

A vulnerability in the third party component SISCO MMS-EASE could allow attackers to cause a denial of service condition with SIPROTEC 5 devices. Siemens has released updates for the affected products and recommends to update to the latest versions.

SCALANCE X devices might not generate a unique random key after factory reset, and use a private key shipped with the firmware. Siemens has released updates for the affected products and recommends to update to the latest versions.

Several SCALANCE X switches are affected by an Authentication Bypass vulnerability. The vulnerability allows an unauthenticated attacker to violate access-control rules. The vulnerability can be exploited by sending a GET request to a specific uniform resource locator on the web configuration interface of the device. The security vulnerability could be …