SIEMENS CERT
12/13/2022
The Siemens PLM Help Server V4.2 for documentation contains a reflected cross-site scripting vulnerability. This product has reached end of life, and security vulnerabilities are no longer patched. Siemens has released a new version of Documentation Server that resolves this vulnerability. See the chapter “Additional Information” below for more details.
SIEMENS CERT
12/13/2022
The Mendix Email Connector module improperly handles access control for some module entities. This could allow authenticated remote attackers to read and manipulate sensitive information. Mendix has released an update for the Mendix Email Connector module and recommends to update to the latest version.
SIEMENS CERT
12/13/2022
A vulnerability in the third party component SISCO MMS-EASE could allow attackers to cause a denial of service condition with SIPROTEC 5 devices. Siemens has released updates for the affected products and recommends to update to the latest versions.
SIEMENS CERT
12/13/2022
SCALANCE X-200RNA switch devices before V3.2.7 contain multiple vulnerabilities that could allow an attacker to cause a denial of service condition, to extract sensitive information or to hijack existing sessions. Siemens has released updates for the affected products and recommends to update to the latest versions.
SIEMENS CERT
12/13/2022
Siemens Teamcenter Visualization and JT2Go are affected by multiple out of bounds write vulnerabilities in the APDFL library from Datalogics. If a user is tricked to open a malicious PDF file with the affected products, this could lead the application to crash or potentially lead to arbitrary code execution. Siemens …
SIEMENS CERT
12/13/2022
Affected SIMATIC firmware contains multiple vulnerabilities that could allow an unauthenticated attacker to perform a denial-of-service attack under certain conditions. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends countermeasures for products where updates are not, …
SIEMENS CERT
12/13/2022
The Mendix Workflow Commons module improperly handles access control for some module entities. This could allow authenticated remote attackers to read or delete sensitive information. Mendix has released an update for the Mendix Workflow Commons module and recommends to update to the latest version. Note that the fix might slightly …
SIEMENS CERT
12/13/2022
The openSSL component, versions 3.0.0 through 3.0.6, contains two buffer overflow vulnerabilities (CVE-2022-3602, CVE-2022-3786) in the X.509 certificate verification [0]. They could allow an attacker to create a denial of service condition or execute arbitrary code on a vulnerable TLS server (if the server requests client certificate authentication), or on …