SIEMENS CERT
08/09/2022
Simcenter STAR-CCM+ contains an information disclosure vulnerability when using the Power-on-Demand public license server. An attacker could access a system’s host, user, and display name. Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available.
SIEMENS CERT
08/09/2022
SIMATIC eaSie contains multiple vulnerabilities that could allow an attacker to send arbitrary messages to the underlying message passing framework of the affected system or crash the attached application. Siemens has released an update for the SIMATIC eaSie Core Package and recommends to update to the latest version.
SIEMENS CERT
07/12/2022
Several models of SINAMICS PERFECT HARMONY GH180 Drives are affected by a DHCP client vulnerability (CVE-2021-29998) in the integrated SCALANCE X206-1 device. The vulnerability could allow an attacker to cause a heap-based buffer overflow on that device and use it to get access to the drive’s internal network. The list …
SIEMENS CERT
07/12/2022
The PROFINET (PNIO) stack, when integrated with the Interniche IP stack, contains a vulnerability that could allow an attacker to cause a denial of service condition on affected industrial products. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further …
SIEMENS CERT
07/12/2022
SIMATIC MV500 devices before V3.3 are affected by multiple vulnerabilities that could allow attackers to hijack other users’ web based management sessions (CVE-2022-33137) or access data on the device without prior authentication (CVE-2022-33138). Siemens has released an update for the SIMATIC MV500 devices and recommends to update to the latest …
SIEMENS CERT
07/12/2022
Siemens has released updates for Opcenter Quality to fix an authentication bypass vulnerability. This could allow unauthenticated access to the application or cause denial of service condition for existing users. The issue is based on rich client modules using IbsGailWrapper-interface. After issuing the record the authentication bypass vulnerability could take …
SIEMENS CERT
07/12/2022
An improper access control vulnerability in Mendix applications was discovered. In case of access to an active user session, the vulnerability could allow to change that user’s password bypassing password validations within a Mendix application. Siemens has released updates for the affected products and recommends to update to the latest …
SIEMENS CERT
07/12/2022
Siemens Simcenter Femap versions before V2022.2 are affected by an out of bounds write vulnerability that could be triggered when the application reads files in X_T format. If a user is tricked to open a malicious file with the affected application, an attacker could leverage the vulnerability to perform remote …