Bulletins

Several SCALANCE X switches are affected by an Authentication Bypass vulnerability. The vulnerability allows an unauthenticated attacker to violate access-control rules. The vulnerability can be exploited by sending a GET request to a specific uniform resource locator on the web configuration interface of the device. The security vulnerability could be …

Multiple industrial products are affected by a vulnerability in the kernel known as TCP SACK PANIC. The vulnerability could allow a remote attacker to cause a denial of service condition. Siemens has released updates for several affected products and recommends to update to the new versions. Siemens is preparing further …

The PROFINET (PNIO) stack, when integrated with the Interniche IP stack, contains a vulnerability that could allow an attacker to cause a denial of service condition on affected industrial products. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further …

The latest updates for SIMATIC RF products fix a vulnerability that could allow an unauthorized attacker to crash the OPC UA service of the affected devices. Siemens has released updates for the affected products and recommends to update to the latest versions.

Siemens Simcenter Femap versions before V2022.2 are affected by an out of bounds write vulnerability that could be triggered when the application reads files in .NEU format. If a user is tricked to open a malicious file with the affected application, an attacker could leverage the vulnerability to perform remote …

Multiple vulnerabilities were identified in the webserver of SICAM P850 and SICAM P855 devices. These include unauthenticated access to web-interface functionality, missing HTTPS or impersonation as well as cross-site scripting related vulnerabilities. Siemens has released updates for the affected products and recommends to update to the latest versions.

Vulnerability in the underlying third party component OPC UA ANSIC Stack (also called Legacy C-Stack) affects several industrial products. The vulnerability could cause a crash of the component that includes the vulnerable part of the stack. Siemens has released updates for several affected products and recommends to update to the …