SIEMENS CERT
04/12/2022
SIMATIC S7-400 CPU devices contain an input validation vulnerability that could allow an attacker to create a Denial-of-Service condition. A restart is needed to restore normal operations. Siemens has released an update for SIMATIC S7-410 V10 CPU family and SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants for both) …
SIEMENS CERT
04/12/2022
A message integrity protection bypass vulnerability has been identified in several SIMATIC products. The vulnerability could allow an attacker in a Man-in-the-Middle position to modify network traffic exchanged on port 102/tcp to PLCs of the SIMATIC S7-1200, SIMATIC S7-1500 and SIMATIC SoftwareController CPU families. Siemens has released updates for several …
SIEMENS CERT
04/12/2022
SIMOTICS CONNECT 400, Desigo (Power PC-based), APOGEE MEC/MBC/PXC and TALON TC products are affected by a DHCP Client vulnerability as initially reported in SSA-434032 for the Mentor Nucleus Networking Module. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends countermeasures for …
SIEMENS CERT
04/12/2022
An information disclosure vulnerability in Mendix applications was discovered. The vulnerability could allow to read sensitive data. Siemens has released an update for the Mendix Applications using Mendix 9 and recommends to update to the latest version. Siemens recommends countermeasures for products where updates are not, or not yet available.
SIEMENS CERT
04/12/2022
A XPath Constraint vulnerability in the Mendix Runtime was discovered, that can affect the running applications. The vulnerability could allow a malicious user to deduce contents of inaccessible attributes and modify sensitive data. Mendix has released updates for the affected product lines, recommends to update to the latest versions and …
SIEMENS CERT
04/12/2022
SICAM A8000 CP-8050 and CP-8031 devices contain vulnerabilities that could allow an attacker to access files without authentication. Siemens has released updates for the affected products and recommends to update to the latest versions.
SIEMENS CERT
04/12/2022
An attacker could achieve privilege escalation on the web server of certain devices configured by SIMATIC STEP 7 (TIA Portal) due to incorrect handling of the webserver’s user management configuration during downloading. This only affects the S7-1200 and S7-1500 CPUs’ (incl. related ET200 CPUs and SIPLUS variants) web server, when …
SIEMENS CERT
03/28/2022
A vulnerability exists in affected products that could allow remote attackers to affect the availability of the devices under certain conditions. The underlying TCP stack can be forced to make very computation expensive calls for every incoming packet which can lead to a Denial-of-Service.