SIEMENS CERT
02/09/2021
The latest update for the below listed products fixes two security vulnerabilities that could allow an attacker to cause a partial Denial-of-Service on the UMC component of the affected devices under certain circumstances, and one vulnerability that could allow an attacker to locally escalate privileges from a user with administrative …
SIEMENS CERT
02/09/2021
A vulnerability exists in several SCALANCE X switches that could allow external entities to reconstruct passwords for users of the affected devices if an attacker is able to obtain a backup of the device configuration. Siemens has released updates for several affected products and recommends to update to the latest …
SIEMENS CERT
02/09/2021
There exists a directory traversal vulnerability which allows arbitrary file upload to an affected system. This type of vulnerability is also known as ‘Zip-Slip’. An authenticated attacker could exploit this vulnerability to gain arbitrary code execution by uploading a new or modifying an existing file to an affected system. Siemens …
SIEMENS CERT
02/09/2021
Some versions of Mentor Nucleus ReadyStart and Nucleus NET use Initial Sequence Numbers for TCP- Sessions that are predictable. Siemens has released updates for the affected products and recommends to update to the latest version(s).
SIEMENS CERT
02/09/2021
The latest update for ROX II contains multiple fixes for IPsec related vulnerabilities in Libreswan and NSS. Siemens has released updates for the affected products and recommends to update to the latest versions.
SIEMENS CERT
02/09/2021
The latest update for TIA Administrator, installed together with TIA Portal and PCS neo, fixes a privilege escalation vulnerability that could allow local users to escalate privileges and execute code as local SYSTEM user. Siemens has released an update for TIA Portal and recommends that customers update to the latest …
SIEMENS CERT
02/09/2021
A vulnerability in several SCALANCE X devices could allow an unauthenticated attacker with network access to an affected device to perform a denial-of-service. Siemens has released an update for SCALANCE X-200IRT and recommends to update to the latest version. Siemens recommends specific countermeasures for products where updates are not, or …
SIEMENS CERT
02/09/2021
The products listed below contain a vulnerability that could allow remote attackers to affect the availability of the devices under certain conditions. The underlying TCP stack can be forced to make very computation expensive calls for every incoming packet which can lead to a Denial-of-Service. Siemens has released an update …