Bulletins

The products listed below do not properly authorize the change password function of the web interface. This could allow low privileged users to escalate their privileges. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific …

The SCALANCE W1750D device contains multiple vulnerabilities that could allow an attacker to inject commands or exploit buffer overflow vulnerabilities which could lead to denial of service, unauthenticated remote code execution or stored XSS. Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not …

There is a cross-site scripting vulnerability that affects the SCALANCE switches. This vulnerability if used by a threat actor could result in the stealing of session cookies and session hijacking. Siemens has released updates for the affected products and recommends to update to the latest versions.

The mobile server component of Siveillance Video 2022 R2 contains an authentication bypass vulnerability that could allow an unauthenticated remote attacker to access the application without a valid account. Siemens has released a hotfix for Siveillance Video 2022 R2 and recommends to apply the hotfix on all installations of the …

Several SIMATIC HMI Panels are affected by a vulnerability that could allow an attacker to cause a permanent denial of service condition (requiring a device reboot) by sending specially crafted TCP packets. Siemens has released updates for the affected products and recommends to update to the latest versions.

The FTP server of the networking component (Nucleus NET) in Nucleus Real-Time Operating System (RTOS) does not properly release memory resources that were reserved for incomplete connection attempts by FTP clients. This could allow a remote attacker to generate a denial of service condition on devices that incorporate a vulnerable …