SIEMENS CERT
10/11/2022
A vulnerability in the underlying third party component OPC UA ANSIC Stack (also called Legacy C-Stack) affects several industrial products. The vulnerability could cause a crash of the component that includes the vulnerable part of the stack. Siemens has released updates for several affected products and recommends to update to …
SIEMENS CERT
10/11/2022
The Scalance W1750D device contains multiple vulnerabilities that could allow an attacker to inject commands or exploit multiple buffer overflow vulnerabilities that could lead to denial of service or unauthenticated remote code execution. Siemens has released updates for the SCALANCE W1750D and recommends to update to the latest version. Siemens …
SIEMENS CERT
10/11/2022
Solid Edge is affected by a heap overflow vulnerability that could be triggered when the application reads DWG files. If a user is tricked to open a malicious file with the affected application, an attacker could leverage the vulnerability to perform remote code execution in the context of the current …
SIEMENS CERT
10/11/2022
A vulnerability in Spring Framework was disclosed, that could allow remote unauthenticated attackers to execute code on vulnerable systems. The vulnerability is tracked as CVE-2022-22965 and is also known as “Spring4Shell” or “SpringShell”. Siemens has released updates for the affected products and recommends to update to the latest versions.
SIEMENS CERT
10/11/2022
SINEC NMS contains multiple vulnerabilities that could allow an attacker to execute arbitrary code on the system, arbitrary commands on the local database or achieve privilege escalation. Siemens has released an update for SINEC NMS to fix CVE-2022-24281 and recommends to update to the latest version. Siemens is preparing further …
SIEMENS CERT
10/11/2022
OpenSSL has published a security advisory [0] about a vulnerability in OpenSSL versions 1.1.1 < 1.1.1l and 1.0.2 < 1.0.2za that allows an attacker to cause a denial of service (DoS) or to disclose private memory content. Siemens has released updates for several affected products and recommends to update to …
SIEMENS CERT
10/11/2022
Desigo PXM devices contain multiple vulnerabilities in the webserver application that could allow an attacker to potentially access sensitive information, execute arbitrary commands, cause a denial of service condition, or perform remote code execution. Siemens has released updates for the affected products and recommends to update to the latest versions.
SIEMENS CERT
10/11/2022
LOGO! 8 BM (incl. SIPLUS variants) contains multiple web-related vulnerabilities. These could allow an attacker to execute code remotely, put the device into a denial of service state or retrieve parts of the memory. Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not …