SIEMENS CERT
09/13/2022
SCALANCE devices contain multiple vulnerabilities in MSPS based product lines that could allow authenticated remote attackers to execute custom code or create a XSS situation, as well as unauthenticated remote attackers to create a denial of service condition. Siemens has released updates for several affected products and recommends to update …
SIEMENS CERT
09/13/2022
The Mendix SAML module insufficiently protects from packet capture replay. This could allow unauthorized remote attackers to bypass authentication and get access to the application. Mendix has provided fix releases for the Mendix SAML module and recommends to update to the latest version. Note: For compatibility reasons, fix versions still …
SIEMENS CERT
09/13/2022
Multiple vulnerabilities affecting various third-party components of SINEC INS before V1.0 SP2 could allow an attacker to cause a denial of service condition, disclose sensitive data or violate the system integrity. Siemens has released an update for the SINEC INS and recommends to update to the latest version.
SIEMENS CERT
09/13/2022
The boot loader within RUGGEDCOM ROS contains two vulnerabilities in the loading process of the operating system kernel. The more severe of these vulnerabilities could allow an attacker with local access to the device to execute arbitrary code on an affected device. Siemens recommends specific countermeasures to mitigate this issue.
SIEMENS CERT
09/13/2022
The default installation of the Windows version of the CoreShield One-Way Gateway (OWG) software sets insecure file permissions that could allow a local attacker to escalate privileges to local administrator. Siemens Mobility has released an update for the CoreShield OWG software and recommends to update to the latest version.
SIEMENS CERT
09/13/2022
Several Siemens industrial products are affected by a vulnerability in OpenSSL, that could result in data being sent out unencrypted by the SSL/TLS record layer. Siemens has released updates for the affected products and recommends to update to the latest versions.
SIEMENS CERT
09/13/2022
Simcenter Femap and Parasolid are affected by multiple file parsing vulnerabilities that could be triggered when the application reads files in X_T file formats. If a user is tricked to open a malicious file with the affected applications, an attacker could leverage the vulnerability to perform remote code execution in …
SIEMENS CERT
09/13/2022
RUGGEDCOM ROS-based devices are vulnerable to a denial of service attack (Slowloris). By sending partial HTTP requests nonstop, with none completed, the affected web servers will be waiting for the completion of each request, occupying all available HTTP connections. The web server recovers by itself once the attack ends. Siemens …