SIEMENS CERT
08/09/2022
OpenSSL has published a security advisory [0] about a vulnerability in OpenSSL versions 1.1.1 < 1.1.1k, that allows an unauthenticated attacker to cause a Denial-of-Service (DoS) if a maliciously crafted renegotiation message is sent . Siemens has released updates for several affected products and recommends to update to the latest …
SIEMENS CERT
08/09/2022
Siemens Teamcenter Visualization and JT2Go are affected by an out of bounds write vulnerability in APDFL library from Datalogics. If a user is tricked to open a malicious PDF file with the affected products, this could lead the application to crash or potentially lead to arbitrary code execution. Siemens has …
SIEMENS CERT
08/09/2022
RUGGEDCOM ROS-based devices are vulnerable to a web-based code injection attack. To execute this attack, it is necessary to access the system via the Command Line Interface (CLI). Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products …
SIEMENS CERT
08/09/2022
The products listed below contain two security vulnerabilities in the UMC component that could allow an attacker to cause a partial denial-of-service of the UMC component, or to locally escalate privileges from a user with administrative privileges to execute code with SYSTEM level privileges. Siemens has released updates for several …
SIEMENS CERT
08/09/2022
Multiple vulnerabilities were found in SIMATIC WinCC that ultimately could allow attackers to retrieve and brute force password hashes and access other systems. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products …
SIEMENS CERT
08/09/2022
There are multiple vulnerabilities in an underlying Link Layer Discovery Protocol (LLDP) third party library. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not, or not yet available.
SIEMENS CERT
08/09/2022
Teamcenter is affected by XML External Entity Injection (XXE, CVE-2022-29801) and a stack based buffer overflow vulnerability (CVE-2022-24290). XXE impacts only Teamcenter versions before V13.1. Siemens has released updates for the affected products and recommends to update to the latest versions.
SIEMENS CERT
07/12/2022
Siemens has released updates for Opcenter Quality to fix an authentication bypass vulnerability. This could allow unauthenticated access to the application or cause denial of service condition for existing users. The issue is based on rich client modules using IbsGailWrapper-interface. After issuing the record the authentication bypass vulnerability could take …