SIEMENS CERT
11/09/2021
Multiple vulnerabilities (also known as “NUCLEUS:13”) have be identified in the Nucleus RTOS (real-time operating system) and reported in the Siemens Security Advisory SSA-044112: https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf. The products listed below use affected versions of the Nucleus software and inherently contain these vulnerabilities. Siemens recommends specific countermeasures for products where updates are …
SIEMENS CERT
11/09/2021
SIMATIC RTLS Locating Manager before V2.12 contains multiple vulnerabilities that could allow an attacker to read sensitive data or trigger a denial-of-service condition of the application service. Siemens has released an update for the SIMATIC RTLS Locating Manager and recommends to update to the latest version.
SIEMENS CERT
11/09/2021
Siemens NX is affected by two vulnerabilities that could be triggered when the application reads OBJ files. If a user is tricked to open a malicious file with the affected application, this could lead to an access violation, and potentially also to arbitrary code execution on the target host system. …
SIEMENS CERT
11/09/2021
Applications built with affected versions of Mendix Studio Pro do not prevent file documents from being cached when files are opened or downloaded using a browser. This could allow a local attacker to read those documents by exploring the browser cache. Mendix has released updates for the affected product lines, …
SIEMENS CERT
11/09/2021
SENTRON powermanager V3 is affected by a vulnerability that could allow a local attacker to inject arbitrary code and escalate privileges. Siemens has released a security patch for SENTRON powermanager V3.6 HF1 and recommends to update to the latest version and apply this patch.
SIEMENS CERT
11/09/2021
WIBU Systems published information about a denial-of-service vulnerability and an associated fix release version of CodeMeter Runtime, a product provided by WIBU Systems and used in several Siemens products for license management. The vulnerability is described in the section “
SIEMENS CERT
11/09/2021
Climatix POL909 (AWM module) contains an information disclosure vulnerability could allow an attacker in a man-in-the-middle position to read sensitive data, such as administrator credentials, or modify data in transit. Siemens has released an update for Climatix POL909 (AWM module) and recommends to update to the latest version.
SIEMENS CERT
11/09/2021
Siemens NX is affected by two vulnerabilities that could be triggered when the application reads JT files. If a user is tricked to open a malicious file with the affected application, this could lead to an access violation, and potentially also to arbitrary code execution on the target host system. …