SIEMENS CERT
06/21/2022
SIMATIC WinCC OA implements client-side only authentication, when neither server-side authentication (SSA) nor Kerberos authentication is enabled. In this configuration, attackers could impersonate other users or exploit the client-server protocol without being authenticated. Siemens recommends to enable server-side authentication (SSA) or Kerberos authentication for all WinCC OA projects, as documented …
SIEMENS CERT
06/14/2022
Products that include the Siemens PROFINET-IO (PNIO) stack in versions prior V06.00 are potentially affected by a denial of service vulnerability when multiple legitimate diagnostic package requests are sent to the DCE-RPC interface. Siemens has released updates for several affected products and recommends to update to the new versions. Siemens …
SIEMENS CERT
06/14/2022
The SSH server on RUGGEDCOM ROS devices is configured to offer weak ciphers by default. This could allow an unauthorized attacker in a man-in-the-middle position to read and modify any data passed over the connection between legitimate clients and the affected device. Siemens recommends specific countermeasures for products where updates …
SIEMENS CERT
06/14/2022
The latest updates of Mendix the SAML module fixes two vulnerabilities. One is an XML External Entity (XXE) attack that could allow an attacker to potentially disclose confidential data under certain circumstances the other is an Cross Site Scripting (XSS) attack allowing to execute malicious code by tricking users into …
SIEMENS CERT
06/14/2022
SSA-549234 V1.2 (Last Update: 2022-06-14): Denial-of-Service Vulnerability in SIMATIC NET CP Modules
A denial of service vulnerability was identified in different types of Communication Processors. An attacker could exploit this vulnerability causing the device to become un-operational until the device is restarted. Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available.
SIEMENS CERT
06/14/2022
Vulnerabilities in the third-party component strongSwan could allow an attacker to cause a denial of service (DoS) condition in affected devices by exploiting integer overflow bugs. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends countermeasures …
SIEMENS CERT
06/14/2022
A cleartext vulnerability was found in the SIMATIC communication processors CP 1543-1 and CP 1545-1 that could allow an attacker to read sensitive information. Siemens has released updates for the affected products and recommends to update to the latest versions.
SIEMENS CERT
06/14/2022
SINEMA Remote Connect Server is affected by multiple vulnerabilities, including A cross-site scripting vulnerability in an error message pop up window (CVE-2022-29034) Several authentication bypass, privilege escalation and integrity check vulnerabilities (CVE-2022-32251 through -32261) A command injection vulnerability in the file upload service (CVE-2022-32262) A chosen-plaintext attack against HTTP over …