Bulletins

The installation of SIMARIS configuration causes insecure folder permissions that could allow vertical privilege escalation. Siemens has released an update for SIMARIS and recommends to update to the latest version.

Multiple SmartVNC vulnerabilities in the affected products listed below could allow remote code execution and Denial-of-Service attacks under certain conditions. Siemens has released updates for the affected products and recommends to update to the latest version.

Intel has published information on vulnerabilities in Intel products in November 2020. This advisory lists the Siemens Controllers that are affected by these vulnerabilities. In this advisory we take a representative CVE from each advisory: “Intel CSME, SPS, TXE, AMT and DAL Advisory” Intel-SA-00391 is represented by CVE-2020-8744 “BIOS Advisory” …

Siemens SCALANCE W1750D is a brand-labeled device. Aruba has released a related security advisory ARUBA-PSA-2021-007 disclosing vulnerabilities in its Aruba Instant product line. Siemens is preparing updates and recommends countermeasures for products where updates are not, or not yet available.

SINAMICS medium voltage products, with telnet enabled on SIMATIC comfort HMI Panels, are affected by a remote access vulnerability that could allow an attacker, under certain conditions, to gain full remote access to the HMI. Note that by default telnet is disabled, but it can be enabled on request by …

The latest update of Mendix Excel Importer module fixes an infomation disclosure vulnerability. Mendix has released an update for the Mendix Excel Importer module and recommends to update to the latest version.

The latest update of Mendix Database Replication module fixes a infomation disclosure vulnerability. Mendix has released an update for the Mendix Database Replication module and recommends to update to the latest version.