SIEMENS CERT
03/09/2021
PLUSCONTROL 1st Gen devices are affected by a vulnerability as initially reported in SSA-362164 for the Mentor Nucleus TCP/IP stack. The vulnerability could allow an attacker located in the same network to hijack or terminate TCP/IP sessions of a vulnerable device. Siemens Energy recommends specific countermeasures for use cases of …
SIEMENS CERT
03/09/2021
Security researchers discovered and disclosed 33 vulnerabilities in several open-source TCP/IP stacks for embedded devices, also known as “AMNESIA:33” vulnerabilities. This advisory describes the impact of two of these vulnerabilities (CVE-2020-13987, CVE-2020-17437) to Siemens products. Siemens has released updates for several affected products and recommends to update to the latest …
SIEMENS CERT
03/09/2021
Several vulnerabilities in the TCP stack of the SIMATIC MV400 family could allow an attacker to cause Denial-of-Service condition, or affect integrity of TCP connections. Siemens has released an update for the SIMATIC MV400 family and recommends to update to the latest version
SIEMENS CERT
03/09/2021
Siemens has released new versions for Solid Edge to fix multiple vulnerabilities that could be triggered when the application reads files in different file formats (PAR, DFT, XML extensions). If a user is tricked to open a malicious file with the affected application, this could lead to a crash, and …
SIEMENS CERT
03/09/2021
The latest update for SINEMA Remote Connect Server fixes vulnerabilities in the web interface that could allow authenticated unpriviledged user accounts to access functionality unauthorized. Siemens has released updates for SINEMA Remote Connect Server and recommends specific countermeasures.
SIEMENS CERT
03/09/2021
A Denial-of-Service vulnerability has been identified in LOGO! 8 BM. This vulnerability could allow an attacker to crash a device, if a user is tricked into loading a malicious project file onto an affected device. Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or …
SIEMENS CERT
03/09/2021
Mendix Forgot Password Appstore module contains a vulnerability that could allow authorized users to take over accounts. Mendix has released an update for the Mendix Forgot Password Appstore module and recommends to update to the latest version.
SIEMENS CERT
03/09/2021
SIMATIC NET CM 1542-1 and SCALANCE SC600 family devices are vulnerable to a vulnerability in the third party component libcurl that could allow an attacker to cause a Denial-of-Service condition on the affected devices. Siemens has released an update for SCALANCE SC600. For the remaining affected product, Siemens is preparing …