Bulletins

Twelve vulnerabilities in the implementation of frame aggregation and fragmentation of the 802.11 standard, under the name of FragAttacks, have been published. Successful exploitation of these vulnerabilities could allow an attacker within Wi-Fi range to forge encrypted frames, which could result in sensitive data disclosure and possibly traffic manipulation. The …

Siemens has released a new version for Solid Edge that fixes multiple file parsing vulnerabilities which could be triggered when the application reads files in IFC, JT or OBJ formats. If a user is tricked to opening a malicious file using the affected application this could lead the application to …

SIMATIC CM 1542-1, SCALANCE SC600 family and SIMATIC CP 343-1 Advanced devices are vulnerable to a vulnerability in the third party component libcurl that could allow an attacker to cause a Denial-of-Service condition on the affected devices. Siemens has released updates for several affected products and recommends to update to …

Siemens Simcenter STAR-CCM+ Viewer is affected by a vulnerability that could be triggered when the application reads scene (.sce) files. If a user is tricked to open a malicious file with the affected application, this could lead to a crash, and potentially also to arbitrary code execution or data extraction …

Multiple vulnerabilities in RUGGEDCOM ROX devices have been detected, ranging from command injection to filesystem traversal. An attacker could exploit these to gain root access to the affected devices. Siemens has released updates for the affected products and recommends to update to the latest versions.

Siemens NX is affected by two vulnerabilities that could be triggered when the application reads ifc files. If a user is tricked to open a malicious file with the affected application, this could lead to an access violation, and potentially also to arbitrary code execution on the target host system. …

A heap overflow vulnerability in dhclient of the affected products, which has been published alongside other vulnerabilities as part of NAME:WRECK could allow an attacker to potentially remotely execute code. Siemens recommends specific countermeasures for products.