SIEMENS CERT
07/22/2024
Multiple SICAM products are affected by unauthorized password reset and firmware downgrade vulnerabilities that could lead to privilege escalation and potential leak of information, namely: SICAM A8000 Device firmware CPCI85 for CP-8031/CP-8050 SICAM EGS Device firmware CPCI85 SICAM 8 Software Solution SICORE Siemens has released new firmware versions for the …
SIEMENS CERT
07/22/2024
This advisory documents the impact of CVE-2024-3596 (also dubbed “Blastradius”), a vulnerability in the RADIUS protocol, to SCALANCE, RUGGEDCOM and related products. The vulnerability could allow on-path attackers, located between a Network Access Server (the RADIUS client, e.g., SCALANCE or RUGGEDCOM devices) and a RADIUS server (e.g., SINEC INS), to …
BOSCH PSIRT
07/19/2024
BOSCH-SA-248444: The Qualys Threat Research Unit (TRU) has discovered a Remote Unauthenticated Code Execution (RCE) vulnerability in OpenSSH’s server (sshd) in glibc-based Linux systems. The vulnerability, which is a signal handler race condition in OpenSSH’s server (sshd), allows unauthenticated remote code execution (RCE) as root on glibc-based Linux systems; that …
SIEMENS CERT
07/09/2024
Simcenter Femap contains multiple file parsing vulnerabilities that could be triggered when the application reads files in IGS, BDF or BMP file formats. If a user is tricked to open a malicious file with any of the affected products, this could lead the application to crash or potentially lead to …
SIEMENS CERT
07/09/2024
SINEC NMS before V2.0 is affected by a code injection and a stored cross-site scripting vulnerability. Siemens has released an update for SINEC NMS and recommends to update to the latest version.
SIEMENS CERT
07/09/2024
Unified Automation .NET based OPC UA Server SDK before 3.2.2 used in several industrial products are affected by a similar vulnerability as documented in CVE-2023-27321 for the OPC Foundation UA .NET Standard implementation. A successful attack may lead to high load situation and memory exhaustion, and may block the OPC …
SIEMENS CERT
07/09/2024
The PROFINET (PNIO) stack, when integrated with the Interniche IP stack, contains a vulnerability that could allow an attacker to cause a denial of service condition on affected industrial products. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens recommends specific …
SIEMENS CERT
07/09/2024
Multiple vulnerabilities affect the RUGGEDCOM Operating System (ROS). The common denominator to all vulnerabilities is the leak of confidential information. Siemens is preparing fix versions and recommends countermeasures for products where fixes are not, or not yet available.