SIEMENS CERT
07/09/2024
This advisory documents the impact of CVE-2024-3596 (also dubbed “Blastradius”), a vulnerability in the RADIUS protocol, to SCALANCE, RUGGEDCOM and related products. The vulnerability could allow on-path attackers, located between a Network Access Server (the RADIUS client, e.g., SCALANCE or RUGGEDCOM devices) and a RADIUS server (e.g., SINEC INS), to …
SIEMENS CERT
07/09/2024
A vulnerability in the login dialog box of SIMATIC WinCC could allow a local attacker to cause a denial of service condition in the runtime of the SCADA system. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further …
SIEMENS CERT
07/09/2024
Palo Alto Networks has published [1] information on CVE-2024-3400 in PAN-OS. This advisory addresses Siemens Industrial products affected by this vulnerability. Siemens has released a new version of Palo Alto Networks Virtual NGFW for RUGGEDCOM APE1808 and recommends to update to the latest version. Customers are advised to consult and …
SIEMENS CERT
07/09/2024
The SIPROTEC 5 devices are supporting weak encryption. This could allow an unauthorized attacker in a man-in-the-middle position to read any data passed over the connection between legitimate clients and the affected device. Siemens has released new versions for several affected products and recommends to update to the latest versions. …
SIEMENS CERT
07/09/2024
Two null point dereference vulnerabilities affect multiple SIMATIC software products. These could allow an attacker to cause a persistent denial of service condition in the RPC Server of these products. Siemens has released new versions for the affected products and recommends to update to the latest versions.
SIEMENS CERT
07/09/2024
Affected applications do not properly restrict the .NET BinaryFormatter when deserializing user-controllable input. This could allow an attacker to cause a type confusion and execute arbitrary code within the affected application. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens recommends …
SIEMENS CERT
07/09/2024
Products that include the Siemens PROFINET-IO (PNIO) stack in versions prior V06.00 are potentially affected by a denial of service vulnerability when multiple legitimate diagnostic package requests are sent to the DCE-RPC interface. Siemens has released new versions for several affected products and recommends to update to the latest versions. …
SIEMENS CERT
07/09/2024
JT Open Toolkit and PLM XML SDK are affected by stack buffer overflow and null pointer dereference vulnerabilities that could be triggered while parsing XML file. If a user is tricked to open a malicious XML file with any of the affected products, this could cause the application to crash …