SIEMENS CERT
10/10/2023
WIBU Systems published information about a heap buffer overflow vulnerability and associated fix releases of CodeMeter Runtime, a product provided by WIBU Systems and used in several Siemens industrial products for license management. The vulnerability is described in the section “Vulnerability Classification” below and got assigned the CVE ID CVE-2023-3935. …
SIEMENS CERT
10/10/2023
SINEC NMS and SINEMA Server V14 contain multiple vulnerabilities that could allow an attacker to execute arbitrary code on the system, arbitrary commands on the local database or achieve privilege escalation. Siemens has released several updates for SINEC NMS and recommends to update to the latest version. Siemens recommends specific …
SIEMENS CERT
10/10/2023
A vulnerability in the underlying third party component OPC UA ANSIC Stack (also called Legacy C-Stack) affects several industrial products. The vulnerability could cause a crash of the component that includes the vulnerable part of the stack. Siemens has released updates for the affected products and recommends to update to …
SIEMENS CERT
10/10/2023
The Mendix Forgot Password module contains a user enumeration vulnerability that could allow an attacker to retrieve valid users. Siemens has released updates for the affected products and recommends to update to the latest versions.
SIEMENS CERT
10/10/2023
A vulnerability was found in SIMATIC WinCC that could allow authenticated attackers to escape the Kiosk Mode. Siemens has released updates for the affected products and recommends to update to the latest versions.
SIEMENS CERT
10/10/2023
Simcenter Amesim contains a vulnerable SOAP endpoint that could allow an unauthenticated remote attacker to perform DLL injection and execute arbitrary code in the context of the affected application process. Siemens has released an update for Simcenter Amesim and recommends to update to the latest version.
SIEMENS CERT
10/10/2023
Multiple SCALANCE devices are affected by several vulnerabilities that could allow an attacker to inject code, retrieve data as debug information as well as user CLI passwords or set the CLI to an irresponsive state. Siemens has released updates for the affected products and recommends to update to the latest …
SIEMENS CERT
10/10/2023
The SCALANCE W1750D device contains multiple vulnerabilities that could allow an attacker to inject commands or exploit buffer overflow vulnerabilities which could lead to sensitive information disclosure, unauthenticated denial of service or unauthenticated remote code execution. Siemens has released updates for the affected products and recommends to update to the …