SIEMENS CERT
01/14/2025
The Mendix LDAP module is affected by an LDAP injection vulnerability that could allow an unauthenticated remote attacker to bypass username verification. Siemens has released a new version for Mendix LDAP and recommends to update to the latest version.
SIEMENS CERT
01/14/2025
Affected SIPROTEC 5 devices do not properly limit the access of the web server to the filesystem. This could allow an authenticated remote attacker to read arbitrary files or the entire filesystem of the device. Siemens has released new versions for several affected products and recommends to update to the …
SIEMENS CERT
01/14/2025
Multiple vulnerabilities have been identified in the additional GNU/Linux subsystem of the firmware version V3.1 for the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP (incl. SIPLUS variant). These GNU/Linux vulnerabilities have been externally identified. Siemens is preparing fix versions and recommends specific countermeasures for products where fixes are not, or not …
SIEMENS CERT
01/14/2025
Several HikVision camera device drivers in the Siveillance Video Device Pack store camera credentials in their log file when authentication fails. This could allow a local attacker to read camera credentials stored in the Recording Server under specific conditions. Siemens has released an update of the Device Pack and recommends …
SIEMENS CERT
01/14/2025
Multiple SCALANCE devices are affected by several vulnerabilities that could allow an attacker to inject code, retrieve data as debug information as well as user CLI passwords or set the CLI to an irresponsive state. Siemens has released updates for the affected products and recommends to update to the latest …
SIEMENS CERT
01/14/2025
Industrial Edge Management is affected by a reflected cross-site scripting (XSS) vulnerability that could allow an attacker to extract sensitive information by tricking users into accessing a malicious link. Siemens recommends countermeasures for products where fixes are not, or not yet available.
SIEMENS CERT
01/14/2025
The PROFINET (PNIO) stack, when integrated with the Interniche IP stack, contains a vulnerability that could allow an attacker to cause a denial of service condition on affected industrial products. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens recommends specific …
SIEMENS CERT
01/14/2025
Affected models of the S7-1500 CPU product family do not contain an Immutable Root of Trust in Hardware. With this the integrity of the code executed on the device can not be validated during load-time. An attacker with physical access to the device could use this to replace the boot …