Bulletins

SIEMENS CERT
06/11/2024

SSA-407785 V1.2 (Last Update: 2024-06-11): Multiple X_T File Parsing Vulnerabilities in Parasolid and Teamcenter Visualization

Parasolid and Teamcenter Visualization are affected by memory corruption vulnerabilities that could be triggered when the application reads files in X_T format. If a user is tricked to open a malicious file with the affected applications, an attacker could leverage the vulnerability to perform remote code execution or denial of …
SIEMENS CERT
06/11/2024

SSA-196737 V1.0: Multiple Vulnerabilities in SINEC Traffic Analyzer before V1.2

SINEC Traffic Analyzer before V1.2 is affected by multiple vulnerabilities. Siemens has released a new version for SINEC Traffic Analyzer and recommends to update to the latest version.
SIEMENS CERT
06/11/2024

SSA-024584 V1.0: Authentication Bypass Vulnerability in PowerSys before V3.11

PowerSys before V3.11 is affected by a vulnerability that could allow a local attacker to bypass authentication, thereby gaining administrative privileges for the managed remote devices. Siemens has released a new version for PowerSys and recommends to update to the latest version.
SIEMENS CERT
06/11/2024

SSA-035466 V1.1 (Last Update: 2024-06-11): Incorrect Permission Assignment in SICAM PAS/PQS

SICAM PAS/PQS is affected by insecure permission assignments in application folders that could allow an authenticated local attacker to read and modify configuration data or to escalate privileges. Siemens has released a new version for SICAM PAS/PQS and recommends to update to the latest version. Siemens has also released a …
SIEMENS CERT
06/11/2024

SSA-093430 V1.1 (Last Update: 2024-06-11): Multiple Vulnerabilities in SIMATIC RTLS Locating Manager before V3.0

Siemens has released a new version for SIMATIC RTLS Locating Manager and recommends to update to the latest version.
SIEMENS CERT
06/11/2024

SSA-238730 V1.0: Out-of-Bounds Write Vulnerabilities in SITOP UPS1600 before V2.5.4

Multiple out-of-bounds vulnerabilities in third-party components are affecting SITOP UPS1600 before V2.5.4. Attackers could exploit these vulnerabilities and cause limited impact in the affected systems. Siemens has released new versions for the affected products and recommends to update to the latest versions.
SIEMENS CERT
06/11/2024

SSA-319319 V1.0: Denial of Service Vulnerability in TIA Administrator

TIA Administrator creates temporary download files in a directory with insecure permissions. This could allow any authenticated attacker on Windows to disrupt the update process. Siemens has released a new version for TIA Administrator and recommends to update to the latest version.
SIEMENS CERT
06/11/2024

SSA-337522 V1.0: Multiple Vulnerabilities in TIM 1531 IRC before V2.4.8

Siemens has released new versions for the affected products and recommends to update to the latest versions.