Bulletins

SIMATIC RTLS Locating Manager Before V3.2 contains an improper input validation vulnerability that could allow an authenticated remote attacker to execute arbitrary code with high privileges. Siemens has released a new version for SIMATIC RTLS Locating Manager and recommends to update to the latest version.

A vulnerability was identified in RUGGEDCOM ROS devices with mirror port enabled, that could allow an attacker to inject information into the network via the mirror port. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products …

SICAM Q100 and Q200 devices are affected by two information disclosure vulnerabilities that could allow an authenticated local attacker to extract the SMTP account password and use the configured SMTP service for arbitrary purposes. Siemens has released new versions for the affected products and recommends to update to the latest …

Mendix Runtime contains an observable response discrepancy vulnerability when validating usernames during authentication. This could allow unauthenticated remote attackers to distinguish between valid and invalid usernames. Siemens has released new versions for the affected products and recommends to update to the latest versions.

The basic authentication mechanism of Mendix Runtime contains a race condition vulnerability which could allow unauthenticated remote attackers to circumvent default account lockout measures. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where fixes are …

RUGGEDCOM ROX II devices do not properly limit access through their Built-In-Self-Test (BIST) mode. This could allow a local attacker to bypass authentication and access a root shell on the device. Siemens is preparing fix versions and recommends specific countermeasures for products where fixes are not, or not yet available.

Nozomi Networks has published information on vulnerabilities in Nozomi Guardian/CMC. This advisory lists the related Siemens Industrial products affected by these vulnerabilities. Siemens is preparing fix versions and recommends countermeasures for products where fixes are not, or not yet available.