Siemens Building Technologies Products (Update A)


2018-04-03 14:00:22


This updated advisory is a follow-up to the original advisory titled ICSA-18-093-01 Siemens Building Technologies Products that was published April 3, 2018, on the NCCIC/ICS-CERT website. This advisory update includes mitigations for a series of vulnerabilities in Siemens' Building Technologies Products, including stack-based buffer overflows, security features, improper restriction of operations within the bounds of a memory buffer, NULL pointer deference, XML entity expansion, heap-based buffer overflow, and improper access control.