• 1
  • 2
  • 3 (current)
Tuesday, 10.01.2023
Title
SSA-997779 V1.0: File Parsing Vulnerability in Solid Edge before V2023 MP1
Published
Jan. 10, 2023, 1 a.m.
Summary
Solid Edge is affected by memory corruption vulnerability that could be triggered when the application read files in different file formats such as PAR, ASM, DFT. If a user is tricked to open a malicious file with the affected applications, an attacker could leverage the vulnerability to perform remote code ...
Title
SSA-496604 V1.0: Cross-Site Scripting Vulnerability in Mendix SAML Module
Published
Jan. 10, 2023, 1 a.m.
Summary
The Mendix SAML module is affected by a reflected cross-site scripting (XSS) vulnerability that could allow an attacker to extract sensitive information by tricking users into accessing a malicious link. Apps are only vulnerable in certain cases when non-default configuration is used. Siemens has released updates for the affected products ...
Title
SSA-547714 V1.1 (Last Update: 2023-01-10): Argument Injection Vulnerability in SIMATIC WinCC OA Ultralight Client
Published
Jan. 10, 2023, 1 a.m.
Summary
SIMATIC WinCC OA contains an argument injection vulnerability that could allow an authenticated remote attacker to inject arbitrary parameters, when starting the Ultralight Client via the web interface (e.g., open attacker chosen panels with the attacker’s credentials or start a Ctrl script). Siemens has released updates for several affected products ...
Title
SSA-552702 V1.3 (Last Update: 2023-01-10): Privilege Escalation Vulnerability in the Web Interface of SCALANCE and RUGGEDCOM Products
Published
Jan. 10, 2023, 1 a.m.
Summary
The products listed below do not properly authorize the change password function of the web interface. This could allow low privileged users to escalate their privileges. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific ...
Title
SSA-592007 V1.9 (Last Update: 2023-01-10): Denial of Service Vulnerability in Industrial Products
Published
Jan. 10, 2023, 1 a.m.
Summary
Several industrial controllers are affected by a security vulnerability that could allow an attacker to cause a denial of service condition via PROFINET DCP network packets under certain circumstances. Precondition for this scenario is a direct OSI Layer 2 access to the affected products. PROFIBUS interfaces are not affected. Siemens ...
Title
SSA-593272 V1.9 (Last Update: 2023-01-10): SegmentSmack in Interniche IP-Stack based Industrial Devices
Published
Jan. 10, 2023, 1 a.m.
Summary
A vulnerability exists in affected products that could allow remote attackers to affect the availability of the devices under certain conditions. The underlying TCP stack can be forced to make very computation expensive calls for every incoming packet which can lead to a Denial-of-Service. Siemens has released updates for several ...
Title
SSA-697140 V1.1 (Last Update: 2023-01-10): Denial of Service Vulnerability in the TCP Event Service of SCALANCE and RUGGEDCOM Products
Published
Jan. 10, 2023, 1 a.m.
Summary
The products listed below contain a denial of service vulnerability in the TCP event interface that could allow an unauthenticated remote attacker to render the device unusable. Siemens has released updates for the affected products and recommends to update to the latest versions.
Title
SSA-710008 V1.2 (Last Update: 2023-01-10): Multiple Web Vulnerabilities in SCALANCE Products
Published
Jan. 10, 2023, 1 a.m.
Summary
SCALANCE devices contain multiple vulnerabilities in MSPS based product lines that could allow authenticated remote attackers to execute custom code or create a XSS situation, as well as unauthenticated remote attackers to create a denial of service condition. Siemens has released updates for several affected products and recommends to update ...
Thursday, 05.01.2023
Title
Hitachi Energy UNEM
Published
Jan. 5, 2023, 4:20 p.m.
Summary
Title
Hitachi Energy FOXMAN-UN
Published
Jan. 5, 2023, 4:05 p.m.
Summary
Title
Hitachi Energy Lumada Asset Performance Management
Published
Jan. 5, 2023, 4 p.m.
Summary
  • 1
  • 2
  • 3 (current)

Last Updates

BOSCH PSIRT
20.03.2024
CODESYS
28.06.2023
SIEMENS CERT
26.03.2024
US CERT
26.02.2024
US CERT (ICS)
26.03.2024

By Source

Archive

2024
2023
2022
2021
2020
2019
2018
2017

Feeds