Multiple vulnerabilities in the third-party components cURL, BusyBox, libtirpc, Expat as well as in the Linux Kernel could allow an attacker to impact the SCALANCE XCM332 device’s confidentiality,...

The Solid Edge installation package includes a specific version of the third-party product KeyShot from Luxion : https://www.keyshot.com, which may not contain the latest security fixes provided...

SIMATIC CP 343-1 Advanced/CP-443-1 Advanced devices and SIMATIC S7-300/S7-400 CPUs are affected by two vulnerabilities. One of the vulnerabilities could allow remote attackers to perform...

Siemens Teamcenter Visualization and JT2Go are affected by a memory corruption vulnerability in the APDFL library from Datalogics. If a user is tricked to open a malicious PDF file with the...

JT Open Toolkit and JT Utilities are affected by a memory corruption vulnerability that could be triggered while parsing JT files. If a user is tricked to open a malicious JT file with any of the...

The latest update of the SCALANCE X-200 and X-300/X408 switches families fixes multiple OpenSSH vulnerabilities. The most severe of these vulnerabilities could allow a denial of service condition....

The Mendix Forgot Password module contains an observable response discrepancy issue that could allow an attacker to retrieve sensitive information. Siemens has released updates for the affected...

Siemens Teamcenter Visualization and JT2Go are affected by multiple file parsing vulnerabilities that could be triggered when the application reads a malicious file in CGM or RAS format. If a user...

Polarion ALM contains a misconfiguration in its default Apache HTTP Server configuration that could allow an attacker to perform host header injection attacks. Siemens has released an update for...

Affected SIMATIC firmware contains three vulnerabilities that could allow an unauthenticated attacker to perform a denial of service attack under certain conditions. Siemens has released updates...

Multiple vulnerabilities were found in SIMATIC WinCC that ultimately could allow local or remote attackers to escalate privileges and read, write or delete critical files. Siemens has released...

Several industrial products are affected by a vulnerability that could allow remote attackers to conduct a denial of service attack by sending specially crafted packets to port 161/udp (SNMP)....

Two vulnerabilities have been identified in the SIMATIC S7-400 CPU family that could allow an attacker to cause a denial of service condition. In order to exploit the vulnerabilities, an attacker...

SCALANCE LPE9403 is affected by multiple vulnerabilities that could allow an attacker to impact its confidentiality, integrity and availability. Siemens has released an update for the SCALANCE...

A vulnerability in the affected devices could allow an unauthorized attacker with network access to the webserver of an affected device to perform a denial of service attack. Siemens has released...

SIMATIC Cloud Connect 7 contains multiple vulnerabilities that could allow an attacker to impact its confidentiality, integrity and availability. Siemens has released updates for the affected...

Several industrial controllers are affected by a security vulnerability that could allow an attacker to cause a denial of service condition via PROFINET DCP network packets under certain...

Polarion ALM is vulnerable to XML External Entity (XXE) injection attack that could allow an attacker to potentially disclose confidential data. Siemens has released an update for Polarion ALM and...

Both the Event Server and the Management Server components of Siveillance Video deserialize data without sufficient validations. This could allow an authenticated remote attacker to execute code...

Multiple vulnerabilities affecting third-party components libexpat and libcurl of SINEC NMS before V1.0.3.1 could allow an attacker to impact SINEC NMS confidentiality, integrity and availability....

Siemens Teamcenter Visualization and JT2Go are affected by multiple file parsing vulnerabilities that could be triggered when the application reads malicious TIF, CGM or PDF files. If a user is...

SIMOTION contains an information disclosure vulnerability that could allow an unauthenticated attacker to extract confidential technology object (TO) configuration from the device. Siemens has...

Before SIMATIC WinCC V8, legacy OPC services (OPC DA (Data Access), OPC HDA (Historical Data Access), and OPC AE (Alarms & Events)) were used per default. These services were designed on top of...

Siemens Teamcenter Visualization and JT2Go are affected by multiple file parsing vulnerabilities that could be triggered when the application reads malicious CGM files. If a user is tricked to...

Session fixation and multiple incorrect parameter parsing vulnerabilities that could potentially lead to remote code execution were identified in the web server of SICAM P850 and SICAM P855...

The CPCI85 firmware of SICAM A8000 CP-8031 and CP-8050 is affected by multiple vulnerabilities such as authenticated remote command injection, exposure of serial UART interface, and hard coded...

Several Desigo PXC/PXM devices contain a vulnerability that could allow unauthenticated remote attackers to upload malicious firmware without prior authentication. Siemens has released updates for...

Multiple vulnerabilities were identified in the webserver of Q200 devices. These include Cross Site Request Forgery (CSRF), session fixation, missing secure flags in HTTP cookies and memory...

SIMATIC WinCC V7 is affected by a vulnerability that could allow a local attacker to inject arbitrary code and escalate privileges, if a non-default installation path was chosen during...

A vulnerability in Xpedition Designer could allow an attacker with an unprivileged account to override or modify the service executable and subsequently gain elevated privileges. Siemens has...