SINAMICS PERFECT HARMONY GH180 is affected by multiple vulnerabilities in the integrated SCALANCE S615 device, as documented in SSA-419740...

Devices based on RUGGEDCOM ROX before V2.16 contain multiple high severity vulnerabilities, including the third-party vulnerabilities: CVE-2022-24903, CVE-2022-2068, CVE-2021-22946,...

SIMATIC CN 4100 is vulnerable to improper access control and insecure default configurations that could allow an attacker to gain privilege escalation, and bypass network isolation. Siemens has...

SIMATIC MV500 devices before V3.3.4 are affected by multiple vulnerabilities in the web server and several third-party components. Siemens has released updates for the affected products and...

SiPass integrated versions before V2.90.3.8 contain a stack overflow vulnerability that could allow an unauthenticated remote attacker to crash the server application, creating a denial of service...

Simcenter STAR-CCM+ contains a privilege escalation vulnerability which could allow a local attacker with an unprivileged account to override or modify the service executable and subsequently gain...

JT Open Toolkit, JT Utilities and Parasolid are affected by memory corruption vulnerabilities that could be triggered while parsing JT files. If a user is tricked to open a malicious JT file with...

A vulnerability in Nullsoft Scriptable Installer System (NSIS) software (CVE-2023-37378) used in Parasolid installers before V36 creates an “uninstall directory” with insufficient access control....

Siemens JT2Go, Teamcenter Visualization and Solid Edge are affected by multiple file parsing vulnerabilities. If a user is tricked to open a malicious file (crafted as ASM or TIFF file format)...

APOGEE PXC / TALON TC field panels (BACnet before V3.5.5 and P2 Ethernet before V2.8.20) contain multiple vulnerabilities: CVE-2022-45937: A privilege management vulnerability that could allow low...

Multiple DLL Hijacking vulnerabilities in Siemens Software Center (SSC) could allow a local attacker to execute code with elevated privileges. Siemens has released an update for the Siemens...

A vulnerability in the third party component SISCO MMS-EASE could allow attackers to cause a denial of service condition with SIPROTEC 5 devices. Siemens has released updates for the affected...

The RUGGEDCOM CROSSBOW server application before V5.4 contains multiple vulnerabilities that could allow an attacker to execute arbitrary database queries via SQL injection attacks, to create a...

Solid Edge is affected by multiple memory corruption vulnerabilities that could be triggered when the application reads specially crafted files in various formats such as DFT, PAR or PSM format....

The Mendix SAML module insufficiently verifies the SAML assertions. This could allow unauthenticated remote attackers to bypass authentication and get access to the application. Mendix has...

Solid Edge is affected by multiple memory corruption vulnerabilities that could be triggered when the application reads specially crafted files in various formats such as DWG, IFC, OBJ or STP...

SICAM TOOLBOX II contains two vulnerabilities that could allow local attackers to execute code on the system with elevated privileges. Siemens has released an update for SICAM TOOLBOX II and...

QMS Automotive before V12.39 contains multiple vulnerabilities that could allow an attacker to perform malicious code injection, information disclosure or lead to a denial of service condition....

Parasolid is affected by out of bounds write vulnerabilities that could be triggered when the application reads files in X_T format. If a user is tricked to open a malicious file with the affected...

Siemens JT2Go and Teamcenter Visualization are affected by file parsing vulnerabilities that could be triggered when the application reads files in WRL format. If a user is tricked to open a...

Affected SIMATIC firmware contains multiple vulnerabilities that could allow an unauthenticated attacker to perform a denial of service attack under certain conditions. Siemens has released...

Insyde has published information on vulnerabilities in Insyde BIOS on November 8th 2022. These vulnerabilities also affect the RUGGEDCOM APE1808 product family. Siemens has released updates for...

The web server login page of affected products does not apply proper origin checking. This could allow authenticated remote attackers to track the activities of other users via a login cross-site...

QMS Automotive contains a vulnerability that stores user credentials in plantext within the user database. This could allow an attacker to read credentials from memory. Siemens has released an...

Siemens Tecnomatix Plant Simulation contains multiple vulnerabilities that could be triggered when the application reads PAR, SPP, STP and PRT files. If a user is tricked to open a malicious file...

Insyde has published information on vulnerabilities in Insyde BIOS up to August 2023. These vulnerabilities also affect the RUGGEDCOM APE1808 product family. Siemens has released updates for the...

Spectrum Power 7 is affected by a vulnerability that could allow an authenticated local attacker to inject arbitrary code to the update script and escalate privileges. Siemens has released an...

The Administration Console of SIMATIC PCS neo leaks Windows admin credentials. An attacker with local Windows access to the Administration Console could get the credentials, and impersonate the...

The CPCI85 firmware of SICAM A8000 CP-8031 and CP-8050 contains a hard-coded ID in the SSH authorized_keys configuration file. An attacker with knowledge of the corresponding credential could...

SINEC NMS and SINEMA Server V14 contain multiple vulnerabilities that could allow an attacker to execute arbitrary code on the system, arbitrary commands on the local database or achieve privilege...