SICAM Q100 devices contain multiple vulnerabilities that could allow an attacker to take over the session of a logged in user or to inject custom code. Siemens has released updates for the...

The CPCI85 firmware of SICAM A8000 CP-8031 and CP-8050 is affected by a command injection vulnerability that could allow an authenticated remote attacker to inject commands that are executed on...

Siemens Solid Edge 2023 has released Update 10, that fixes multiple vulnerabilities that could be triggered when the application reads PAR files. If a user is tricked to open a malicious file...

MaxView Storage Manager shipped with affected SIMATIC IPCs contains a Redfish Server Vulnerability that could provide unauthorized access. Microchip has released new versions for the affected...

The Video Server application in SiNVR/SiVMS solutions contains two vulnerabilities involving authentication bypass (CVE-2019-18339) and information disclosure (CVE-2019-18340). PKE has released an...

The advisory informs about multiple vulnerabilities in the Central Control Server (CCS) application, as initially reported in SSA-761617...

OpenSSL has published a security advisory [0] about a vulnerability in OpenSSL versions 1.1.1 Siemens has released new versions for several affected products and recommends to update to the latest...

SIMATIC CN 4100 is vulnerable to authorization bypass through user-controlled key, use of default credentials and unauthenticated IP address change that could allow an attacker to remotely login...

Spectrum Power 7 is affected by a vulnerability that could allow an authenticated local attacker to inject arbitrary code and gain root access. Siemens has released an update for Spectrum Power 7...

Siemens Teamcenter Visualization and JT2Go are affected by multiple file parsing vulnerabilities that could be triggered when the application reads malicious CGM files. If a user is tricked to...

The Video Server application in SiNVR/SiVMS solutions contains five vulnerabilities involving information disclosure (CVE-2019-19291, CVE-2019-19299), path traversal (CVE-2019-19296,...

Siemens Tecnomatix Plant Simulation contains multiple file parsing vulnerabilities that could be triggered when the application reads files in WRL, PSOBJ or SPP file formats. If a user is tricked...

SIDIS Prime before V4.0.400 is affected by multiple vulnerabilities in the components OPC UA and OpenSSL, that could allow an unauthenticated attacker with access to the network where SIDIS Prime...

Intel has published information on vulnerabilities in Intel products in June 2021. This advisory lists the related Siemens Industrial products affected by these vulnerabilities that can be patched...

Affected products incorrectly validate TCP sequence numbers. This could allow an unauthenticated remote attacker to create a denial of service condition by injecting spoofed TCP RST packets....

Unicam FX contains a local privilege escalation vulnerability that could allow an attcker to gain SYSTEM privileges. Unicam FX has reached end of software maintanence. Further information on...

Location Intelligence before V4.3 is affected by a Use of Hard-coded Credentials vulnerability that could allow an attacker to obtain full administrative access to the application. Siemens has...

SCALANCE SC-600 Family before V3.1 is affected by multiple vulnerabilities. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens...

SIMATIC RTLS Gateways are affected by vulnerabilities that were disclosed by JSOF research lab “Ripple20” for the TCP/IP stack. Siemens recommends countermeasures for products where fixes are not,...

Parasolid is affected by out of bounds read and null pointer dereference vulnerabilities that could be triggered when the application reads files in XT format. If a user is tricked to open a...

SCALANCE XCM-/XRM-300 before V2.4 is affected by multiple vulnerabilities. Siemens has released an update for SCALANCE X-300 and recommends to update to the latest version.

Simcenter Femap contains multiple file parsing vulnerabilities that could be triggered when the application reads files in Catia MODEL file formats. If a user is tricked to open a malicious file...

Siveillance Control does not properly check the list of access groups that are assigned to an individual user. This could enable a locally logged on user to gain write privileges for objects where...

SINEMA Remote Connect Server before V3.2 is affected by multiple vulnerabilities. Siemens has released updates for the affected products and recommends to update to the latest versions.

SINEMA Remote Connect Client before V3.1 SP1 is affected by an information disclosure vulnerability. Siemens has released updates for the affected products and recommends to update to the latest versions.

A vulnerability in the affected products could allow an unauthorized attacker with network access to the webserver of an affected device to perform a denial-of-service attack. Siemens has released...

SCALANCE XB-200/XC-200/XP-200/XF-200BA/XR-300WG Family before V4.5 is affected by multiple vulnerabilities. Siemens has released updates for the affected products and recommends to update to the...

SIMATIC RF160B contain multiple vulnerabilities of different types that could allow an attacker to execute arbitrary code within the context of a privileged process. Siemens has released a new...

SENTRON 3KC ATC6 Expansion Module Ethernet exposes an unused, unstable http service at port 80/tcp on the Modbus-TCP Ethernet, which could allow an attacker on the same Modbus network to create a...