SIMATIC STEP 7 and PCS 7 contain a database management system that could allow remote users to use embedded functions of the database (local or in a network share) that have impact on the server....

PS/IGES Parasolid Translator Component contains multiple file parsing vulnerabilities that could be triggered when the application reads files in IGS file formats. If a user is tricked to open a...

PowerSys before V3.11 is affected by a vulnerability that could allow a local attacker to bypass authentication, thereby gaining administrative privileges for the managed remote devices. Siemens...

SICAM PAS/PQS is affected by insecure permission assignments in application folders that could allow an authenticated local attacker to read and modify configuration data or to escalate...

Siemens has released a new version for SIMATIC RTLS Locating Manager and recommends to update to the latest version.

Multiple out-of-bounds vulnerabilities in third-party components are affecting SITOP UPS1600 before V2.5.4. Attackers could exploit these vulnerabilities and cause limited impact in the affected...

TIA Administrator creates temporary download files in a directory with insecure permissions. This could allow any authenticated attacker on Windows to disrupt the update process. Siemens has...

Siemens has released a new version for ST7 ScadaConnect and recommends to update to the latest version.

SIMATIC S7-200 SMART devices contain an information disclosure vulnerability which leaves the system susceptible to a family of attacks which rely on the use of predictable IP ID sequence numbers...

Apps built with Mendix Runtime >= V9.3 could allow users with the capability to manage a role to elevate the access rights of users with that role. Successful exploitation requires to guess the id...

SICAM AK3/TM/BC devices are affected by a buffer overflow vulnerability that could allow an attacker to execute code in the context of the current process or lead to a denial of service condition....

SIMATIC CP 1542SP-1 and CP 1543SP-1 before V2.3 are affected by multiple vulnerabilities in third-party components and the integrated web server. Siemens has released new versions for the affected...

Multiple SICAM products are affected by vulnerabilities that could lead to privilege escalation, remote code execution or information loss namely: SICAM A8000 device firmwares CPC80 for...

Siemens has released new versions for the affected products and recommends to update to the latest versions.

Tecnomatix Plant Simulation contains a type confusion vulnerability that could be triggered when the application reads MODEL files. If a user is tricked to open a malicious file using the affected...

Simcenter Femap contains multiple file parsing vulnerabilities that could be triggered when the application reads files in IGS, BDF or BMP file formats. If a user is tricked to open a malicious...

SINEC NMS before V2.0 is affected by a code injection and a stored cross-site scripting vulnerability. Siemens has released an update for SINEC NMS and recommends to update to the latest version.

Affected applications do not properly restrict the .NET BinaryFormatter when deserializing user-controllable input. This could allow an attacker to cause a type confusion and execute arbitrary...

Siemens has released new versions for the affected products and recommends to update to the latest versions.

Several industrial products are affected by a vulnerability that could allow remote attackers to conduct a denial of service attack by sending specially crafted packets to port 161/udp (SNMP)....

SINEMA Remote Connect Server before V3.2 SP1 is affected by multiple vulnerabilities. Siemens has released a new version for SINEMA Remote Connect Server and recommends to update to the latest version.

A vulnerability in affected devices could allow an attacker to perform a denial of service attack if a large amount of specially crafted UDP packets are sent to the device. Siemens has released...

SINEMA Remote Connect Server is affected by multiple vulnerabilities, including A cross-site scripting vulnerability in an error message pop up window (CVE-2022-29034) Several authentication...

Palo Alto Networks has published [1] information on CVE-2024-3400 in PAN-OS. This advisory addresses Siemens Industrial products affected by this vulnerability. Siemens has released a new version...

Affected applications do not properly restrict the .NET BinaryFormatter when deserializing user-controllable input. This could allow an attacker to cause a type confusion and execute arbitrary...

Products that include the Siemens PROFINET-IO (PNIO) stack in versions prior V06.00 are potentially affected by a denial of service vulnerability when multiple legitimate diagnostic package...

JT Open Toolkit and PLM XML SDK are affected by stack buffer overflow and null pointer dereference vulnerabilities that could be triggered while parsing XML file. If a user is tricked to open a...

Affected applications do not properly restrict the .NET BinaryFormatter when deserializing user-controllable input. This could allow an attacker to cause a type confusion and execute arbitrary...

SINEMA Remote Connect Server before V3.2 HF1 is affected by multiple vulnerabilities. Siemens has released a new version for SINEMA Remote Connect Client and recommends to update to the latest version.

SINEMA Remote Connect Server before V3.2 HF1 is affected by multiple vulnerabilities. Siemens has released a new version for SINEMA Remote Connect Server and recommends to update to the latest version.