A vulnerability in the login dialog box of SIMATIC WinCC could allow a local attacker to cause a denial of service condition in the runtime of the SCADA system. Siemens has released new versions...

A Socket.IO vulnerability affects multiple Siemens industrial products. This vulnerability consists of a specially crafted Socket.IO packet that triggers an uncaught exception on the Socket.IO...

Affected products do not properly sanitize user-controllable input when parsing files. This could allow an attacker to cause a type confusion and execute arbitrary code within the affected...

Siemens User Management Component (UMC) before V2.11.2 is affected by multiple vulnerabilities where the most severe could lead to a restart of the UMC server. Siemens has released new versions...

Several camera device drivers in the Siveillance Video Device Pack store camera credentials in their log file when authentication fails. This could allow a local attacker to read camera...

Affected SIPROTEC 5 devices do not encrypt certain data within the on-board flash storage on their PCB. This could allow an attacker with physical access to read the sensitive information from the...

SINEC Traffic Analyzer before V1.2 is affected by multiple vulnerabilities. Siemens has released a new version for SINEC Traffic Analyzer and recommends to update to the latest version.

SIMATIC S7-1200 CPU family before V4.7 is affected by two denial of service vulnerabilities. Siemens has released new versions for the affected products and recommends to update to the latest versions.

Affected products do not correctly invalidate user sessions upon user logout. This could allow a remote unauthenticated attacker, who has obtained the session token by other means, to re-use a...

A vulnerability in the affected products could allow an unauthorized attacker with network access to perform a denial-of-service attack resulting in loss of real-time synchronization. Siemens has...

Apogee PXC and Talon TC contain a vulnerability that could allow an attacker to perform a denial of service using a out-of-bounds read forcing the device to enter a cold state and a vulnerability...

Questa and ModelSim (incl. OEM Editions) are affected by a vulnerability that could allow a local attacker to inject arbitrary code and escalate privileges. Siemens has released new versions for...

The open source software OpenV2G contains a buffer overflow vulnerability that could allow an attacker to trigger a memory corruption. Siemens has released an update for the OpenV2G and recommends...

The products listed below contain a denial of service vulnerability in the TCP event interface that could allow an unauthenticated remote attacker to render the device unusable. Siemens has...

SCALANCE W-700 IEEE 802.11ax family devices are affected by multiple vulnerabilities. Siemens has released new versions for the affected products and recommends to update to the latest versions.

The Tableau Server component in Opcenter Intelligence contains multiple vulnerabilities as described below. Siemens has released a new version for Opcenter Intelligence and recommends to update to...

SiPass integrated is affected by a directory traversal vulnerability in the third-party component DotNetZip. The vulnerability could allow an attacker to execute arbitrary code on the application...

Siemens Teamcenter Visualization and Tecnomatrix Plant Simulation contains multiple file parsing vulnerabilities that could be triggered when the application reads files in WRL format. If a user...

SINEMA Remote Connect Server before V3.2 SP3 is affected by multiple vulnerabilities. Siemens has released a new version for SINEMA Remote Connect Server and recommends to update to the latest version.

SCALANCE LPE9403 is affected by multiple vulnerabilities that could allow an attacker to impact its confidentiality, integrity and availability. Siemens has released a new version for SCALANCE...

The IPv6 stack of the networking component (Nucleus NET) in Nucleus Real-Time Operating System (RTOS) contains two vulnerabilities when processing IPv6 headers which could allow an attacker to...

SCALANCE M-800 and SC-600 families are affected by improper input validation in the OpenVPN authentication. Siemens has released new versions for several affected products and recommends to update...

The DHCP implementation of the networking component (Nucleus NET) in Nucleus Real-Time Operating System (RTOS) contains a vulnerability that could allow an attacker to change the IP address of an...

Siemens Tecnomatix Plant Simulation do not properly limit the access of the simulation model to the filesystem. This could allow an unauthorized attacker to read or delete arbitrary files or the...

SiPass integrated ACC (Advanced Central Controller) devices contain multiple vulnerabilities that could allow attackers to execute commands on the devices with root privileges and access sensitive...

SINEMA Remote Connect Client before V3.2 SP3 is affected by multiple vulnerabilities. Siemens has released a new version for SINEMA Remote Connect Client and recommends to update to the latest version.

Multiple vulnerabilities (also known as “NUCLEUS:13”) have be identified in the Nucleus RTOS (real-time operating system) and reported in the Siemens Security Advisory SSA-044112:...

A specific range of produced SINAMICS S200 devices contains an unlocked bootloader vulnerability that could allow an attacker to download untrusted firmware that could damage or compromise the...

Siemens Simcenter Femap is affected by memory corruption vulnerability that could be triggered when the application reads files in .NEU format. If a user is tricked to open a malicious file with...

SENTRON 7KT PAC1260 Data Manager is affected by multiple vulnerabilities as listed below. Software fixes can no longer be provided for The SENTRON 7KT PAC1260 Data Manager. This advisory documents...