A vulnerability in SIRIUS 3RV2921-5M could allow an attacker to cause a denial of service condition. Siemens has released a new version for SIRIUS 3RV2921-5M and recommends to update to the latest version.

Palo Alto Networks has published [1] information on vulnerabilities in PAN-OS. This advisory lists the related Siemens Industrial products affected by these vulnerabilities. Siemens is preparing...

Siemens Tecnomatix Plant Simulation contains a out-of-bound read vulnerability that could be triggered when the application reads files in WRL format. If a user is tricked to open a malicious file...

TIM 4R-IE devices contain multiple vulnerabilities in the integrated NTP component as listed below. Siemens recommends specific countermeasures for products where fixes are not, or not yet available.

SENTRON Powercenter devices are not affected by a denial of service vulnerability that can be triggered during BLE (Bluetooth Low Energy) pairing. Note: Unlike stated in the initial version of...

Several Industrial Communication Devices based on SINEC OS before V3.1 contain an incorrect authorization check vulnerability that could allow an attacker to perform actions that exceed the...

The SSO login service in Teamcenter contains an open redirect vulnerability that could allow an attacker to redirect the legitimate user to an attacker-chosen URL to steal valid session data....

Mendix Runtime allows for entity enumeration due to distinguishable responses in certain client actions. This could allow an unauthenticated remote attacker to list all valid entities and...

Energy Services from Siemens (previously known as Managed Applications and Services), sell solutions using Elspec G5 Digital Fault Recorder which contains default credentials with admin...

Questa and ModelSim (incl. OEM Editions) are affected by multiple vulnerabilities that could allow a local attacker to inject arbitrary code and escalate privileges. Siemens has released new...

Siemens SINEC NMS before V4.0 is affected by multiple vulnerabilities which could allow an attacker to elevate privilege and exceute arbitrary code. Siemens has released a new version for SINEC...

Solid Edge is affected by multiple file parsing vulnerabilities that could be triggered when the application reads specially crafted files in various formats such as PAR or CFG format. This could...

SCALANCE LPE9403 is affected by multiple vulnerabilities which lead to a compromise in availability, integrity and confidentiality. Siemens has released a new version for SCALANCE LPE9403 and...

An OpenSSH vulnerability, known as regreSSHion, affects multiple Siemens industrial products. This security regression vulnerability consists in a race condition which may allow an unauthenticated...

Siemens TIA Administrator before V3.0.6 contains multiple vulnerabilities which could allow an attacker to escalate privilege or exceute arbitrary code during installations. Siemens has released a...

A vulnerability exists in affected products that could allow remote attackers to affect the availability of the devices under certain conditions. The underlying TCP stack can be forced to make...

A vulnerability in SIMATIC CN 4100 could allow an attacker to cause a denial of service condition. Siemens has released a new version for SIMATIC CN 4100 and recommends to update to the latest version.

Mendix Studio Pro contains a vulnerability in the module installation process, that could allow an attacker to write or modify arbitrary files in directories outside a developer’s project...

Siemens Industrial Edge Devices contain a weak authentication vulnerability that could facilitate an unauthenticated remote attacker to circumvent authentication and impersonate a legitimate user....

SIMATIC CP and TIM devices contain an authentication bypass vulnerability that could allow unauthenticated users to perform administrative operations under certain conditions. Siemens has released...

A sensitive data exposure vulnerability in SIPROTEC 5 can allow an attacker to retrieve sensitive session data from browser history, logs, or other storage mechanisms, potentially leading to...

SENTRON Powermanager and Desigo CC devices are not affected by a remote code execution vulnerability in Apache Tomcat that can be triggered via a partial PUT request due to a path equivalence...

During establishment of a https connection to the TLS server of a managed device, SICAM TOOLBOX II improperly validates that device’s certificate. This could allow an attacker to execute an...

A vulnerability exists in affected products that could allow remote attackers to affect the availability of the devices under certain conditions. The integrated ICMP services in the underlying...

RUGGEDCOM ROX II devices do not properly limit access through their Built-In-Self-Test (BIST) mode. This could allow a local attacker to bypass authentication and access a root shell on the...

Mendix Runtime contains an observable response discrepancy vulnerability when validating usernames during authentication. This could allow unauthenticated remote attackers to distinguish between...

Multiple vulnerabilities affect the RUGGEDCOM Operating System (ROS). The common denominator to all vulnerabilities is the leak of confidential information. Siemens has released new versions for...

Siemens SINUMERIK Controllers are affected by an improper VNC password check vulnerability. Siemens has released new versions for the affected products and recommends to update to the latest versions.