Multiple vulnerabilities affect various third-party components of the RUGGEDCOM Operating System (ROS). If exploited, an attacker could cause a denial-of-service, act as a man-in-the-middle or...

SCALANCE XB-200/XC-200/XP-200/XF-200BA/XR-300WG Family is affected by multiple vulnerabilities. CVE-2023-44318 and CVE-2023-44321 were previously published as part of SSA-699386. Siemens has...

The Opcenter Quality is affected by multiple vulnerabilities in the SmartClient modules Opcenter QL Home (SC), SOA Audit and SOA Cockpit. Siemens has released new versions for the affected...

Multiple vulnerabilities have been identified in the additional GNU/Linux subsystem of the firmware version >= V3.1.0 and These GNU/Linux vulnerabilities have been externally identified. Siemens...

SIPROTEC 4 and SIPROTEC 4 Compact devices contain a vulnerability that could allow an unauthenticated remote attacker to cause a denial of service condition. Siemens has released new versions for...

Veeam security advisory (AV26-188)

SIMATIC IPC RS-828A is affected by an authentication bypass vulnerability in the Redfish interface of its Baseboard Management Controller (BMC) that could allow an attacker to gain unauthorized...

A vulnerability in TIA Project Server and TIA Portal could allow an attacker to cause a denial of service condition. Siemens has released new versions for several affected products and recommends...

SIMATIC RTLS Locating Manager Before V3.2 contains an improper input validation vulnerability that could allow an authenticated remote attacker to execute arbitrary code with high privileges....

SINEC Traffic Analyzer before V3.0 is affected by multiple vulnerabilities. Siemens has released a new version for SINEC Traffic Analyzer and recommends to update to the latest version. Siemens is...

SICAM Q100 and Q200 devices are affected by two information disclosure vulnerabilities that could allow an authenticated local attacker to extract the SMTP account password and use the configured...

RUGGEDCOM ROX II devices does not properly enforce limitations on type and size of files that can be uploaded through their web interface. This could allow an attacker with a legitimate, highly...

Simcenter Femap contains a file parsing vulnerability that could be triggered when the application reads files in STP or BMP file format. If a user is tricked to open a malicious file with the...

The SSH server on RUGGEDCOM ROS devices is configured to offer weak ciphers by default. This could allow an unauthorized attacker in a man-in-the-middle position to read and modify any data passed...

An information disclosure vulnerability in SIPROTEC 5 devices could allow an unauthenticated, remote attacker to retrieve sensitive information of the device. Siemens has released new versions for...

COMOS before V10.6 is affected by a local arbitrary code execution vulnerability in the integrated Open Design Alliance Drawings SDK. Siemens has released a new version for COMOS and recommends to...

A denial of service vulnerability could allow an unauthorized attacker to cause total loss of availability in the web server of the affected devices. Siemens has released new versions for several...

RUGGEDCOM ROS-based devices are vulnerable to a denial of service attack (Slowloris). By sending partial HTTP requests nonstop, with none completed, the affected web servers will be waiting for...

RUGGEDCOM ROS-based devices are vulnerable to a web-based code injection attack. To execute this attack, it is necessary to access the system via the Command Line Interface (CLI). Siemens has...

The RUGGEDCOM RCDP protocol is not properly configured after commissioning of RUGGEDCOM ROS based devices and some SCALANCE X switch models and could allow unauthenticated remote users to perform...

Affected SIPROTEC 5 devices do not properly limit the bandwidth for incoming network packets over their local USB port. This could allow an attacker with physical access to send specially crafted...

A vulnerability was identified in RUGGEDCOM ROS devices with mirror port enabled, that could allow an attacker to inject information into the network via the mirror port. Siemens has released new...

The basic authentication mechanism of Mendix Runtime contains a race condition vulnerability which could allow unauthenticated remote attackers to circumvent default account lockout measures....

RUGGEDCOM CROSSBOW Station Access Controller (SAC) contains multiple vulnerabilities in the integrated SQLite component that could allow an attacker to execute arbitrary code or to create a denial...

Siemens BFCClient contains multiple vulnerabilities in the integrated OpenSSL component that could allow an attacker to read memory contents, to change the application behaviour or to create a...

Mendix SAML module contains a vulnerability that could allow unauthenticated remote attackers to hijack an account in specific SSO configurations. Mendix has provided fix releases for the Mendix...

Siemens has released a new version for SIMATIC RTLS Locating Manager and recommends to update to the latest version.

Siemens SINAMICS G220, SINAMICS S210, and SINAMICS S200 contains a privilege escalation vulnerability that could allow users to escalate their privileges. Siemens has released new versions for...

WIBU Systems published information about a privilege escalation vulnerability under a certain circumstances and associated fix releases of CodeMeter Runtime, a product provided by WIBU Systems and...

SINEC OS is affected by multiple vulnerabilities due to open UDP ports, which could allow an attacker to access non-sensitive information without authentication or potentially cause temporary...