Spectrum Power 4 before v4.70 SP12 Security Patch 2 contains multiple vulnerabilities that could allow an attacker to remotely execute code as application administrator or locally execute code as...

Siemens Software Center and Solid Edge is affected by a DLL hijacking vulnerability. This could allow an attacker to execute arbitrary code via placing a crafted DLL file on the system. Siemens...

Altair Grid Engine contain multiple vulnerabilities that could allow an attacker to escalate privileges and execute arbitrary code with superuser permissions. Siemens has released a new version...

Solid Edge is affected by improper certificate validation while connecting to License Service endpoint. This could allow an unauthenticated remote attacker to perform man in the middle attacks....

Devices of the SIPROTEC 5 family contain a vulnerability related to secure client-initiated renegotiation. This could allow an unauthenticated attacker to cause a denial of service condition for...

Multiple vulnerabilities were identified in the web server of the SICAM GridEdge application which includes missing authentication for critical API functions, absent cross-origin resource sharing...

COMOS is affected by two vulnerabilities that could allow an attacker to execute arbitrary code or lead to data infiltration. Siemens has released a new version for COMOS and recommends to update...

Affected SIPROTEC 5 devices contain a development shell which is accessible via a physical interface which is not properly restricted. This could allow an unauthenticated attacker with physical...

The OPC UA implementations (ANSI C and C++) as used in several SIMATIC products contain a denial of service vulnerability that could allow an unauthenticated remote attacker to create a denial of...

The Mendix OIDC SSO module grants read and write access to all tokens exclusively to the Administrator role and could result in privilege misuse by an adversary modifying the module during Mendix...

The SIPROTEC 5 devices are supporting weak encryption. This could allow an unauthorized attacker in a man-in-the-middle position to read any data passed over the connection between legitimate...

Fortinet has published information on vulnerabilities in FortiOS. This advisory lists the related Siemens Industrial products. Siemens has released a new version for RUGGEDCOM APE1808 and...

This advisory documents the impact of CVE-2024-3596 (also dubbed “Blastradius”), a vulnerability in the RADIUS protocol, to SIPROTEC, SICAM and related products. The vulnerability could allow...

Mendix RichText editor contain a cross-site scripting vulnerability. Siemens has released a new version for Mendix RichText and recommends to update to the latest version.

PS/IGES Parasolid Translator Component contains an out of bounds read that could be triggered when the application reads files in IGS file formats. If a user is tricked to open a malicious file...

Ruggedcom ROX familly contain multiple vulnerabilities before V2.17.0 Siemens has released new versions for the affected products and recommends to update to the latest versions.

Gridscale X Prepay contains multiple vulnerabilities that could allow an attacker to enumerate valid user names and to bypass locked-out user sessions. Siemens has released a new version for...

Affected products contain a local arbitrary code execution vulnerability that could allow an attacker to perform actions against the operation system of that environment. Siemens has released new...

The openSSL component, versions 3.0.0 through 3.0.6, contains two buffer overflow vulnerabilities (CVE-2022-3602, CVE-2022-3786) in the X.509 certificate verification [0]. They could allow an...

SIMATIC CN 4100 contains multiple vulnerabilities which could potentially lead to a compromise in availability, integrity and confidentiality. Siemens has released a new version for SIMATIC CN...

Building X - Security Manager Edge Controller (ACC-AP) devices do not properly check the integrity of firmware updates. This could allow an attacker to upload a maliciously modified firmware onto...

SICAM T before V3.0 contain multiple vulnerabilities. These include critical issues such as improper parameter and input validation, various Cross-Site Scripting (XSS) vulnerabilities , and a...

Affected products do not properly sanitize user-controllable input when parsing project files. This could allow an attacker to cause a type confusion and execute arbitrary code within the affected...

SINEMA Remote Connect Server Before V3.2 SP4 is affected by multiple vulnerabilities. Siemens has released a new version for SINEMA Remote Connect Server and recommends to update to the latest version.

Multiple SICAM products are affected by buffer overflow vulnerability in the IEC 61850 Client libraries from Triangle MicroWorks that could allow an unauthenticated remote attacker to create a...

Affected products do not properly restrict access permissions to a local Windows Named Pipe and do not properly sanitize user-controllable input sent to that Named Pipe. This could allow a local...

Multiple Siemens products are affected by improper certificate validation in Siemens Advanced Licensing (SALT) Toolkit. This could allow an unauthenticated remote attacker to perform man in the...

This advisory documents the impact of CVE-2024-3596 (also dubbed “Blastradius”), a vulnerability in the RADIUS protocol, to SCALANCE, RUGGEDCOM and related products. The vulnerability could allow...

Energy Services from Siemens (previously known as Managed Applications and Services), sell solutions using Elspec G5 devices that allows a person with physical access to the device to reset the...

Ruggedcom ROS devices contain a temporary denial of service vulnerability that could allow an attacker to crash and restart the device. Siemens has released new versions for the affected products...