Simcenter Amesim contains a vulnerable SOAP endpoint that could allow an unauthenticated remote attacker to perform DLL injection and execute arbitrary code in the context of the affected...

The SCALANCE W1750D device is affected by Wi-Fi encryption bypass vulnerabilities (“Framing Frames”) that could allow an attacker to disclose sensitive information or to steal the victims session....

Siemens Tecnomatix Plant Simulation contains multiple vulnerabilities that could be triggered when the application reads SPP and IGS files. If a user is tricked to open a malicious file using the...

SINEMA Server V14 improperly sanitizes certain SNMP configuration data retrieved from monitored devices. An attacker with access to a monitored device could perform a stored cross-site scripting...

SCALANCE devices contain multiple vulnerabilities in MSPS based product lines that could allow authenticated remote attackers to execute custom code or create a XSS situation, as well as...

The web server in the CPCI85 firmware of SICAM A8000 CP-8031 and CP-8050 is affected by a path traversal vulnerability that could allow an authenticated remote attacker to traverse directories on...

Several SIMATIC CP devices contain direct memory access vulnerabilities that could allow an attacker to execute code, access the PROFINET network without restrictions or perform denial of service...

Siemens Xpedition Layout Browser consists of a stack overflow vulnerability that could be triggered when the application reads a malicious file in PCB format. If a user is tricked to open a...

The SCALANCE W1750D device contains multiple vulnerabilities that could allow an attacker to inject commands or exploit buffer overflow vulnerabilities which could lead to sensitive information...

Mendix Runtime contains a capture-replay flaw which could have an impact to apps built with the platform, if certain preconditions are met that depend on the app’s model and access control design....

SIMATIC MV500 before V3.3.5 is affected by multiple vulnerabilities. Siemens has released an update for SIMATIC MV500 and recommends to update to the latest version.

COMOS is affected by multiple vulnerabilities that could allow an attacker to execute arbitrary code or cause denial of service condition, data infiltration or perform access control violations....

SINEC PNI before V2.0 is affected by multiple vulnerabilities. Siemens has released an update for SINEC PNI and recommends to update to the latest version.

Siemens OPC UA Modeling Editor (SiOME) is affected by an XML external entity (XXE) injection vulnerability that could allow an attacker to interfere with an application’s processing of XML data...

Mendix Studio Pro is vulnerable to an out of bounds write vulnerability in the integrated libwebp library (CVE-2023-4863), that could allow an attacker to execute code in the context of a victim...

A vulnerability was found in SIMATIC WinCC that could allow authenticated attackers to escape the Kiosk Mode. Siemens has released updates for the affected products and recommends to update to the...

SIMATIC PCS neo before V4.1 is affected by multiple vulnerabilities. Siemens has released a new version for SIMATIC PCS neo and recommends to update to the latest version.

Siemens Tecnomatix Plant Simulation contains multiple file parsing vulnerabilities that could be triggered when the application reads files in WRL format. If a user is tricked to open a malicious...

SIPROTEC 4 7SJ66 devices are affected by multiple security vulnerabilities due to the underlying Wind River VxWorks network stack. This stack is affected by nine of the eleven vulnerabilities that...

Simcenter Femap is affected by out of bounds write vulnerabilities that could be triggered when the application reads files in X_T format. If a user is tricked to open a malicious file with the...

Solid Edge is affected by a file parsing vulnerability in Drawings SDK from Open Design Alliance. If a user is tricked to open a malicious DWG file with the affected application, an attacker could...

SINEC INS before V1.0 SP2 Update 2 is affected by multiple vulnerabilities. Siemens has released an update for SINEC INS and recommends to update to the latest version.

SINUMERIK ONE and SINUMERIK MC products are affected by a denial of service vulnerability in the OPC UA implementation of the integrated S7-1500 CPU. The vulnerability in the integrated S7-1500...

The boot loader within RUGGEDCOM ROS contains two vulnerabilities in the loading process of the operating system kernel. The more severe of these vulnerabilities could allow an attacker with local...

Siemens has released a new version of STEP 7 (TIA Portal) that fixes an information disclosure vulnerability. A local attacker could gain access to the access level password of the SIMATIC S7-1200...

Multiple vulnerabilities in the affected products could allow an unauthorized attacker with network access to the webserver to perform a denial of service attack. Siemens has released a new...

Two vulnerabilities have been identified in the LOGO! Soft Comfort software. These could allow an attacker to take over a system with the affected software installed. Siemens has released an...

The web server of SICAM Q100 devices, versions before V2.60, contains a Cross Site Request Forgery (CSRF) vulnerability and is missing cookie protection flags. This could allow an attacker to...

SICAM Q100 devices contain multiple vulnerabilities that could allow an attacker to take over the session of a logged in user or to inject custom code. Siemens has released updates for the...

The CPCI85 firmware of SICAM A8000 CP-8031 and CP-8050 is affected by a command injection vulnerability that could allow an authenticated remote attacker to inject commands that are executed on...