Multiple SCALANCE devices are affected by several vulnerabilities that could allow an attacker to inject code, retrieve data as debug information as well as user CLI passwords or set the CLI to an...
Industrial Edge Management is affected by a reflected cross-site scripting (XSS) vulnerability that could allow an attacker to extract sensitive information by tricking users into accessing a...
The PROFINET (PNIO) stack, when integrated with the Interniche IP stack, contains a vulnerability that could allow an attacker to cause a denial of service condition on affected industrial...
Affected models of the S7-1500 CPU product family do not contain an Immutable Root of Trust in Hardware. With this the integrity of the code executed on the device can not be validated during...
The products listed below contain a remote code execution vulnerability that could allow an authenticated remote attacker to execute arbitrary code with high privileges. Siemens has released new...
SCALANCE W-700 IEEE 802.11ax family devices are affected by multiple vulnerabilities. Siemens has released a new version for SCALANCE W-700 IEEE 802.11ax family and recommends to update to the...
The web interface of SIMATIC S7-1200 CPUs before V4.7 is affected by a cross-site request forgery (CSRF) vulnerability. Siemens has released new versions for the affected products and recommends...
A vulnerability in the login dialog box of SIMATIC WinCC could allow a local attacker to cause a denial of service condition in the runtime of the SCADA system. Siemens has released new versions...
A Socket.IO vulnerability affects multiple Siemens industrial products. This vulnerability consists of a specially crafted Socket.IO packet that triggers an uncaught exception on the Socket.IO...
Affected products do not properly sanitize user-controllable input when parsing files. This could allow an attacker to cause a type confusion and execute arbitrary code within the affected...
Siemens User Management Component (UMC) before V2.11.2 is affected by multiple vulnerabilities where the most severe could lead to a restart of the UMC server. Siemens has released new versions...
Several camera device drivers in the Siveillance Video Device Pack store camera credentials in their log file when authentication fails. This could allow a local attacker to read camera...
Affected SIPROTEC 5 devices do not encrypt certain data within the on-board flash storage on their PCB. This could allow an attacker with physical access to read the sensitive information from the...
SINEC Traffic Analyzer before V1.2 is affected by multiple vulnerabilities. Siemens has released a new version for SINEC Traffic Analyzer and recommends to update to the latest version.
SIMATIC S7-1200 CPU family before V4.7 is affected by two denial of service vulnerabilities. Siemens has released new versions for the affected products and recommends to update to the latest versions.
Affected products do not correctly invalidate user sessions upon user logout. This could allow a remote unauthenticated attacker, who has obtained the session token by other means, to re-use a...
A vulnerability in the affected products could allow an unauthorized attacker with network access to perform a denial-of-service attack resulting in loss of real-time synchronization. Siemens has...
Apogee PXC and Talon TC contain a vulnerability that could allow an attacker to perform a denial of service using a out-of-bounds read forcing the device to enter a cold state and a vulnerability...
Questa and ModelSim (incl. OEM Editions) are affected by a vulnerability that could allow a local attacker to inject arbitrary code and escalate privileges. Siemens has released new versions for...
The open source software OpenV2G contains a buffer overflow vulnerability that could allow an attacker to trigger a memory corruption. Siemens has released an update for the OpenV2G and recommends...
The products listed below contain a denial of service vulnerability in the TCP event interface that could allow an unauthenticated remote attacker to render the device unusable. Siemens has...
SCALANCE W-700 IEEE 802.11ax family devices are affected by multiple vulnerabilities. Siemens has released new versions for the affected products and recommends to update to the latest versions.
The Tableau Server component in Opcenter Intelligence contains multiple vulnerabilities as described below. Siemens has released a new version for Opcenter Intelligence and recommends to update to...
SiPass integrated is affected by a directory traversal vulnerability in the third-party component DotNetZip. The vulnerability could allow an attacker to execute arbitrary code on the application...
Siemens Teamcenter Visualization and Tecnomatrix Plant Simulation contains multiple file parsing vulnerabilities that could be triggered when the application reads files in WRL format. If a user...
SINEMA Remote Connect Server before V3.2 SP3 is affected by multiple vulnerabilities. Siemens has released a new version for SINEMA Remote Connect Server and recommends to update to the latest version.
SCALANCE LPE9403 is affected by multiple vulnerabilities that could allow an attacker to impact its confidentiality, integrity and availability. Siemens has released a new version for SCALANCE...
The IPv6 stack of the networking component (Nucleus NET) in Nucleus Real-Time Operating System (RTOS) contains two vulnerabilities when processing IPv6 headers which could allow an attacker to...
SCALANCE M-800 and SC-600 families are affected by improper input validation in the OpenVPN authentication. Siemens has released new versions for several affected products and recommends to update...
The DHCP implementation of the networking component (Nucleus NET) in Nucleus Real-Time Operating System (RTOS) contains a vulnerability that could allow an attacker to change the IP address of an...