1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SINEMA Remote Connect Server Vulnerabilities: Missing Release of Resource after Effective Lifetime, Infinite Loop 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to cause a memory leak or an infinite loop…

1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Nucleus Vulnerability: Use of Insufficiently Random Values 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow a local attacker to take over the system where the software is installed. 3. TECHNICAL DETAILS 3.1 AFFECTED…

1. EXECUTIVE SUMMARY CVSS v3 9.9 ATTENTION: Exploitable remotely/low attack complexity Vendors: Siemens/PKE Equipment: Control Center Server (CCS) Vulnerabilities: Cleartext Storage of Sensitive Information in GUI, Improper Authentication, Relative Path Traversal, Use of a Broken or Risky Cryptographic Algorithm, Exposed Dangerous Method or Function, Path Traversal, Cleartext Storage in…

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: TIM 4R-IE Vulnerabilities: Incorrect Type Conversion or Cast, Improper Input Validation, Improper Authentication, Security Features, Null Pointer Dereference, Data Processing Errors, Exposure of Sensitive Information to an Unauthorized Actor, Race Condition 2. RISK EVALUATION Successful…

1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIMOTICS CONNECT 400 Vulnerabilities: Improper Null Termination, Out-of-bounds Read, Access of Memory Location After End of Buffer, Use of Insufficiently Random Values 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to…

1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Nucleus Vulnerability: Use of Insufficiently Random Values 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to poison the DNS cache or spoof DNS resolving. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The…

1. EXECUTIVE SUMMARY CVSS v3 9.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens and Milestone Equipment: Siveillance Video Open Network Bridge (ONVIF) Vulnerability: Use of Hard-coded Cryptographic Key 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an authenticated remote attacker to retrieve and…

1. EXECUTIVE SUMMARY CVSS v3 9.3 ATTENTION: Exploitable with adjacent access/low attack complexity Vendor: Medtronic Equipment: MyCareLink Monitor, CareLink Monitor, CareLink 2090 Programmer, specific Medtronic implanted cardiac devices listed below Vulnerabilities: Improper Access Control, Cleartext Transmission of Sensitive Information 2. UPDATE INFORMATION This updated advisory is a follow-up to…

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Rockwell Automation Equipment: FactoryTalk AssetCentre Vulnerabilities: OS Command Injection, Deserialization of Untrusted Data, SQL Injection, Improperly Restricted Functions 2. RISK EVALUATION Successful exploitation of these vulnerabilities may allow unauthenticated attackers to perform arbitrary command execution, SQL injection,…

1. EXECUTIVE SUMMARY CVSS v3 2.4 ATTENTION: Low skill level to exploit Vendor: Philips Equipment: Gemini PET/CT Family Vulnerability: Storage of Sensitive Data in a Mechanism Without Access Control 2. RISK EVALUATION Successful exploitation of this vulnerability involving removable media could allow access to sensitive information (including patient information)….