Stay connected

Trending News

Siemens Embedded TCP/IP Stack Vulnerabilities (AMNESIA:33)
ICS, News, Vulnerabilities

Siemens Embedded TCP/IP Stack Vulnerabilities (AMNESIA:33) 

1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SENTRON PAC3200, SENTRON PAC4200, SIRIUS 3RW5 Vulnerability: Integer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could cause a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following products are affected:…

Siemens XHQ Operations Intelligence
ICS, News, Vulnerabilities

Siemens XHQ Operations Intelligence 

1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: XHQ Operations Intelligence Vulnerabilities: Exposure of Sensitive Information to an Unauthorized Actor, Cross-site Scripting, Basic XSS, SQL Injection, Relative Path Traversal, Cross-site Request Forgery 2. RISK EVALUATION Successful exploitation of these vulnerabilities could…

Siemens SICAM A8000 RTUs
ICS, News, Vulnerabilities

Siemens SICAM A8000 RTUs 

1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SICAM A8000 Remote Terminal Unit Series Vulnerability: Protection Mechanism Failure  2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to gain unauthorized read or write access to network traffic to…

Siemens Products using TightVNC
ICS, News, Vulnerabilities

Siemens Products using TightVNC 

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIMATIC ITC Industrial Thin Clients, SIMATIC WinCC Runtime Advanced/Professional, SIMATIC HMI Panels, SIPLUS extreme products Vulnerabilities: Heap-based Buffer Overflow, NULL Pointer Dereference, Classic Buffer Overflow 2. RISK EVALUATION Successful exploitation of these vulnerabilities…

Siemens SIMATIC Controller Web Servers
ICS, News, Vulnerabilities

Siemens SIMATIC Controller Web Servers 

1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIMATIC Controller Web Servers Vulnerability: Uncaught Exception 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports the…

Siemens LOGO! Soft Comfort
Vulnerabilities

Siemens LOGO! Soft Comfort (Update A) 

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: Siemens Equipment: LOGO! Soft Comfort Vulnerability: Deserialization of Untrusted Data 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-19-134-03 Siemens LOGO! Soft Comfort that was published May 14, 2019, on…

Siemens LOGO! 8 BM
ICS, News, Vulnerabilities

Siemens LOGO! 8 BM (Update A) 

1. EXECUTIVE SUMMARY CVSS v3 9.4 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: LOGO! 8 BM Vulnerabilities: Missing Authentication for Critical Function, Improper Handling of Extra Values, Plaintext Storage of a Password 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled…

Siemens SCALANCE X Switches, RUGGEDCOM WiMAX, RFID 181-EIP, and SIMATIC RF182C
ICS, News, Vulnerabilities

Siemens SCALANCE X Switches, RUGGEDCOM WiMAX, RFID 181-EIP, and SIMATIC RF182C (Update D) 

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable from the same local network segment (OSI Layer 2) Vendor: Siemens Equipment: SCALANCE X switches, RUGGEDCOM Win, RFID 181-EIP, and SIMATIC RF182C Vulnerability: Heap-based Buffer Overflow  2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled ICSA-18-165-01…

Siemens LOGO! (Update A)
ICS, News, Vulnerabilities

Siemens LOGO! (Update A) 

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: LOGO! Vulnerabilities: Insufficiently Protected Credentials, Man-in-the-Middle 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-17-243-02 Siemens LOGO! that was published August 31, 2017, on the ICS webpage…