Vulnerabilities fixed in Siemens products

Siemens has fixed vulnerabilities in various products such as Desigo, NX, Polarion, SENTRON, Simcenter, SINEC, SIPORT, Siveillance, Solid Edge, The vulnerabilities potentially enable a malicious person to carry out attacks that can lead to the following categories of damage: - Denial-of-Service D...

Vulnerabilities fixed in Siemens products

Siemens has fixed vulnerabilities in several products such as Apogee, Industial Edge, RUGGEDCOM, SIMATIC, SIMOTION and SINAMICS. The vulnerabilities potentially enable a malicious person to carry out attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Manipulati...

Vulnerabilities fixed in Siemens products

Siemens has fixed vulnerabilities in several products such as RUGGEDCOM, SCALANCE, SIMATIC and Tecnomatix The vulnerabilities potentially enable a malicious person to carry out attacks that could lead to the following categories of damage: - Denial-of-Service DoS - Manipulation of data -...

Vulnerabilities fixed in Progress MOVEit

Progress has fixed vulnerabilities in MOVEit Transfer and MOVEit Gateway. During the vulnerability investigation, a vulnerability was also discovered in an unnamed Third-Party component in use by MOVEit Transfer. The vulnerabilities are located in the SFTP module of the affected applications and...

Vulnerabilities fixed in Cacti

The developers of Cacti have fixed several vulnerabilities in Cacti. A malicious party can exploit the vulnerabilities to execute attacks that can result in the following categories of damage: SQL Injection Cross-Site Scripting XSS Remote code execution User rights Remote code execution...

Vulnerability fixed in Arista EOS

A vulnerability has been fixed in Arista EOS. Arista EOS is a Linux-based operating system installed on network equipment from Arista. With eAPI it is possible to remotely manage and configure Arista's network equipment. When authentication is based on certificates, it is possible that eAPI...

Vulnerability discovered in Schneider Electric EcoStruxure Control Expert

A vulnerability has been discovered in Schneider Electric EcoStruxure Control Expert. The vulnerability could cause a malicious script to be deployed deployed to an unauthorized location which in turn could lead to the execution of code. Schneider Electric has published mitigating measures. More...

Vulnerability found in Microsoft Windows

A vulnerability has been found in Microsoft Windows' MSHTML component. A malicious party could potentially exploit it to execute arbitrary code under the privileges of a user. To do this, the malicious party needs to get the victim to to open a rogue Office document. Microsoft indicates that ther...

Vulnerabilities fixed in XStream

Vulnerabilities have been fixed in XStream. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Cross-Site Request Forgery XSRF. Manipulation of data Access to sensitive data The vulnerabilities are exploitable only when using the defau...

Vulnerabilities discovered in HMI Panels

Because SIMATIC HMI panels do not properly handle repeated login attempts correctly, they are susceptible to Brute-force attacks. A malicious party can use them to retrieve user names and passwords find out and thus issue random commands with permissions from the affected user account. To exploit...

Vulnerability fixed in Siemens WinCC, PCS 7 and Net PC products

Siemens has fixed a vulnerability in the products SIMATIC PCS 7, SIMATIC WinCC and SIMATIC NET PC. An unauthenticated malicious person with access to the network can exploit the vulnerability exploit to cause a denial-of-service when using encrypted connections are used. Siemens has released...