The vulnerability of the UMC software product management components, including Opcenter Quality, SIMATIC PCS neo, SINUMERIK Integrate RunMyHMI/Automotive, Totally Integrated Automation Portal (TIA Portal), allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the UMC software product management components, including Opcenter Quality, SIMATIC PCS neo, SINUMERIK Integrate RunMyHMI/Automotive, Totally Integrated Automation Portal TIA Portal, is related to the use of an unauthorized intermediate policy file. Exploiting this...

The vulnerability of the Opcenter Quality production process management system, the SIMATIC PCS neo technological process management web system, the SINUMERIK Integrate RunMyHMI/Automotive production process automation and management software, and the Totally Integrated Automation Portal (Portal TIA) – related to copying buffers without checking input data size – allows a malicious actor to trigger service failures.

The vulnerability of the Opcenter Quality production process management system, the SIMATIC PCS neo technological process management web system, the SINUMERIK Integrate RunMyHMI/Automotive production process automation and management software, and the Totally Integrated Automation Portal Portal T...

The vulnerability of the Opcenter Quality production process management system, the SIMATIC PCS neo technological process management web system, the SINUMERIK Integrate RunMyHMI/Automotive production process automation and management software, and the Totally Integrated Automation Portal (Portal TIA) – related to copying buffers without checking input data size – allows a malicious actor to trigger service failures.

The vulnerability of the Opcenter Quality production process management system, the SIMATIC PCS neo technological process management web system, the SINUMERIK Integrate RunMyHMI/Automotive production process automation and management software, and the Totally Integrated Automation Portal Portal T...

Design/Logic Flaw

A vulnerability has been identified in Opcenter Quality All versions V2312, SIMATIC PCS neo All versions V4.1, SINEC NMS All versions V2.0 SP1, SINUMERIK Integrate RunMyHMI /Automotive All versions, Totally Integrated Automation Portal TIA Portal V14 All versions, Totally Integrated Automation...

Input validation

A vulnerability has been identified in Opcenter Quality All versions V2312, SIMATIC PCS neo All versions V4.1, SINEC NMS All versions V2.0 SP1, SINUMERIK Integrate RunMyHMI /Automotive All versions, Totally Integrated Automation Portal TIA Portal V14 All versions, Totally Integrated Automation...

Design/Logic Flaw

A vulnerability has been identified in Opcenter Quality All versions V2312, SIMATIC PCS neo All versions V4.1, SINEC NMS All versions V2.0 SP1, SINUMERIK Integrate RunMyHMI /Automotive All versions, Totally Integrated Automation Portal TIA Portal V14 All versions, Totally Integrated Automation...

CVE-2023-46285

The CVE-2023-46285 issue is an improper input validation flaw in Siemens/SAP Opcenter and TIAP/TIA components that can trigger a denial-of-service by sending crafted traffic to port 4004/tcp. Affected products include Opcenter Execution Foundation (< V2407), Opcenter Quality (< V2312), SIMA...

CVE-2023-46284

Opcenter components and Siemens TIAP stack are affected by CVE-2023-46284, a buffer overflow (out-of-bounds write) in handling requests on ports 4002/tcp and 4004/tcp that can crash the target application (denial of service) with auto-restart of the service. Affected products/versions include: Op...

CVE-2023-46282

Siemens Opcenter/TIA Portal family is affected by a reflected XSS in the web UI across multiple products and versions: Opcenter Execution Foundation < V2407, Opcenter Quality < V2312, SIMATIC PCS N eo < V4.1, SINEC NMS < V2.0 SP1, and TIA Portal V14, V15.1, V16, V17 < V17 Update 8,...

CVE-2023-46281

CVE-2023-46281 affects Siemens/Opcenter UMC across multiple products, due to an overly permissive cross-domain policy in the UMC Web-UI. Affected versions include Opcenter Execution Foundation < V2407, Opcenter Quality < V2312, SIMATIC PCS neo < V4.1, SINEC NMS < V2.0 SP1, and TIAs: P...

Siemens SINUMERIK Integrate Operate Client

1. EXECUTIVE SUMMARY CVSS v3 7.4 ATTENTION : Exploitable remotely Vendor : Siemens Equipment : SINUMERIK Integrate Operate Client Vulnerability : Improper Certificate Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to spoof any SSL server...

Siemens OpenSSL Vulnerability in Industrial Products (Update E)

1. EXECUTIVE SUMMARY CVSS v3 5.9 ATTENTION : Exploitable remotely Vendor : Siemens Equipment : Industrial Products Vulnerability : Cleartext Transmission of Sensitive Information 2. UPDATE INFORMATION This updated advisory is a follow-up to the updated advisory titled ICSA-18-226-02 Siemens...

CVE-2017-2685

Siemens SINUMERIK Integrate Operate Clients between 2.0.3.00.016 including and 2.0.6 excluding and between 3.0.4.00.032 including and 3.0.6 excluding contain a vulnerability that could allow an attacker to read and manipulate data in TLS sessions while performing a man-in-the-middle MITM attack...