Monday, February 22, 00:38
Home security Siemens: Product Vulnerabilities Allow Arbitrary Code Execution!

Siemens: Product Vulnerabilities Allow Arbitrary Code Execution!

Last week, Siemens informed its customers that some of its product development solutions are affected by twelve vulnerabilities, which hackers can be exploited to execute arbitrary code maliciously archives.

The vulnerabilities were discovered by some researchers and their discovery was coordinated through the Zero Day Initiative (ZDI) of Trend Micro and CISA, which published its own advisory. Affected products have been developed by Siemens Digital Industries Software, which specializes in product lifecycle management (PLM) solutions.

Siemens: Product Vulnerabilities Allow Arbitrary Code Execution!

Siemens and CISA publish consulting on 18 vulnerabilities affecting Siemens JT2Go, a promotional tool 3D for JT date (ISO 3D standard format) and Teamcenter Visualization, which provides organization visualization solutions for documents, 2D drawings and 3D models. In addition, a second consultation was published on six vulnerabilities affecting the Siemens Solid Edge, a solution that provides tools software for 3D design, simulation and construction.

Most vulnerabilities are serious and can lead to arbitrary execution code in the context of the targeted process. A vulnerability can lead to information leakage and has been described as "moderate" in severity.

Additionally, code execution vulnerabilities are associated with inadequate validation of user-provided data when parsing certain file types, leading to memory corruption vulnerabilities. To make a attack, intruders must convince the target user to open a specially constructed file.

CISA

The types of files that can be used to activate vulnerabilities are JT, CG4, CGM, PDF, RGB, TGA, PAR, ASM, PCX, SGI and DFT. Although the description for all vulnerabilities is similar, a separate CVE ID has been assigned to each variant of a vulnerability.

Siemens has been released updates code for affected products. The German industrial giant has shared solutions for publications which have not yet received corrections.

Siemens has also released some tips describing the vulnerabilities found in industrial SCALANCE X switches. DoS and Man-in-the-middle attacks.

LEAVE ANSWER

Please enter your comment!
Please enter your name here

Pohackontas
Pohackontashttps://www.secnews.gr
Every accomplishment starts with the decision to try.

LIVE NEWS

How to make a Facetime Audio call

Tired of low quality cell phone calls? Thanks to FaceTime, you can make high-resolution calls if you use iPhone, iPad, ...

How to add special effects to Instagram messages

Did you know that you can make instant Instagram messages more impressive? Like any other Instagram feature, you can add special ...

Only 270 addresses are responsible for 55% of all money laundering

Cybercriminals who keep their money in cryptocurrencies tend to "launder" money through a small set of online services, according to ...

Twitter: Voice messages are coming! How do we send them?

Twitter will soon support voice messages in both iOS and Android applications. This means that you will be able to send ...

How to connect a Bluetooth headset to a Nintendo Switch

The Nintendo Switch has a headphone jack. However, most headphones have become wireless so you will need a way to connect them ...

How to hide your phone number in Telegram

If you wish to create a Telegram account, you must provide your telephone number. In this way, Telegram validates the ...

Google Assistant: How can you delete your recordings?

Google Assistant can make your daily life much easier. However, it also involves some privacy issues, as ...

Microsoft: Office 2021 / Office LTSC coming in the second half of 2021

Microsoft announced that the Microsoft Office Long Term Service Channel (LTSC) and Office 2021 will be released in 2021, for ...

How to quickly create QR codes with Bing

If you ever need to create a QR code, but you do not know how, Microsoft has an easy-to-use tool available in any program ...

Brave: Onion addresses leaked to DNS traffic

The Tor function included in the Brave web browser, allows users to access .onion dark web domains within ...