Siemens RUGGEDCOM CROSSBOW contains out-of-bounds read, improper privilege management, SQL injection and more vulnerabilities that can allow an attacker to execute arbitrary database queries via SQL injection attacks, create a denial-of-service condition or write arbitrary files to the application's file system.

Sources: Siemens, CISA

​Siemens Software Center contains uncontrolled search path element and path traversal vulnerabilities that can allow a local attacker to execute code with elevated privileges.

Sources: CISA, Siemens

Siemens Parasolid Installer contains an incorrect permission assignment for critical resource vulnerability that can allow an attacker to misuse the vulnerability and escalate privileges.

Sources: CISA, Siemens

Siemens SICAM TOOLBOX II contains incorrect permission assignment for critical resource and execution with unnecessary privileges vulnerabilities that can allow local attackers to execute code on the system with elevated privileges.

Sources: CISA, Siemens

Siemens OpenSSL RSA Decryption in SIMATIC contains an inadequate encryption strength vulnerability that can allow an attacker to recover the product’s connection secret.

Sources: CISA, Siemens

Schneider Electric IGSS contains a deserialization of untrusted data vulnerability that can allow arbitrary code execution or loss of control of the SCADA system.

Sources: CISA, Schneider Electric

​Hitachi Energy RTU500 series contains a stack-based buffer overflow vulnerability that can cause a buffer overflow and reboot of the product.

Sources: CISA, Hitachi Energy