Risk Summary
Multiple Siemens products are affected by two local privilege escalation vulnerabilities which could allow an low privileged attacker to load malicious DLLs, potentially leading to arbitrary code execution with elevated privileges. Siemens has released new versions for the affected products and recommends to update to the latest versions.
CVEs (2)
Remediations
- Update to V4.0 SP2 or later version
- Update to V2.15.2.1 or later version
- Update to V4.0 SP3 or later version
Affected Vendors
Siemens
Affected Products (3)
Siemens
·
SINEC NMS
<V4.0_SP2
Siemens
·
SINEC NMS
<V4.0_SP3
Siemens
·
User Management Component (UMC)
vers:intdot/<2.15.2.1
Affected Sectors
Information Technology, Energy, Critical Manufacturing
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more