Innovation and collaborative, synchronized program management for new programs
Aerospace & Defense
Innovation and collaborative, synchronized program management for new programs
Explore IndustryAutomotive & Transportation
Integration of mechanical, software and electronic systems technologies for vehicle systems
Explore IndustryConsumer Products & Retail
Product innovation through effective management of integrated formulations, packaging and manufacturing processes
Explore IndustryElectronics & Semiconductors
New product development leverages data to improve quality and profitability and reduce time-to-market and costs
Explore IndustryEnergy & Utilities
Supply chain collaboration in design, construction, maintenance and retirement of mission-critical assets
Explore IndustryHeavy Equipment
Construction, mining, and agricultural heavy equipment manufacturers striving for superior performance
Explore IndustryIndustrial Machinery
Integration of manufacturing process planning with design and engineering for today’s machine complexity
Explore IndustryInsurance & Financial
Visibility, compliance and accountability for insurance and financial industries
Explore IndustryMarine
Shipbuilding innovation to sustainably reduce the cost of developing future fleets
Explore IndustryMedia & Telecommunications
Siemens PLM Software, a leader in media and telecommunications software, delivers digital solutions for cutting-edge technology supporting complex products in a rapidly changing market.
Explore IndustryMedical Devices & Pharmaceuticals
“Personalized product innovation” through digitalization to meet market demands and reduce costs
Explore IndustrySmall & Medium Business
Remove barriers and grow while maintaining your bottom line. We’re democratizing the most robust digital twins for your small and medium businesses.
Explore IndustrySiemens Digital Industries Software Nucleus 13
Siemens Digital Industries Software Nucleus 13
You may be aware of the recent media alert titled "Nucleus:13 vulnerabilities" concerning the Siemens Embedded Software Solutions Nucleus RTOS. Siemens Embedded strives to avoid software defects, but uncovering security vulnerabilities is a regular and ongoing part of business for a software company.
Fortunately, Siemens has a stringent in-house process to uncover Common Vulnerability and Exposures (CVE) including the Siemens dedicated security monitoring team who works with leading industry security research agencies to uncover software vulnerabilities. When vulnerabilities are found, we work directly with these experts to quickly provide the appropriate fixes for these vulnerabilities. Our customers can then quickly integrate those fixes into their devices and eliminate potential infiltration by malicious actors in the future.
"Among all the vendors, Siemens is the only one that has publicly stated to be affected by the vulnerabilities in all the disclosure phases. So far, Siemens has issued 12 advisories based on Project Memoria’s findings. Siemens is also the vendor that issues 31% of ICS-CERT alerts in 2020. This is not a coincidence and is far from implying that Siemens’ devices are less secure than others. On the contrary, it shows that they have a mature product security program and that they are open to acknowledging and publishing issues that affect their products. It also indicates that several other similar vendors have not taken the same proactive approach and may be leaving their customers vulnerable"
As a current or past customer of the Nucleus operating system, we felt it is important to bring your attention to the recently discovered set of security vulnerabilities that could have an impact on some devices. Specifically, what the vulnerabilities are and the fixes we are making available.
Nucleus:13 is a set of 13 Common Vulnerabilities and Exposures (CVEs) affecting portions of the Nucleus RTOS networking components. The new vulnerabilities allow for Remote Code Execution or Denial of Service attacks under specific operating conditions.
Siemens delivers embedded development tools that enable device manufacturers to quickly design and build high-quality connected devices – including those with rich user interfaces, cloud-based remote management, or safety certification. Base technologies include Linux, the Nucleus real-time operating system, advanced multicore runtime, and IoT enablement & development tools.