Februar 2020
Titel
SSA-168644 (Last Update: 2020-02-10): Spectre and Meltdown Vulnerabilities in Industrial Products
Veröffentlicht
10. Februar 2020 01:00
Text
Security researchers published information on vulnerabilities known as Spectre and Meltdown. These vulnerabilities affect many modern processors from different vendors to a varying degree. Several Industrial Products include affected processors and are affected by the vulnerabilities.
Titel
SSA-892012 (Last Update: 2020-02-10): Web Vulnerabilities in SIMATIC S7-1200 CPU Family
Veröffentlicht
10. Februar 2020 01:00
Text
The latest product release of the SIMATIC S7-1200 CPU fixes two vulnerabilities. The more severe of these vulnerabilities could allow an attacker to inject HTTP headers if unsuspecting users are tricked to click on a malicious link. Another vulnerability resolved in this product release is discussed below.
Titel
SSA-087240 (Last Update: 2020-02-10): Vulnerabilities in SIEMENS LOGO!
Veröffentlicht
10. Februar 2020 01:00
Text
Two vulnerabilities have been identified in SIEMENS LOGO!8 BM devices. The most severe vulnerability could allow an attacker to hijack existing web sessions. Siemens provides LOGO!8 BM FS-05 with firmware version V1.81.2, which fixes the first vulnerability, and recommends specific mitigations for the second vulnerability.
Titel
SSA-850708 (Last Update: 2020-02-10): Authentication Bypass in SCALANCE X-200 Switch Family
Veröffentlicht
10. Februar 2020 01:00
Text
A potential vulnerability was discovered in the web server’s authentication of SCALANCE X-200 switches that might allow attackers to hijack web sessions over the network without authentication. Siemens addresses the issue with a firmware update.
Titel
SSA-87240 (Last Update: 2020-02-10): Vulnerabilities in SIEMENS LOGO!
Veröffentlicht
10. Februar 2020 01:00
Text
Two vulnerabilities have been identified in SIEMENS LOGO!8 BM devices. The most severe vulnerability could allow an attacker to hijack existing web sessions. Siemens provides LOGO!8 BM FS-05 with firmware version V1.81.2, which fixes the first vulnerability, and recommends specific mitigations for the second vulnerability.
Titel
SSA-546832 (Last Update: 2020-02-10): Vulnerabilities in Medium Voltage SINAMICS and SIMOTION Products
Veröffentlicht
10. Februar 2020 01:00
Text
The latest updates for medium voltage SINAMICS products fix two security vulnerabilities that could allow an attacker to cause a Denial-of-Service condition either via specially crafted PROFINET DCP broadcast packets or by sending specially crafted packets to port 161/udp (SNMP). Precondition for the PROFINET DCP scenario is a direct Layer ...
Titel
SSA-542701 (Last Update: 2020-02-10): Vulnerabilities in SIEMENS LOGO!
Veröffentlicht
10. Februar 2020 01:00
Text
Multiple vulnerabilities have been identified in SIEMENS LOGO!8 BM devices. The most severe vulnerability could lead to an attacker reading and modifying the device configuration if the attacker has access to port 10005/tcp.
Titel
SSA-892715 (Last Update: 2020-02-10): ME, SPS and TXE Vulnerabilities in SIMATIC IPCs
Veröffentlicht
10. Februar 2020 01:00
Text
Intel has identified vulnerabilities in Intel Management Engine (ME), Intel Server Platform Services (SPS), and Intel Trusted Execution Engine (TXE). As several Siemens Industrial PCs use Intel technology, they are also affected. Siemens has released updates for the affected Industrial PCs.
Titel
SSA-254686 (Last Update: 2020-02-10): Foreshadow / L1 Terminal Fault Vulnerabilities in Industrial Products
Veröffentlicht
10. Februar 2020 01:00
Text
Security researchers published information on vulnerabilities known as Foreshadow and L1 Terminal Fault (L1TF). These vulnerabilities affect many modern processors from different vendors to a varying degree. Several Siemens Industrial Products contain processors that are affected by the vulnerabilities.
Titel
SSA-347726 (Last Update: 2020-02-10): Denial-of-Service Vulnerability in SIMATIC S7-1500, SIMATIC S7-1500 Software Controller and SIMATIC ET 200SP Open Controller
Veröffentlicht
10. Februar 2020 01:00
Text
Versions of SIMATIC S7-1500, SIMATIC S7-1500 Software Controller and SIMATIC ET200SP Open Controller are affected by a denial-of-service vulnerability. An attacker with network access to the PLC can cause a Denial-of-Service condition on the network stack.
Titel
SSA-597212 (Last Update: 2020-02-10): Web Vulnerability in SIMATIC S7-1200 CPU Family
Veröffentlicht
10. Februar 2020 01:00
Text
The latest firmware version V4.1 of the SIMATIC S7-1200 CPU fixes one vulnerability. The vulnerability could allow an attacker to redirect users to untrusted sites under certain conditions.
Titel
SSA-763427 (Last Update: 2020-02-10): Vulnerability in Communication Processor (CP) modules CP 343-1, TIM 3V-IE, TIM 4R-IE, and CP 443-1
Veröffentlicht
10. Februar 2020 01:00
Text
Siemens has released updates for Communication Processor (CP) module families CP 343-1/TIM 3V-IE/TIM 4R-IE/CP 443-1 to resolve an authentication bypass vulnerability that could allow unauthenticated users to perform administrative operations under certain conditions.
Titel
SSA-987029 (Last Update: 2020-02-10): Denial-of-Service Vulnerability in SIMATIC S7-300 CPU Family
Veröffentlicht
10. Februar 2020 01:00
Text
A vulnerability could allow attackers to perform a Denial-of-Service attack over the network without prior authentication against S7-300 CPUs under certain conditions. Siemens recommends specific mitigations. Siemens will update this advisory when new information becomes available.
Titel
SSA-310688 (Last Update: 2020-02-10): Denial-of-Service Vulnerability in SIMATIC S7-1500 CPU
Veröffentlicht
10. Februar 2020 01:00
Text
The latest firmware update for the SIMATIC S7-1500 CPU family fixes a vulnerability which could allow an attacker to perform a Denial-of-Service attack under certain conditions. The attacker must have network access to the device to exploit this vulnerability.
Titel
SSA-180635 (Last Update: 2020-02-10): Denial-of-Service Vulnerabilities in SIMATIC S7-1500 CPU Family
Veröffentlicht
10. Februar 2020 01:00
Text
Older versions of the S7-1500 CPU are affected by two Denial-of-Service vulnerabilities. Siemens has released updates for the currently supported hardware versions.
Titel
SSA-456423 (Last Update: 2020-02-10): Vulnerabilities in SIMATIC S7-1500 CPU family
Veröffentlicht
10. Februar 2020 01:00
Text
The new firmware update for the SIMATIC S7-1500 CPU firmware fixes several vulnerabilities, which may have been exploitable via network by Web application attacks or Denial-of-Service attacks with specially crafted network packets on different ports. Siemens addresses and fixes all of these issues by the new firmware update.
Titel
SSA-176087 (Last Update: 2020-02-10): Unauthenticated Access to Critical Services in SCALANCE X-200 Switch Family
Veröffentlicht
10. Februar 2020 01:00
Text
A potential vulnerability was discovered in the web server authentication of SCALANCE X-200 and X-200IRT switches that might allow attackers to perform administrative operations over the network without authentication. This issue only applies to switches using older firmware versions and has been fixed from firmware V4.5.0 (non-IRT) and V5.1.0 (IRT) ...
Titel
SSA-954136 (Last Update: 2020-02-10): User Impersonation Vulnerability in SCALANCE X-200IRT Switch Family
Veröffentlicht
10. Februar 2020 01:00
Text
The latest firmware update for the SCALANCE X-200IRT switch family fixes a vulnerability which could allow attackers to impersonate legitimate users of the web interface.
Titel
SSA-944083 (Last Update: 2020-02-10): HTTP Header Injection in SIMATIC Panels and SIMATIC WinCC (TIA Portal)
Veröffentlicht
10. Februar 2020 01:00
Text
The latest update for SIMATIC Panel software and SIMATIC WinCC (TIA Portal) fixes a vulnerability that could allow an attacker with network access to the web server to perform a HTTP header injection attack.
Titel
SSA-731239 (Last Update: 2020-02-10): Vulnerabilities in SIMATIC S7-300 and S7-400 CPUs
Veröffentlicht
10. Februar 2020 01:00
Text
Two vulnerabilities have been identified in SIMATIC S7-300 and S7-400 CPU families. One vulnerability could lead to a Denial-of-Service, the other vulnerability could result in credential disclosure. Siemens recommends specific mitigations. Siemens will update this advisory when new information becomes available.
Titel
SSA-321046 (Last Update: 2020-02-10): Denial-of-Service Vulnerability in SCALANCE X-300/X408 Switch Family
Veröffentlicht
10. Februar 2020 01:00
Text
The latest firmware update for the Siemens SCALANCE X-300 switch family and SCALANCE X 408 fixes two vulnerabilities. The vulnerabilities could allow attackers to cause a device reboot under certain conditions. An attacker must have network access to the device to exploit this vulnerability.
Titel
SSA-654382 (Last Update: 2020-02-10): Vulnerabilities in SIMATIC S7-1200 CPU Familiy
Veröffentlicht
10. Februar 2020 01:00
Text
The latest product release of the SIMATIC S7-1200 CPU fixes several vulnerabilities. The most severe of these vulnerabilities could allow an attacker to take over an authenticated web session if the session token can be predicted. The attacker must have network access to the device to exploit this vulnerability. Further ...
Titel
SSA-914382 (Last Update: 2020-02-10): Denial-of-Service Vulnerability in SIMATIC S7-400 CPU Family
Veröffentlicht
10. Februar 2020 01:00
Text
SIMATIC S7-400 CPUs are affected by a security vulnerability which could lead to a Denial-of-Service condition of the PLC if specially crafted packets are received and processed. The affected SIMATIC S7-400 CPU hardware versions are in the product cancellation phase or already phased-out. Siemens recommends customers either upgrading to a ...
Titel
SSA-268644 (Last Update: 2020-02-10): Spectre-NG (Variants 3a and 4) Vulnerabilities in Industrial Products
Veröffentlicht
10. Februar 2020 01:00
Text
Security researchers published information on vulnerabilities known as Spectre-NG (Variants 3a and 4). These vulnerabilities affect many modern processors from different vendors to a varying degree. Several Industrial Products include affected processors and are affected by the vulnerabilities.
Titel
SSA-724606 (Last Update: 2020-02-10): Denial-of-Service Vulnerabilities in SIMATIC S7-1200 CPU Family
Veröffentlicht
10. Februar 2020 01:00
Text
Siemens SIMATIC S7-1200 PLCs, version 2 and higher, allow device management over TCP port 102 (ISO-TSAP) and retrieving status information over UDP port 161 (SNMP). It is possible to cause the device to go into defect mode by sending specially crafted packets to these ports. Siemens addresses these issues with ...

Letzte Updates

BOSCH PSIRT
19.07.2024
SIEMENS CERT
22.07.2024
US CERT
09.07.2024
US CERT (ICS)
23.07.2024

Nach Quelle

Archiv

2024
2023
2022
2021
2020
2019
2018
2017

Feeds