February 2020
Title
SSA-176087 (Last Update: 2020-02-10): Unauthenticated Access to Critical Services in SCALANCE X-200 Switch Family
Published
Feb. 10, 2020, 1 a.m.
Summary
A potential vulnerability was discovered in the web server authentication of SCALANCE X-200 and X-200IRT switches that might allow attackers to perform administrative operations over the network without authentication. This issue only applies to switches using older firmware versions and has been fixed from firmware V4.5.0 (non-IRT) and V5.1.0 (IRT) ...
Title
SSA-087240 (Last Update: 2020-02-10): Vulnerabilities in SIEMENS LOGO!
Published
Feb. 10, 2020, 1 a.m.
Summary
Two vulnerabilities have been identified in SIEMENS LOGO!8 BM devices. The most severe vulnerability could allow an attacker to hijack existing web sessions. Siemens provides LOGO!8 BM FS-05 with firmware version V1.81.2, which fixes the first vulnerability, and recommends specific mitigations for the second vulnerability.
Title
SSA-874235 (Last Update: 2020-02-10): Intel Vulnerability in Siemens Industrial Products
Published
Feb. 10, 2020, 1 a.m.
Summary
Several Intel chipsets for Intel Core i5, Intel Core i7 and Intel XEON are susceptible to remote code execution vulnerability (CVE-2017-5689) [1]. As several Siemens Industrial Products use Intel technology, they are also affected. Siemens has released updates for the affected Industrial PCs. [1] Intel Security Advisory – INTEL-SA-00075:https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&languageid=en-fr
Title
SSA-944083 (Last Update: 2020-02-10): HTTP Header Injection in SIMATIC Panels and SIMATIC WinCC (TIA Portal)
Published
Feb. 10, 2020, 1 a.m.
Summary
The latest update for SIMATIC Panel software and SIMATIC WinCC (TIA Portal) fixes a vulnerability that could allow an attacker with network access to the web server to perform a HTTP header injection attack.
Title
SSA-321046 (Last Update: 2020-02-10): Denial-of-Service Vulnerability in SCALANCE X-300/X408 Switch Family
Published
Feb. 10, 2020, 1 a.m.
Summary
The latest firmware update for the Siemens SCALANCE X-300 switch family and SCALANCE X 408 fixes two vulnerabilities. The vulnerabilities could allow attackers to cause a device reboot under certain conditions. An attacker must have network access to the device to exploit this vulnerability.
Title
SSA-742938 (Last Update: 2020-02-10): Open Ports in SINAMICS S/G Firmware
Published
Feb. 10, 2020, 1 a.m.
Summary
A potential vulnerability was discovered in the SINAMICS S/G converter family which might allow attackers to access administrative functions on the device without authentication. Siemens addresses the issue by a firmware update.
Title
SSA-293562 (Last Update: 2020-02-10): Vulnerabilities in Industrial Products
Published
Feb. 10, 2020, 1 a.m.
Summary
Several industrial devices are affected by two vulnerabilities that could allow an attacker to cause a Denial-of-Service condition via PROFINET DCP network packets under certain circumstances. The precondition for this scenario is a direct layer 2 access to the affected products. PROFIBUS interfaces are not affected. Siemens has released updates ...
Title
SSA-592007 (Last Update: 2020-02-10): Denial-of-Service Vulnerability in Industrial Products
Published
Feb. 10, 2020, 1 a.m.
Summary
Several industrial controllers are affected by a security vulnerability that could allow an attacker to cause a Denial-of-Service condition via PROFINET DCP network packets under certain circumstances. Precondition for this scenario is a direct OSI Layer 2 access to the affected products. PROFIBUS interfaces are not affected. Siemens has released ...
Title
SSA-833048 (Last Update: 2020-02-10): Vulnerability in SIMATIC S7-1200 CPU Family
Published
Feb. 10, 2020, 1 a.m.
Summary
Siemens became aware that the discontinued products SIMATIC S7-1200 CPUs prior to version 4 could allow for the circumvention of user program block protection under certain conditions.
Title
SSA-914382 (Last Update: 2020-02-10): Denial-of-Service Vulnerability in SIMATIC S7-400 CPU Family
Published
Feb. 10, 2020, 1 a.m.
Summary
SIMATIC S7-400 CPUs are affected by a security vulnerability which could lead to a Denial-of-Service condition of the PLC if specially crafted packets are received and processed. The affected SIMATIC S7-400 CPU hardware versions are in the product cancellation phase or already phased-out. Siemens recommends customers either upgrading to a ...
Title
SSA-982399 (Last Update: 2020-02-10): Missing Authentication in TIM 1531 IRC Modules
Published
Feb. 10, 2020, 1 a.m.
Summary
The latest update for TIM 1531 IRC fixes a vulnerability. The device was missing proper authentication when connecting on port 102/tcp, although configured. An attacker needs to be able to connect to port 102/tcp of an affected device in order to exploit this vulnerability. The vulnerability could allow an attacker ...
Title
SSA-456423 (Last Update: 2020-02-10): Vulnerabilities in SIMATIC S7-1500 CPU family
Published
Feb. 10, 2020, 1 a.m.
Summary
The new firmware update for the SIMATIC S7-1500 CPU firmware fixes several vulnerabilities, which may have been exploitable via network by Web application attacks or Denial-of-Service attacks with specially crafted network packets on different ports. Siemens addresses and fixes all of these issues by the new firmware update.
Title
SSA-268644 (Last Update: 2020-02-10): Spectre-NG (Variants 3a and 4) Vulnerabilities in Industrial Products
Published
Feb. 10, 2020, 1 a.m.
Summary
Security researchers published information on vulnerabilities known as Spectre-NG (Variants 3a and 4). These vulnerabilities affect many modern processors from different vendors to a varying degree. Several Industrial Products include affected processors and are affected by the vulnerabilities.
Title
SSA-724606 (Last Update: 2020-02-10): Denial-of-Service Vulnerabilities in SIMATIC S7-1200 CPU Family
Published
Feb. 10, 2020, 1 a.m.
Summary
Siemens SIMATIC S7-1200 PLCs, version 2 and higher, allow device management over TCP port 102 (ISO-TSAP) and retrieving status information over UDP port 161 (SNMP). It is possible to cause the device to go into defect mode by sending specially crafted packets to these ports. Siemens addresses these issues with ...
Title
SSA-804486 (Last Update: 2020-02-10): Multiple Vulnerabilities in SIMATIC Panels and SIMATIC WinCC (TIA Portal)
Published
Feb. 10, 2020, 1 a.m.
Summary
The latest update for SIMATIC Panel Software and SIMATIC WinCC (TIA Portal) fixes two vulnerabilities. The most severe is a vulnerability which could allow an attacker with network access to the integrated device to read and write variables via SNMP. Siemens recommends to update to the newest version.
Title
SSA-625789 (Last Update: 2020-02-10): Security Vulnerabilities in Siemens SIMATIC S7-1200 CPU
Published
Feb. 10, 2020, 1 a.m.
Summary
Security experts have examined the SIMATIC S7-1200 Programmable Logic Controller (PLC). This research has revealed some weaknesses in the SIMATIC S71200 CPU communication and authentication functions. Once the automation network is compromised it is possible to demonstrate the following weaknesses using a remote exploit: - Trigger CPU functions by record ...
Title
SSA-180635 (Last Update: 2020-02-10): Denial-of-Service Vulnerabilities in SIMATIC S7-1500 CPU Family
Published
Feb. 10, 2020, 1 a.m.
Summary
Older versions of the S7-1500 CPU are affected by two Denial-of-Service vulnerabilities. Siemens has released updates for the currently supported hardware versions.
Title
SSA-253230 (Last Update: 2020-02-10): Vulnerabilities in SIMATIC S7-1500 CPU family
Published
Feb. 10, 2020, 1 a.m.
Summary
Siemens has released a firmware update for the SIMATIC S7-1500 CPU family which fixes two vulnerabilities. The more severe of these vulnerabilities could allow attackers to cause a Denial-of-Service under certain conditions.
Title
SSA-987029 (Last Update: 2020-02-10): Denial-of-Service Vulnerability in SIMATIC S7-300 CPU Family
Published
Feb. 10, 2020, 1 a.m.
Summary
A vulnerability could allow attackers to perform a Denial-of-Service attack over the network without prior authentication against S7-300 CPUs under certain conditions. Siemens recommends specific mitigations. Siemens will update this advisory when new information becomes available.
Title
SSA-130874 (Last Update: 2020-02-10): Multiple Security Vulnerabilities in SCALANCE X Switches
Published
Feb. 10, 2020, 1 a.m.
Summary
A denial of service vulnerability was found in several Siemens Scalance X switches. Siemens addresses the vulnerability by two firmware upgrades. The web server of the vulnerable switches is susceptible to a remote denial of service attack. If the attack is executed, it causes a reboot of the device and ...
Title
SSA-306710 (Last Update: 2020-02-10): Denial-of-Service Vulnerability in SIMATIC S7-300 CPU Family
Published
Feb. 10, 2020, 1 a.m.
Summary
Siemens has released a firmware update for the S7-300 CPU family which fixes a vulnerability that could allow remote attackers to perform a Denial-of-Service attack.
Title
SSA-818183 (Last Update: 2020-02-10): Denial-of-Service Vulnerability in SIMATIC S7-300 CPU Family
Published
Feb. 10, 2020, 1 a.m.
Summary
Siemens has released a firmware update for the SIMATIC S7-300 CPU family which fixes a vulnerability that could allow remote attackers to perform a Denial-of-Service attack under certain conditions.
Title
SSA-134003 (Last Update: 2020-02-10): Web Vulnerability in SIMATIC S7-1200 Family
Published
Feb. 10, 2020, 1 a.m.
Summary
The latest firmware update for SIMATIC S7-1200 CPUs fixes a vulnerability that could allow an attacker to perform a CSRF (Cross-Site Request Forgery) attack under certain conditions.
Title
SSA-168644 (Last Update: 2020-02-10): Spectre and Meltdown Vulnerabilities in Industrial Products
Published
Feb. 10, 2020, 1 a.m.
Summary
Security researchers published information on vulnerabilities known as Spectre and Meltdown. These vulnerabilities affect many modern processors from different vendors to a varying degree. Several Industrial Products include affected processors and are affected by the vulnerabilities.
Title
SSA-954136 (Last Update: 2020-02-10): User Impersonation Vulnerability in SCALANCE X-200IRT Switch Family
Published
Feb. 10, 2020, 1 a.m.
Summary
The latest firmware update for the SCALANCE X-200IRT switch family fixes a vulnerability which could allow attackers to impersonate legitimate users of the web interface.

Last Updates

BOSCH PSIRT
20.03.2024
CODESYS
28.06.2023
SIEMENS CERT
19.04.2024
US CERT
17.04.2024
US CERT (ICS)
18.04.2024

By Source

Archive

2024
2023
2022
2021
2020
2019
2018
2017

Feeds