February 2020
10.02.2020
SIEMENS CERT
SSA-179516 (Last Update: 2020-02-10): OpenSSL Vulnerability in Industrial Products
Title
SSA-179516 (Last Update: 2020-02-10): OpenSSL Vulnerability in Industrial Products
Published
Feb. 10, 2020, 1 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-179516.pdf
Summary
A vulnerability in OpenSSL affects several Siemens industrial products. Siemens has released updates for some affected products and is working on updates for others.
10.02.2020
SIEMENS CERT
SSA-87240 (Last Update: 2020-02-10): Vulnerabilities in SIEMENS LOGO!
Title
SSA-87240 (Last Update: 2020-02-10): Vulnerabilities in SIEMENS LOGO!
Published
Feb. 10, 2020, 1 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-87240.pdf
Summary
Two vulnerabilities have been identified in SIEMENS LOGO!8 BM devices. The most severe vulnerability could allow an attacker to hijack existing web sessions. Siemens provides LOGO!8 BM FS-05 with firmware version V1.81.2, which fixes the first vulnerability, and recommends specific mitigations for the second vulnerability.
10.02.2020
SIEMENS CERT
SSA-100232 (Last Update: 2020-02-10): Denial-of-Service vulnerability in SCALANCE X switches
Title
SSA-100232 (Last Update: 2020-02-10): Denial-of-Service vulnerability in SCALANCE X switches
Published
Feb. 10, 2020, 1 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-100232.pdf
Summary
A vulnerability in the affected devices could allow an unauthenticated attacker with network access to an affected device to perform a denial-of-service. Siemens is preparing updates and recommends specific countermeasures until patches are available.
10.02.2020
SIEMENS CERT
SSA-141614 (Last Update: 2020-02-10): Denial-of-Service in SIMOCODE pro V EIP
Title
SSA-141614 (Last Update: 2020-02-10): Denial-of-Service in SIMOCODE pro V EIP
Published
Feb. 10, 2020, 1 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-141614.pdf
Summary
SIMOCODE pro V EIP is affected by a vulnerability that could allow remote attackers to conduct a Denial-of-Service (DoS) attack by sending specially crafted packets to port 161/udp (SNMP). Siemens has released an update for SIMOCODE pro V EIP and recommends that customers update to the new version.
10.02.2020
SIEMENS CERT
SSA-321046 (Last Update: 2020-02-10): Denial-of-Service Vulnerability in SCALANCE X-300/X408 Switch Family
Title
SSA-321046 (Last Update: 2020-02-10): Denial-of-Service Vulnerability in SCALANCE X-300/X408 Switch Family
Published
Feb. 10, 2020, 1 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-321046.pdf
Summary
The latest firmware update for the Siemens SCALANCE X-300 switch family and SCALANCE X 408 fixes two vulnerabilities. The vulnerabilities could allow attackers to cause a device reboot under certain conditions. An attacker must have network access to the device to exploit this vulnerability.
10.02.2020
SIEMENS CERT
SSA-892012 (Last Update: 2020-02-10): Web Vulnerabilities in SIMATIC S7-1200 CPU Family
Title
SSA-892012 (Last Update: 2020-02-10): Web Vulnerabilities in SIMATIC S7-1200 CPU Family
Published
Feb. 10, 2020, 1 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-892012.pdf
Summary
The latest product release of the SIMATIC S7-1200 CPU fixes two vulnerabilities. The more severe of these vulnerabilities could allow an attacker to inject HTTP headers if unsuspecting users are tricked to click on a malicious link. Another vulnerability resolved in this product release is discussed below.
10.02.2020
SIEMENS CERT
SSA-850708 (Last Update: 2020-02-10): Authentication Bypass in SCALANCE X-200 Switch Family
Title
SSA-850708 (Last Update: 2020-02-10): Authentication Bypass in SCALANCE X-200 Switch Family
Published
Feb. 10, 2020, 1 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-850708.pdf
Summary
A potential vulnerability was discovered in the web server’s authentication of SCALANCE X-200 switches that might allow attackers to hijack web sessions over the network without authentication. Siemens addresses the issue with a firmware update.
10.02.2020
SIEMENS CERT
SSA-306710 (Last Update: 2020-02-10): Denial-of-Service Vulnerability in SIMATIC S7-300 CPU Family
Title
SSA-306710 (Last Update: 2020-02-10): Denial-of-Service Vulnerability in SIMATIC S7-300 CPU Family
Published
Feb. 10, 2020, 1 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-306710.pdf
Summary
Siemens has released a firmware update for the S7-300 CPU family which fixes a vulnerability that could allow remote attackers to perform a Denial-of-Service attack.
10.02.2020
SIEMENS CERT
SSA-546832 (Last Update: 2020-02-10): Vulnerabilities in Medium Voltage SINAMICS and SIMOTION Products
Title
SSA-546832 (Last Update: 2020-02-10): Vulnerabilities in Medium Voltage SINAMICS and SIMOTION Products
Published
Feb. 10, 2020, 1 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-546832.pdf
Summary
The latest updates for medium voltage SINAMICS products fix two security vulnerabilities that could allow an attacker to cause a Denial-of-Service condition either via specially crafted PROFINET DCP broadcast packets or by sending specially crafted packets to port 161/udp (SNMP). Precondition for the PROFINET DCP scenario is a direct Layer ...
10.02.2020
SIEMENS CERT
SSA-892715 (Last Update: 2020-02-10): ME, SPS and TXE Vulnerabilities in SIMATIC IPCs
Title
SSA-892715 (Last Update: 2020-02-10): ME, SPS and TXE Vulnerabilities in SIMATIC IPCs
Published
Feb. 10, 2020, 1 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-892715.pdf
Summary
Intel has identified vulnerabilities in Intel Management Engine (ME), Intel Server Platform Services (SPS), and Intel Trusted Execution Engine (TXE). As several Siemens Industrial PCs use Intel technology, they are also affected. Siemens has released updates for the affected Industrial PCs.
10.02.2020
SIEMENS CERT
SSA-254686 (Last Update: 2020-02-10): Foreshadow / L1 Terminal Fault Vulnerabilities in Industrial Products
Title
SSA-254686 (Last Update: 2020-02-10): Foreshadow / L1 Terminal Fault Vulnerabilities in Industrial Products
Published
Feb. 10, 2020, 1 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-254686.pdf
Summary
Security researchers published information on vulnerabilities known as Foreshadow and L1 Terminal Fault (L1TF). These vulnerabilities affect many modern processors from different vendors to a varying degree. Several Siemens Industrial Products contain processors that are affected by the vulnerabilities.
10.02.2020
SIEMENS CERT
SSA-818183 (Last Update: 2020-02-10): Denial-of-Service Vulnerability in SIMATIC S7-300 CPU Family
Title
SSA-818183 (Last Update: 2020-02-10): Denial-of-Service Vulnerability in SIMATIC S7-300 CPU Family
Published
Feb. 10, 2020, 1 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-818183.pdf
Summary
Siemens has released a firmware update for the SIMATIC S7-300 CPU family which fixes a vulnerability that could allow remote attackers to perform a Denial-of-Service attack under certain conditions.
10.02.2020
SIEMENS CERT
SSA-654382 (Last Update: 2020-02-10): Vulnerabilities in SIMATIC S7-1200 CPU Familiy
Title
SSA-654382 (Last Update: 2020-02-10): Vulnerabilities in SIMATIC S7-1200 CPU Familiy
Published
Feb. 10, 2020, 1 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-654382.pdf
Summary
The latest product release of the SIMATIC S7-1200 CPU fixes several vulnerabilities. The most severe of these vulnerabilities could allow an attacker to take over an authenticated web session if the session token can be predicted. The attacker must have network access to the device to exploit this vulnerability. Further ...
10.02.2020
SIEMENS CERT
SSA-954136 (Last Update: 2020-02-10): User Impersonation Vulnerability in SCALANCE X-200IRT Switch Family
Title
SSA-954136 (Last Update: 2020-02-10): User Impersonation Vulnerability in SCALANCE X-200IRT Switch Family
Published
Feb. 10, 2020, 1 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-954136.pdf
Summary
The latest firmware update for the SCALANCE X-200IRT switch family fixes a vulnerability which could allow attackers to impersonate legitimate users of the web interface.
10.02.2020
SIEMENS CERT
SSA-087240 (Last Update: 2020-02-10): Vulnerabilities in SIEMENS LOGO!
Title
SSA-087240 (Last Update: 2020-02-10): Vulnerabilities in SIEMENS LOGO!
Published
Feb. 10, 2020, 1 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-087240.pdf
Summary
Two vulnerabilities have been identified in SIEMENS LOGO!8 BM devices. The most severe vulnerability could allow an attacker to hijack existing web sessions. Siemens provides LOGO!8 BM FS-05 with firmware version V1.81.2, which fixes the first vulnerability, and recommends specific mitigations for the second vulnerability.
10.02.2020
SIEMENS CERT
SSA-253230 (Last Update: 2020-02-10): Vulnerabilities in SIMATIC S7-1500 CPU family
Title
SSA-253230 (Last Update: 2020-02-10): Vulnerabilities in SIMATIC S7-1500 CPU family
Published
Feb. 10, 2020, 1 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-253230.pdf
Summary
Siemens has released a firmware update for the SIMATIC S7-1500 CPU family which fixes two vulnerabilities. The more severe of these vulnerabilities could allow attackers to cause a Denial-of-Service under certain conditions.
10.02.2020
SIEMENS CERT
SSA-130874 (Last Update: 2020-02-10): Multiple Security Vulnerabilities in SCALANCE X Switches
Title
SSA-130874 (Last Update: 2020-02-10): Multiple Security Vulnerabilities in SCALANCE X Switches
Published
Feb. 10, 2020, 1 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-130874.pdf
Summary
A denial of service vulnerability was found in several Siemens Scalance X switches. Siemens addresses the vulnerability by two firmware upgrades. The web server of the vulnerable switches is susceptible to a remote denial of service attack. If the attack is executed, it causes a reboot of the device and ...
10.02.2020
SIEMENS CERT
SSA-944083 (Last Update: 2020-02-10): HTTP Header Injection in SIMATIC Panels and SIMATIC WinCC (TIA Portal)
Title
SSA-944083 (Last Update: 2020-02-10): HTTP Header Injection in SIMATIC Panels and SIMATIC WinCC (TIA Portal)
Published
Feb. 10, 2020, 1 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-944083.pdf
Summary
The latest update for SIMATIC Panel software and SIMATIC WinCC (TIA Portal) fixes a vulnerability that could allow an attacker with network access to the web server to perform a HTTP header injection attack.
10.02.2020
SIEMENS CERT
SSA-447396 (Last Update: 2020-02-10): Denial-of-Service in SCALANCE X-300, SCALANCE X408 and SCALANCE X414
Title
SSA-447396 (Last Update: 2020-02-10): Denial-of-Service in SCALANCE X-300, SCALANCE X408 and SCALANCE X414
Published
Feb. 10, 2020, 1 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-447396.pdf
Summary
A vulnerability has been identified in the integrated web server of SCALANCE X300, SCALANCE X408, and SCALANCE X414. The vulnerability could allow an attacker with network access to the device to cause a Denial-of-Service condition. The vulnerability can be triggered with publicly available tools, including vulnerability scanners. Siemens provides updates ...
10.02.2020
SIEMENS CERT
SSA-625789 (Last Update: 2020-02-10): Security Vulnerabilities in Siemens SIMATIC S7-1200 CPU
Title
SSA-625789 (Last Update: 2020-02-10): Security Vulnerabilities in Siemens SIMATIC S7-1200 CPU
Published
Feb. 10, 2020, 1 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-625789.pdf
Summary
Security experts have examined the SIMATIC S7-1200 Programmable Logic Controller (PLC). This research has revealed some weaknesses in the SIMATIC S71200 CPU communication and authentication functions. Once the automation network is compromised it is possible to demonstrate the following weaknesses using a remote exploit: - Trigger CPU functions by record ...
10.02.2020
SIEMENS CERT
SSA-240718 (Last Update: 2020-02-10): Insecure storage of HTTPS CA certificate in SIMATIC S7-1200 V2.x
Title
SSA-240718 (Last Update: 2020-02-10): Insecure storage of HTTPS CA certificate in SIMATIC S7-1200 V2.x
Published
Feb. 10, 2020, 1 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-240718.pdf
Summary
For the convenience of the customer, a Certificate Authority (CA) for HTTPS connections is installed on the Siemens SIMATIC S7-1200 PLC. The user has the option to trust this CA which if selected installs the certificate into the browser’s certificate store. Once the user completes this step, the browser will ...
10.02.2020
SIEMENS CERT
SSA-168644 (Last Update: 2020-02-10): Spectre and Meltdown Vulnerabilities in Industrial Products
Title
SSA-168644 (Last Update: 2020-02-10): Spectre and Meltdown Vulnerabilities in Industrial Products
Published
Feb. 10, 2020, 1 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-168644.pdf
Summary
Security researchers published information on vulnerabilities known as Spectre and Meltdown. These vulnerabilities affect many modern processors from different vendors to a varying degree. Several Industrial Products include affected processors and are affected by the vulnerabilities.
10.02.2020
SIEMENS CERT
SSA-134003 (Last Update: 2020-02-10): Web Vulnerability in SIMATIC S7-1200 Family
Title
SSA-134003 (Last Update: 2020-02-10): Web Vulnerability in SIMATIC S7-1200 Family
Published
Feb. 10, 2020, 1 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-134003.pdf
Summary
The latest firmware update for SIMATIC S7-1200 CPUs fixes a vulnerability that could allow an attacker to perform a CSRF (Cross-Site Request Forgery) attack under certain conditions.
04.02.2020
US CERT (ICS)
AutomationDirect C-More Touch Panels
Title
AutomationDirect C-More Touch Panels
Published
Feb. 4, 2020, 4 p.m.
URL
https://www.us-cert.gov/ics/advisories/icsa-20-035-01
Summary
This advisory contains mitigations for an insufficiently protected credentials vulnerability in AutomationDirect's C-More Touch Panels software management platform.
January 2020
30.01.2020
US CERT (ICS)
Medtronic Conexus Radio Frequency Telemetry Protocol (Update A)
Title
Medtronic Conexus Radio Frequency Telemetry Protocol (Update A)
Published
Jan. 30, 2020, 4:05 p.m.
URL
https://www.us-cert.gov/ics/advisories/ICSMA-19-080-01
Summary
This updated advisory is a follow-up to the original advisory titled ICSMA-19-080-01 Medtronic Conexus Radio Frequency Telemetry Protocol that was published March 21, 2019, on the ICS webpage on us-cert.gov. This medical advisory includes mitigations for improper access control and cleartext transmission of sensitive information vulnerabilities reported in Medtronic's proprietary ...

Last Updates

BOSCH PSIRT
20.03.2024
CODESYS
28.06.2023
SIEMENS CERT
19.04.2024
US CERT
17.04.2024
US CERT (ICS)
30.04.2024

By Source

Archive

2024
2023
2022
2021
2020
2019
2018
2017

Feeds