Bulletins | CERT@VDE

Multiple industrial products are affected by a vulnerability in the kernel known as TCP SACK PANIC. The vulnerability could allow a remote attacker to cause a denial of service condition. Siemens has released updates for several affected products, and recommends that customers update to the new version. Siemens is preparing ...

12.11.2019

SIEMENS CERT

SSA-473245 (Last Update: 2019-11-12): Denial-of-Service Vulnerability in Profinet Devices

Title

SSA-473245 (Last Update: 2019-11-12): Denial-of-Service Vulnerability in Profinet Devices

Published

Nov. 12, 2019, 1 a.m.

URL

https://cert-portal.siemens.com/productcert/pdf/ssa-473245.pdf

Summary

A vulnerability in affected devices could allow an attacker to perform a denial-of-service attack if a large amount of specially crafted UDP packets are sent to the device. Siemens has released updates for several affected products, and recommends that customers update to the new version. Siemens is preparing further updates ...

12.11.2019

SIEMENS CERT

SSA-616472 (Last Update: 2019-11-12): ZombieLoad and Microarchitectural Data Sampling Vulnerabilities in Industrial Products

Title

SSA-616472 (Last Update: 2019-11-12): ZombieLoad and Microarchitectural Data Sampling Vulnerabilities in Industrial Products

Published

Nov. 12, 2019, 1 a.m.

URL

https://cert-portal.siemens.com/productcert/pdf/ssa-616472.pdf

Summary

Security researchers published information on vulnerabilities known as ZombieLoad and Microarchitectural Data Sampling (MDS). These vulnerabilities affect many modern processors from different vendors to a varying degree. Several Siemens Industrial Products contain processors that are affected by the vulnerabilities.

12.11.2019

SIEMENS CERT

SSA-530931 (Last Update: 2019-11-12): Denial-of-Service in Webserver of Industrial Products

Title

SSA-530931 (Last Update: 2019-11-12): Denial-of-Service in Webserver of Industrial Products

Published

Nov. 12, 2019, 1 a.m.

URL

https://cert-portal.siemens.com/productcert/pdf/ssa-530931.pdf

Summary

A vulnerability in the affected products could allow an unauthorized attacker with network access to the webserver of an affected device to perform a denial-of-service attack. Siemens has released updates for several affected products, and recommends that customers update to the new version. Siemens is preparing further updates and recommends ...

12.11.2019

SIEMENS CERT

SSA-898181 (Last Update: 2019-11-12): Desigo PX Web Remote Denial of Service Vulnerability

Title

SSA-898181 (Last Update: 2019-11-12): Desigo PX Web Remote Denial of Service Vulnerability

Published

Nov. 12, 2019, 1 a.m.

URL

https://cert-portal.siemens.com/productcert/pdf/ssa-898181.pdf

Summary

The latest update for Desigo PXC devices fixes a vulnerability that could allow unauthenticated remote users to cause a denial of service condition on the PX Web interface (HTTP, port tcp/80) of a device. Devices where PX Web is not enabled are not affected by this vulnerability.

12.11.2019

SIEMENS CERT

SSA-434032 (Last Update: 2019-11-12): Vulnerability in Mentor Nucleus Networking Module

Title

SSA-434032 (Last Update: 2019-11-12): Vulnerability in Mentor Nucleus Networking Module

Published

Nov. 12, 2019, 1 a.m.

URL

https://cert-portal.siemens.com/productcert/pdf/ssa-434032.pdf

Summary

Mentor Nucleus by Mentor, a Siemens Business, is affected by one vulnerability. This vulnerability could allow an attacker to affect the integrity and availability of the device.

Last Updates

By Source

Archive

2024

2023

2022

2021

2020

2019

2018

2017

Feeds