Bulletins

A vulnerability in the affected devices could allow an unauthenticated attacker with network access to an affected device to perform a denial-of-service. Siemens is preparing updates and recommends specific countermeasures until patches are available.

The latest update for TIM 1531 IRC fixes a security vulnerability that could allow unauthorized remote attackers to perform administrative operations on the device. Siemens recommends updating as soon as possible.

Two vulnerabilities have been identified in the SIMATIC S7-400 CPU family that could allow an attacker to cause a Denial-of-Service condition. In order to exploit the vulnerability, an attacker must have access to the affected devices on port 102/tcp via Ethernet, PROFIBUS or Multi Point Interfaces (MPI). Siemens provides updates …

A denial of service vulnerability was found in several Siemens Scalance X switches. Siemens addresses the vulnerability by two firmware upgrades. The web server of the vulnerable switches is susceptible to a remote denial of service attack. If the attack is executed, it causes a reboot of the device and …

The latest firmware update for SIMATIC S7-1200 CPUs fixes a vulnerability that could allow an attacker to perform a CSRF (Cross-Site Request Forgery) attack under certain conditions.

SIMOCODE pro V EIP is affected by a vulnerability that could allow remote attackers to conduct a Denial-of-Service (DoS) attack by sending specially crafted packets to port 161/udp (SNMP). Siemens has released an update for SIMOCODE pro V EIP and recommends that customers update to the new version.

Security researchers published information on vulnerabilities known as Spectre and Meltdown. These vulnerabilities affect many modern processors from different vendors to a varying degree. Several Industrial Products include affected processors and are affected by the vulnerabilities.