SIEMENS CERT
02/10/2020
Security experts have examined the SIMATIC S7-1200 Programmable Logic Controller (PLC). This research has revealed some weaknesses in the SIMATIC S71200 CPU communication and authentication functions. Once the automation network is compromised it is possible to demonstrate the following weaknesses using a remote exploit: - Trigger CPU functions by record …
SIEMENS CERT
02/10/2020
The "Heartbleed" vulnerability in the OpenSSL cryptographic software library (CVE-2014-0160) affects several Siemens industrial products. Siemens has resolved the issue in all affected industrial products and provides updates which fix this vulnerability.
SIEMENS CERT
02/10/2020
The latest product release of the SIMATIC S7-1200 CPU fixes several vulnerabilities. The most severe of these vulnerabilities could allow an attacker to take over an authenticated web session if the session token can be predicted. The attacker must have network access to the device to exploit this vulnerability. Further …
SIEMENS CERT
02/10/2020
The latest firmware update for SIMATIC CP 1543-1 devices fixes two vulnerabilities. One of these vulnerabilities could allow authorized users to escalate their privileges on the CP.
SIEMENS CERT
02/10/2020
Siemens SIMATIC S7-1200 PLCs, version 2 and higher, allow device management over TCP port 102 (ISO-TSAP) and retrieving status information over UDP port 161 (SNMP). It is possible to cause the device to go into defect mode by sending specially crafted packets to these ports. Siemens addresses these issues with …
SIEMENS CERT
02/10/2020
Two vulnerabilities have been identified in SIMATIC S7-300 and S7-400 CPU families. One vulnerability could lead to a Denial-of-Service, the other vulnerability could result in credential disclosure. Siemens recommends specific mitigations. Siemens will update this advisory when new information becomes available.
SIEMENS CERT
02/10/2020
A potential vulnerability was discovered in the SINAMICS S/G converter family which might allow attackers to access administrative functions on the device without authentication. Siemens addresses the issue by a firmware update.
SIEMENS CERT
02/10/2020
Siemens has released updates for Communication Processor (CP) module families CP 343-1/TIM 3V-IE/TIM 4R-IE/CP 443-1 to resolve an authentication bypass vulnerability that could allow unauthenticated users to perform administrative operations under certain conditions.