Bulletins

SIEMENS CERT
02/10/2020

SSA-774850 (Last Update: 2020-02-10): Vulnerabilities in SIEMENS LOGO!8 devices

Two vulnerabilities have been identified in SIEMENS LOGO!8 devices. The Session ID on the integrated webserver of LOGO!8 devices is not invalidated upon logout. The second vulnerability could allow an attacker with network access to port 10005/tcp to cause a Denial-of-Service condition by sending specifically crafted packages to the service. …
SIEMENS CERT
02/10/2020

SSA-804486 (Last Update: 2020-02-10): Multiple Vulnerabilities in SIMATIC Panels and SIMATIC WinCC (TIA Portal)

The latest update for SIMATIC Panel Software and SIMATIC WinCC (TIA Portal) fixes two vulnerabilities. The most severe is a vulnerability which could allow an attacker with network access to the integrated device to read and write variables via SNMP. Siemens recommends to update to the newest version.
SIEMENS CERT
02/10/2020

SSA-818183 (Last Update: 2020-02-10): Denial-of-Service Vulnerability in SIMATIC S7-300 CPU Family

Siemens has released a firmware update for the SIMATIC S7-300 CPU family which fixes a vulnerability that could allow remote attackers to perform a Denial-of-Service attack under certain conditions.
SIEMENS CERT
02/10/2020

SSA-833048 (Last Update: 2020-02-10): Vulnerability in SIMATIC S7-1200 CPU Family

Siemens became aware that the discontinued products SIMATIC S7-1200 CPUs prior to version 4 could allow for the circumvention of user program block protection under certain conditions.
SIEMENS CERT
02/10/2020

SSA-850708 (Last Update: 2020-02-10): Authentication Bypass in SCALANCE X-200 Switch Family

A potential vulnerability was discovered in the web server’s authentication of SCALANCE X-200 switches that might allow attackers to hijack web sessions over the network without authentication. Siemens addresses the issue with a firmware update.
SIEMENS CERT
02/10/2020

SSA-874235 (Last Update: 2020-02-10): Intel Vulnerability in Siemens Industrial Products

SIEMENS CERT
02/10/2020

SSA-892012 (Last Update: 2020-02-10): Web Vulnerabilities in SIMATIC S7-1200 CPU Family

The latest product release of the SIMATIC S7-1200 CPU fixes two vulnerabilities. The more severe of these vulnerabilities could allow an attacker to inject HTTP headers if unsuspecting users are tricked to click on a malicious link. Another vulnerability resolved in this product release is discussed below.
SIEMENS CERT
02/10/2020

SSA-892715 (Last Update: 2020-02-10): ME, SPS and TXE Vulnerabilities in SIMATIC IPCs

Intel has identified vulnerabilities in Intel Management Engine (ME), Intel Server Platform Services (SPS), and Intel Trusted Execution Engine (TXE). As several Siemens Industrial PCs use Intel technology, they are also affected. Siemens has released updates for the affected Industrial PCs.