SIEMENS CERT
02/10/2020
SIMATIC S7-400 CPUs are affected by a security vulnerability which could lead to a Denial-of-Service condition of the PLC if specially crafted packets are received and processed. The affected SIMATIC S7-400 CPU hardware versions are in the product cancellation phase or already phased-out. Siemens recommends customers either upgrading to a …
SIEMENS CERT
02/10/2020
The latest update for SIMATIC Panel software and SIMATIC WinCC (TIA Portal) fixes a vulnerability that could allow an attacker with network access to the web server to perform a HTTP header injection attack.
SIEMENS CERT
02/10/2020
The latest firmware update for the SCALANCE X-200IRT switch family fixes a vulnerability which could allow attackers to impersonate legitimate users of the web interface.
SIEMENS CERT
02/10/2020
The latest update for TIM 1531 IRC fixes a vulnerability. The device was missing proper authentication when connecting on port 102/tcp, although configured. An attacker needs to be able to connect to port 102/tcp of an affected device in order to exploit this vulnerability. The vulnerability could allow an attacker …
SIEMENS CERT
02/10/2020
A vulnerability could allow attackers to perform a Denial-of-Service attack over the network without prior authentication against S7-300 CPUs under certain conditions. Siemens recommends specific mitigations. Siemens will update this advisory when new information becomes available.
SIEMENS CERT
02/10/2020
The latest updates for the affected products fix the “GHOST” [1] vulnerability identified in glibc library (CVE-2015-0235). Incorrect parsing within the glibc library functions “gethostbyname()” and “gethostbyname2()” could cause a Denial-of-Service of the targeted system. [1] https://nvd.nist.gov/vuln/detail/CVE-2015-0235
SIEMENS CERT
01/14/2020
The EN100 Ethernet communication modules are affected by security vulnerabilities which could allow an attacker to disclose information. Siemens has released updates for several affected products, is working on updates for the remaining affected products, and recommends specific countermeasures until fixes are available.
SIEMENS CERT
01/14/2020
A vulnerability exists in several SCALANCE X switches that could allow external entities to reconstruct passwords for users of the affected devices if an attacker is able to obtain a backup of the device configuration. Siemens has released updates for some of the affected devices and is working on updates …