Bulletins

SIEMENS CERT
10/13/2020

SSB-439005 (Last Update: 2020-10-13): Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP

SIEMENS CERT
10/13/2020

SSA-398519 (Last Update: 2020-10-13): Vulnerabilities in Intel CPUs (November 2019)

Intel has published information on vulnerabilities in Intel products in November 2019. In this advisory Siemens only explicitly mentions the vulnerabilities from the “Intel® CPU Security Advisory” and one vulnerability from “Intel® CSME, Intel® SPS, Intel® TXE, Intel® AMT, Intel® PTT and Intel® DAL Advisory” and lists the Siemens IPC …
SIEMENS CERT
10/13/2020

SSA-381684 (Last Update: 2020-10-13): Improper Password Protection during Authentication in SIMATIC S7-300 and S7-400 CPUs and Derived Products

A vulnerability has been identified in SIMATIC S7-300 and S7-400 CPU families and derived products, which could result in credential disclosure. Siemens recommends countermeasures as there are currently no fixes available.
SIEMENS CERT
10/13/2020

SSA-384879 (Last Update: 2020-10-13): Authentication Bypass Vulnerability in SIPORT MP

SIPORT MP version 3.2.1 fixes an authentication bypass vulnerability which could enable an attacker to impersonate other users of the system and perform administrative actions. Siemens recommends to apply the update.
SIEMENS CERT
10/13/2020

SSA-689071 (Last Update: 2020-10-13): DNSMasq Vulnerabilities in SCALANCE W1750D, SCALANCE M-800 / S615 and RUGGEDCOM RM1224

Multiple vulnerabilities have been identified in SCALANCE W1750D, SCALANCE M-800 / S615 and RUGGEDCOM RM1224 devices. The highest scored vulnerability could allow a remote attacker to crash the DNS service or execute arbitrary code. The attacker must be able to craft malicious DNS responses and inject them into the network …
SIEMENS CERT
09/08/2020

SSA-473245 (Last Update: 2020-09-08): Denial-of-Service Vulnerability in Profinet Devices

A vulnerability in affected devices could allow an attacker to perform a denial-of-service attack if a large amount of specially crafted UDP packets are sent to the device. Siemens has released updates for several affected products, and recommends that customers update to the new version. Siemens is preparing further updates …
SIEMENS CERT
09/08/2020

SSA-480230 (Last Update: 2020-09-08): Denial-of-Service in Webserver of Industrial Products

A vulnerability in the affected devices could allow an unauthorized attacker with network access to the webserver of an affected device to perform a denial-of-service attack. Siemens has released updates for several affected products and recommends to update to the new versions. Siemens is preparing further updates and recommends specific …
SIEMENS CERT
09/08/2020

SSA-780073 (Last Update: 2020-09-08): Denial-of-Service Vulnerability in PROFINET Devices via DCE-RPC Packets

Products that include the Siemens PROFINET-IO (PNIO) stack in versions prior V06.00 are potentially affected by a denial-of-service vulnerability when multiple legitimate diagnostic package requests are sent to the DCE-RPC interface. Siemens has released updates for several affected products and recommends to update to the new versions. Siemens is preparing …