Bulletins

The latest update for SIMATIC WinCC OA V3.14 fixes a vulnerability that could allow an unauthenticated remote user to escalate its privileges in the context of SIMATIC WinCC OA V3.14. This vulnerability affects SIMATIC WinCC OA V3.14 and prior. SIMATIC WinCC OA V3.15 and V3.16 are not affected by this …

All versions of the TD Keypad Designer for printing customized lamination sheets for Text Display devices are affected by a DLL hijacking vulnerability that could allow a local low-privileged attacker to escalate his privileges. Text Display devices and TD Keypad Designer have been discontinued in 2012 and were replaced by …

A vulnerability has been identified in the integrated web server of SCALANCE X300, SCALANCE X408, and SCALANCE X414. The vulnerability could allow an attacker with network access to the device to cause a Denial-of-Service condition. The vulnerability can be triggered with publicly available tools, including vulnerability scanners. Siemens provides updates …

SIMATIC S7-400 CPUs are affected by a security vulnerability which could lead to a Denial-of-Service condition of the PLC if specially crafted packets are received and processed. The affected SIMATIC S7-400 CPU hardware versions are in the product cancellation phase or already phased-out. Siemens recommends customers either upgrading to a …

Security researchers published information on vulnerabilities known as Spectre, Meltdown, Spectre-NG, Lazy FP State Restore, Spectre V1.1, and L1 Terminal Fault/Foreshadow. These vulnerabilities affect many modern processors from different vendors to a varying degree. Siemens is analyzing the impact of these vulnerabilities and of the mitigations released on its own …

The latest updates for Automation License Manager fix two vulnerabilities. One of them could allow an attacker to execute arbitrary code on the target device, the other one could allow an attacker to abuse the target system for basic network scanning.

The latest updates for SIMATIC STEP 7 (TIA Portal) and SIMATIC WinCC (TIA Portal) fix two vulnerabilities. These two vulnerabilities could either allow an attacker with local file write access to manipulate files and cause a Denial-of-service-condition, or execute code both on the manipulated installation and on devices that are …