Februar 2020
10.02.2020
SIEMENS CERT
SSA-347726 (Last Update: 2020-02-10): Denial-of-Service Vulnerability in SIMATIC S7-1500, SIMATIC S7-1500 Software Controller a...
Titel
SSA-347726 (Last Update: 2020-02-10): Denial-of-Service Vulnerability in SIMATIC S7-1500, SIMATIC S7-1500 Software Controller and SIMATIC ET 200SP Open Controller
Veröffentlicht
10. Februar 2020 01:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-347726.pdf
Text
Versions of SIMATIC S7-1500, SIMATIC S7-1500 Software Controller and SIMATIC ET200SP Open Controller are affected by a denial-of-service vulnerability. An attacker with network access to the PLC can cause a Denial-of-Service condition on the network stack.
10.02.2020
SIEMENS CERT
SSA-507847 (Last Update: 2020-02-10): Cross-Site Request Forgery Vulnerability in SIMATIC S7-1200 CPU Family Version 4
Titel
SSA-507847 (Last Update: 2020-02-10): Cross-Site Request Forgery Vulnerability in SIMATIC S7-1200 CPU Family Version 4
Veröffentlicht
10. Februar 2020 01:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-507847.pdf
Text
The latest firmware update for S7-1200 CPU family version 4 fixes a Cross-Site Request Forgery vulnerability. Siemens recommends to update affected devices as soon as possible.
10.02.2020
SIEMENS CERT
SSA-724606 (Last Update: 2020-02-10): Denial-of-Service Vulnerabilities in SIMATIC S7-1200 CPU Family
Titel
SSA-724606 (Last Update: 2020-02-10): Denial-of-Service Vulnerabilities in SIMATIC S7-1200 CPU Family
Veröffentlicht
10. Februar 2020 01:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-724606.pdf
Text
Siemens SIMATIC S7-1200 PLCs, version 2 and higher, allow device management over TCP port 102 (ISO-TSAP) and retrieving status information over UDP port 161 (SNMP). It is possible to cause the device to go into defect mode by sending specially crafted packets to these ports. Siemens addresses these issues with ...
10.02.2020
SIEMENS CERT
SSA-268644 (Last Update: 2020-02-10): Spectre-NG (Variants 3a and 4) Vulnerabilities in Industrial Products
Titel
SSA-268644 (Last Update: 2020-02-10): Spectre-NG (Variants 3a and 4) Vulnerabilities in Industrial Products
Veröffentlicht
10. Februar 2020 01:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdf
Text
Security researchers published information on vulnerabilities known as Spectre-NG (Variants 3a and 4). These vulnerabilities affect many modern processors from different vendors to a varying degree. Several Industrial Products include affected processors and are affected by the vulnerabilities.
10.02.2020
SIEMENS CERT
SSA-914382 (Last Update: 2020-02-10): Denial-of-Service Vulnerability in SIMATIC S7-400 CPU Family
Titel
SSA-914382 (Last Update: 2020-02-10): Denial-of-Service Vulnerability in SIMATIC S7-400 CPU Family
Veröffentlicht
10. Februar 2020 01:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-914382.pdf
Text
SIMATIC S7-400 CPUs are affected by a security vulnerability which could lead to a Denial-of-Service condition of the PLC if specially crafted packets are received and processed. The affected SIMATIC S7-400 CPU hardware versions are in the product cancellation phase or already phased-out. Siemens recommends customers either upgrading to a ...
10.02.2020
SIEMENS CERT
SSA-987029 (Last Update: 2020-02-10): Denial-of-Service Vulnerability in SIMATIC S7-300 CPU Family
Titel
SSA-987029 (Last Update: 2020-02-10): Denial-of-Service Vulnerability in SIMATIC S7-300 CPU Family
Veröffentlicht
10. Februar 2020 01:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-987029.pdf
Text
A vulnerability could allow attackers to perform a Denial-of-Service attack over the network without prior authentication against S7-300 CPUs under certain conditions. Siemens recommends specific mitigations. Siemens will update this advisory when new information becomes available.
10.02.2020
SIEMENS CERT
SSA-542701 (Last Update: 2020-02-10): Vulnerabilities in SIEMENS LOGO!
Titel
SSA-542701 (Last Update: 2020-02-10): Vulnerabilities in SIEMENS LOGO!
Veröffentlicht
10. Februar 2020 01:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-542701.pdf
Text
Multiple vulnerabilities have been identified in SIEMENS LOGO!8 BM devices. The most severe vulnerability could lead to an attacker reading and modifying the device configuration if the attacker has access to port 10005/tcp.
04.02.2020
US CERT (ICS)
AutomationDirect C-More Touch Panels
Titel
AutomationDirect C-More Touch Panels
Veröffentlicht
4. Februar 2020 16:00
URL
https://www.us-cert.gov/ics/advisories/icsa-20-035-01
Text
This advisory contains mitigations for an insufficiently protected credentials vulnerability in AutomationDirect's C-More Touch Panels software management platform.
Januar 2020
30.01.2020
US CERT (ICS)
Medtronic Conexus Radio Frequency Telemetry Protocol (Update A)
Titel
Medtronic Conexus Radio Frequency Telemetry Protocol (Update A)
Veröffentlicht
30. Januar 2020 16:05
URL
https://www.us-cert.gov/ics/advisories/ICSMA-19-080-01
Text
This updated advisory is a follow-up to the original advisory titled ICSMA-19-080-01 Medtronic Conexus Radio Frequency Telemetry Protocol that was published March 21, 2019, on the ICS webpage on us-cert.gov. This medical advisory includes mitigations for improper access control and cleartext transmission of sensitive information vulnerabilities reported in Medtronic's proprietary ...
30.01.2020
US CERT (ICS)
Medtronic 2090 Carelink Programmer Vulnerabilities (Update C)
Titel
Medtronic 2090 Carelink Programmer Vulnerabilities (Update C)
Veröffentlicht
30. Januar 2020 16:00
URL
https://www.us-cert.gov/ics/advisories/ICSMA-18-058-01
Text
This updated advisory is a follow-up to the updated advisory titled ICSMA-18-058-01 Medtronic 2090 Carelink Programmer Vulnerabilities (Update B) that was published October 11, 2018, ICS webpage on us-cert.gov. This medical device advisory contains mitigation details for vulnerabilities in Medtronic’s 2090 CareLink Programmer and its accompanying software deployment network.
29.01.2020
BOSCH PSIRT
Missing Authentication for Critical Function in Bosch Video Streaming Gateway
Titel
Missing Authentication for Critical Function in Bosch Video Streaming Gateway
Veröffentlicht
29. Januar 2020 01:00
URL
https://psirt.bosch.com/security-advisories/bosch-sa-260625-bt.html
Text

BOSCH-SA-260625-BT: A recently discovered security vulnerability affects the Bosch Video Streaming Gateway (VSG). The vulnerability is exploitable via the network interface. An unauthorized attacker can retrieve and set arbitrary configuration data of the VSG. Bosch rates this vulnerability with a CVSS v3.1 Base Score of 10.0 (Critical) and strongly recommends ...

29.01.2020
BOSCH PSIRT
Path Traversal in Bosch Video Management System NoTouch deployment
Titel
Path Traversal in Bosch Video Management System NoTouch deployment
Veröffentlicht
29. Januar 2020 01:00
URL
https://psirt.bosch.com/security-advisories/bosch-sa-815013-bt.html
Text

BOSCH-SA-815013-BT: A path traversal vulnerability exists in the BVMS NoTouch deployment. If this vulnerability is exploited an unauthenticated attacker without local shell access to a BVMS Central Server system is able to fetch arbitrary data from the file system of the Central Server computer. Under specific circumstances an attack can ...

29.01.2020
BOSCH PSIRT
Path Traversal in Bosch Video Management System
Titel
Path Traversal in Bosch Video Management System
Veröffentlicht
29. Januar 2020 01:00
URL
https://psirt.bosch.com/security-advisories/bosch-sa-381489-bt.html
Text

BOSCH-SA-381489-BT: A path traversal vulnerability exists in the BVMS. An authenticated BVMS user can successfully request and fetch arbitrary files from the Central Server machine using the FileTransferService. Bosch rates this vulnerability with a CVSS v3.1 Base Score of 7.7 (High) and strongly recommends customers to update vulnerable components with ...

29.01.2020
BOSCH PSIRT
Deserialization of Untrusted Data in Bosch BVMS Mobile Video Service
Titel
Deserialization of Untrusted Data in Bosch BVMS Mobile Video Service
Veröffentlicht
29. Januar 2020 01:00
URL
https://psirt.bosch.com/security-advisories/bosch-sa-885551-bt.html
Text

BOSCH-SA-885551-BT: A recently discovered security vulnerability affects the BVMS Mobile Video Service (BVMS MVS). The vulnerability is exploitable via the network interface. Bosch rates this vulnerability with a CVSS v3.1 Base Score of 10.0 (Critical) and recommends customers to update the vulnerable components with fixed software versions. The vulnerability was ...

23.01.2020
US CERT (ICS)
GE CARESCAPE, ApexPro, and Clinical Information Center systems
Titel
GE CARESCAPE, ApexPro, and Clinical Information Center systems
Veröffentlicht
23. Januar 2020 17:00
URL
https://www.us-cert.gov/ics/advisories/icsma-20-023-01
Text
This advisory contains mitigations for multiple vulnerabilities in the GE CARESCAPE ApexPro and Clinical Information Center (CIC) healthcare monitoring platforms.
21.01.2020
US CERT (ICS)
Honeywell Maxpro VMS & NVR
Titel
Honeywell Maxpro VMS & NVR
Veröffentlicht
21. Januar 2020 16:00
URL
https://www.us-cert.gov/ics/advisories/icsa-20-021-01
Text
This advisory contains mitigations for deserialization of untrusted data and SQL injection vulnerabilities in Honeywell's MAXPRO VMS & NVR video management systems.
14.01.2020
US CERT (ICS)
GE PACSystems RX3i
Titel
GE PACSystems RX3i
Veröffentlicht
14. Januar 2020 23:25
URL
https://www.us-cert.gov/ics/advisories/icsa-20-014-01
Text
This advisory contains mitigations for an improper input validation vulnerability in GE's PACSystems RX3i controllers.
14.01.2020
US CERT (ICS)
Siemens SINEMA Server
Titel
Siemens SINEMA Server
Veröffentlicht
14. Januar 2020 23:20
URL
https://www.us-cert.gov/ics/advisories/icsa-20-014-02
Text
This advisory contains mitigations for an incorrect privilege assignment vulnerability in Siemens' SINEMA server network management software.
14.01.2020
US CERT (ICS)
Siemens SINAMICS PERFECT HARMONY GH180
Titel
Siemens SINAMICS PERFECT HARMONY GH180
Veröffentlicht
14. Januar 2020 23:10
URL
https://www.us-cert.gov/ics/advisories/icsa-20-014-04
Text
This advisory contains mitigations for a protection mechanism failure vulnerability in Siemens' Sinamics Perfect Harmony GH180 voltage converter.
14.01.2020
US CERT (ICS)
Siemens TIA Portal
Titel
Siemens TIA Portal
Veröffentlicht
14. Januar 2020 23:05
URL
https://www.us-cert.gov/ics/advisories/icsa-20-014-05
Text
This advisory contains mitigations for a path traversal vulnerability in the Siemens TIA Portal engineering framework.
14.01.2020
US CERT (ICS)
Siemens EN100 Ethernet Module (Update A)
Titel
Siemens EN100 Ethernet Module (Update A)
Veröffentlicht
14. Januar 2020 14:45
URL
https://www.us-cert.gov/ics/advisories/icsa-19-344-07
Text
This updated advisory is a follow-up to the original advisory titled ICSA-19-344-07 Siemens EN100 Ethernet Module that was published December 10, 2019, to the ICS webpage on us-cert.gov. This advisory contains mitigations for improper restriction of operations within the bounds of a memory buffer, cross-site scripting, and relative path traversal ...
14.01.2020
US CERT (ICS)
Siemens Industrial Real-Time (IRT) Devices (Update A)
Titel
Siemens Industrial Real-Time (IRT) Devices (Update A)
Veröffentlicht
14. Januar 2020 14:40
URL
https://www.us-cert.gov/ics/advisories/icsa-19-283-01
Text
This updated advisory is a follow-up to the original advisory titled ICSA-19-283-01 Siemens Industrial Real-Time (IRT) Devices that was published October 10, 2019, on the ICS webpage on us-cert.gov. This advisory includes mitigations for an improper input validation vulnerability reported in the Siemens Industrial Real-Time (IRT) devices.
14.01.2020
US CERT (ICS)
Siemens PROFINET Devices (Update B)
Titel
Siemens PROFINET Devices (Update B)
Veröffentlicht
14. Januar 2020 14:35
URL
https://www.us-cert.gov/ics/advisories/icsa-19-283-02
Text
This updated advisory is a follow-up to the original advisory titled ICSA-19-283-02 Siemens PROFINET Devices (Update A) that was published November 14, 2019, on the ICS webpage on us-cert.gov. This updated advisory contains mitigations for an uncontrolled resource consumption vulnerability in Siemens PROFINET devices.
14.01.2020
US CERT (ICS)
Siemens SIMATIC WinAC RTX (F) 2010 (Update A)
Titel
Siemens SIMATIC WinAC RTX (F) 2010 (Update A)
Veröffentlicht
14. Januar 2020 14:30
URL
https://www.us-cert.gov/ics/advisories/icsa-19-281-03
Text
This updated advisory is a follow-up to the original advisory titled ICSA-19-281-03 Siemens SIMATIC WinAC RTX (F) 2010 that was published October 8, 2019, on the ICS webpage on us-cert.gov. This advisory includes mitigations for an uncontrolled resource consumption vulnerability reported in the Siemens SIMATIC WinAC RTX (F) 2010 software ...
14.01.2020
SIEMENS CERT
SSA-242353 (Last Update: 2020-01-14): Access Control Vulnerability in SINAMICS PERFECT HARMONY GH180
Titel
SSA-242353 (Last Update: 2020-01-14): Access Control Vulnerability in SINAMICS PERFECT HARMONY GH180
Veröffentlicht
14. Januar 2020 01:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-242353.pdf
Text
A race condition in the restart behaviour of SINAMICS PERFECT HARMONY GH180 could allow an unauthorized attacker with physical access to the affected device to restart the HMI with disabled security controls, which could be used to launch further attacks against the affected device. Siemens recommends customers to apply a ...

Letzte Updates

BOSCH PSIRT
15.01.2025
SIEMENS CERT
17.04.2025
US CERT
01.04.2025
US CERT (ICS)
17.04.2025

Nach Quelle

Archiv

2025
2024
2023
2022
2021
2020
2019
2018
2017

Feeds