Februar 2020
10.02.2020
SIEMENS CERT
SSA-982399 (Last Update: 2020-02-10): Missing Authentication in TIM 1531 IRC Modules
Titel
SSA-982399 (Last Update: 2020-02-10): Missing Authentication in TIM 1531 IRC Modules
Veröffentlicht
10. Februar 2020 01:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-982399.pdf
Text
The latest update for TIM 1531 IRC fixes a vulnerability. The device was missing proper authentication when connecting on port 102/tcp, although configured. An attacker needs to be able to connect to port 102/tcp of an affected device in order to exploit this vulnerability. The vulnerability could allow an attacker ...
10.02.2020
SIEMENS CERT
SSA-456423 (Last Update: 2020-02-10): Vulnerabilities in SIMATIC S7-1500 CPU family
Titel
SSA-456423 (Last Update: 2020-02-10): Vulnerabilities in SIMATIC S7-1500 CPU family
Veröffentlicht
10. Februar 2020 01:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-456423.pdf
Text
The new firmware update for the SIMATIC S7-1500 CPU firmware fixes several vulnerabilities, which may have been exploitable via network by Web application attacks or Denial-of-Service attacks with specially crafted network packets on different ports. Siemens addresses and fixes all of these issues by the new firmware update.
10.02.2020
SIEMENS CERT
SSA-253230 (Last Update: 2020-02-10): Vulnerabilities in SIMATIC S7-1500 CPU family
Titel
SSA-253230 (Last Update: 2020-02-10): Vulnerabilities in SIMATIC S7-1500 CPU family
Veröffentlicht
10. Februar 2020 01:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-253230.pdf
Text
Siemens has released a firmware update for the SIMATIC S7-1500 CPU family which fixes two vulnerabilities. The more severe of these vulnerabilities could allow attackers to cause a Denial-of-Service under certain conditions.
10.02.2020
SIEMENS CERT
SSA-130874 (Last Update: 2020-02-10): Multiple Security Vulnerabilities in SCALANCE X Switches
Titel
SSA-130874 (Last Update: 2020-02-10): Multiple Security Vulnerabilities in SCALANCE X Switches
Veröffentlicht
10. Februar 2020 01:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-130874.pdf
Text
A denial of service vulnerability was found in several Siemens Scalance X switches. Siemens addresses the vulnerability by two firmware upgrades. The web server of the vulnerable switches is susceptible to a remote denial of service attack. If the attack is executed, it causes a reboot of the device and ...
10.02.2020
SIEMENS CERT
SSA-134003 (Last Update: 2020-02-10): Web Vulnerability in SIMATIC S7-1200 Family
Titel
SSA-134003 (Last Update: 2020-02-10): Web Vulnerability in SIMATIC S7-1200 Family
Veröffentlicht
10. Februar 2020 01:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-134003.pdf
Text
The latest firmware update for SIMATIC S7-1200 CPUs fixes a vulnerability that could allow an attacker to perform a CSRF (Cross-Site Request Forgery) attack under certain conditions.
10.02.2020
SIEMENS CERT
SSA-168644 (Last Update: 2020-02-10): Spectre and Meltdown Vulnerabilities in Industrial Products
Titel
SSA-168644 (Last Update: 2020-02-10): Spectre and Meltdown Vulnerabilities in Industrial Products
Veröffentlicht
10. Februar 2020 01:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-168644.pdf
Text
Security researchers published information on vulnerabilities known as Spectre and Meltdown. These vulnerabilities affect many modern processors from different vendors to a varying degree. Several Industrial Products include affected processors and are affected by the vulnerabilities.
10.02.2020
SIEMENS CERT
SSA-654382 (Last Update: 2020-02-10): Vulnerabilities in SIMATIC S7-1200 CPU Familiy
Titel
SSA-654382 (Last Update: 2020-02-10): Vulnerabilities in SIMATIC S7-1200 CPU Familiy
Veröffentlicht
10. Februar 2020 01:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-654382.pdf
Text
The latest product release of the SIMATIC S7-1200 CPU fixes several vulnerabilities. The most severe of these vulnerabilities could allow an attacker to take over an authenticated web session if the session token can be predicted. The attacker must have network access to the device to exploit this vulnerability. Further ...
10.02.2020
SIEMENS CERT
SSA-254686 (Last Update: 2020-02-10): Foreshadow / L1 Terminal Fault Vulnerabilities in Industrial Products
Titel
SSA-254686 (Last Update: 2020-02-10): Foreshadow / L1 Terminal Fault Vulnerabilities in Industrial Products
Veröffentlicht
10. Februar 2020 01:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-254686.pdf
Text
Security researchers published information on vulnerabilities known as Foreshadow and L1 Terminal Fault (L1TF). These vulnerabilities affect many modern processors from different vendors to a varying degree. Several Siemens Industrial Products contain processors that are affected by the vulnerabilities.
10.02.2020
SIEMENS CERT
SSA-892715 (Last Update: 2020-02-10): ME, SPS and TXE Vulnerabilities in SIMATIC IPCs
Titel
SSA-892715 (Last Update: 2020-02-10): ME, SPS and TXE Vulnerabilities in SIMATIC IPCs
Veröffentlicht
10. Februar 2020 01:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-892715.pdf
Text
Intel has identified vulnerabilities in Intel Management Engine (ME), Intel Server Platform Services (SPS), and Intel Trusted Execution Engine (TXE). As several Siemens Industrial PCs use Intel technology, they are also affected. Siemens has released updates for the affected Industrial PCs.
10.02.2020
SIEMENS CERT
SSA-546832 (Last Update: 2020-02-10): Vulnerabilities in Medium Voltage SINAMICS and SIMOTION Products
Titel
SSA-546832 (Last Update: 2020-02-10): Vulnerabilities in Medium Voltage SINAMICS and SIMOTION Products
Veröffentlicht
10. Februar 2020 01:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-546832.pdf
Text
The latest updates for medium voltage SINAMICS products fix two security vulnerabilities that could allow an attacker to cause a Denial-of-Service condition either via specially crafted PROFINET DCP broadcast packets or by sending specially crafted packets to port 161/udp (SNMP). Precondition for the PROFINET DCP scenario is a direct Layer ...
10.02.2020
SIEMENS CERT
SSA-850708 (Last Update: 2020-02-10): Authentication Bypass in SCALANCE X-200 Switch Family
Titel
SSA-850708 (Last Update: 2020-02-10): Authentication Bypass in SCALANCE X-200 Switch Family
Veröffentlicht
10. Februar 2020 01:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-850708.pdf
Text
A potential vulnerability was discovered in the web server’s authentication of SCALANCE X-200 switches that might allow attackers to hijack web sessions over the network without authentication. Siemens addresses the issue with a firmware update.
10.02.2020
SIEMENS CERT
SSA-892012 (Last Update: 2020-02-10): Web Vulnerabilities in SIMATIC S7-1200 CPU Family
Titel
SSA-892012 (Last Update: 2020-02-10): Web Vulnerabilities in SIMATIC S7-1200 CPU Family
Veröffentlicht
10. Februar 2020 01:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-892012.pdf
Text
The latest product release of the SIMATIC S7-1200 CPU fixes two vulnerabilities. The more severe of these vulnerabilities could allow an attacker to inject HTTP headers if unsuspecting users are tricked to click on a malicious link. Another vulnerability resolved in this product release is discussed below.
10.02.2020
SIEMENS CERT
SSA-141614 (Last Update: 2020-02-10): Denial-of-Service in SIMOCODE pro V EIP
Titel
SSA-141614 (Last Update: 2020-02-10): Denial-of-Service in SIMOCODE pro V EIP
Veröffentlicht
10. Februar 2020 01:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-141614.pdf
Text
SIMOCODE pro V EIP is affected by a vulnerability that could allow remote attackers to conduct a Denial-of-Service (DoS) attack by sending specially crafted packets to port 161/udp (SNMP). Siemens has released an update for SIMOCODE pro V EIP and recommends that customers update to the new version.
10.02.2020
SIEMENS CERT
SSA-100232 (Last Update: 2020-02-10): Denial-of-Service vulnerability in SCALANCE X switches
Titel
SSA-100232 (Last Update: 2020-02-10): Denial-of-Service vulnerability in SCALANCE X switches
Veröffentlicht
10. Februar 2020 01:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-100232.pdf
Text
A vulnerability in the affected devices could allow an unauthenticated attacker with network access to an affected device to perform a denial-of-service. Siemens is preparing updates and recommends specific countermeasures until patches are available.
10.02.2020
SIEMENS CERT
SSA-597212 (Last Update: 2020-02-10): Web Vulnerability in SIMATIC S7-1200 CPU Family
Titel
SSA-597212 (Last Update: 2020-02-10): Web Vulnerability in SIMATIC S7-1200 CPU Family
Veröffentlicht
10. Februar 2020 01:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-597212.pdf
Text
The latest firmware version V4.1 of the SIMATIC S7-1200 CPU fixes one vulnerability. The vulnerability could allow an attacker to redirect users to untrusted sites under certain conditions.
10.02.2020
SIEMENS CERT
SSA-310688 (Last Update: 2020-02-10): Denial-of-Service Vulnerability in SIMATIC S7-1500 CPU
Titel
SSA-310688 (Last Update: 2020-02-10): Denial-of-Service Vulnerability in SIMATIC S7-1500 CPU
Veröffentlicht
10. Februar 2020 01:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-310688.pdf
Text
The latest firmware update for the SIMATIC S7-1500 CPU family fixes a vulnerability which could allow an attacker to perform a Denial-of-Service attack under certain conditions. The attacker must have network access to the device to exploit this vulnerability.
10.02.2020
SIEMENS CERT
SSA-113131 (Last Update: 2020-02-10): Denial-of-Service Vulnerabilities in SIMATIC S7-400 CPUs
Titel
SSA-113131 (Last Update: 2020-02-10): Denial-of-Service Vulnerabilities in SIMATIC S7-400 CPUs
Veröffentlicht
10. Februar 2020 01:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-113131.pdf
Text
Two vulnerabilities have been identified in the SIMATIC S7-400 CPU family that could allow an attacker to cause a Denial-of-Service condition. In order to exploit the vulnerability, an attacker must have access to the affected devices on port 102/tcp via Ethernet, PROFIBUS or Multi Point Interfaces (MPI). Siemens provides updates ...
10.02.2020
SIEMENS CERT
SSA-731239 (Last Update: 2020-02-10): Vulnerabilities in SIMATIC S7-300 and S7-400 CPUs
Titel
SSA-731239 (Last Update: 2020-02-10): Vulnerabilities in SIMATIC S7-300 and S7-400 CPUs
Veröffentlicht
10. Februar 2020 01:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-731239.pdf
Text
Two vulnerabilities have been identified in SIMATIC S7-300 and S7-400 CPU families. One vulnerability could lead to a Denial-of-Service, the other vulnerability could result in credential disclosure. Siemens recommends specific mitigations. Siemens will update this advisory when new information becomes available.
10.02.2020
SIEMENS CERT
SSA-954136 (Last Update: 2020-02-10): User Impersonation Vulnerability in SCALANCE X-200IRT Switch Family
Titel
SSA-954136 (Last Update: 2020-02-10): User Impersonation Vulnerability in SCALANCE X-200IRT Switch Family
Veröffentlicht
10. Februar 2020 01:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-954136.pdf
Text
The latest firmware update for the SCALANCE X-200IRT switch family fixes a vulnerability which could allow attackers to impersonate legitimate users of the web interface.
10.02.2020
SIEMENS CERT
SSA-818183 (Last Update: 2020-02-10): Denial-of-Service Vulnerability in SIMATIC S7-300 CPU Family
Titel
SSA-818183 (Last Update: 2020-02-10): Denial-of-Service Vulnerability in SIMATIC S7-300 CPU Family
Veröffentlicht
10. Februar 2020 01:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-818183.pdf
Text
Siemens has released a firmware update for the SIMATIC S7-300 CPU family which fixes a vulnerability that could allow remote attackers to perform a Denial-of-Service attack under certain conditions.
10.02.2020
SIEMENS CERT
SSA-306710 (Last Update: 2020-02-10): Denial-of-Service Vulnerability in SIMATIC S7-300 CPU Family
Titel
SSA-306710 (Last Update: 2020-02-10): Denial-of-Service Vulnerability in SIMATIC S7-300 CPU Family
Veröffentlicht
10. Februar 2020 01:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-306710.pdf
Text
Siemens has released a firmware update for the S7-300 CPU family which fixes a vulnerability that could allow remote attackers to perform a Denial-of-Service attack.
10.02.2020
SIEMENS CERT
SSA-987029 (Last Update: 2020-02-10): Denial-of-Service Vulnerability in SIMATIC S7-300 CPU Family
Titel
SSA-987029 (Last Update: 2020-02-10): Denial-of-Service Vulnerability in SIMATIC S7-300 CPU Family
Veröffentlicht
10. Februar 2020 01:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-987029.pdf
Text
A vulnerability could allow attackers to perform a Denial-of-Service attack over the network without prior authentication against S7-300 CPUs under certain conditions. Siemens recommends specific mitigations. Siemens will update this advisory when new information becomes available.
10.02.2020
SIEMENS CERT
SSA-180635 (Last Update: 2020-02-10): Denial-of-Service Vulnerabilities in SIMATIC S7-1500 CPU Family
Titel
SSA-180635 (Last Update: 2020-02-10): Denial-of-Service Vulnerabilities in SIMATIC S7-1500 CPU Family
Veröffentlicht
10. Februar 2020 01:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-180635.pdf
Text
Older versions of the S7-1500 CPU are affected by two Denial-of-Service vulnerabilities. Siemens has released updates for the currently supported hardware versions.
10.02.2020
SIEMENS CERT
SSA-804486 (Last Update: 2020-02-10): Multiple Vulnerabilities in SIMATIC Panels and SIMATIC WinCC (TIA Portal)
Titel
SSA-804486 (Last Update: 2020-02-10): Multiple Vulnerabilities in SIMATIC Panels and SIMATIC WinCC (TIA Portal)
Veröffentlicht
10. Februar 2020 01:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-804486.pdf
Text
The latest update for SIMATIC Panel Software and SIMATIC WinCC (TIA Portal) fixes two vulnerabilities. The most severe is a vulnerability which could allow an attacker with network access to the integrated device to read and write variables via SNMP. Siemens recommends to update to the newest version.
10.02.2020
SIEMENS CERT
SSA-724606 (Last Update: 2020-02-10): Denial-of-Service Vulnerabilities in SIMATIC S7-1200 CPU Family
Titel
SSA-724606 (Last Update: 2020-02-10): Denial-of-Service Vulnerabilities in SIMATIC S7-1200 CPU Family
Veröffentlicht
10. Februar 2020 01:00
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-724606.pdf
Text
Siemens SIMATIC S7-1200 PLCs, version 2 and higher, allow device management over TCP port 102 (ISO-TSAP) and retrieving status information over UDP port 161 (SNMP). It is possible to cause the device to go into defect mode by sending specially crafted packets to these ports. Siemens addresses these issues with ...

Letzte Updates

BOSCH PSIRT
10.06.2025
SIEMENS CERT
10.07.2025
US CERT
12.06.2025
US CERT (ICS)
10.07.2025

Nach Quelle

Archiv

2025
2024
2023
2022
2021
2020
2019
2018
2017

Feeds